hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,688 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
2afb4abaa2 Merge pull request #10094 from hvitved/csharp/redundant-override 
C#: Remove redundant override
 2022-08-18 15:17:20 +02:00
Tom Hvitved
d68f817e53 Merge pull request #10098 from hvitved/ql/redundant-override 
QL: Add redundant overrides query
 2022-08-18 15:13:35 +02:00
erik-krogh
26fcf6b25b apply suggestions from review 2022-08-18 15:00:57 +02:00
Tom Hvitved
e5911df697 QL: Add redundant overrides query 2022-08-18 14:59:04 +02:00
Rasmus Wriedt Larsen
47c9c5bddd Ruby: Update RequestWithoutValidation.ql to match Python version 
No library modeling currently has support for the new disablesCertificateValidation/2, so only the alert text has changed

(removed an import from Python so the queries would ACTUALLY match)
 2022-08-18 14:32:41 +02:00
Mathias Vorreiter Pedersen
5704995b62 C++: Fix joins in 'cpp/using-expired-stack-address'. 2022-08-18 13:23:39 +01:00
Chris Smowton
72009f8614 Merge pull request #10085 from smowton/smowton/fix/dont-use-write-instruction-for-channel-flow 
Go: don't use WriteNode for channel writes
 2022-08-18 12:47:55 +01:00
Rasmus Wriedt Larsen
4a82025087 Ruby: Base HTTP::Client::Request on shared concept 
Fixing up deprecation errors in next commit
 2022-08-18 13:42:53 +02:00
Rasmus Wriedt Larsen
e2b78df5ad Ruby: Change HTTP::Client::Request to have DataFlow::Node as base class 
Although this is a breaking change, as explained in the change-note, it
should onyl affect peopel that have created their own HTTP client
request modeling, which I assume is none.

The alternative would have been to keep the old class/module as
deprecated, and introduce a `HTTP::Client::Requestv2` class/module that
is based on `DataFlow::Node` instead. The old class could then be
deprecated in 1 year, and we could do a rename from
`HTTP::Client::Requestv2` -> `HTTP::Client::Request` at the same time.
(and then wait 1 more year before being able to delete
`HTTP::Client::Requestv2`)

