hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-15 23:44:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,680 Branches 158 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
4b8575bfc3 C++: Simplify the query slightly. 2022-12-07 15:35:45 +00:00
Arthur Baars
898a4006b0 Merge pull request #10747 from aibaars/ruby-more-flow 
Ruby: also treat included/prepended modules as subclasses
 2022-12-07 15:49:00 +01:00
Geoffrey White
b3d838d678 C++: Define the sources more clearly and consistently (fixes performance issue). 2022-12-07 14:45:39 +00:00
Chris Smowton
9f9a51685b Merge pull request #11510 from smowton/smowton/fix/kotlin-populate-source-class-files 
Kotlin: stub trap .class files when extracting a class from Kotlin source
 2022-12-07 14:33:42 +00:00
Edward Minnix III
170c9af9e8 Merge pull request #11238 from egregius313/egregius313/webview-setjavascriptenabled 
Java: Query for detecting enabling Javascript in Android WebSettings
 2022-12-07 09:31:58 -05:00
Arthur Baars
d862972d5e Ruby: Add use-use stress test 2022-12-07 15:28:51 +01:00
Arthur Baars
d5f4340cf5 Ruby: address comment 2022-12-07 15:28:50 +01:00
Arthur Baars
f11f2cb1a0 Ruby: Update tests 2022-12-07 15:28:50 +01:00
Arthur Baars
2131b0f116 Ruby: Include SSA "phi reads" in DataFlow::Node 2022-12-07 15:28:48 +01:00
Michael Nebel
468b05ccda C#: Expressions of type Span<char> and ReadOnlySpan<char> can be matched against constant strings. 2022-12-07 14:31:51 +01:00
Mathias Vorreiter Pedersen
135c820a32 Merge pull request #11592 from github/redsun82/swift-fix-get-number-of 
Swift: fix generated `getNumberOf`
 2022-12-07 13:24:09 +00:00
retanoj
9cfeaeb18e Merge branch 'main' into MybatisSqli 2022-12-07 21:19:08 +08:00
erik-krogh
9ef4f12261 add change-note 2022-12-07 14:12:43 +01:00
erik-krogh
8ab31bbe1c have getMethodName return the method being called for super-calls 2022-12-07 14:09:36 +01:00
Jami
5e694b5983 Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes 
Share encryption key sizes between Java and Python
 2022-12-07 08:08:24 -05:00
Paolo Tranquilli
ef348453fe Swift: accept new, correct test result on TypeTuple::getNumberOfTypes 2022-12-07 13:46:51 +01:00
Paolo Tranquilli
194c99c513 Swift: fix getNumberOf predicate 2022-12-07 13:46:51 +01:00
Paolo Tranquilli
23626f2c69 Swift: add TupleType test 2022-12-07 13:46:51 +01:00
Paolo Tranquilli
9b89ded908 Swift: accept test changes 2022-12-07 13:46:51 +01:00
Paolo Tranquilli
d39f37540e Swift: add has and getNumberOf properties to generated tests 2022-12-07 13:46:51 +01:00
Michael Nebel
2d9975d73f C#: nint/System.IntPtr and nuint/System.UIntPtr are indistinguishable by the extractor. 2022-12-07 13:45:23 +01:00
Jeroen Ketema
01d8ad98f6 C++: Model secure_getenv and _wgetenv as local flow sources 2022-12-07 13:37:12 +01:00
erik-krogh
ee8e0188a6 remove redundant call, the charpred ensures it always holds 2022-12-07 13:23:18 +01:00
erik-krogh
360a99f026 delete getKernelMethod and don't special-case the methodName on super-calls in the Kernel model 2022-12-07 13:14:48 +01:00
Chris Smowton
c526020fd4 Note TODO re: re-enabling suspend function Java interop testing 2022-12-07 11:51:48 +00:00
