hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 11:52:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,686 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
c3320a3afe Apply suggestions from code review 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-09-14 08:21:58 +02:00
erik-krogh
88f1d2ae38 add qldocs to the ql/alert-message-style-violation query 2022-09-13 22:28:50 +02:00
Erik Krogh Kristensen
59c1ac2e8d Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2022-09-13 22:17:33 +02:00
erik-krogh
843fce4bcd expand localFieldStep to use access-paths, and build access-paths in more cases 2022-09-13 21:43:06 +02:00
erik-krogh
252394666c sync files 2022-09-13 20:44:05 +02:00
erik-krogh
e7aef17d30 don't report every non-ascii range in js/overly-large-range 2022-09-13 20:43:52 +02:00
James Fletcher
6debbc0d3e Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-09-13 19:22:15 +01:00
Tom Hvitved
74eb6b2b98 Merge pull request #10400 from hvitved/ruby/singleton-class-object-scope 
Ruby: Adjust the scope of singleton class targets
 2022-09-13 20:01:21 +02:00
Tom Hvitved
fe7d01ecbe Ruby: Update docs to reflect that import ruby is no longer used 2022-09-13 20:00:22 +02:00
Tom Hvitved
b477a4cc81 Ruby: Add missing QL docs 2022-09-13 20:00:22 +02:00
Tom Hvitved
007ab2b7ce Ruby: Do not expose AST layer through ruby.qll 2022-09-13 19:59:56 +02:00
Raul Garcia
7572414623 Merge branch 'main' into Token_validation 2022-09-13 10:47:26 -07:00
Ian Lynagh
f807b801ce Merge pull request #10401 from igfoo/igfoo/throw 
Kotlin: Remove a throw statement
 2022-09-13 17:41:31 +01:00
Raul Garcia
a27c427a4e Merge branch 'main' into Token_validation 2022-09-13 09:16:32 -07:00
Andrew Eisenberg
dbd5195fec Merge pull request #10344 from github/aeisenberg/registries-in-workspace 
Add information about the `registries` block in `codeql-workspace.yml`
 2022-09-13 08:54:30 -07:00
Tony Torralba
4708052741 Merge pull request #10408 from giper45/patch-1 
Updated vulnerable XSS.java version
 2022-09-13 17:50:47 +02:00
Raul Garcia
c63240d62c D:\Code\tokenv2\csharp\ql\src\experimental\Security Features\JsonWebTokenHandler\JsonWebTokenHandlerLib.qll 2022-09-13 08:48:53 -07:00
Raul Garcia
1c10456e65 Merge branch 'main' into Token_validation 2022-09-13 08:44:19 -07:00
Henry Mercer
af25cf8be2 Merge pull request #10409 from github/codeql-ci/js/ml-powered-pack-release-0.3.3 
JS: Bump version numbers of ML-powered packs after 0.3.3 release
 2022-09-13 16:23:37 +01:00
Tamás Vajk
84bd8f179b Merge pull request #10403 from tamasvajk/kotlin-rework-cast 
Kotlin: Code quality improvements: refactor a cast
 2022-09-13 17:09:13 +02:00
Andrew Eisenberg
996695dc6f Merge pull request #10367 from github/aeisenberg/packs-docs-changes-3.7 
Port Pack Docs changes to 3.7
 2022-09-13 08:06:34 -07:00
Ian Lynagh
6a63b86f8a Java: Member.getQualifiedName() tweaked 
It now includes the qualified name of the declaring type.
 2022-09-13 16:05:51 +01:00
Ian Lynagh
fc445736b2 Java: Use hasQualifiedName rather than getQualifiedName in ExternalAPIs 
It's more efficient, as it doesn't require building intermediate
strings.
 2022-09-13 15:58:00 +01:00
Rasmus Wriedt Larsen
2e95e25afb Merge pull request #10406 from RasmusWL/ruby-instanceof 
Ruby: Rewrite a few `::Range` uses to `instanceof`
 2022-09-13 16:57:13 +02:00
Tony Torralba
ac46a38b9d Update java/ql/src/Security/CWE/CWE-079/XSS.java 2022-09-13 16:49:20 +02:00
Tony Torralba
2b027709e4 Update XSS qhelp 2022-09-13 16:39:48 +02:00
AlexDenisov
aacc368228 Merge pull request #10399 from github/redsun82/swift-macos-arm 
Swift: print a helpful message on macOS ARM
 2022-09-13 16:24:38 +02:00
Henry Mercer
bc2de7ed4b Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.3 2022-09-13 15:15:56 +01:00
github-actions[bot]
b40def71b9 JS: Bump version of ML-powered library and query packs to 0.3.4 2022-09-13 14:11:16 +00:00
github-actions[bot]
e08e22ac32 JS: Bump patch version of ML-powered library and query packs 2022-09-13 14:06:57 +00:00
james
d782e6c37c fix broken anchor 2022-09-13 15:01:16 +01:00
gx1
1c4488e7c8 Updated vulnerable XSS.java version 2022-09-13 15:58:25 +02:00
Rasmus Wriedt Larsen
ca66a29b18 Go: Rewrite ::Range patterns to use instanceof 2022-09-13 15:48:17 +02:00
Tamas Vajk
2c757c714d Kotlin: Code quality improvements: refactor a cast 2022-09-13 15:44:54 +02:00
Rasmus Wriedt Larsen
511030df48 Ruby: Rewrite a few ::Range uses to instanceof 2022-09-13 15:44:29 +02:00
Rasmus Wriedt Larsen
6f5701f9c7 Go: Rewrite concepts to use extends ... instanceof ... 2022-09-13 15:36:16 +02:00
james
ff4b1ce913 fix indentation 2022-09-13 14:34:06 +01:00
erik-krogh
93a67101e7 add a QL-for-QL query highlighting some issues with alert-texts 2022-09-13 15:24:15 +02:00
erik-krogh
338aead8cc add more guidance to the style-guide about alert messages 2022-09-13 15:22:43 +02:00
james
4e582debfc mention compatibility with CLI used by GHES 2022-09-13 14:21:41 +01:00
Rasmus Wriedt Larsen
24d28e0482 Docs: Use instanceof in ::Range pattern description 
Had to change the example away from Go, since their libs have not been
updated to use `instanceof` yet (but I'll make a PR from them shortly)
 2022-09-13 15:21:15 +02:00
james
1fceeed32c address review comments 2022-09-13 13:53:05 +01:00
Ian Lynagh
2f8151d8d2 Kotlin: Remove a throw statement 
We have a way to carry on here, so we may as well do so
 2022-09-13 13:51:00 +01:00
Erik Krogh Kristensen
46751e515c Merge pull request #10388 from erik-krogh/exportNew 
JS: recognize returning an instance of a class as exporting that class
 2022-09-13 13:45:16 +02:00
Anders Schack-Mulligen
b8a1818422 Java: Fix test expectation. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
0e376b32d2 Java: extend typeflow tests to cover union types. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
d0f7052de2 Java: Support instanceof disjunction in union type flow. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
686e03e1cc Java: Fix perf issue. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
c8b93e0910 Java: Replace uses of deprecated variableTrack. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
a8eedce8ab Java: Replace ad-hoc variable tracking with union type flow in dispatch. 2022-09-13 13:30:40 +02:00