hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 19:02:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,685 Branches 158 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
0f9b6d4a8b Kotlin: Add test cases for operators being called by name 2022-09-30 13:46:57 +02:00
erik-krogh
7098e7b102 change more queries to start with "This " 2022-09-30 13:29:18 +02:00
Nick Rolfe
ef8ec0878a Merge pull request #10641 from github/nickrolfe/a_an 
JS/Python/Ruby: s/a HTML/an HTML/
 2022-09-30 12:17:15 +01:00
CodeQL CI
b66e5c5aee Merge pull request #10634 from yoff/python/rewrite-typetrackers 
Approved by tausbn
 2022-09-30 03:55:35 -07:00
Nora Dimitrijević
9a94222dbe C++: Exclude commas from SwitchStmt.getExpr() 2022-09-30 12:32:03 +02:00
Nora Dimitrijević
4938de9185 C++: Fix docstring per suggestion 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-09-30 12:28:18 +02:00
Mathias Vorreiter Pedersen
fa12bd3cdf C++: Fix spelling. 2022-09-30 11:22:26 +01:00
Arthur Baars
c7b01975c1 Run QLHelp preview for all languages 2022-09-30 12:08:05 +02:00
Tamás Vajk
ee59bdab25 Merge pull request #10624 from tamasvajk/kotlin-java-fn-equivalence-remove 
Kotlin: find java-kotlin equivalent functions by erased parameter types
 2022-09-30 12:00:46 +02:00
Ian Lynagh
9be2ca2f1e Merge pull request #10630 from igfoo/igfoo/ver0 
Kotlin: Make newerThan symmetric
 2022-09-30 10:52:42 +01:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
Mathias Vorreiter Pedersen
483ff58c39 C++: Replace the giant list of predicate parameters with a module signature. 2022-09-30 10:36:03 +01:00
Henti Smith
476960e699 Merge pull request #10625 from github/henti/ql_jobrunson 
Added job.getRunsOn
 2022-09-30 10:19:14 +01:00
Mathias Vorreiter Pedersen
b0af4cba30 C++: Fix Code Scanning alert. 2022-09-30 10:05:45 +01:00
Mathias Vorreiter Pedersen
6d5de66e6a C++: Add QLDoc to the parameterized module components in 'Allocation.qll'. 2022-09-30 10:04:57 +01:00
Tony Torralba
585cbe2b95 Fix cartesian product 2022-09-30 10:47:22 +02:00
Erik Krogh Kristensen
06ea829537 Merge pull request #10636 from erik-krogh/fixHardcoded 
JS: recognize another kind of dummy passwords to fix an FP in hardcoded-credentials
 2022-09-30 10:42:01 +02:00
Henti Smith
074fac8f2f Ran autoformatter on Actions.qll 2022-09-30 09:24:12 +01:00
Michael Nebel
82294c1349 Merge pull request #10622 from michaelnebel/ruby/postupdateassignexpr 
Ruby: Postupdate notes for assignment expressions.
 2022-09-30 10:00:02 +02:00
Michael Nebel
c867f2ba5b Merge pull request #10594 from michaelnebel/csharp/postupdatenotes 
C#: Postupdate notes for ternary expressions.
 2022-09-30 09:56:21 +02:00
Harry Maclean
4a39bc8f47 Merge pull request #10598 from hmac/hmac/actioncontroller-metal 
Ruby: Identify ActionController::Metal controllers
 2022-09-30 13:07:03 +13:00
Nora Dimitrijević
c37c6a004e Merge branch 'main' into cpp/comma-before-misleading-indentation 2022-09-30 00:28:33 +02:00
Nora Dimitrijević
818be2765e C++: Add Change Note 2022-09-30 00:28:12 +02:00
Nora Dimitrijević
6eac4f52d9 C++: Accept Test Output 
Some tricky FPs are preserved in there.
 2022-09-30 00:13:23 +02:00
Nora Dimitrijević
a124dcf436 C++: Update QLDoc 
Arguably warning, not just recommendation; it may be a logic error.

TODO: What CWE/CVEs should I tag this with?