Chris Smowton
ecbb96ffc1 Remove no-longer-needed diagnostic expectations 2022-12-07 11:50:41 +00:00
Jeroen Ketema
2c08b95430 Merge pull request #11434 from jketema/deprecate-default-taint-tracking 
C++: Deprecate `DefaultTaintTracking` and `TaintTrackingImpl`
 2022-12-07 12:41:04 +01:00
Tony Torralba
cabce5fb36 Merge pull request #11549 from mbaluda/mbaluda/insecure-cookie 
Java: Support interprocedural setting of cookie security
 2022-12-07 12:14:46 +01:00
Tony Torralba
321a2f5a73 Merge pull request #11550 from atorralba/atorralba/kotlin/adapt-path-sanitizer 
Kotlin: Adapt PathSanitizer
 2022-12-07 12:08:00 +01:00
Anders Schack-Mulligen
f17f19c821 Java: Switch to qualified imports. 2022-12-07 11:41:32 +01:00
Asger F
fcdb2fa03f JS: Remove MaD models from .qll files 2022-12-07 11:35:13 +01:00
Asger F
d8e566a50e Add data-extension files 2022-12-07 11:35:13 +01:00
Asger F
5af1b367c7 Support data extensions 2022-12-07 11:35:05 +01:00
Owen Mansel-Chan
2ed8d5d798 Merge pull request #11288 from pwntester/new_sudo_like_argument 
Golang: add `rsync` as a program capable of arbitrary shell command execution
 2022-12-07 10:20:49 +00:00
Tony Torralba
6dcc0cc188 Further simplification 2022-12-07 10:50:23 +01:00
Alvaro Muñoz
af015d3d30 restoring previous casts to avoid super type ambiguity 2022-12-07 10:39:58 +01:00
Tony Torralba
ccd465d669 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-12-07 10:38:33 +01:00
Alvaro Muñoz
407df37a74 Add feedback from Code review 2022-12-07 10:36:44 +01:00
Tony Torralba
2f622ad72c Refactor by introducing helper predicates 2022-12-07 10:31:54 +01:00
Alvaro Muñoz
3e92b4c596 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-12-07 10:29:29 +01:00
erik-krogh
52c0afa03f change getMethodName to getKernelMethod in other files 2022-12-07 10:27:35 +01:00
Tony Torralba
85b2642a5e Extraction discrepancy fixed in kotlinc 1.7.21 2022-12-07 09:57:31 +01:00
Tom Hvitved
51f11f19cc Merge pull request #11576 from ethanwilloner/main 
csharp: URI should be Uri in Owin.qll library.
 2022-12-07 09:34:51 +01:00
Alvaro Muñoz
49eedde58a Merge branch 'main' into new_sudo_like_argument 2022-12-07 09:31:17 +01:00
Asger F
afe7872838 Merge pull request #11565 from asgerf/js/rephined-variable-in-access-path 
JS: handle rephined variable in access path
 2022-12-07 09:26:38 +01:00
Michael Nebel
c1c0432c00 Merge pull request #11144 from michaelnebel/csharp/qualifiedname 
C#: Deprecate hasQualifiedName/1 and prepare for deprecating getQualifiedName/0.
 2022-12-07 09:16:38 +01:00
Ed Minnix
b6a59f0885 Java: Add support and tests for implicitly exported activity aliases 2022-12-06 23:11:48 -05:00
Ed Minnix
1472335c2e Abbreviated change note in changelog entry for activity-alias 2022-12-06 23:11:48 -05:00
Ed Minnix
2255b0d96a Modify getAndroidComponentXmlElement to handle activity-alias 
Since aliases have both the `name` and `targetActivity` attributes, we
should check all identifying attributes in order to add
`<activity-alias>` elements as dataflow sources.
 2022-12-06 23:11:48 -05:00
Ed Minnix
4620db0fe9 Activity alias: formatting changes suggested by Actions 2022-12-06 23:11:48 -05:00