codeql

mirror of https://github.com/github/codeql.git synced 2026-01-20 01:44:54 +01:00

Author	SHA1	Message	Date
Jami Cogswell	8ffd2522e7	add draft code to find algo type to replace tainttracking configs	2022-10-11 16:56:10 -04:00
Jami Cogswell	d3b1a04c13	handle FN case with simple VarAccess; add draft of dataflow config to handle complex VarAccess	2022-10-11 16:56:10 -04:00
Jami Cogswell	7de9c05c9d	use CompileTimeConstantExpr for FN with VarAccess, and remove KeyGeneratorInitConfiguration	2022-10-11 16:56:10 -04:00
Jami Cogswell	75794ec7a7	false negative testing - before rewrite for variable dataflow	2022-10-11 16:56:10 -04:00
Jami Cogswell	7d94590d79	add change note	2022-10-11 16:56:10 -04:00
Jami Cogswell	9eb45c3787	refactor tests and code, update help file	2022-10-11 16:56:10 -04:00
Jami Cogswell	657e1e62ca	start refactoring query logic into lib file	2022-10-11 16:56:10 -04:00
Jami Cogswell	3643c9e658	update metadata	2022-10-11 16:56:10 -04:00
Jami Cogswell	9b7df354e6	move files	2022-10-11 16:56:10 -04:00
Alex Ford	bf4dac78c5	Ruby: remove some singleton set literals	2022-10-11 21:44:52 +01:00
Alex Ford	d3c8ce3f48	Ruby: ActiveSupport extends Pathname with an existence method that may return itself	2022-10-11 21:35:58 +01:00
Henry Mercer	bfa9765a6d	Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.5	2022-10-11 19:06:01 +01:00
github-actions[bot]	06bbede92b	JS: Bump version of ML-powered library and query packs to 0.3.6	2022-10-11 17:58:33 +00:00
github-actions[bot]	4e3a6e60b2	JS: Bump patch version of ML-powered library and query packs	2022-10-11 17:48:46 +00:00
Asger F	ed165c6194	Ruby: bugfix in self-resolution in type-tracking	2022-10-11 18:53:20 +02:00
Asger F	a64286b664	Ruby: add test for singleton class instance field incorrect test output	2022-10-11 18:53:20 +02:00
Tony Torralba	4b2aa93a05	Update test expectations after rebase	2022-10-11 17:54:59 +02:00
Mathias Vorreiter Pedersen	fc810ddbf4	Merge pull request #10775 from atorralba/atorralba/swift/custom-url-scheme-sources Swift: Add taint sources for custom URL scheme URLs	2022-10-11 16:47:52 +01:00
Tony Torralba	8525db5af6	Add summaries for tainted URL fields	2022-10-11 17:24:26 +02:00
Tony Torralba	f4d43deec4	Add taint sources for custom URL scheme URLs	2022-10-11 17:19:04 +02:00
Mathias Vorreiter Pedersen	f88aaf37a5	C++: Add 'UninitializedNode' to IR dataflow.	2022-10-11 16:08:06 +01:00
Ed Minnix	80cc3fc518	Reword first sentence of documentation	2022-10-11 11:02:37 -04:00
Edward Minnix III	1f0a48de28	Documentation suggestion Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-10-11 10:59:00 -04:00
Mathias Vorreiter Pedersen	af79139c30	Merge pull request #10772 from atorralba/atorralba/swift/subscriptexpr-taint-step Swift: Add taint step for subscript expressions	2022-10-11 15:45:54 +01:00
Alex Ford	3d08a2954d	Ruby: add rb/unsafe-deserialization sinks for const_get args	2022-10-11 15:45:51 +01:00
Alex Ford	a3f096a6bc	Ruby: rb/unsafe-deserialization test realignment	2022-10-11 15:44:00 +01:00
