hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,689 Branches 160 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
debebb2b8c rewrite the qhelp for js/insecure-dependency 2022-01-21 10:41:08 +01:00
Tom Hvitved
f9b906d1e2 C#: Update uses of RequiredSummaryComponentStack 2022-01-21 09:42:16 +01:00
Tom Hvitved
cba733136c Data flow: Sync 2022-01-21 09:42:16 +01:00
Tom Hvitved
f1a2b21e44 Data flow: Restructure RequiredSummaryComponentStack 2022-01-21 09:42:16 +01:00
Rasmus Lerchedahl Petersen
a5bc5373d0 python: Rewrite path injection to use flow state 
This removes the FP cause by chaining
This PR also removes `ChainedConfigs12.qll`,
as we hope to solve future problems via flow states.
 2022-01-21 09:26:48 +01:00
Tom Hvitved
aa9cfebc65 Ruby: Replace getValueText with getConstantValue 2022-01-21 09:19:19 +01:00
CodeQL CI
b02f1c87a1 Merge pull request #7679 from erik-krogh/ql-doc-style 
Approved by esbena
 2022-01-20 23:43:44 -08:00
CodeQL CI
2287b6e549 Merge pull request #7675 from erik-krogh/move-url-sink-to-customizations 
Approved by esbena
 2022-01-20 23:43:15 -08:00
Aditya Sharad
ccc6291844 Merge rc/3.3 into rc/3.4 
Conflicts in *-support.rst resolved in favour of rc/3.3, which has a new paragraph.
Enterprise version numbers updated to LGTM Enterprise 1.30 and CodeQL 2.7.6.
 2022-01-20 15:49:10 -08:00
Erik Krogh Kristensen
504e7a161d simplify an redundant any() expression 2022-01-20 22:34:26 +01:00
Erik Krogh Kristensen
99994eeeb1 use set literals instead of big disjunctions 2022-01-20 22:33:40 +01:00
Erik Krogh Kristensen
15c1ce722a Merge pull request #7678 from erik-krogh/use-set 
JS: use more set literals
 2022-01-20 21:03:48 +01:00
shati-patel
8fc429caf4 Emphasize use case for installing pack deps 2022-01-20 19:03:30 +00:00
Mathias Vorreiter Pedersen
bd1720f797 C++: Add change note. 2022-01-20 18:27:09 +00:00
Mathias Vorreiter Pedersen
e689f6bad2 C++: Use the IR for 'cpp/return-stack-allocated-memory'. 2022-01-20 18:22:49 +00:00
Tom Hvitved
cbea5eaeaa C#: Simplify argument/parameter positions for captured variables 2022-01-20 17:08:12 +01:00
Tony Torralba
6fe0b78978 Remove PendingIntentAsField step and add SliceProviderLifecycle step 2022-01-20 16:52:07 +01:00
Andrew Eisenberg
534f8999b6 Update docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-20 07:09:34 -08:00
Erik Krogh Kristensen
2bffe56580 update expected output 2022-01-20 16:06:57 +01:00
Erik Krogh Kristensen
3155114e36 use more set literals 2022-01-20 16:06:34 +01:00
Anders Schack-Mulligen
fede7dd238 Merge pull request #7676 from aschackmull/java/instanceaccessnode 
Java: Add data flow node encapsulating instance accesses.
 2022-01-20 15:40:21 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Erik Krogh Kristensen
5780161b2c fix most issues found by ql/class-doc-style in JS 2022-01-20 15:10:16 +01:00
Chris Smowton
38048399d3 Merge pull request #671 from owen-mc/misc-clean-ups 
Correct module name in file comment
 2022-01-20 14:00:46 +00:00
Alex Ford
9613ff743b Merge pull request #7611 from github/ruby/protect_from_forgery-without-exception 
Ruby: flag up `protect_from_forgery` calls without an exception strategy
 2022-01-20 13:45:30 +00:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Tony Torralba
29e87b3abd Merge pull request #6975 from atorralba/atorralba/android-intent-uri-permission-manipulation 
Java: CWE-266 - Query to detect Intent URI Permission Manipulation in Android applications
 2022-01-20 14:27:02 +01:00
Geoffrey White
b230681bc8 Merge pull request #7650 from geoffw0/clrtxt3 
C++: Improve cpp/cleartext-transmission
 2022-01-20 13:21:54 +00:00
Rasmus Wriedt Larsen
f53dce3a83 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-01-20 14:20:15 +01:00
Anders Schack-Mulligen
43da5aabbe Java: Add dataflow node encapsulating instance accesses. 2022-01-20 14:12:33 +01:00
Erik Krogh Kristensen
7167e856fe move electron sink to the customizations file 2022-01-20 14:07:23 +01:00
Owen Mansel-Chan
44641de91b Represent ReturnValue[n] correctly in test output 2022-01-20 13:06:35 +00:00
Owen Mansel-Chan
691bb97fdc Move ReturnValue[]-specific code to non-shared file 2022-01-20 13:06:35 +00:00
Erik Krogh Kristensen
548fb47603 JS: move ExternalArtifact.qll into lib/ folder to fix ql/db-type-outside-core 2022-01-20 14:00:57 +01:00
Erik Krogh Kristensen
9b69de8588 QL: add query detecting use of db-types outside the lib folder 2022-01-20 14:00:55 +01:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00
github-actions[bot]
c52caa6322 Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:04 +00:00
Tony Torralba
62f847a82e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-20 13:44:10 +01:00
Tony Torralba
3957ebe880 Fix bitwiseLocalTaintStep 2022-01-20 13:34:32 +01:00
Owen Mansel-Chan
54855113c4 Correct module name in file comment 2022-01-20 12:30:52 +00:00
Chris Smowton
de07035c27 Merge pull request #670 from github/smowton/admin/remove-committed-binary 
Delete accidentally committed binary file
 2022-01-20 12:28:01 +00:00
Tony Torralba
265f8a3b19 Make bitwise taintsteps specific for this query 2022-01-20 13:23:56 +01:00
Tony Torralba
4e9849e19d Refactor IntentFlagsOrDataCheckedGuard to avoid footgun 2022-01-20 13:23:55 +01:00
Tony Torralba
62c21918b2 Add QLDoc to guard and sanitizer 2022-01-20 13:23:54 +01:00
Tony Torralba
58a0bcd70f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-20 13:23:53 +01:00
Tony Torralba
8767d2db23 Don't capitalize the term content provider 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:52 +01:00
Tony Torralba
596cfd399e Improve description 2022-01-20 13:23:52 +01:00
Tony Torralba
ab560234e3 Update java/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:51 +01:00
Tony Torralba
3405db31b8 Add qhelp 2022-01-20 13:23:51 +01:00
Tony Torralba
6152c8a989 Add change note 2022-01-20 13:23:48 +01:00