 2022-09-30 00:06:53 +02:00
Nora Dimitrijević
981a9798b8 C++: Update .qhelp with precision disclaimer. 2022-09-29 23:59:22 +02:00
Nora Dimitrijević
68b473377a C++: Fix QL-on-QL Redundant Cast warning 2022-09-29 23:19:49 +02:00
Nora Dimitrijević
2a046352ce C++: Simplify 2022-09-29 23:06:17 +02:00
erik-krogh
9f2d7dfb29 update expected output 2022-09-29 22:48:41 +02:00
Ed Minnix
2a2878fc7b Move text into paragraph tag 2022-09-29 16:33:22 -04:00
Ed Minnix
e3c0e6f52a Remove location link from alert message 
Follow the style suggestion from the github-code-scanning bot and remove
provider element from alert link
 2022-09-29 16:20:48 -04:00
Ed Minnix
90590429e3 Added change note for ContentProvider query 2022-09-29 16:17:52 -04:00
Robert Marsh
f17b563692 C++: handle interprocedural flows 
This currently copy-pastes some predicates from InvalidPointerDeref.ql.
Those should be moved to a library file in a followup
 2022-09-29 16:09:48 -04:00
Ed Minnix
29e34ac970 ContentProvider Incomplete Permissions Test Cases 2022-09-29 16:07:54 -04:00
erik-krogh
0a5ff1b79a recognize another kind of dummy passwords to fix an FP in hardcoded-credentials 2022-09-29 21:25:40 +02:00
yoff
8ab5617b51 Merge pull request #10539 from yoff/python/improve-API-graphs 
Python: add subscript to API graphs
 2022-09-29 21:05:22 +02:00
Mathias Vorreiter Pedersen
2a514d60d4 C++: Add 'isBarrierIn' to prevent path duplication. 2022-09-29 19:55:58 +01:00
Mathias Vorreiter Pedersen
d12a76559a C++: Use the new class in 'cpp/invalid-pointer-deref'. 2022-09-29 19:54:03 +01:00
Mathias Vorreiter Pedersen
a9710453f4 C++: Add class with heuristics to detect allocations. 2022-09-29 19:54:03 +01:00
Ed Minnix
f2bda1525a Revert "Android ContentProvider.openFile does not check mode initital commit" 
This reverts commit e37f62bb5e.

The MisconfiguedContentProviderUse.ql file provided a sample query which
will be useful in future checks for CVE-2021-41166, but is not needed
for the current manifest-focused check
 2022-09-29 14:43:18 -04:00
Rasmus Lerchedahl Petersen
84ab860600 python: rewrite type tracker for ldap operations 
There are several other clean ups I would like to do in this file,
but this can wait until we promote the query.
 2022-09-29 20:32:19 +02:00
Rasmus Lerchedahl Petersen
0654e39e72 python: rewrite type tracker for compiled regexes 
we have the option to use `regex.getAValueReachingSink`
rather than `regex.asSink`, but it will likely be used as a
sink for data flow.
 2022-09-29 20:30:29 +02:00
James Fletcher
7ffbc738fb Merge pull request #10632 from jf205/lgtm-updates 
Remove a mentions of LGTM.com from the README and style guides
 2022-09-29 19:29:32 +01:00
Ed Minnix
e72963986f Moved Android manifest incomplete permission logic into library 2022-09-29 14:06:18 -04:00
Ed Minnix
dedd29e1b3 Incomplete Android content provider permissions documentation 2022-09-29 14:05:18 -04:00
Robert Marsh
99d7512881 C++: tests for constant-size off-by-one query 2022-09-29 13:33:13 -04:00
Ian Lynagh
f1f205555a Kotlin: Add a ministdlib test 
This should make it easier to diagnose certain kinds of problems.
 2022-09-29 18:19:50 +01:00
Henry Mercer
35e9e7d233 Merge pull request #10613 from github/henrymercer/atm-update-expected-output 
ATM: Update expected test output
 2022-09-29 17:57:51 +01:00
Nora Dimitrijević
891bc342be C++: Fix another implicit/explicit this FP 2022-09-29 18:42:23 +02:00
James Fletcher
8f6de12785 Merge branch 'main' into lgtm-updates 2022-09-29 17:37:54 +01:00