hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,690 Branches 160 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
d96dbea7be Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-13 17:19:13 +01:00
Mathias Vorreiter Pedersen
136769d647 Merge pull request #12507 from MathiasVP/fix-as-expr-performance-2 
C++: Map some indirect nodes to expressions in `localExprFlowStep`
 2023-03-13 16:03:48 +00:00
Paolo Tranquilli
fcd14a78ab Swift: add an initial draft for a deduplication test 2023-03-13 15:55:45 +01:00
Mathias Vorreiter Pedersen
a5051655a1 C++: Autoformat. 2023-03-13 15:41:17 +01:00
Ian Lynagh
70b85a3e00 Merge pull request #12431 from igfoo/igfoo/double_interception 
Kotlin: Test double interceptions
 2023-03-13 14:30:49 +00:00
erik-krogh
6a5d6eb5c2 lower precision of py/shell-command-constructed-from-input to medium 2023-03-13 14:56:42 +01:00
erik-krogh
d001cc40d3 Merge branch 'main' into py-shell 2023-03-13 14:56:04 +01:00
Mathias Vorreiter Pedersen
00450d10bb Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-13 14:50:17 +01:00
Mathias Vorreiter Pedersen
58c1518fbd C++: Fix QLDoc. 2023-03-13 14:45:00 +01:00
Mathias Vorreiter Pedersen
97462a3fa0 C++: Include more expressions in 'asExpr' in local expression flow. 2023-03-13 14:29:11 +01:00
Tamas Vajk
c57fcfb8fb Java: Fix printAST to handle javadoc belonging to multiple elements 2023-03-13 14:26:33 +01:00
Tony Torralba
705691b096 Merge pull request #12446 from github/java/update-mad-decls-after-triage-2023-03-08T14-51-59 
Java: Update MaD Declarations after Triage
 2023-03-13 14:07:59 +01:00
Robert Marsh
64f23ebb4d Merge pull request #12436 from MathiasVP/ir-range-analysis-for-unary-minus 
C++: IR-based range analysis for unary minus
 2023-03-13 09:02:38 -04:00
Anders Schack-Mulligen
f54b02edb3 Java: Add a qltest demonstrating side-effect on a callback instance. 2023-03-13 13:22:18 +01:00
Anders Schack-Mulligen
0c95ab2cdc Merge pull request #12474 from hvitved/dataflow/call-back-post-update 
Data flow: Synthesize post-update nodes for callback arguments inside summarized callables
 2023-03-13 13:21:52 +01:00
Ian Lynagh
4fbc747f93 Kotlin: Move kotlin_double_interception test to posix_only 
It's failing on Windows
 2023-03-13 11:57:57 +00:00
Ian Lynagh
fd8f7e071b Kotlin: Tweak double_interception test 2023-03-13 11:57:57 +00:00
Ian Lynagh
fae4a8f37b Kotlin: double interception test: Fix for old python versions 2023-03-13 11:57:57 +00:00
Ian Lynagh
8b6047dfd1 Kotlin: Handle double-interceptions without failing 2023-03-13 11:57:57 +00:00
Ian Lynagh
81e71c4669 Kotlin: Add a test for double niterception 2023-03-13 11:57:57 +00:00
dependabot[bot]
6e75df4088 Merge pull request #12494 from github/dependabot/cargo/ruby/serde-1.0.155 2023-03-13 11:49:00 +00:00
Erik Krogh Kristensen
060c37b6a2 Merge pull request #12345 from erik-krogh/delOldDeps 
delete old deprecations
 2023-03-13 12:48:24 +01:00
Tom Hvitved
163bb2b94d Add change note 2023-03-13 12:45:46 +01:00
Tom Hvitved
714b61b63e Ruby: Add missing flow through self.new constructor calls 2023-03-13 12:45:46 +01:00
dependabot[bot]
219bac74bf Bump serde from 1.0.154 to 1.0.155 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.154 to 1.0.155.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.154...v1.0.155)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-13 11:36:09 +00:00
