hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 09:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ihsinme
bdab785bef Add files via upload 2021-06-15 16:42:38 +03:00
Taus
87ee7849a9 Merge pull request #6077 from RasmusWL/fix-pypi-names 
Python: Fixup for names of supported PyPI packages
codeql-cli/v2.5.6 		2021-06-15 15:01:35 +02:00
yoff
b19d64f173 Merge pull request #6013 from RasmusWL/sensitive-improvements 
Python: Improve sensitive data modeling
 2021-06-15 14:45:40 +02:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Tom Hvitved
c03ee32f02 Python: Move cached predicates in type tracker library to same stage 2021-06-15 13:42:43 +02:00
Alex Ford
bf43a77df5 Include some more types of expressions as possible active record SQL sink arguments 2021-06-15 12:41:42 +01:00
Rasmus Wriedt Larsen
b1fb68bc54 Python: Rename .qll file for mysql-connector-python support 
Just like our support for the `PyYAML` PyPI package that you import with
`import yaml` is in `Yaml.qll`.

Since this file does not provide any public predicates/modules, it
should be safe to rename it.
 2021-06-15 13:06:53 +02:00
Rasmus Wriedt Larsen
b154f034cb Python: Fix names of supported PyPI packages 2021-06-15 12:55:52 +02:00
Alex Ford
ea21c591af remove accidentally unbound variable 2021-06-15 11:39:48 +01:00
Alex Ford
c1b9952517 account for chained method calls when constructing ActiveRecord SQL queries 2021-06-15 11:39:48 +01:00
Alex Ford
f8a77b9854 format QL 2021-06-15 11:39:48 +01:00
Alex Ford
57c04266e3 rename SqlExecutingMethodCall as PotentiallyUnsafeSqlExecutingMethodCall 2021-06-15 11:39:48 +01:00
Alex Ford
2d4bb61789 limit SqlExecutingMethodCall to those that are called with a StringlikeLiteral argument 2021-06-15 11:39:48 +01:00
Alex Ford
2c15b60998 add ActiveRecord find_by_sql as an SQL executing method call 2021-06-15 11:39:48 +01:00
Alex Ford
c641d12259 add shell ActiveRecord library tests 2021-06-15 11:39:48 +01:00
Alex Ford
5b7df8578a cleanup ActiveRecord.qll 2021-06-15 11:39:48 +01:00
Alex Ford
7488d072d8 Model some SQL fragment sinks in ActiveRecord model classes 2021-06-15 11:39:48 +01:00
Alex Ford
743deee9ce add a class to represent ActiveRecord models 2021-06-15 11:39:48 +01:00
Alex Ford
7d3eaf40ff add base SqlExecution concepts 2021-06-15 11:39:48 +01:00
Tamas Vajk
255e422172 Apply code review findings 2021-06-15 11:35:10 +02:00
Rasmus Wriedt Larsen
00af18a622 Python: Autoformat 2021-06-15 11:31:38 +02:00
Rasmus Wriedt Larsen
156b10cb59 Merge branch 'main' into promote-clickhouse 2021-06-15 11:30:19 +02:00
Anders Schack-Mulligen
19305a217a Merge pull request #5374 from joefarebrother/guava-base 
Java: Model additional flow steps for the package `com.google.common.base` of the Guava framwork.
 2021-06-15 10:58:48 +02:00
Tom Hvitved
501ba4bd8a Merge pull request #6012 from hvitved/csharp/early-labels 
C#: Populate labels earlier
 2021-06-15 10:28:23 +02:00
Mathias Vorreiter Pedersen
b2e9fe79a7 C++: Add change-note. 2021-06-15 10:01:45 +02:00
Erik Krogh Kristensen
60920c1ecc require that the URL refers to graphql in some way 2021-06-15 09:53:32 +02:00
Erik Krogh Kristensen
416c986cbc add support for graphql in @actions/github 2021-06-15 09:43:11 +02:00
Asger Feldthaus
53bef94b75 JS: Extractor version bump 2021-06-15 09:34:54 +02:00
Tom Hvitved
3a37e321d5 Merge pull request #205 from github/hvitved/taint-tracking 
Initial taint-tracking library
 2021-06-15 09:30:59 +02:00
Cornelius Riemenschneider
0ebf53b9df Merge pull request #6073 from geoffw0/loc 
C++: Add lines of user code query
 2021-06-15 09:18:46 +02:00
Tom Hvitved
5a9521372b Merge pull request #206 from github/tausbn/fix-identical-files 2021-06-15 07:31:07 +02:00
jorgectf
c948970181 resolve merge conflicts 2021-06-15 01:24:04 +02:00
jorgectf
1662c5d113 resolve merge conflict 2021-06-15 01:22:11 +02:00
Mathias Vorreiter Pedersen
14a04ee453 C++: Accept more test changes. These all arise because we now transitively pull in 'semmle.code.cpp.Print' when including 'cpp'. 2021-06-14 22:02:46 +02:00
Mathias Vorreiter Pedersen
cc6ae7f8b8 Merge branch 'main' into path-sensitive-stack-variable-reachability-analysis 2021-06-14 22:02:46 +02:00
Mathias Vorreiter Pedersen
714ad105fe C++: Accept test changes. 2021-06-14 22:02:38 +02:00
Mathias Vorreiter Pedersen
79926788d1 C++: Fix non-monotonic recursion problems in 'StackVariableReachabilityWithReassignment' by using the old StackVariableReachability predicates that don't care about paths. 2021-06-14 22:00:17 +02:00
Mathias Vorreiter Pedersen
c32f72063f C++: Add path sensitivity to StackVariableReachability. 2021-06-14 21:59:13 +02:00
Shati Patel
cce8eac0a7 Merge pull request #5946 from shati-patel/vscode-custom-logs 
Docs: Describe custom log directory setting in VS Code extension
 2021-06-14 20:30:54 +01:00
Taus
2bbcbb2200 Bump submodule pointer 2021-06-14 19:04:22 +00:00
Aditya Sharad
75ed7c0568 Merge pull request #6014 from github/docs-4179-legacy-tools 
Remove docs about legacy tools
 2021-06-14 11:50:18 -07:00
Tom Hvitved
302b485f4c Merge pull request #204 from github/hvitved/cfg-nodes-perf 
Improve performance of `ExprChildMapping::reachesBasicBlock()`
 2021-06-14 20:14:17 +02:00
Taus
068b980517 Update identical-files.json 
As of https://github.com/github/codeql/pull/6063 we have now started using the shared type tracking library in Python as well. 🎉
 2021-06-14 19:01:24 +02:00
Taus
c6c9a5110a Merge pull request #6063 from tausbn/python-promote-type-tracking-library 
Python: Promote shared type tracking library
 2021-06-14 18:56:03 +02:00
Geoffrey White
d7db18213d C++: Add a generated file to the test. 2021-06-14 16:21:30 +01:00
Geoffrey White
1e1ae27974 C++: Test the new query. 2021-06-14 16:06:20 +01:00
Geoffrey White
e71264d1d2 C++: Lines of user code query. 2021-06-14 16:03:16 +01:00
Tom Hvitved
6b63e032a9 C#: Populate labels earlier 2021-06-14 15:17:33 +02:00
Rasmus Wriedt Larsen
d19bc1252b Python: limit size of extraStepForCalls predicate 
On django/django, this reduced the number of results in
`extraStepForCalls` from 201,283 to 541
 2021-06-14 15:06:42 +02:00
shati-patel
17f9aecab8 Docs: Update setting in CodeQL for VS Code 2021-06-14 13:38:06 +01:00