hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 05:13:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
7d62b9e131 move the pruning for module resolution of TypeExprs 2022-06-20 12:12:57 +02:00
Michael Nebel
70203633a1 Merge pull request #9393 from michaelnebel/csharp/asptaintedmember 
C#: ASP.NET Core like members are tainted
 2022-06-20 12:11:16 +02:00
Tony Torralba
78fcdd22db Change test class name 2022-06-20 12:07:32 +02:00
Tony Torralba
3b60a1c3bc Add change note 2022-06-20 12:07:31 +02:00
Tony Torralba
2b2fa6e15b Add taint step for String.valueOf(Editable) 
Kotlin inlines expr.toString() as String.valueOf(expr) when expr is nullable
 2022-06-20 12:07:31 +02:00
Mathias Vorreiter Pedersen
edf0be0854 Merge pull request #9611 from MathiasVP/swift-nomagic-get-location 
Swift: Add `nomagic` to `getLocation`
 2022-06-20 10:42:45 +01:00
AlexDenisov
304f58b12c Update swift/tools/tracing-config.lua 
Co-authored-by: Paolo Tranquilli <redsun82@github.com>
 2022-06-20 11:22:13 +02:00
Mathias Vorreiter Pedersen
57abd4af89 Merge pull request #9612 from MathiasVP/fix-other-constructor-decl-ref-expr-to-string 
Swift: Fix 'toString' on 'OtherConstructorDeclRefExpr'
 2022-06-20 10:17:15 +01:00
Mathias Vorreiter Pedersen
12d27ec580 Swift: Modify 'toString' in 'OtherConstructorDeclRefExpr' to properly reflect that it's a reference and not a call. 2022-06-20 09:59:23 +01:00
AlexDenisov
af379da7e6 Merge pull request #9321 from github/alexdenisov/xref-decls 
Swift: do not duplicate 'external' declarations
 2022-06-20 10:43:05 +02:00
Mathias Vorreiter Pedersen
068ac2b80e Swift: Add 'nomagic' to 'getLocation'. 2022-06-20 09:41:06 +01:00
Paolo Tranquilli
a91c94c38b Swift: temporarily disable failing test 2022-06-20 10:32:19 +02:00
Paolo Tranquilli
1f53b7fbe8 Merge main into alexdenisov/xref-decls 2022-06-20 10:25:29 +02:00
yoff
94145e9e74 Update python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll 2022-06-20 10:14:52 +02:00
Tamas Vajk
51f0a928dc C#: Fix global statement extraction by extracting statements inside the implicit main method context 2022-06-20 10:09:11 +02:00
Rasmus Wriedt Larsen
ae44a941f9 Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Tamas Vajk
c460e5757b C#: Add extractor error test for global statement extraction 2022-06-20 09:42:18 +02:00
Tamás Vajk
be2dfffb76 Merge pull request #9564 from tamasvajk/fix/diagnostic-query-metadata 
C#: Change `kind` query metadata to `diagnostic` for compiler/extractor errors and messages
 2022-06-20 09:02:35 +02:00
Jeroen Ketema
a4ecb7b4e9 Merge pull request #9473 from ton31337/fix/missing_closing 
doc: Add missing closing bracket in basic-query-for-cpp-code
 2022-06-20 08:38:35 +02:00
AlexDenisov
f1786f4d6b Apply suggestions from code review 
Co-authored-by: Cornelius Riemenschneider <cornelius@github.com>
 2022-06-20 07:29:10 +02:00
Harry Maclean
e1dcc207b4 Ruby: Model methods in Rails::Generators::Actions 
These methods are sinks for command injection.
 2022-06-20 13:36:09 +12:00
Harry Maclean
20ff4c4299 Ruby: Model ActiveRecord::Relation#touch_all 2022-06-20 13:36:02 +12:00
Harry Maclean
7dfab371f6 Ruby: Model redirect_back and redirect_back_or_to 
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
a298f5eb5e Ruby: Recognise File.atomic_write as a file writer 
This method is an ActiveSupport extension, but there's no harm in
recognising it universally as any identically-named method is likely to
also be a file writer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
0ce14fc4e5 Ruby: Recognise ActionCable logger class 2022-06-20 13:36:02 +12:00
Harry Maclean
4ecd595b73 Remove duplicate import 2022-06-20 13:36:02 +12:00
Erik Krogh Kristensen
6d3808bd89 remove redundant cast 2022-06-19 23:19:01 +02:00
Erik Krogh Kristensen
15f9e084d5 fix spurious resolved predicate expressions 2022-06-19 22:49:02 +02:00
Erik Krogh Kristensen
f8b451a514 get all calls to resolve to a unique predicate (within reason) 2022-06-19 22:38:09 +02:00
Erik Krogh Kristensen
f08f02ed66 use the explicit super type to resolve calls 2022-06-19 20:38:16 +02:00
Erik Krogh Kristensen
115110475d fix getName() on module instantiations 2022-06-19 20:09:32 +02:00
Erik Krogh Kristensen
26df367a8a fix some instances of spuriously resolving to multiple predicates 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
1856e2b389 fixup the $schema in all .sarif files 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
6e2f3e2fcb merge all .sarif files at the end of the QL-for-QL workflow 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
638a886dfe move create-extractor-pack to a scripts folder 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
0391db6787 simplify some code based on review 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
7e93416e97 only resolve module types if we know that the TypeExpr could possibly resolve to a module 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
a59f0d36f5 run the implicit-this patch on QL-for-QL 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
3a4f0299c7 fix typo 2022-06-19 20:09:31 +02:00
thiggy1342
3478e7e910 first draft of weak params query 2022-06-18 20:43:58 +00:00
thiggy1342
0456870136 Merge branch 'main' into experimental-manually-check-request-verb 2022-06-18 15:21:53 -04:00
thiggy1342
ecb2114b7b replace duplicate post with put 2022-06-18 19:21:17 +00:00
thiggy1342
8b36191023 drop precision to low for now 2022-06-18 18:38:58 +00:00
thiggy1342
059c4d38ad refine query to use appropriate types 2022-06-18 18:26:45 +00:00
Erik Krogh Kristensen
a5e789c72b Merge pull request #9537 from github/dependabot/cargo/ql/crossbeam-utils-0.8.8 
Bump crossbeam-utils from 0.8.5 to 0.8.8 in /ql
 2022-06-18 15:44:34 +02:00
Erik Krogh Kristensen
02b9745eb6 Merge pull request #9538 from github/dependabot/cargo/ql/regex-1.5.5 
Bump regex from 1.5.4 to 1.5.5 in /ql
 2022-06-18 15:44:10 +02:00
thiggy1342
8aa2602d9e trying to hone in on eq comparison and include? 2022-06-18 03:09:04 +00:00
thiggy1342
78f5186e6a remove barrierguards import 2022-06-18 00:43:01 +00:00
thiggy1342
ba1818fc60 Merge branch 'main' into experimental-decompression-api 2022-06-17 20:21:23 -04:00
Taus
3a328f6a3f Merge pull request #6570 from yoff/python/broaden-noqa-regex 
Python: Broaden noqa regex to allow comments
 2022-06-17 23:56:39 +02:00