hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 17:34:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,683 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sylwia Budzynska
646c9b559b Add tests 2022-10-13 12:36:57 +02:00
Sylwia Budzynska
e41d79e37d Add python cx_oracle, phoenixdb, pyodbc models 2022-10-13 12:36:41 +02:00
erik-krogh
3a3a5aa17c add case-in as a sink for polynomial-redos 2022-10-13 12:36:07 +02:00
Alvaro Muñoz
468628525e Change to camelcase 2022-10-13 12:18:07 +02:00
Alvaro Muñoz
ea8edb8408 initial tests 2022-10-13 11:32:21 +02:00
Anders Schack-Mulligen
30a891c2e7 Java: Fix compilation errors. 2022-10-13 11:19:57 +02:00
Anders Schack-Mulligen
51dfb319f5 Java: autoformat 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
ac3379657d Java: qldoc fix and changenote. 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
5b8fa3f8f9 Java: Add test for Stream.collect. 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
8c7b6d6f20 Java: Add support for synthetic callables with flow summaries and model Stream.collect. 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
036724ce8d Dataflow: Sync. 2022-10-13 11:03:30 +02:00
Anders Schack-Mulligen
c4915b27e7 Dataflow: Add additional annotation. 2022-10-13 11:03:08 +02:00
Tamás Vajk
6c781b5b1a Merge pull request #10789 from tamasvajk/kotlin-useless-params 
Kotlin: reduce FPs in useless parameter check for Kotlin code
 2022-10-13 09:40:54 +02:00
Jami Cogswell
e0f0d554cb condense code 2022-10-12 22:18:07 -04:00
Harry Maclean
a3c14f7f46 Update test 2022-10-13 13:57:28 +13:00
Harry Maclean
8e55e62b15 Ruby: Add change note 2022-10-13 13:24:16 +13:00
Harry Maclean
4686718630 Ruby: Add kind to Http::Server::RequestInputAccess 
Like in JS, this describes whether the input came from the request URL,
body, parameters, headers or cookie. Only some of these are relevant for
UrlRedirect and ReflectedXSS queries.
 2022-10-13 13:24:16 +13:00
Harry Maclean
9eff4936cf Ruby: Restrict request methods to user-controlled 2022-10-13 13:24:16 +13:00
Harry Maclean
ad464abde2 Ruby: Model more params accesses 2022-10-13 13:24:16 +13:00
Erik Krogh Kristensen
10aab81f42 Merge pull request #10799 from jsoref/spelling-nfautils 
ReDoS: Spelling nfautils
 2022-10-12 23:09:06 +02:00
Jami Cogswell
bcb506b637 add placeholder qldocs 2022-10-12 17:04:51 -04:00
Jami Cogswell
bfbb6db436 clean up code 2022-10-12 16:58:34 -04:00
Jami Cogswell
37d85587e0 refactor code into InsufficientKeySize.qll 2022-10-12 15:39:57 -04:00
Henry Mercer
c3af41b907 Merge pull request #10781 from github/codeql-ci/js/ml-powered-pack-release-0.3.5 
JS: Bump version numbers of ML-powered packs after 0.3.5 release
 2022-10-12 20:20:31 +01:00
Josh Soref
09c8a98761 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:26 -04:00
Josh Soref
bb1ce8973a spelling: repeatable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
adb8860b9b spelling: pattern 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Asger F
d28b9af8bd Merge pull request #10791 from asgerf/rb/rails-render-file 
Ruby: treat render 'file:' argument as a file system access
 2022-10-12 21:18:32 +02:00
Josh Soref
c7ae0728f3 spelling: javascript 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
98b317d1a5 spelling: escape 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
370da943dc spelling: abcdefghijklmnopqrstuvwxyz 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Rasmus Lerchedahl Petersen
fb90089973 python: rewrite model for Aiohttp 2022-10-12 20:15:49 +02:00
Rasmus Lerchedahl Petersen
db616a526a python: rewrite models using subscripts 
more rewrites could be done to these models
for instance, I think the extra taint configuration could be removed,
but here I just wanted to illustrate the benefits of the new API graph.
 2022-10-12 20:15:49 +02:00
Rasmus Lerchedahl Petersen
0b8e908823 Python: fix def nodes for subscript 
We were using `getMember` for dictionaries, these are now getIndex
Also add convenience predicate for string keys
 2022-10-12 20:13:48 +02:00
erik-krogh
66b3fe3425 add case-when expressions as a sink to rb/polynomial-redos 2022-10-12 19:57:01 +02:00
Chris Smowton
429d400125 Kotlin: fix bit-inversion operator for Byte and Short types 2022-10-12 17:23:16 +01:00
Jeroen Ketema
99b9101455 Merge pull request #10796 from github/nickrolfe/implicit_this 
C++: use explicit `this`
 2022-10-12 18:11:06 +02:00
Nick Rolfe
cfb9277cd7 C++: use explicit this 2022-10-12 16:11:45 +01:00
Alex Ford
0536d4b540 Merge branch 'main' into ruby/activejob-deserialize 2022-10-12 15:04:12 +01:00
Geoffrey White
5496b11153 Swift: Update tests based on feedback. 2022-10-12 14:52:14 +01:00
Sam Browning
87af5b7d71 Merge pull request #10793 from github/sabrowning1/clarify-codeql-installation-vscode 
Add clarity to CodeQL extension installation
 2022-10-12 09:42:38 -04:00
Edward Minnix III
ce740b47ae Merge pull request #10637 from egregius313/egregius313/android-misconfigured-contentprovider 
Android ContentProvider Incomplete Permissions
 2022-10-12 09:41:03 -04:00
Chris Smowton
338ce838bf Merge pull request #10788 from smowton/smowton/feature/kotlin-default-proxy-getter 
Kotlin: Add Callable.getKotlinParameterDefaultsProxy
 2022-10-12 14:16:09 +01:00
Sam Browning
8791a20f0c Merge branch 'main' into sabrowning1/clarify-codeql-installation-vscode 2022-10-12 08:59:43 -04:00
Jami Cogswell
0fc4a33d43 remove commented-out code 2022-10-12 08:54:06 -04:00
Michael Nebel
2836c5eaef Merge pull request #10679 from michaelnebel/csharp/telemetryresults 
C#/Java: Limit telemetry results.
 2022-10-12 14:52:20 +02:00
Jami Cogswell
01c2a8cbba add symm to the single config; still seems to work 2022-10-12 08:51:22 -04:00
Sam Browning
af12eedb32 Add clarity to CodeQL extension installation 2022-10-12 08:46:42 -04:00
Ian Lynagh
9dc933cfc8 Kotlin: Fix inherited-callee test 
We can't define the same classes in Java and Kotlin.
 2022-10-12 13:45:21 +01:00
Tom Hvitved
d42c74f1a4 C#: Include CIL SSA definitions in DataFlow::Node 2022-10-12 14:39:30 +02:00