hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 03:01:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,816 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.4
Commit Graph

50816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
3b6dae41cd JavaScript: Remove omittable exists variables 2023-01-10 13:37:21 +01:00
Tony Torralba
32471d326e Java: Remove omittable exists variables 2023-01-10 13:37:19 +01:00
Tony Torralba
7a92970d89 Go: Remove omittable exists variables 2023-01-10 13:36:48 +01:00
Tony Torralba
2ca0df0369 C#: Remove omittable exists variables 2023-01-10 13:36:25 +01:00
Tony Torralba
3fcc99e5cb C++: Remove omittable exists variables 2023-01-10 13:36:01 +01:00
Erik Krogh Kristensen
f2658a0936 apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-01-10 12:56:22 +01:00
erik-krogh
79e161e046 slightly broaden the regular expression that recognizes bad string-concats used as shell commands 2023-01-10 12:49:37 +01:00
Tony Torralba
da90ae0e8f Update java/ql/lib/semmle/code/java/dataflow/FlowSources.qll 2023-01-10 11:18:53 +01:00
Jeroen Ketema
8d46642de3 C++: Update dbscheme stats file 2023-01-10 10:41:43 +01:00
Jeroen Ketema
2fc6484162 C++: Add dbscheme upgrade and downgrade scripts 2023-01-10 10:41:43 +01:00
Jeroen Ketema
1bab950023 C++: Introduce (_Complex) _Float16 type which is needed after frontend update 2023-01-10 10:41:43 +01:00
Jeroen Ketema
282ca1094e C++: Accept test changes after improving size of _Float128 in frontend 2023-01-10 10:41:43 +01:00
Jeroen Ketema
e215c4c94c C++: Accept test changes after frontend update 
The location of a reference dereference has changed slightly.
 2023-01-10 10:41:43 +01:00
Michael Nebel
16cd148961 Merge pull request #11711 from michaelnebel/externalflowcleanup 
C#/Java: Delete deprecated ModelCsv classes and related predicates.
 2023-01-10 10:22:50 +01:00
Michael Nebel
1729319ebe Merge pull request #11804 from michaelnebel/csharp/alignqueryids 
C#: Align query IDs.
 2023-01-10 10:14:07 +01:00
Michael Nebel
18a0abdb4c Merge pull request #11740 from michaelnebel/csharp/updatestats 
C#: Update stats based on projects.
 2023-01-10 10:09:53 +01:00
Ed Minnix
293a203756 Move JavascriptInterfaceMethod to WebView.qll 2023-01-09 15:10:23 -05:00
Rasmus Lerchedahl Petersen
2edbfbf8bc python: update test expectations 
...now the bug is fixed
 2023-01-09 20:35:20 +01:00
Mathias Vorreiter Pedersen
7f5344e025 Update swift/ql/lib/codeql/swift/elements/type/NumericOrCharType.qll 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-01-09 17:08:27 +00:00
Tony Torralba
8e0a018673 Consider Int8 and UInt8 as OsLogNonRedactedTypes 2023-01-09 18:05:18 +01:00
Tony Torralba
49a41c98ee Test that hashed passwords are 'safe' to log 
This doesn't seem completely right, but the heuristic approach we have regarding sensitive expressions has to draw the line somewhere.
 2023-01-09 18:01:07 +01:00
Tony Torralba
160d89fb4e Add qhelp examples 2023-01-09 18:01:07 +01:00
Tony Torralba
33029b0ed8 Fix sanitizer QLDoc 2023-01-09 18:01:07 +01:00
Tony Torralba
7e0869965c Uncomment tests 2023-01-09 18:01:07 +01:00
Tony Torralba
c1f19dd145 Add stub so that tests work on Linux 2023-01-09 18:01:07 +01:00
Tony Torralba
b203a9eb6e Add a sanitizer for OSLogPrivacy options 
Add test cases to verify how the sanitizer behaves depending on the argument type and the privacy option being used.
 2023-01-09 18:01:07 +01:00
Tony Torralba
aad56097ac Add Cleartext Loggin query for Swift. 
With some caveats: see TODO comments and failing tests.
 2023-01-09 18:01:07 +01:00
Rasmus Lerchedahl Petersen
c142495a8b python: simplify code 2023-01-09 17:51:45 +01:00
Rasmus Lerchedahl Petersen
5fe62e293a python: fix bug, add clarifying comment 2023-01-09 17:45:50 +01:00
erik-krogh
9f100ef2c6 add local flow when recognizing Object.assign calls for library-inputs 2023-01-09 17:44:11 +01:00
Tony Torralba
eb78661c1f Add missing SQL injection tests for the GRDB SQL class 2023-01-09 17:36:54 +01:00
erik-krogh
90f9e3f825 recognize an infinite repetition of a char-class like regex as a char-class like regex 2023-01-09 17:25:08 +01:00
Sarita Iyer
be06469a19 Merge pull request #11835 from github/saritai/pr/qlx 
Docs: CodeQL pack compatibility
 2023-01-09 10:15:08 -05:00
Ed Minnix
909b1d70d9 Rename files to say "Allow" instead of "Permit" 2023-01-09 10:11:03 -05:00
Ed Minnix
c723df3ca7 Fix alert message in expected file 2023-01-09 10:08:19 -05:00
erik-krogh
785c21f462 fix bad join-order in js/missing-this-qualifier 2023-01-09 16:06:26 +01:00
Ed Minnix
f626d4794a Change wording from "permit" to "allow" in id and name 2023-01-09 10:03:12 -05:00
Ed Minnix
972b4629c8 Fix typo in change note 2023-01-09 10:01:38 -05:00
Ed Minnix
64668883a4 Add good example to documentation 2023-01-09 09:59:38 -05:00
Ed Minnix
2ec73c50f9 Mention WebView in alert message 2023-01-09 09:55:09 -05:00
Arthur Baars
664fdc3b2a Merge pull request #11815 from aibaars/too-many-fields 
Ruby: use record_parse_error_for_node to report extractor error
 2023-01-09 15:40:19 +01:00
Erik Krogh Kristensen
5157d4df7b Merge pull request #11581 from erik-krogh/stdin 
Rb: add stdin as source for unsafe-deserialization
 2023-01-09 13:57:47 +01:00
Chris Smowton
e9bbb5d7fa Merge pull request #11730 from smowton/smowton/admin/improve-sql-unescaped-docs 
Java: improve naming and description of SqlUnescaped.ql
 2023-01-09 12:50:27 +00:00
yoff
c01ce955ba Merge pull request #11778 from yoff/shared/inline-tests 
Shared: Inline test expectations
 2023-01-09 13:21:18 +01:00
Chris Smowton
2e26fb1171 Merge pull request #11819 from smowton/smowton/admin/port-java-autobuilder-tests 
Add Java autobuilder integration tests
 2023-01-09 12:17:39 +00:00
Chris Smowton
efe23c1da7 Note that alerts should not be re-raised 2023-01-09 10:56:13 +00:00
Chris Smowton
994a46289f Add change note 2023-01-09 10:56:13 +00:00
Chris Smowton
ef27f9fe96 Replace one more mention of escaping 2023-01-09 10:56:13 +00:00
Chris Smowton
45c732a6f9 Java: improve naming and description of SqlUnescaped.ql 
Since the main thing it's objecting to is concatenation not lack of escaping (in particular it doesn't look for escaping sanitizers), rename and re-describe it accordingly.
 2023-01-09 10:56:13 +00:00
Mathias Vorreiter Pedersen
381301e552 Update swift/ql/lib/swift.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-01-09 10:32:52 +00:00