hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 06:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Rolfe
a86b5a1586 C++: fix changenote formatting 2022-05-12 09:26:30 +01:00
Erik Krogh Kristensen
9050f9999c recognize functions that return object of methods as library input 2022-05-12 09:56:19 +02:00
Anders Schack-Mulligen
e0c74d4390 Merge pull request #9124 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-12 09:06:07 +02:00
Anders Schack-Mulligen
fad7d9ae72 Merge pull request #9120 from igfoo/igfoo/fixes 
Kotlin: Fix some alerts
 2022-05-12 08:29:34 +02:00
Erik Krogh Kristensen
b1e8b3332c resolve main module when there is a folder with the same name as the main file 2022-05-12 08:20:30 +02:00
Erik Krogh Kristensen
6014614a31 Merge pull request #9103 from erik-krogh/nextParam 
JS: add support for typed NextJS route-handlers
 2022-05-12 08:18:26 +02:00
cokeBeer
ebcb040050 update fix 2022-05-12 09:53:49 +08:00
cokeBeer
c70358033d update fix 2022-05-12 09:31:35 +08:00
github-actions[bot]
acaf4517c0 Add changed framework coverage reports 2022-05-12 00:17:30 +00:00
Chris Smowton
85dc1090fe Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security 
Java: tolerate `cookie.setSecure(request.isSecure())`
 2022-05-11 21:29:14 +01:00
Tom Hvitved
46ab25b61e Merge pull request #9098 from aschackmull/dataflow/perf 
Dataflow: Performance fixes
 2022-05-11 20:41:48 +02:00
Nick Rolfe
7cd6dc1a74 CPP: add changenote for AnalysedString -> AnalyzedString 2022-05-11 18:16:26 +01:00
Ian Lynagh
33e17f1665 Kotlin: Fix some alerts 2022-05-11 17:58:50 +01:00
Nick Rolfe
e1b277386a Fix non-US spellings: s/analyse/analyze 2022-05-11 17:48:27 +01:00
Nick Rolfe
2d246a4034 QL for QL: fix checking spelling of 'analyze' in multi-line comments 
`.` does not match a newline in `regexpMatch`, so we were missing some
comments.
 2022-05-11 17:43:39 +01:00
Nick Rolfe
0af1976b74 JS: fix typos in qldoc comment 2022-05-11 17:42:43 +01:00
Paolo Tranquilli
ddb567b639 Swift: remove Tag nested alias in TrapLabel 2022-05-11 17:44:00 +02:00
Alex Ford
196c68b0bd Merge remote-tracking branch 'origin/main' into ruby/rbi-lib 2022-05-11 16:31:39 +01:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge 
Initial Kotlin support
 2022-05-11 16:16:22 +01:00
Paolo Tranquilli
f1413f29c6 Swift: move back file opening code 2022-05-11 16:53:51 +02:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key 
Java: CWE-321 Query to detect hardcoded JWT secret keys
 2022-05-11 16:31:34 +02:00
Henry Mercer
6ecc542ca3 Merge pull request #9117 from github/henrymercer/java/tag-telemetry 
Java: Tag telemetry queries with `telemetry`
 2022-05-11 15:13:35 +01:00
Henry Mercer
a626078423 Merge pull request #9118 from github/henrymercer/csharp/tag-telemetry 
C#: Tag telemetry queries with `telemetry`
 2022-05-11 15:13:29 +01:00
Alex Ford
a114050a6e Ruby: document ConstantReadAccessAsRbiType class 2022-05-11 15:03:41 +01:00
Anders Schack-Mulligen
4884520ee1 Dataflow: Review fix. 2022-05-11 15:40:49 +02:00
Chris Smowton
f7e1f3e1a5 Remove URL fragment from Google search 2022-05-11 14:38:09 +01:00
Tom Hvitved
5df87d526c Sync files 2022-05-11 15:17:27 +02:00
Tom Hvitved
884d3b2ff4 Ruby: Introduce With(out)Element MaD input tokens 2022-05-11 15:17:27 +02:00
Tom Hvitved
333780e635 Merge pull request #8898 from hvitved/dataflow/clear-expect-summary-components 
Data flow: Introduce 'with/without content' summary components
 2022-05-11 15:16:42 +02:00
Ian Lynagh
c0a755e061 Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge 
Resolving conflicts:
	java/ql/lib/semmle/code/java/Expr.qll
 2022-05-11 14:13:09 +01:00
Rasmus Wriedt Larsen
044829c3bb Python: Add @security-severity to py/pam-auth-bypass 
The value 8.1 was calculated by our internal tool. This corresponds to a
'High' severity, which from my gut feeling seems reasonable for
authorization bypass.
 2022-05-11 14:57:21 +02:00
Geoffrey White
94e190c63a C++: getClassAndName. 2022-05-11 13:47:51 +01:00
Rasmus Wriedt Larsen
46f309c373 Merge pull request #6360 from jorgectf/jorgectf/python/insecure-cookie 
Python: Add cookie security-related queries
 2022-05-11 14:47:11 +02:00
Paolo Tranquilli
a46582d7d5 Swift: replace friend in TrapLabel with unsafeCreateFromExplicitId 2022-05-11 14:42:55 +02:00
Henry Mercer
b6f1ddcdab Java: Tag telemetry queries with telemetry 
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
 2022-05-11 13:29:25 +01:00
Henry Mercer
cdd6e0e104 C#: Tag telemetry queries with telemetry 
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
 2022-05-11 13:27:49 +01:00
Rasmus Wriedt Larsen
cff950f5f7 Python: Fix select of py/insecure-cookie 2022-05-11 14:06:30 +02:00
Rasmus Wriedt Larsen
0956d506de Python: Actually promote py/pam-auth-bypass 
🤦
 2022-05-11 13:44:47 +02:00
Anders Schack-Mulligen
9a4d86e9b4 Merge pull request #8571 from Marcono1234/marcono1234/statement-expression 
Java: Add `ValueDiscardingExpr`
 2022-05-11 13:37:24 +02:00
Rasmus Wriedt Larsen
fc8633cc01 Python: Fix select for py/cookie-injection 2022-05-11 13:18:14 +02:00
Chris Smowton
0044326884 Add change note 2022-05-11 12:06:27 +01:00
Chris Smowton
d9e7d34e03 Merge pull request #735 from github/smowton/admin/generics-change-note 
Add change note announcing generics support
 2022-05-11 12:06:09 +01:00
Chris Smowton
c17ef42cc7 Insecure cookie query: accept ServletRequest.isSecure(), and allow more than one possible input to a setSecure(...) call. 2022-05-11 11:59:37 +01:00
luchua-bc
f85c01c975 Correct string source 2022-05-11 10:37:22 +00:00
Paolo Tranquilli
e679612a5a Swift: move most of TrapArena to TrapFile 2022-05-11 12:32:14 +02:00
Chris Smowton
1af0e9b619 Servlets.qll: don't use deprecated library visiblity modifier. 2022-05-11 11:31:14 +01:00
Geoffrey White
f27c2f3031 C++: Fix more capitalization. 2022-05-11 11:27:57 +01:00
Arthur Baars
e1e13b599a Fix CFG 2022-05-11 12:09:17 +02:00
Geoffrey White
00f7453fcb C++: Fix capitalization. 2022-05-11 11:08:03 +01:00
Arthur Baars
d91b1891f1 Add change note 2022-05-11 12:06:08 +02:00