hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-20 09:54:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,683 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
d427e55507 add qhelp 2022-10-11 13:26:03 +02:00
erik-krogh
557dd10896 add a rb/unsafe-shell-command-construction query 2022-10-11 13:26:01 +02:00
Ian Lynagh
b31a721929 Kotlin: Remove some noisy diagnostics 2022-10-11 12:20:42 +01:00
erik-krogh
0d5da42ddd add a getName() utility to DataFlow::ParameterNode 2022-10-11 13:05:22 +02:00
erik-krogh
75422dfa72 add library for reasoning about gems and .gemspec files 2022-10-11 13:05:19 +02:00
erik-krogh
99b90789e5 add .shellescape as a sanitizer for rb/command-injection 2022-10-11 13:05:19 +02:00
erik-krogh
b16b3c0394 move cwe-078 tests into subfolders 2022-10-11 13:05:19 +02:00
Tamas Vajk
43f9331052 Kotlin: adjust extracted property reference base class 2022-10-11 12:52:26 +02:00
Tamas Vajk
92b425b1c2 Kotlin: Add test to show imperfections in property reference extraction 2022-10-11 12:51:06 +02:00
Alvaro Muñoz
2ab34c85b2 Deprecate previous version 2022-10-11 12:46:01 +02:00
Alvaro Muñoz
15f641893e Deprecate previous version 2022-10-11 12:44:46 +02:00
Alvaro Muñoz
d5520d93c8 Deprecate previous version 2022-10-11 12:43:20 +02:00
Alvaro Muñoz
30958f7cde Deprecate previous version 2022-10-11 12:42:40 +02:00
Alvaro Muñoz
2a1b2db4c3 Deprecate previous version 2022-10-11 12:40:32 +02:00
Erik Krogh Kristensen
01bc5f7226 Merge pull request #10731 from erik-krogh/rb-last-msg 
Ruby: fix some more style-guide violations in the alert-messages
 2022-10-11 12:16:52 +02:00
Mathias Vorreiter Pedersen
5cfc3fe8df C++: Use 'DataFlowType' instead of 'Type' for the 'getType' predicate in 'PostUpdateNode'. 2022-10-11 11:00:25 +01:00
Tom Hvitved
878654e0ff Merge pull request #10763 from hvitved/ruby/move-summarized-callable-from-model 
Ruby: Move `SummarizedCallableFromModel` into `ModelsAsData.qll`
 2022-10-11 11:47:38 +02:00
Tom Hvitved
2b75562037 Ruby: Use DataFlow::Configuration in RegExpConfiguration.qll 2022-10-11 11:39:45 +02:00
erik-krogh
42e1735f2a update expected output 2022-10-11 11:37:26 +02:00
Alvaro Muñoz
5c412b9363 Use Pascal convention 2022-10-11 11:24:07 +02:00
erik-krogh
8779da8c0b reintroduce Psych 2022-10-11 11:14:52 +02:00
Alvaro Muñoz
ad80642b18 Consider other XSS unsafe content-types when reasoning about XSS vulnerabilities 2022-10-11 11:13:17 +02:00
Erik Krogh Kristensen
7d282c3d75 fix casing in alert-message 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-11 11:12:59 +02:00
Tom Hvitved
d6df69d481 Merge pull request #10754 from hvitved/dataflow/non-hidden-succ-fast-tc 
Data flow: Improve `fastTC` bound in `PathNodeImpl::getANonHiddenSuccessor`
 2022-10-11 11:12:58 +02:00
Tom Hvitved
53abdb3fb5 Ruby: Move SummarizedCallableFromModel into ModelsAsData.qll 2022-10-11 11:06:35 +02:00
erik-krogh
4da0508dae Merge branch 'main' into py-last-msg 2022-10-11 10:49:19 +02:00
erik-krogh
cdf9d65e44 bump typos 2022-10-11 10:44:34 +02:00
erik-krogh
f4e928eec4 Merge branch 'main' into ql-last-msg 2022-10-11 10:44:20 +02:00
erik-krogh
9a9d2a6fe1 Merge branch 'main' into rb-last-msg 2022-10-11 10:43:39 +02:00
Josh Soref
704aba8c1c spelling: necessitates 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:17 -04:00
Josh Soref
22141e378e spelling: necessary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:17 -04:00
Josh Soref
4e220330a7 spelling: interface 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:17 -04:00
Josh Soref
8f7e76f0cb spelling: initialization 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:08 -04:00
erik-krogh
9fe18e5d73 changes based on review 2022-10-11 09:30:18 +02:00
erik-krogh
186205bd4b add a test for explicit shell invocations using Kernel.open 2022-10-11 09:23:29 +02:00
erik-krogh
de3b15ebe9 add a query flagging uses of Kernel.open that are not with a constant string 2022-10-11 09:23:29 +02:00
erik-krogh
708f6b51f3 move cwe-078 tests into subfolders 2022-10-11 09:23:29 +02:00
Asger F
b6e07c0cd5 Ruby: block API graph nodes from tracking through self-argument passing 2022-10-11 09:03:52 +02:00
Asger F
125761755a Ruby: do not generate API graph edges from Attribute contents 
Models should use Method[x] edges, not attribute edges
 2022-10-11 09:03:52 +02:00
Asger F
6daa1c432b Ruby: update test output 2022-10-11 09:03:51 +02:00
Asger F
38a3476d37 Ruby: add local field step to type tracking 
fixup local field steps
 2022-10-11 09:03:51 +02:00
Asger F
d55925d8d4 Ruby: support splat type-tracking step 2022-10-11 09:03:51 +02:00
Josh Soref
0a4c724b69 spelling: implementation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
f06c15b86a spelling: genuinely 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
29da681bbb spelling: functions 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
86ee8c2d00 spelling: first 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
b5bed9cbf5 spelling: explicitly 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
e8754967ea spelling: explaining 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
479a4fb4a2 spelling: expectations 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
cbea5ec40c spelling: executables 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00