hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-15 22:43:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,816 Commits 1,690 Branches 160 Tags
codeql-cli/v2.12.4
Commit Graph

50816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jami Cogswell
e0f0d554cb condense code 2022-10-12 22:18:07 -04:00
Harry Maclean
a3c14f7f46 Update test 2022-10-13 13:57:28 +13:00
Harry Maclean
8e55e62b15 Ruby: Add change note 2022-10-13 13:24:16 +13:00
Harry Maclean
4686718630 Ruby: Add kind to Http::Server::RequestInputAccess 
Like in JS, this describes whether the input came from the request URL,
body, parameters, headers or cookie. Only some of these are relevant for
UrlRedirect and ReflectedXSS queries.
 2022-10-13 13:24:16 +13:00
Harry Maclean
9eff4936cf Ruby: Restrict request methods to user-controlled 2022-10-13 13:24:16 +13:00
Harry Maclean
ad464abde2 Ruby: Model more params accesses 2022-10-13 13:24:16 +13:00
Erik Krogh Kristensen
10aab81f42 Merge pull request #10799 from jsoref/spelling-nfautils 
ReDoS: Spelling nfautils
 2022-10-12 23:09:06 +02:00
Jami Cogswell
bcb506b637 add placeholder qldocs 2022-10-12 17:04:51 -04:00
Jami Cogswell
bfbb6db436 clean up code 2022-10-12 16:58:34 -04:00
Jami Cogswell
37d85587e0 refactor code into InsufficientKeySize.qll 2022-10-12 15:39:57 -04:00
Henry Mercer
c3af41b907 Merge pull request #10781 from github/codeql-ci/js/ml-powered-pack-release-0.3.5 
JS: Bump version numbers of ML-powered packs after 0.3.5 release
 2022-10-12 20:20:31 +01:00
Josh Soref
09c8a98761 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:26 -04:00
Josh Soref
bb1ce8973a spelling: repeatable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
adb8860b9b spelling: pattern 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Asger F
d28b9af8bd Merge pull request #10791 from asgerf/rb/rails-render-file 
Ruby: treat render 'file:' argument as a file system access
 2022-10-12 21:18:32 +02:00
Josh Soref
c7ae0728f3 spelling: javascript 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
98b317d1a5 spelling: escape 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
370da943dc spelling: abcdefghijklmnopqrstuvwxyz 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Rasmus Lerchedahl Petersen
fb90089973 python: rewrite model for Aiohttp 2022-10-12 20:15:49 +02:00
Rasmus Lerchedahl Petersen
db616a526a python: rewrite models using subscripts 
more rewrites could be done to these models
for instance, I think the extra taint configuration could be removed,
but here I just wanted to illustrate the benefits of the new API graph.
 2022-10-12 20:15:49 +02:00
Rasmus Lerchedahl Petersen
0b8e908823 Python: fix def nodes for subscript 
We were using `getMember` for dictionaries, these are now getIndex
Also add convenience predicate for string keys
 2022-10-12 20:13:48 +02:00
erik-krogh
66b3fe3425 add case-when expressions as a sink to rb/polynomial-redos 2022-10-12 19:57:01 +02:00
Chris Smowton
429d400125 Kotlin: fix bit-inversion operator for Byte and Short types 2022-10-12 17:23:16 +01:00
Jeroen Ketema
99b9101455 Merge pull request #10796 from github/nickrolfe/implicit_this 
C++: use explicit `this`
 2022-10-12 18:11:06 +02:00
Nick Rolfe
cfb9277cd7 C++: use explicit this 2022-10-12 16:11:45 +01:00
Alex Ford
0536d4b540 Merge branch 'main' into ruby/activejob-deserialize 2022-10-12 15:04:12 +01:00
Geoffrey White
5496b11153 Swift: Update tests based on feedback. 2022-10-12 14:52:14 +01:00
Sam Browning
87af5b7d71 Merge pull request #10793 from github/sabrowning1/clarify-codeql-installation-vscode 
Add clarity to CodeQL extension installation
 2022-10-12 09:42:38 -04:00
Edward Minnix III
ce740b47ae Merge pull request #10637 from egregius313/egregius313/android-misconfigured-contentprovider 
Android ContentProvider Incomplete Permissions
 2022-10-12 09:41:03 -04:00
Chris Smowton
338ce838bf Merge pull request #10788 from smowton/smowton/feature/kotlin-default-proxy-getter 
Kotlin: Add Callable.getKotlinParameterDefaultsProxy
 2022-10-12 14:16:09 +01:00
Sam Browning
8791a20f0c Merge branch 'main' into sabrowning1/clarify-codeql-installation-vscode 2022-10-12 08:59:43 -04:00
Jami Cogswell
0fc4a33d43 remove commented-out code 2022-10-12 08:54:06 -04:00
Michael Nebel
2836c5eaef Merge pull request #10679 from michaelnebel/csharp/telemetryresults 
C#/Java: Limit telemetry results.
 2022-10-12 14:52:20 +02:00
Jami Cogswell
01c2a8cbba add symm to the single config; still seems to work 2022-10-12 08:51:22 -04:00
Sam Browning
af12eedb32 Add clarity to CodeQL extension installation 2022-10-12 08:46:42 -04:00
Ian Lynagh
9dc933cfc8 Kotlin: Fix inherited-callee test 
We can't define the same classes in Java and Kotlin.
 2022-10-12 13:45:21 +01:00
Tom Hvitved
d42c74f1a4 C#: Include CIL SSA definitions in DataFlow::Node 2022-10-12 14:39:30 +02:00
Asger F
7bfb3497eb Ruby: change note 2022-10-12 14:29:34 +02:00
Nora Dimitrijević
7b90ba6189 Merge pull request #10550 from d10c/cpp/comma-before-misleading-indentation 2022-10-12 14:08:53 +02:00
Tom Hvitved
f49bfa7bcc C#: Deprecate Assignable(Read)::getAReachableRead 2022-10-12 14:08:46 +02:00
Asger F
83464d48a9 Merge pull request #10773 from asgerf/rb/bugfix-singleton-class-resolution 
Ruby: bugfix in type-tracking singleton class resolution
 2022-10-12 13:45:16 +02:00
Nora Dimitrijević
949d3e13fe Merge branch 'main' into cpp/comma-before-misleading-indentation 2022-10-12 13:25:22 +02:00
Nora Dimitrijević
695d8c6004 C++: Add Wikipedia references to QHelp 2022-10-12 13:21:24 +02:00
Nora Dimitrijević
93c01371c3 C++: no parens in select message 
Debatable; see comment thread in PR.
 2022-10-12 13:01:37 +02:00
Nora Dimitrijević
b42b88338e C++: s/put/but/ typo in QHelp 2022-10-12 13:00:42 +02:00
Tamas Vajk
0d6da9ca7f Exclude serialization constructors from useless parameters check 2022-10-12 12:58:28 +02:00
Nora Dimitrijević
a56770999f Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-10-12 12:54:27 +02:00
Jeroen Ketema
d389a183f0 Merge pull request #10743 from jsoref/spelling 
Spelling
 2022-10-12 12:48:22 +02:00
Tamas Vajk
955336fb22 Kotlin: exclude generated code from useless parameter check 2022-10-12 12:42:56 +02:00
Tamas Vajk
aa9dc3a764 Kotlin: Add test case for useless parameter FP 2022-10-12 12:42:27 +02:00