codeql

mirror of https://github.com/github/codeql.git synced 2026-01-21 18:34:46 +01:00

Author	SHA1	Message	Date
Alex Ford	594812640e	Merge pull request #10746 from alexrford/ruby/activejob-deserialize Ruby: Add `ActiveJob::Serializers.deserialize` as a code execution sink	2022-10-13 15:36:45 +01:00
Geoffrey White	ce5631e7cb	Swift: Complete the rename.	2022-10-13 15:22:36 +01:00
Geoffrey White	12cb099376	Swift: Rename to match other languages (except Java).	2022-10-13 15:21:39 +01:00
Geoffrey White	398b2a392f	Swift: Add more test variants.	2022-10-13 15:13:29 +01:00
Paolo Tranquilli	81628f595c	Merge branch 'main' into redsun82/cmake-generator-prototype	2022-10-13 15:55:50 +02:00
Arthur Baars	9abd599024	Ruby: treat Faraday#run_request as remote source	2022-10-13 15:44:21 +02:00
Paolo Tranquilli	b8b6b254bb	Swift: cmake generator for better IDE support A cmake generator in bazel is introduced allowing to import the Swift extractor as a CMake project while keeping Bazel files as the source of truth for the build. Using the CMake project: * requires bazel and clang to be installed and available on the command line * does not require a previous bazel build, however * will require a CMake reconfiguration for changes to generated code (like changes to the schema)	2022-10-13 15:25:24 +02:00
Alvaro Muñoz	744cea9baa	add tests	2022-10-13 15:19:29 +02:00
Anders Schack-Mulligen	ad8f0fc1dd	Java: Address review comments.	2022-10-13 14:55:55 +02:00
Anders Schack-Mulligen	f1634d3dca	Dataflow: Add support for C#/Python/Ruby/Swift.	2022-10-13 14:29:27 +02:00
Anders Schack-Mulligen	69bf13b1d4	Dataflow: Sync.	2022-10-13 14:19:12 +02:00
Anders Schack-Mulligen	2848909450	Dataflow: Add support for synthetic global fields in MaD.	2022-10-13 14:18:13 +02:00
Erik Krogh Kristensen	3a1a94b8af	Merge pull request #10798 from erik-krogh/matchCaseReg Rb: add case-when expressions as a sink to rb/polynomial-redos	2022-10-13 13:55:42 +02:00
Arthur Baars	6ea2b87224	Merge pull request #10811 from aibaars/silence-warning Ruby: remove warning	2022-10-13 13:38:25 +02:00
Tom Hvitved	758494b10a	Merge pull request #10790 from hvitved/csharp/avoid-get-a-reachable-read C#: Deprecate `AssignableRead::getAReachableRead`	2022-10-13 13:25:01 +02:00
Tom Hvitved	19e3d7cdb2	Merge pull request #10769 from hvitved/csharp/cil-ssa-data-flow-nodes C#: Include CIL SSA definitions in `DataFlow::Node`	2022-10-13 13:24:44 +02:00
Anders Schack-Mulligen	d79a7e863a	Merge pull request #10806 from aschackmull/dataflow/additional Dataflow: Add additional annotation.	2022-10-13 13:02:48 +02:00
Arthur Baars	16b035600e	Ruby: remove warning	2022-10-13 13:01:06 +02:00
Calum Grant	8305a634fa	Update Ruby frameworks	2022-10-13 11:50:30 +01:00
sylwia-budzynska	fec3ab7e01	Update Frameworks.qll	2022-10-13 12:46:20 +02:00
Calum Grant	7db37d9201	Update supported Ruby version	2022-10-13 11:46:14 +01:00
Sylwia Budzynska	5f737c82a4	Resolve confilct	2022-10-13 12:43:47 +02:00
Alex Ford	a65850e922	Merge pull request #10784 from alexrford/ruby/pathname-existence Ruby: model `Pathname#existence` extension from `ActiveSupport`	2022-10-13 11:38:22 +01:00
Sylwia Budzynska	646c9b559b	Add tests	2022-10-13 12:36:57 +02:00
Sylwia Budzynska	e41d79e37d	Add python cx_oracle, phoenixdb, pyodbc models	2022-10-13 12:36:41 +02:00
erik-krogh	3a3a5aa17c	add case-in as a sink for polynomial-redos	2022-10-13 12:36:07 +02:00
Alvaro Muñoz	468628525e	Change to camelcase	2022-10-13 12:18:07 +02:00
Alvaro Muñoz	ea8edb8408	initial tests	2022-10-13 11:32:21 +02:00
Anders Schack-Mulligen	30a891c2e7	Java: Fix compilation errors.	2022-10-13 11:19:57 +02:00
Anders Schack-Mulligen	51dfb319f5	Java: autoformat	2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen	ac3379657d	Java: qldoc fix and changenote.	2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen	5b8fa3f8f9	Java: Add test for Stream.collect.	2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen	8c7b6d6f20	Java: Add support for synthetic callables with flow summaries and model Stream.collect.	2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen	036724ce8d	Dataflow: Sync.	2022-10-13 11:03:30 +02:00
Anders Schack-Mulligen	c4915b27e7	Dataflow: Add additional annotation.	2022-10-13 11:03:08 +02:00
Tamás Vajk	6c781b5b1a	Merge pull request #10789 from tamasvajk/kotlin-useless-params Kotlin: reduce FPs in useless parameter check for Kotlin code	2022-10-13 09:40:54 +02:00
Jami Cogswell	e0f0d554cb	condense code	2022-10-12 22:18:07 -04:00
Harry Maclean	a3c14f7f46	Update test	2022-10-13 13:57:28 +13:00
Harry Maclean	8e55e62b15	Ruby: Add change note	2022-10-13 13:24:16 +13:00
Harry Maclean	4686718630	Ruby: Add kind to Http::Server::RequestInputAccess Like in JS, this describes whether the input came from the request URL, body, parameters, headers or cookie. Only some of these are relevant for UrlRedirect and ReflectedXSS queries.	2022-10-13 13:24:16 +13:00
Harry Maclean	9eff4936cf	Ruby: Restrict request methods to user-controlled	2022-10-13 13:24:16 +13:00
Harry Maclean	ad464abde2	Ruby: Model more params accesses	2022-10-13 13:24:16 +13:00
Erik Krogh Kristensen	10aab81f42	Merge pull request #10799 from jsoref/spelling-nfautils ReDoS: Spelling nfautils	2022-10-12 23:09:06 +02:00
Jami Cogswell	bcb506b637	add placeholder qldocs	2022-10-12 17:04:51 -04:00
Jami Cogswell	bfbb6db436	clean up code	2022-10-12 16:58:34 -04:00
Jami Cogswell	37d85587e0	refactor code into InsufficientKeySize.qll	2022-10-12 15:39:57 -04:00
Henry Mercer	c3af41b907	Merge pull request #10781 from github/codeql-ci/js/ml-powered-pack-release-0.3.5 JS: Bump version numbers of ML-powered packs after 0.3.5 release	2022-10-12 20:20:31 +01:00
Josh Soref	09c8a98761	spelling: representation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-12 15:20:26 -04:00
Josh Soref	bb1ce8973a	spelling: repeatable Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-12 15:20:24 -04:00
Josh Soref	adb8860b9b	spelling: pattern Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-12 15:20:24 -04:00

... 72 73 74 75 76 ...

48840 Commits