hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 14:34:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,680 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
7ad8771b53 Merge remote-tracking branch 'upstream/main' into references 2023-01-04 10:55:24 +00:00
Henry Mercer
b96160f0f3 Merge pull request #11783 from github/henrymercer/specify-baseline-languages 
Specify language names in extractor packs
 2023-01-04 10:42:18 +00:00
james
2dc7da07bd Merge remote-tracking branch 'upstream/codeql-cli-2.11.6' into codeql-cli-2.11.5-docs-mergeback 2023-01-04 10:40:41 +00:00
Chris Smowton
353573bf31 Merge pull request #11701 from owen-mc/go/count-fields-correctly 
Go: Count fields correctly
 2023-01-04 10:38:36 +00:00
Kasper Svendsen
9ad572fa29 Add inline_late pragma to QL language spec 2023-01-04 11:28:08 +01:00
James Fletcher
413b4c6eb0 Merge pull request #11554 from github/siaramist/codeql-template 
Update intro tutorial to include Codespaces CodeQL template
 2023-01-04 09:56:36 +00:00
Erik Krogh Kristensen
cedc9c0bff Merge pull request #11582 from erik-krogh/heuristics 
JS: Add experimental variants of common security queries with more sources
 2023-01-04 10:46:19 +01:00
Harry Maclean
4d228bcddf Ruby: Recognise more string-valued variables 
This increases the sensitivity of our barrier guards.
 2023-01-04 11:45:10 +13:00
Harry Maclean
9944252c43 Ruby: Add test for barrier guards 
This demonstrates that we are missing a guard when a case branch
compares against a string-valued variable rather than a string literal.
 2023-01-04 11:45:10 +13:00
Harry Maclean
698a679c78 Ruby: add test 2023-01-04 11:45:10 +13:00
Harry Maclean
0fbb6bf608 Ruby: Make array inclusion barrier more sensitive 2023-01-04 11:45:09 +13:00
Jami Cogswell
abe501c1af Java: add change note 2023-01-03 17:15:50 -05:00
Aditya Sharad
9988c19a42 Merge branch 'main' into tutorial/library-pack 2023-01-03 14:08:37 -08:00
Jami Cogswell
5d92792e40 Java: update test case affected by Function.apply model 2023-01-03 16:14:08 -05:00
Jami Cogswell
feaae16f7c Java: adjust comments 2023-01-03 16:08:14 -05:00
Ed Minnix
0be8648a9d Add changenote 2023-01-03 15:55:53 -05:00
Ed Minnix
28f555c2b2 Add simple test case for @JavascriptInterface parameter flow 2023-01-03 15:31:40 -05:00
Ed Minnix
ab7ca1d642 Java: Add parameters of @JavascriptInterface methods as a remote flow sources 2023-01-03 15:31:40 -05:00
Ed Minnix
f9b8200009 Add stub for android.webkit.JavascriptInterface annoation 2023-01-03 15:31:40 -05:00
Edward Minnix III
69fd5e93bc Merge pull request #28 from egregius313/egregisu313/webview-setAllowContentAccess-single-query 
Merge `setAllowContentAccess` queries into singular query
 2023-01-03 15:27:09 -05:00
Ed Minnix
81df89f93e Use proper @id in changenote 2023-01-03 15:19:26 -05:00
Ed Minnix
28ad9d00fb Merge both setAllowContentAccess queries into one query 
Previously, the query to detect whether or not access to `content://`
links was done using two queries.

Now they can be merged into one query
 2023-01-03 15:17:07 -05:00
Jami Cogswell
29221ae426 Java: add summary model for System.getProperty, adjust comments 2023-01-03 15:11:21 -05:00
Jami Cogswell
21a018e5c5 Java: add summary model and test for File.getName 2023-01-03 13:12:24 -05:00
Geoffrey White
e5a74cb29c Swift: Add a reference for swift/hardcoded-key. 2023-01-03 17:27:31 +00:00
Chris Smowton
c5138674a4 Merge pull request #11800 from github/smowton/admin/delete-install-deps 
Remove Go's install-deps.sh script
 2023-01-03 17:16:15 +00:00
Geoffrey White
fc646a6d48 Swift: Update .expected following a toString change in main. 2023-01-03 16:25:14 +00:00
Geoffrey White
e05bb7fcee Merge branch 'main' into format 2023-01-03 15:14:55 +00:00
Michael Nebel
17cd182d72 C#: Update stats based on projects. 2023-01-03 15:44:47 +01:00
Calum Grant
b3a3957dc9 Merge pull request #11741 from github/calumgrant/remove-lgtm 
Remove references to LGTM in code
 2023-01-03 14:23:38 +00:00
Michael Nebel
9d608a78a3 C#: Add change note on renamed query ids. 2023-01-03 15:18:22 +01:00
Michael Nebel
bfe5a0c438 C#: Rename query id's to be prefixed with cs instead of csharp. 2023-01-03 15:13:54 +01:00
Jeroen Ketema
5f4326f2bf C++: Mark a number of private predicates in the GVN library as deprecated 
This silences a number of warnings related to GVN deprecation.
 2023-01-03 12:47:36 +01:00
Chris Smowton
781e96e2a0 Remove Go's install-deps.sh script 2023-01-03 10:45:06 +00:00
Calum Grant
ad55706527 Merge branch 'main' into calumgrant/remove-lgtm 2023-01-03 10:27:30 +00:00
Jeroen Ketema
dcd0be04c4 Merge pull request #11794 from sigfaulterror/main 
Update annotations-in-java.rst
 2023-01-02 17:13:14 +01:00
erik-krogh
3811eae679 simplify the qhelp for unsafe-code-construction 
The `send()` example is not flagged by any current query, so it was weird talking about it as "vulnerable".
 2023-01-02 13:33:56 +01:00
Arthur Baars
1092326699 Merge pull request #11796 from erik-krogh/fixBinding 
Ruby: Fix compile error in test
 2023-01-02 13:26:20 +01:00
sigfaulterror
1dd545ed99 Update annotations-in-java.rst 
A typo in the SuppressWarnings's annotation value, it should be `deprecation` and not `deprecated`.
 2023-01-02 13:24:17 +01:00
Erik Krogh Kristensen
79a2b6d0b0 use any() instead of this = this 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-01-02 10:49:54 +01:00
erik-krogh
99dc0a8356 fix binding 2023-01-02 10:30:28 +01:00
erik-krogh
3815a5a096 fix qhelp syntax 2023-01-02 10:19:05 +01:00
Ed Minnix
35de551f6b Formatting 2022-12-31 17:19:49 -05:00
Ed Minnix
515fa21aad Change notes 2022-12-31 17:18:37 -05:00
Ed Minnix
df1a4d2ed1 Documentation fix: Add state1 and state2 to documentation 2022-12-31 15:25:37 -05:00
Ed Minnix
68392aa8d8 Fix test expectations 2022-12-31 15:25:25 -05:00
Ed Minnix
02f70f3536 Add @security-severity tag 2022-12-31 15:00:28 -05:00
Edward Minnix III
1d345c6101 Refactoring and simplification 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-12-31 15:00:28 -05:00
Ed Minnix
9ef319f659 Java: setAllowContentAccess query tests 2022-12-31 15:00:28 -05:00
Ed Minnix
5265cb4b03 Merge two dataflow configurations into one taint tracking 2022-12-31 15:00:28 -05:00