codeql

mirror of https://github.com/github/codeql.git synced 2026-02-07 10:41:06 +01:00

Author	SHA1	Message	Date
Jeroen Ketema	9e462866a0	C++: Update test annotations for use-use dataflow	2023-02-14 14:48:08 +01:00
erik-krogh	393649b7ce	don't call environment variables for command-line arguments	2023-02-14 14:27:41 +01:00
Alvaro Muñoz	4644a88b89	address code review comments	2023-02-14 14:27:17 +01:00
Mathias Vorreiter Pedersen	ba0be2fd9f	C++: Better discriminate for unions.	2023-02-14 13:26:40 +00:00
Taus	4f7c598ffc	Python: Add change note	2023-02-14 13:22:48 +00:00
erik-krogh	36478124ae	add process.env and process.argv etc. as source for `js/regex-injection`	2023-02-14 14:21:53 +01:00
erik-krogh	943bdeca6d	make `appliesTo` recursive	2023-02-14 14:16:45 +01:00
erik-krogh	9549cac3e5	add an additional barrier guard that finds "=== true" versions of previous barrier guards	2023-02-14 14:15:23 +01:00
erik-krogh	c355a26657	add failing test	2023-02-14 14:12:35 +01:00
erik-krogh	3f0fe96f85	add `getBoolValue()` as a utility predicate on `BooleanLiteral`	2023-02-14 14:12:35 +01:00
Erik Krogh Kristensen	2f8c9a5a2c	Merge pull request #12171 from erik-krogh/reg-dot JS: dont recognize regexps that match dot as sanitizers	2023-02-14 14:10:44 +01:00
Erik Krogh Kristensen	e3e2df3247	Merge pull request #12166 from erik-krogh/more-html-san JS: add `HtmlSanitizer` as a sanitizer DOMBasedXss	2023-02-14 14:09:56 +01:00
Taus	39516862c1	Merge remote-tracking branch 'origin/main' into tausbn/python-clean-up-version-handling	2023-02-14 13:07:40 +00:00
Mathias Vorreiter Pedersen	4ba5059064	Merge pull request #12182 from MathiasVP/content-approx C++: Use `Content` approximation	2023-02-14 13:00:47 +00:00
Erik Krogh Kristensen	028fcc7edf	Merge pull request #11959 from erik-krogh/ssrfSan JS: add encodeURIComponent as a sanitizer for request-forgery	2023-02-14 13:39:53 +01:00
Erik Krogh Kristensen	a498936f16	Merge pull request #12170 from erik-krogh/more-lib JS: More library inputs	2023-02-14 13:38:00 +01:00
Erik Krogh Kristensen	bca3fa94fd	Merge pull request #12159 from erik-krogh/express-ws JS: add express-ws as a source	2023-02-14 13:36:33 +01:00
Michael Nebel	469b289db9	C#: Add change note.	2023-02-14 13:14:45 +01:00
Michael Nebel	b3c234d020	C#: Add testcases for checked operators.	2023-02-14 12:59:36 +01:00
Michael Nebel	238a70fc55	C#: Add library support for checked operators.	2023-02-14 12:58:15 +01:00
Michael Nebel	b7123aaa89	C#: Add viable callable testcases for regular and checked operators.	2023-02-14 12:57:59 +01:00
Rasmus Wriedt Larsen	dc5bb4fb77	Python: Update a few examples so queries work on them Fixes problem highlighted in https://github.com/github/codeql/issues/12156	2023-02-14 11:54:18 +01:00
Joe Farebrother	f68083872d	Merge pull request #12174 from joefarebrother/stubgen-name-conflicts Java: Stub generator: Use fully qualified names to avoid conflicts	2023-02-14 10:10:24 +00:00
Mathias Vorreiter Pedersen	b01a45f7be	C++: Respond to PR reviews.	2023-02-14 09:51:48 +00:00
Mathias Vorreiter Pedersen	bda46b3748	Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2023-02-14 09:49:32 +00:00
Paolo Tranquilli	81de500301	Swift: fix import not working in all python versions	2023-02-14 10:40:05 +01:00
Mathias Vorreiter Pedersen	ffef81bc47	C++: Add QLDoc.	2023-02-14 09:38:43 +00:00
Mathias Vorreiter Pedersen	0a3f958849	C++: Use content approximations.	2023-02-14 09:10:10 +00:00
Mathias Vorreiter Pedersen	7a81f06e84	C++: Accept test changes.	2023-02-14 09:01:51 +00:00
Mathias Vorreiter Pedersen	cc036c188f	C++: Fix missing and spurious types.	2023-02-14 09:01:42 +00:00
Mathias Vorreiter Pedersen	748a345e7f	C++: Add a test to reveal missing or spurious types on dataflow nodes.	2023-02-14 08:58:29 +00:00
Anders Schack-Mulligen	0600a2ba96	Merge pull request #12138 from aschackmull/java/gen-file-mark-perf Java: Improve performance of GeneratedFileMarker.	2023-02-14 09:57:09 +01:00
Tony Torralba	935e22d10d	Merge pull request #12139 from atorralba/atorralba/java/xxe-local-query Java: Add local version of the XXE query	2023-02-14 09:54:36 +01:00
Paolo Tranquilli	8e079320f3	Swift: some restructuring of codegen Loading of the schema and dbscheme has been moved to a separate `loaders` package for better separation of concerns.	2023-02-14 09:53:02 +01:00
Michael Nebel	781aab3eb7	Merge pull request #11634 from michaelnebel/java/excludeinterfacemembers Java: Exclude interface members from model generation.	2023-02-14 09:35:56 +01:00
Chad Bentz	b0c8992eef	Adding CWE-798 MSSQL Tests	2023-02-13 19:44:02 -05:00
Chad Bentz	cfe169a4f9	Adding MSSQL to SensitiveAPI	2023-02-13 19:42:28 -05:00
erik-krogh	4140598769	update expected output for experimental query	2023-02-14 00:08:13 +01:00
erik-krogh	c17d057520	default to index.js when no main: is specified in package.json, and recognize more classes as library inputs	2023-02-13 21:24:41 +01:00
Joe Farebrother	0b722bfe30	Stub generator: Use fully qualified names to avoid conflicts	2023-02-13 17:09:32 +00:00
erik-krogh	68656274f4	dont recognize regexps that match dot as sanitizers	2023-02-13 17:36:51 +01:00
Jami Cogswell	e4c8387815	Java: update CaptureSinkModels.expected with read-file sink	2023-02-13 11:29:30 -05:00
Tony Torralba	1c57aa0456	Fix import locations	2023-02-13 17:13:01 +01:00
Tom Hvitved	8372ad9d84	Merge pull request #12169 from hvitved/util/numbers Move `NumberUtils.qll` from Ruby into shared `util` pack	2023-02-13 16:37:51 +01:00
Tom Hvitved	2113c3c3d9	Ruby: Remove `NumberUtils.qll`	2023-02-13 15:59:50 +01:00
Tom Hvitved	29ce9bfe24	Util: Make some predicates private	2023-02-13 15:58:31 +01:00
Tom Hvitved	97f79602a9	Copy `NumberUtils.qll` from Ruby into shared `util` pack	2023-02-13 15:57:53 +01:00
Rasmus Wriedt Larsen	1c7fe97427	Python: Add modeling of `hmac`	2023-02-13 15:39:43 +01:00
Rasmus Wriedt Larsen	df22181963	Python: Add tests of `hmac`	2023-02-13 15:38:14 +01:00
erik-krogh	6192544fb4	add test for express-ws as a source	2023-02-13 15:26:50 +01:00

... 22 23 24 25 26 ...

51797 Commits