Tamas Vajk	41a54f2a98	Add change note	2022-10-11 16:40:08 +02:00
Tamas Vajk	524dac551b	Add upgrade and downgrade folders	2022-10-11 16:40:08 +02:00
Tamas Vajk	9eea6d4193	Kotlin: Extract type parameter modifiers (`reified`, `in`, `out`)	2022-10-11 16:40:07 +02:00
Nick Rolfe	078c3e9d28	Ruby: create top-level module for ActionMailer	2022-10-11 15:22:42 +01:00
Mathias Vorreiter Pedersen	7ac9c1e832	Merge pull request #10713 from MathiasVP/fix-types-in-ir-dataflow C++: Fix `getType` for experimental IR dataflow	2022-10-11 15:20:49 +01:00
Rasmus Wriedt Larsen	b3f10311b3	Merge pull request #10752 from RasmusWL/pymssql Python: DB Modeling: Add `pymssql` and `executemany` in general	2022-10-11 15:55:04 +02:00
Tamas Vajk	9b2cc6c318	Kotlin/Java: Exclude generated code from `java/missing-override-annotation`	2022-10-11 15:48:46 +02:00
Tony Torralba	0892a5795d	Add taint step for subscript expressions	2022-10-11 15:33:45 +02:00
Sylwia Budzynska	319923f445	Add python cx_oracle, phoenixdb, pyodbc models	2022-10-11 15:29:57 +02:00
Tamás Vajk	8523d21f8c	Merge pull request #10696 from tamasvajk/kotlin-lateinit Kotlin: Extract `lateinit` modifier	2022-10-11 15:03:10 +02:00
Tamás Vajk	e9835ec07e	Merge pull request #10756 from tamasvajk/kotlin-fix-java-modifier Kotlin: extract `protected` modifier from java class files	2022-10-11 15:02:13 +02:00
Erik Krogh Kristensen	66c2de87b0	Merge pull request #10729 from erik-krogh/py-last-msg Py: fix some more style-guide violations in the alert-messages	2022-10-11 14:48:14 +02:00
Rasmus Wriedt Larsen	ac30cfa5c1	Python: Apply suggestions from code review	2022-10-11 14:05:27 +02:00
erik-krogh	a826dbbdee	fix capitalization in stack-trace-exposure	2022-10-11 13:59:10 +02:00
Tom Hvitved	7171fd1bb2	Update python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll Co-authored-by: Taus <tausbn@github.com>	2022-10-11 13:58:51 +02:00
Tom Hvitved	f1c44f72b5	Python: Sync on `TypeTracker.qll` changes	2022-10-11 13:58:50 +02:00
Tom Hvitved	2e8f46ddd9	Type tracking: Split up `levelStep` into `levelStepNoCall` and `levelStepCall` To reduce non-linear recursion during call graph construction.	2022-10-11 13:58:46 +02:00
Mathias Vorreiter Pedersen	95e798565b	C++: Expand on the comment about missing types in the database. Also rename 'getType0' to 'getTypeImpl' to avoid confusion.	2022-10-11 12:57:51 +01:00
Erik Krogh Kristensen	0883b1782d	Merge pull request #10730 from erik-krogh/ql-last-msg QL: fix some more style-guide violations in the alert-messages	2022-10-11 13:43:21 +02:00
erik-krogh	7500a31814	fix that js/file-system-race could have FPs related to loops	2022-10-11 13:41:51 +02:00
erik-krogh	0220f0aa5c	use type-tracking instead	2022-10-11 13:37:01 +02:00
Asger F	02656b16c3	Merge pull request #10685 from asgerf/rb/splat-and-local-field-step Ruby: summarize unary splat operators and add local field step	2022-10-11 13:28:58 +02:00
erik-krogh	b64a1b7c42	add a missing qldoc	2022-10-11 13:26:04 +02:00
erik-krogh	cadb948d57	add change-note	2022-10-11 13:26:03 +02:00

... 85 86 87 88 89 ...

49367 Commits