hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-26 20:03:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,694 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus Brock-Nannestad
c7b2b719cf Python: Support builtins in API graphs 2021-03-11 23:03:18 +01:00
luchua-bc
c8b1bc3a89 Enhance the query 2021-03-11 21:41:34 +00:00
Mathias Vorreiter Pedersen
5667901a2a C++: Accept test changes after merge from main (which changed the path explanations). 2021-03-11 21:16:57 +01:00
Ian Lynagh
75ebb348a0 C++: Add name/description to FailedExtractions.ql 2021-03-11 18:44:24 +00:00
luchua-bc
0a35feef76 Exclude CSRF cookies to reduce FPs 2021-03-11 17:28:07 +00:00
luchua-bc
57953c523c Update qldoc 2021-03-11 17:16:36 +00:00
Owen Mansel-Chan
ea7af2e4a2 Highlight error messages in CI 
Copied problem-matchers from github/semmle-code, which is used for
running CI for github/codeql.
 2021-03-11 17:14:38 +00:00
Mathias Vorreiter Pedersen
a2d75c4fed Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-11 18:06:37 +01:00
Asger Feldthaus
a03cb11257 JS: Include $().prop() source in XssThroughDom 2021-03-11 16:27:31 +00:00
Chris Smowton
82a000bcca Improve change note 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-03-11 16:22:56 +00:00
Chris Smowton
6508a223c3 Remove useless =y value specification from inline test expectations 2021-03-11 16:22:56 +00:00
Chris Smowton
b5268def16 Add models for CONST_BYTE and CONST_SHORT 2021-03-11 16:22:56 +00:00
Chris Smowton
1c1ca70027 Add models for flow- and taint-preserving functions in Commons ObjectUtils. 
These should all be value-preserving, but we don't support value-preserving varargs methods yet.
 2021-03-11 16:22:54 +00:00
Asger Feldthaus
2f3a76c43b JS: Handle global variable d3 2021-03-11 16:17:27 +00:00
Asger Feldthaus
3b11958e33 JS: Expand D3 model a bit 2021-03-11 16:13:02 +00:00
Arthur Baars
cde496cc4c Merge pull request #152 from github/aibaars/fix-vars 
Fix VariableRead/WriteAcess for instance and class variables
 2021-03-11 17:05:56 +01:00
Owen Mansel-Chan
dcc1de4797 Merge pull request #500 from owen-mc/add-missing-qldoc 
Add missing QLDoc for public declarations
 2021-03-11 15:52:39 +00:00
Owen Mansel-Chan
5b09d35668 Add missing QLDoc for public declarations 2021-03-11 15:36:31 +00:00
Erik Krogh Kristensen
3005439a6a cache the BasicBlock charpred 2021-03-11 16:09:47 +01:00
Erik Krogh Kristensen
5afb7e05ee cache AccessPath::getAnInstanceIn 2021-03-11 16:09:24 +01:00
Erik Krogh Kristensen
24b0469d74 cache two more predicates in the SSA stage 2021-03-11 16:09:00 +01:00
Erik Krogh Kristensen
e5b13d9db4 cache hasLocationInfo and Node::toString in the dataflow stage 2021-03-11 16:08:45 +01:00
Rasmus Lerchedahl Petersen
f561c458a9 Python: One more change from code review 2021-03-11 15:58:47 +01:00
yoff
4d1b49a7dd Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-11 15:57:44 +01:00
Ian Lynagh
6ef8fb667f C++: Autoformat FailedExtractions.ql 2021-03-11 14:48:27 +00:00
Ian Lynagh
3c1e445a59 C++: Add a changenote for cpp/diagnostics/failed-extractions. 2021-03-11 14:33:04 +00:00
Ian Lynagh
2341c653f7 C++: Add FailedExtractions.ql 2021-03-11 14:08:55 +00:00
luchua-bc
eeac7e322a Query to detect insecure configuration of Spring Boot Actuator 2021-03-11 13:46:32 +00:00
Mathias Vorreiter Pedersen
0edae89425 Merge pull request #5380 from github/criemen/clang-cl 
C++: Add clang-cl.exe to `compiledAsMicrosoft()`.
 2021-03-11 13:56:25 +01:00
Cornelius Riemenschneider
97ab842010 C++: Update summary queries. 2021-03-11 12:44:30 +00:00
Mathias Vorreiter Pedersen
4977169cf5 Fix dead link in CONTRIBUTING.md 2021-03-11 13:36:19 +01:00
Cornelius Riemenschneider
288ee92d52 C++: Add clang-cl.exe to compiledAsMicrosoft(). 2021-03-11 12:15:27 +00:00
Erik Krogh Kristensen
fa2e7fd498 cache prepend 2021-03-11 11:59:54 +01:00
Artem Smotrakov
4b7c57c077 Added a comment for getBeanIdentifier() 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-03-11 11:52:07 +01:00
Asger Feldthaus
3fb810b540 JS: Add @kind problem meta queries 2021-03-11 10:46:18 +00:00
Asger Feldthaus
773cf0dcdd JS: Autoformat 2021-03-11 10:44:33 +00:00
Asger Feldthaus
0c6e161277 JS: Add source to XssThroughDom 2021-03-11 10:05:05 +00:00
Asger Feldthaus
18cfe72e99 JS: Add model of d3 2021-03-11 10:05:05 +00:00
Mathias Vorreiter Pedersen
01cc2f2c77 Merge pull request #5366 from MathiasVP/better-path-explanation-for-this-indirection 
C++: Replace 'Argument -1 indirection' with 'This indirection'
 2021-03-11 10:48:44 +01:00
Anders Schack-Mulligen
87e4dec86a Merge pull request #5300 from tamasvajk/feature/external-remote-flow-sources 
Java: Convert remote flow sources to use new CSV format
 2021-03-11 10:44:17 +01:00
CodeQL CI
25f4b76788 Merge pull request #5045 from erik-krogh/bindRoute 
Approved by asgerf
 2021-03-11 01:39:26 -08:00
CodeQL CI
ad665b765f Merge pull request #5323 from erik-krogh/staging 
Approved by asgerf
 2021-03-11 00:50:51 -08:00
Jonas Jensen
e1adf5e8b0 Merge pull request #5218 from MathiasVP/no-write-side-effects-for-const-pointer-params 
C++: Don't generate write side effects for const parameter indirections
 2021-03-11 09:48:05 +01:00
Mathias Vorreiter Pedersen
9439ed49c1 Merge branch 'main' into better-path-explanation-for-this-indirection 2021-03-11 09:39:18 +01:00
Mathias Vorreiter Pedersen
55da16c4a9 C++: Accept test changes. 2021-03-11 09:27:45 +01:00
Artem Smotrakov
0a5d58ed8a Cover more configurations in UnsafeSpringExporterInConfigurationClass.ql 2021-03-10 21:15:19 +03:00
luchua-bc
a0a1ddee86 Update class name 2021-03-10 17:07:31 +00:00
Sauyon Lee
db20119267 Remove now-unnecessary bindingset annotations 2021-03-10 08:58:45 -08:00
Sauyon Lee
8ad1010860 Restrict 'package' to real package paths 2021-03-10 08:58:41 -08:00
Anders Schack-Mulligen
674886a17d Dataflow: Sync. 2021-03-10 16:53:51 +01:00