hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 03:42:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,686 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
45fc1d5cdf Swift: fix version in integration tests 2022-09-20 12:51:48 +02:00
Chris Smowton
f826342112 Merge pull request #6246 from Marcono1234/marcono1234/annotation-improvements 
Java: Improve and add predicates and classes for annotations
 2022-09-20 11:48:29 +01:00
Rasmus Lerchedahl Petersen
9a7afa9d8d Python: more idiomatic cartesian product 2022-09-20 12:47:56 +02:00
erik-krogh
70eced62b6 delete unused predicate that couldn't be imported from outside the folder 2022-09-20 12:40:39 +02:00
erik-krogh
8eefa4c1b0 deprecate internal predicate that was never used 2022-09-20 12:39:41 +02:00
erik-krogh
bec381a1dc remove unused predicate from NfaUtilsSpecific.qll 2022-09-20 12:38:34 +02:00
Erik Krogh Kristensen
91f9e89e95 Merge pull request #10405 from erik-krogh/styleGuide 
update the style guide on alert-messages
 2022-09-20 12:13:32 +02:00
Erik Krogh Kristensen
cd71546915 Merge pull request #10475 from erik-krogh/go-unqueryable 
Go: Fix source/sanitizer class that were never used
 2022-09-20 12:12:33 +02:00
Erik Krogh Kristensen
d1e662dff4 Merge pull request #10472 from erik-krogh/rename 
JS: don't mention classes that don't exist in TaintTracking.qll
 2022-09-20 12:08:15 +02:00
Tony Torralba
4af29e6abf Update java/ql/src/Security/CWE/CWE-094/TemplateInjection.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:40 +02:00
Tony Torralba
4997f36f05 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:18 +02:00
Asger F
51618b46a8 Sync ApiGraphModels.qll 2022-09-20 11:47:37 +02:00
Chris Smowton
6b9d546eaf Merge pull request #10457 from github/smowton/fix/java-really-unique-fixedHasLocation 
Java: really return a unique location for non-source entities
 2022-09-20 10:46:45 +01:00
Mathias Vorreiter Pedersen
7c41219376 Merge pull request #10438 from MathiasVP/invalid-pointer-deref-query 
C++: Add a `cpp/invalid-pointer-deref` query to experimental
 2022-09-20 10:41:31 +01:00
Asger F
2fc5961b10 JS: Restrict where sub path edges are computed 2022-09-20 11:40:17 +02:00
Asger F
2c3d1de2c7 JS: Add change note 2022-09-20 11:40:17 +02:00
Asger F
0ec8c2f035 JS: fix spanner test 2022-09-20 11:40:17 +02:00
Asger F
b545bbb477 JS: Update NodeOfType test 2022-09-20 11:40:17 +02:00
Asger F
baa559e696 JS: Fix a hole in the sequelize-typescript typings 2022-09-20 11:40:17 +02:00
Asger F
47f1d62569 JS: Add generated typings to SQL models 2022-09-20 11:40:16 +02:00
Chris Smowton
14fa6d4487 Avoid deprecated Annotation.getAValue 2022-09-20 10:15:23 +01:00
AlexDenisov
addab0964f Merge pull request #10447 from github/alexdenisov/open-interception 
Swift: open(2) interception
 2022-09-20 10:47:58 +02:00
Paolo Tranquilli
9d3039f2b1 Swift: trigger workflows on bazel changes 
The `*.bazel*` trigger currently matches
* `.bazelrc`
* `.bazelversion`
* `WORKSPACE.bazel`
* `BUILD.bazel`

It will match `MODULE.bazel` as well when we add that.