All in all, I think this is the right tradeoff, given that CodeQL Ruby
is still in beta.
 2022-08-18 13:42:52 +02:00
Rasmus Wriedt Larsen
e6b4d12f94 Sync ConceptsShared 2022-08-18 13:42:52 +02:00
Rasmus Wriedt Larsen
635fd1902d Python: Move HTTP::Client::Request to shared concepts 
New shared concepts uses correct casing of HTTP according to our
style-guide.
 2022-08-18 13:42:52 +02:00
Rasmus Wriedt Larsen
9d96b73b8b Ruby: Fixup test annotation 2022-08-18 13:42:49 +02:00
Tom Hvitved
ece37d80f0 C#: Remove redundant override 2022-08-18 13:13:06 +02:00
Tamás Vajk
ad1cb8f8c7 Merge pull request #10065 from tamasvajk/kotlin-1.7.20-Beta 
Kotlin: Add support for version 1.7.20-Beta
 2022-08-18 12:17:10 +02:00
Tom Hvitved
08a5b5dc73 Merge pull request #10089 from hvitved/ruby/local-source-nodes 
Ruby: Reduce size of `isLocalSourceNode`
 2022-08-18 12:02:35 +02:00
Tom Hvitved
e949458add Merge pull request #10066 from hvitved/csharp/underlying-as-callable 
C#: Include both source code and hand-written summaries in data flow
 2022-08-18 12:01:49 +02:00
Asger F
349331d6ca Merge pull request #10082 from asgerf/js/exports-handling2 
JS: Handle nested conditions in "exports" section
 2022-08-18 11:10:59 +02:00
Nick Rolfe
a46e2b3f2f Merge pull request #10056 from hmac/hmac/action-controller-response-body 
Ruby: Recognise Rails render calls as HTTP responses
 2022-08-18 10:02:17 +01:00
Tom Hvitved
682986c0a2 Merge pull request #10087 from hvitved/ruby/unknown-member-warning 
Ruby: Get rid of warning in `getUnknownMember`
 2022-08-18 10:50:24 +02:00
erik-krogh
9e7c0c6ab9 revert changing imports in java/ 2022-08-18 10:19:12 +02:00
Anders Schack-Mulligen
07e0bd3ce1 Merge pull request #10083 from aschackmull/java/sensitivelog-barrier 
Java: Add some type-based sanitizers to SensitiveInfoLog.ql.
 2022-08-18 10:18:33 +02:00
erik-krogh
de3e1c39e4 use the shared regular expression libraries in js/case-sensitive-middleware-path 2022-08-18 10:07:55 +02:00
erik-krogh
473bc92e2d move the PrefixConstruction module out of the ReDoSPruning module 2022-08-18 10:07:48 +02:00
Tom Hvitved
93830f43cc Address review comment 2022-08-18 10:06:26 +02:00
Tom Hvitved
baa646e102 Ruby: Remove unused UnknownMember from API graphs 2022-08-18 09:40:02 +02:00
Anders Schack-Mulligen
37e5f0438c Java: Add change note. 2022-08-18 09:19:32 +02:00
Tamas Vajk
fb9a34851a Apply code review changes 2022-08-18 09:01:10 +02:00
erik-krogh
4bc10f9b5c explicitly import required frameworks that were previously implicitly imported 2022-08-18 08:40:46 +02:00
Harry Maclean
8f370b2457 Update ruby/ql/lib/change-notes/2022-08-16-action-controller-response-body.md 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-08-18 10:03:52 +12:00
Harry Maclean
70ec70940a Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization 2022-08-18 10:02:39 +12:00
erik-krogh
d96dca4f5e fix typo 2022-08-17 22:59:16 +02:00
erik-krogh
7850ab2dcc rename badlangs to otherlangs 2022-08-17 22:58:58 +02:00
erik-krogh
cb110ba266 this is an odd commit 2022-08-17 22:57:27 +02:00
erik-krogh
f738567f96 refactor some code out into a helper class QueryDoc 2022-08-17 22:56:46 +02:00
intrigus-lgtm
f978951cbe Explain command substitution 2022-08-17 22:30:43 +02:00
Philip Ginsbach
e8a1925e9c add reference file for signatures 2022-08-17 20:44:00 +01:00
Philip Ginsbach
6c08542278 add "Parameterised modules" section to documentation of modules 2022-08-17 20:43:59 +01:00
Erik Krogh Kristensen
e93ff8672c Merge pull request #10075 from erik-krogh/depOld 
delete old deprecations
 2022-08-17 21:21:57 +02:00
yoff
78756bdc6a Merge pull request #9859 from tausbn/python-fix-another-bad-value-transfer-join 2022-08-17 20:47:00 +02:00
Chris Smowton
3802deab70 Adjust test expectations re: reformatting 2022-08-17 17:31:27 +01:00
Chris Smowton
e33ddbdcfd Format go 2022-08-17 16:42:06 +01:00
Tom Hvitved
ed2ec1acc0 Ruby: Reduce size of isLocalSourceNode 2022-08-17 17:19:30 +02:00
Tom Hvitved
c307a12c20 Ruby: Get rid of warning in getUnknownMember 2022-08-17 16:22:11 +02:00
Alex Ford
d4d6657cb7 Merge pull request #10008 from alexrford/rb/log-injection 
Ruby: Add `rb/log-injection` query
 2022-08-17 15:01:22 +01:00
Taus
1c15fc5600 Python: Define Str as an alias of StrConst 2022-08-17 13:36:32 +00:00
erik-krogh
6b9f01535b change All to Most in the change-notes 2022-08-17 15:34:57 +02:00
Chris Smowton
077bae55fe Go: don't use WriteNode for channel writes 
I overlooked the fact that this has a WriteInstruction, which wasn't bound in the channel-write case, but somehow the evaluator discarded the implied cartesian product until last night's performance evaluation.

Rather than try to cram channel writes into WriteInstruction, just handle them as their own beast.
 2022-08-17 14:27:16 +01:00
Anders Schack-Mulligen
f6eccd390e Java: Move sink-constraints into the configuration. 2022-08-17 15:06:55 +02:00
Tamas Vajk
5d01653371 Fix gradle exclude list after the version number changes 2022-08-17 15:03:37 +02:00
Mathias Vorreiter Pedersen
1eb0f6a12e Merge pull request #10081 from erik-krogh/desugar 
add desugered to the typo database
 2022-08-17 13:56:59 +01:00