dependabot[bot]
de84dddfc1 Merge pull request #12495 from github/dependabot/cargo/ql/serde-1.0.155 2023-03-13 11:32:03 +00:00
Arthur Baars
e0a49e2999 Merge pull request #12486 from aibaars/windows-long-paths 
Ruby: support long paths on Windows
 2023-03-13 12:18:50 +01:00
Tamas Vajk
e44aca0b33 Java: Add printAST test with javadoc 2023-03-13 12:02:50 +01:00
Arthur Baars
41a53ec109 Address comments 2023-03-13 11:50:03 +01:00
Geoffrey White
e4837f7da9 Merge pull request #12489 from geoffw0/typealiastests 
Swift: Skeleton + tests for type alias support
 2023-03-13 10:38:43 +00:00
Asger F
5461f94c6c Merge pull request #12424 from asgerf/js/html-sanitizer-for-sql 
JS: Add html sanitizers as a taint step in a few queries
 2023-03-13 11:36:19 +01:00
Asger F
41dd63adc7 Handle forwardRef in React 2023-03-13 11:30:18 +01:00
Anders Schack-Mulligen
7c0e89ffdd Java: Refactor ArithmeticTainted.ql, TempDirLocalInformationDisclosure.ql 2023-03-13 11:27:14 +01:00
Anders Schack-Mulligen
da273269cb Java: Refactor PolynomialReDoS.ql 2023-03-13 11:27:14 +01:00
Anders Schack-Mulligen
f53a05bf13 Merge pull request #12475 from aschackmull/dataflow/mergepathgraph 
Dataflow: Add MergePathGraph module.
 2023-03-13 11:26:24 +01:00
Jeroen Ketema
a0fca20f0d Merge pull request #12498 from jketema/frontend-tests 
C++: Update `.expected` after frontend changes
 2023-03-13 11:25:58 +01:00
Anders Schack-Mulligen
c380ecbbbc Data flow: Add change notes. 2023-03-13 11:09:13 +01:00
erik-krogh
6c1ebd999e Merge branch 'main' into delOldDeps 2023-03-13 11:00:29 +01:00
Erik Krogh Kristensen
25e6b976c8 Merge pull request #12405 from github/dependabot/cargo/ql/rayon-1.7.0 
Bump rayon from 1.6.1 to 1.7.0 in /ql
 2023-03-13 10:57:11 +01:00
Geoffrey White
7512d81331 Merge pull request #12484 from geoffw0/summarydetail 
Swift: Update swift/summary/summary-statistics to DataFlow::ConfigSig
 2023-03-13 09:54:54 +00:00
Tom Hvitved
6ee231fac5 Ruby: Add more tests for flow through constructors 2023-03-13 10:52:01 +01:00
Geoffrey White
0d1be2294c Merge branch 'main' into typealiastests 2023-03-13 09:38:54 +00:00
Geoffrey White
8d666d00c2 Swift: Update codegen. 2023-03-13 09:21:44 +00:00
Geoffrey White
9a5dbd078e Merge pull request #12485 from geoffw0/qldocraw 
Swift: Add generated QLDoc to the Raw.qll file.
 2023-03-13 09:10:55 +00:00
Jeroen Ketema
bd47c4f9ec C++: Update .expected after frontend changes 2023-03-13 09:40:10 +01:00
Tony Torralba
e834f9302e Fix Apache Commons HTTP Client and SQL Injection tests 2023-03-13 09:36:53 +01:00
Harry Maclean
9c3d141c9c Ruby: Add change note 2023-03-13 18:57:55 +13:00
dependabot[bot]
7ab3bb1239 Bump serde from 1.0.154 to 1.0.155 in /ql 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.154 to 1.0.155.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.154...v1.0.155)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-13 04:10:45 +00:00
Harry Maclean
fe995dd99b Ruby: ActiveRecord::Connection.execute SQL sink 2023-03-13 09:03:54 +13:00
Harry Maclean
025cd34dab Ruby: Taint flow through ActionController params 
We were not recognising "require" as returning a Parameters instance.
 2023-03-13 08:52:41 +13:00