 2022-09-20 10:44:16 +02:00
Alex Ford
7720d85c98 Ruby: use camelcase verion of Http module 2022-09-20 08:58:35 +01:00
Michael Nebel
eefe457c4b Merge pull request #10238 from michaelnebel/csharp/theoremsforfree 
C#: Theorems for Free - Model generation
 2022-09-20 09:30:10 +02:00
Alex Denisov
9401eda8da Swift: use http_archive instead of new_git_repository since it's faster 2022-09-20 08:38:27 +02:00
Alex Ford
52305da5a3 Ruby: move string getAQualifiedName() up to ConstantAccess 2022-09-19 21:03:05 +01:00
Alex Ford
d00c9ea2c8 Ruby: RBI library improvements, mostly for parameter types 2022-09-19 21:03:05 +01:00
Alex Ford
8d264e7e65 Ruby: add ConstanReadAcess#getAQualifiedName() predicate 2022-09-19 21:03:05 +01:00
Alex Ford
be1ac17a60 Merge branch 'main' into rb/sensitive-get-query 2022-09-19 20:57:20 +01:00
Andrew Eisenberg
714e95ea57 Merge pull request #10468 from github/aeisenberg/docs-redirect 2022-09-19 12:27:04 -07:00
Tom Hvitved
01a043ddbd Merge pull request #10464 from michaelnebel/csharp/remove-dotnet-run-support 
C#: Remove `dotnet run` support in LUA tracer.
 2022-09-19 20:25:54 +02:00
Ed Minnix
e37f62bb5e Android ContentProvider.openFile does not check mode initital commit 
Initial commit for work on a query finding instances where the `mode`
parameter of an override of the `openFile` method of the
`android.content.ContentProvider` class
 2022-09-19 10:32:02 -04:00
Ed Minnix
00891fa455 Android Manifest Incomplete provider permissions initial commit 
Initial work on checking provider elements in Android manifests for
complete permissions.
 2022-09-19 10:31:02 -04:00
Michael Nebel
6e3bc38acf C#: Fix minor issues in QL doc. 2022-09-19 16:03:50 +02:00
erik-krogh
0645b11cb1 ruby: remove unused predicate from NfaUtilsSpecific 2022-09-19 15:25:00 +02:00
erik-krogh
49d1e584a8 deprecate a source class that wasn't used anywhere 2022-09-19 15:07:18 +02:00
erik-krogh
f6ada6e022 use sanitizer class in the insecure-randomness query 2022-09-19 15:07:00 +02:00
Rasmus Wriedt Larsen
556e93ae68 Merge pull request #10384 from RasmusWL/callnode-getargbyname 
Python: Allow `CallNode.getArgByName` for keyword args after `**kwargs`
 2022-09-19 15:05:59 +02:00
yoff
f7cbcb2fef Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-19 14:52:18 +02:00
Rasmus Lerchedahl Petersen
6377e6c575 Python: move summary to Stdlib.qll 2022-09-19 14:36:36 +02:00
Rasmus Lerchedahl Petersen
f560719a88 Python: expand comment on flow summaries 2022-09-19 14:30:53 +02:00
Tom Hvitved
bb08e6f0fd Ruby: Three call graph fixes for singleton methods 2022-09-19 14:20:12 +02:00
Tom Hvitved
d13332cff1 Ruby: Add more call graph tests 2022-09-19 14:19:25 +02:00
Rasmus Lerchedahl Petersen
da39c14e46 Python: comment out SummarizedCallableFromModel 2022-09-19 14:06:21 +02:00
Rasmus Lerchedahl Petersen
37fb27fa1c Python: change type of LibraryCallable::getACall 
The other callables return control flow nodes,
so it is slightly inconsistent for this to return a
data flow node, but it does make models based
on API graphs nicer.
 2022-09-19 14:02:52 +02:00
Tamas Vajk
9a6b17df0e Kotlin: Add async-await dataflow test case 2022-09-19 13:38:48 +02:00
Tamas Vajk
85d883c647 Kotlin: add test to show suspend function inconsistency between source and bytecode extraction 2022-09-19 13:38:43 +02:00
erik-krogh
58851aefd6 don't mention classes that don't exist in TaintTracking.qll 2022-09-19 13:37:06 +02:00
Tamas Vajk
a6e44ed1cf Kotlin: extract suspend modifier and handle suspend SAM conversions 2022-09-19 13:36:28 +02:00