hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 00:31:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,687 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
5102cadf8e Merge pull request #8404 from github/codeql-ci/js-atm-new-release 
JS: Bump version numbers of ML-powered packs after 0.1.0 release
 2022-03-14 17:32:37 +00:00
Dave Bartolomeo
20c3cfb1a0 Squash a few sign analysis diffs due to range analysis fixes 2022-03-14 13:07:45 -04:00
Tony Torralba
03f3535188 Added MissingSecuritySeverity query 2022-03-14 17:53:08 +01:00
Asger Feldthaus
fee32d3480 Elaborate on qldoc for API::EntryPoint 2022-03-14 17:52:07 +01:00
Asger Feldthaus
be65b9bebc Ruby: remove spurious Instance token from getExtraSuccessorFromInvoke 2022-03-14 17:39:43 +01:00
Asger Feldthaus
072ad8f4a7 Ruby: add (from model) to remote flow description 2022-03-14 17:39:17 +01:00
Asger Feldthaus
37bbd46e43 Ruby: fix broken comment 2022-03-14 17:33:57 +01:00
Asger Feldthaus
c9d7651c59 Be explicit about re-exporting 2022-03-14 17:26:30 +01:00
Nick Rolfe
488c8ef609 Ruby: accept test changes after adding more literals 2022-03-14 15:49:22 +00:00
Nick Rolfe
2a892c39ac Ruby: add change note for getConstantValue improvements 2022-03-14 15:45:58 +00:00
Nick Rolfe
a39aed52c6 Ruby: add more tests for edge cases in parsing of integers 2022-03-14 15:45:57 +00:00
Nick Rolfe
6c5868cfb5 Ruby: use NumberUtils in parseInteger 
And make parse{Binary,Octal,Hex}Int hold only for values in the range
0 to 2^31-1 (incl.)
 2022-03-14 15:45:57 +00:00
Nick Rolfe
6bd9616c6e Ruby: interpret string escape sequences in getConstantValue() 2022-03-14 15:45:57 +00:00
Michael Nebel
bcdbfefb2b Merge pull request #8329 from michaelnebel/csharp/model-generator 
C#: Capture Summary models.
 2022-03-14 16:10:05 +01:00
Erik Krogh Kristensen
c93f29b1a1 fix typo in change note 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-14 16:03:45 +01:00
Joe Farebrother
d4b5eed3e4 Merge pull request #8410 from joefarebrother/sensitive-logging 
Java: Promote Sensitive Logging query
 2022-03-14 14:50:26 +00:00
Henry Mercer
8b1b2af2d8 JS: Remove isEffectiveSinkWithOverridingScore 
This was previously used in the ATM external API query, but is now dead
code.
 2022-03-14 14:25:36 +00:00
Erik Krogh Kristensen
8c28b93427 QL: rename query to ql/name-casing 2022-03-14 15:03:58 +01:00
Erik Krogh Kristensen
87987872c6 QL: use an/a correctly in the alert message 2022-03-14 15:03:07 +01:00
Erik Krogh Kristensen
93fcfc3012 QL: use negative char classes to generalize query to detect e.g. underscores 2022-03-14 15:00:27 +01:00
Mathias Vorreiter Pedersen
7593ebaa62 C++: Use 'getAstVariable' now that 'getASTVariable' is deprecated. 2022-03-14 13:38:27 +00:00
Chris Smowton
9f02ca0db2 Merge pull request #8357 from p0wn4j/jdbc-url-ssrf-sink 
Java: Add JDBC connection SSRF sinks
 2022-03-14 13:27:34 +00:00
Michael Nebel
432ac7a824 C#: Deprecate the StructuralComparisonConfig class. 2022-03-14 14:17:56 +01:00
Michael Nebel
5a4a97569f C#: Use Gvn comparison instead of StructuralComparisonConfiguration in Constants. 2022-03-14 14:17:56 +01:00
Michael Nebel
