hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 01:14:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,679 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
9c8bbe384b Swift: Add Location.toString. 2022-10-17 12:48:17 +01:00
Paolo Tranquilli
c3968a2166 Merge pull request #10854 from github/redsun82/swift-extract-implicit-conversions 
Swift: extract all `ImplicitConversionExpr`
 2022-10-17 13:46:10 +02:00
Geoffrey White
4d0c23c4da Swift: Add a test of Location.qll. 2022-10-17 12:45:26 +01:00
Chris Smowton
efd7b6e692 Use isFunction 2022-10-17 12:27:58 +01:00
Arthur Baars
f7ff2cdc0d Merge branch 'main' into actiondispatch-response 2022-10-17 13:22:17 +02:00
erik-krogh
d4919d04ba add a taint-step for format-calls 2022-10-17 13:16:38 +02:00
erik-krogh
f222cc1f3e refactor the existing taint-step for string interpolation into StringFormatters.qll 2022-10-17 13:16:38 +02:00
erik-krogh
6de1abcb0e add a returnsFormatted predicate to the printf model, similar to the JS implementation 2022-10-17 13:16:38 +02:00
erik-krogh
a2b924bbdf move model of printf style calls to StringFormatters.qll 2022-10-17 13:16:34 +02:00
Paolo Tranquilli
789be9a1ad Swift: add ImplicitConversionExpr test 2022-10-17 12:57:44 +02:00
Karim Ali
bbc03a1578 add false negatives to the test case 2022-10-17 12:54:34 +02:00
Karim Ali
bb3bf64364 update example with both AES and Blowfish for better clarity 2022-10-17 12:54:34 +02:00
Karim Ali
b840a41222 fix typo in doc 2022-10-17 12:54:34 +02:00
Karim Ali
e942cfb98e fix typos in docs and in-code comments 2022-10-17 12:54:34 +02:00
Karim Ali
aef9645bd6 change use of toString() to getName() 2022-10-17 12:54:34 +02:00
Karim Ali
81e027f225 address QLDoc style comments 2022-10-17 12:54:34 +02:00
Karim Ali
d56c82ff75 add a query that detects hardcoded keys 2022-10-17 12:54:34 +02:00
Chris Smowton
be53ec9b42 Accept test changes 2022-10-17 11:48:22 +01:00
Chris Smowton
f9d65e42dd Use compiler-provided adapter functions when creating a function reference 2022-10-17 11:48:21 +01:00
Paolo Tranquilli
e4bcea708e Swift: extract all ImplicitConversionExpr 
In order to do so, `VisitorBase` was changed to allow writing one
`translate` function for an abstract class like
`ImplicitConversionExpr`.
 2022-10-17 12:47:05 +02:00
Chris Smowton
4c63237ed1 Add test checking argument <-> parameter matching, and fix superconstructor calls that were missing their argument. 2022-10-17 11:44:44 +01:00
Chris Smowton
8553266aae Allow specialised instances of anonymous classes 2022-10-17 11:27:05 +01:00
Chris Smowton
73f5dea51e Extract private members of specialised generic classes on demand 2022-10-17 11:27:04 +01:00
Chris Smowton
f1fd470f49 Merge pull request #10821 from smowton/smowton/fix/kotlin-property-ref-to-sam-interface 
Kotlin SAM conversion: tolerate property refs used to implement a SAM interface
 2022-10-17 11:25:24 +01:00
Geoffrey White
2b3ab180fa Merge pull request #10077 from intrigus-lgtm/cpp/wexpand-commmand-injection 
Add query for tainted `wordexp` calls.
 2022-10-17 11:18:38 +01:00
erik-krogh
dbf2673a91 add returnsFormatted predicate to PrintfStyleCall (similar to JS) 2022-10-17 12:15:31 +02:00
erik-krogh
46627a737e add an AdditionalTaintStep class for Ruby 2022-10-17 12:15:30 +02:00
Erik Krogh Kristensen
71135da7ff Merge pull request #10768 from erik-krogh/fixFileLoops 
JS: fix that js/file-system-race could have FPs related to loops
 2022-10-17 12:01:55 +02:00
Tony Torralba
81d38132cf Fix test expectations 2022-10-17 12:00:51 +02:00
Alex Denisov
dde51d3045 Swift: do not rely on CFStringGetLength 2022-10-17 11:46:07 +02:00
Taus
fa2faeb77b Merge pull request #10802 from jsoref/spelling-python 
Spelling python
 2022-10-17 11:33:27 +02:00
Tony Torralba
1e4850044c Increase precision of the URL(string:relativeTo:) models 2022-10-17 11:29:30 +02:00
Alex Denisov
0521855755 Swift: split Xcode autobuild 2022-10-17 11:24:20 +02:00
Jeroen Ketema
720efd62b0 Merge pull request #10825 from jsoref/spelling-cpp 
Spelling cpp
 2022-10-17 10:42:53 +02:00
Rasmus Lerchedahl Petersen
2a56fb5a21 python: expand TODO 2022-10-17 10:23:55 +02:00
Rasmus Lerchedahl Petersen
c4271c1125 Python: add TODO comments 2022-10-17 10:22:47 +02:00
Tony Torralba
a540aaa35b Address alert message style violation 2022-10-17 10:22:31 +02:00
Tony Torralba
434a2a9f5d Improve qhelp example text 2022-10-17 10:19:40 +02:00
Alex Denisov
f3ed54e7ba Swift: only run Xcode autobuilder on macOS 2022-10-17 10:14:06 +02:00
Tony Torralba
c909b8824c Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-17 10:12:56 +02:00
Erik Krogh Kristensen
122d188f1d Merge pull request #10832 from erik-krogh/passRb 
RB: add model for the `Digest` and `OpenSSL::Digest` modules
 2022-10-17 10:02:33 +02:00
Tamás Vajk
85fbf4b965 Merge pull request #10767 from tamasvajk/kotlin-prop-ref-fix 
Kotlin: adjust extracted property reference base class
 2022-10-17 09:40:03 +02:00
erik-krogh
191efdf6e0 replace getMethod("new").getReturn() with getInstance() 2022-10-17 09:35:44 +02:00
Anders Schack-Mulligen
6ef5fac239 Merge pull request #10814 from aschackmull/dataflow/synth-global 
Dataflow: Add support for synthetic global fields in MaD.
 2022-10-17 08:34:26 +02:00
Arthur Baars
dbee26ecde Merge pull request #10850 from hmac/fix-self-test 
Ruby: Update test fixture
 2022-10-17 07:23:51 +02:00
Harry Maclean
aa6c433529 Ruby: Update test fixture 
This change is due to a8fdda65fb.
 2022-10-17 09:44:32 +13:00
Harry Maclean
eddb8493d8 Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-10-17 09:34:44 +13:00
Harry Maclean
0e6322d673 Ruby: Restrict XSS header sinks 
Not all header writes are relevant to XSS. Restrict these to just
content-type and access-control-allow-origin.
 2022-10-17 09:34:44 +13:00
Harry Maclean
8ae86cf443 Ruby: Consider header writes as XSS sinks 2022-10-17 08:17:37 +13:00
Harry Maclean
545222d1e9 Ruby: Add change note 2022-10-17 08:17:37 +13:00