5b5ea140d2 C#: Delete the Internal StructuralComparisonConfiguration class as it is no longer needed. 2022-03-14 14:17:56 +01:00
Michael Nebel
bf4dc0034a C#: Use Gvn comparison instead of StructuralComparisonConfiguration in Guards. 2022-03-14 14:17:56 +01:00
Michael Nebel
90b4eb9e13 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in UnsafeLazyInitialization. 2022-03-14 14:17:56 +01:00
Michael Nebel
74b8e73133 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in MissedTernaryOpportunity. 2022-03-14 14:17:56 +01:00
Michael Nebel
94999d4df5 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in UselessIsBeforeAs. 2022-03-14 14:17:56 +01:00
Michael Nebel
8e7c7d8259 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in UselessNullCoalescingExpression. 2022-03-14 14:17:56 +01:00
Michael Nebel
4a1981edfd C#: Use Gvn comparison instead of StructuralComparisonConfiguration in NestedLoopsSameVariable. 2022-03-14 14:17:56 +01:00
Michael Nebel
b4f2fc60ec C#: Use Gvn comparison instead of StructuralComparisonConfiguration in SelfAssignment. 2022-03-14 14:17:56 +01:00
Michael Nebel
f241eef2ea C#: Use Gvn comparison instead of StructuralComparisonConfiguration in structuralComparison test. 2022-03-14 14:17:56 +01:00
Michael Nebel
6f5b2e8440 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in UseTryGetValue. 2022-03-14 14:17:56 +01:00
Chris Smowton
ca8237b9de Make comment into qldoc 2022-03-14 13:14:31 +00:00
Mathias Vorreiter Pedersen
50b77761f1 C++: Port the 'predictable' barrier from 'DefaultTaintTracking' to 'cpp/unclear-array-index-validation' to prevent an explosion of new results. 2022-03-14 13:14:07 +00:00
Joe Farebrother
e4b762b5c5 Improve qldoc; make taint tracking 2022-03-14 13:10:34 +00:00
Michael Nebel
21bcaf6a0e C#/Java: After remaining code after rebase. 2022-03-14 14:08:49 +01:00
Michael Nebel
74352925e4 C#/Java: Remove inline from returnNodeEnclosingCallable. 2022-03-14 13:50:55 +01:00
Michael Nebel
48dc9d7057 C#/Java: Move containerContent to DataFlowPrivate. 2022-03-14 13:50:55 +01:00
Michael Nebel
b7803ef0b1 C#: Introduce SyntheticFieldContent in RelevantContent. 2022-03-14 13:50:55 +01:00
Michael Nebel
12ff2c6cd5 C#/Java: Improve comments in CaptureSummaryModels. 2022-03-14 13:50:55 +01:00
Michael Nebel
3ad9731e91 C#/Java: Add some more QL docs. 2022-03-14 13:50:50 +01:00
Michael Nebel
2476e716a2 C#: Move the isRelevantTaintStep and isRelevantContent into the shared utils. 2022-03-14 13:49:52 +01:00
Michael Nebel
665e3c9326 C#: Re-factor containerContent into standalone predicate in DataFlow library. 2022-03-14 13:49:51 +01:00
Michael Nebel
5d03e510d2 C#/Java: Include synthetic fields in isRelevantContent. 2022-03-14 13:49:51 +01:00
Michael Nebel
d881d31959 C#: Remove comma from QL Doc. 2022-03-14 13:49:51 +01:00
Michael Nebel
cd03af3be4 C#: Get rid of the isOwnInstanceAccess based on ReturnStmt. 2022-03-14 13:49:46 +01:00
Mathias Vorreiter Pedersen
0bf4ce7cf1 Merge pull request #8427 from MathiasVP/fix-bad-join-in-return-stack-allocated-memory 
C++: Fix join in `cpp/return-stack-allocated-memory`
 2022-03-14 12:49:30 +00:00
Michael Nebel
34a91f1aac C#: Rename CaptureSummaryModelsQuery to CaptureSummaryModels. 2022-03-14 13:48:56 +01:00