hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 03:01:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
a0cf8e786c fix SSRF sink 2023-02-03 16:16:00 +01:00
Alvaro Muñoz
7140b956e8 improve generated files matching predicates 2023-02-03 16:13:44 +01:00
Sarita Iyer
d99f7b56bd Merge branch 'codeql-cli-articles-migration-update' of https://github.com/github/codeql into codeql-cli-articles-migration-update 2023-02-03 09:56:51 -05:00
Sarita Iyer
c33c5ed517 Update codeql-cli links 2023-02-03 09:56:49 -05:00
Alex Ford
6c35feaa98 ConceptsShared: add a default implementation of BlockMode CryptographicOperation#getBlockMode() for compatibility with external code 2023-02-03 14:39:32 +00:00
Alex Ford
b968b59afc CryptoAlgorithms: make CryptographicAlgorithm#matchesName hold only if that algorithm is the most specific match 2023-02-03 14:15:32 +00:00
Tamas Vajk
f90c5346bf C#: Change handled exception in TrapWriter.ArchiveContents 2023-02-03 15:13:23 +01:00
Mathias Vorreiter Pedersen
0a6f914bfc C++: Make the documentation on 'isSink' less ambiguous. 2023-02-03 14:09:01 +00:00
Mathias Vorreiter Pedersen
0aed890b15 C++: Undo QLDoc change. 2023-02-03 14:02:55 +00:00
erik-krogh
8e05fdb369 make more imports private 2023-02-03 15:00:31 +01:00
erik-krogh
c5350ca6a0 add change-note 2023-02-03 14:47:58 +01:00
erik-krogh
cf094c2f4f adjust which folders are seen as exported to remove an FP 2023-02-03 14:47:55 +01:00
erik-krogh
848b24cfe4 adjust concept tests after changing subprocess model 2023-02-03 14:47:55 +01:00
erik-krogh
ef44cb86c2 remove FPs related to parameters that are meant to be commands 2023-02-03 14:47:55 +01:00
erik-krogh
e9ebba3350 assume shell=False for subprocess calls, fixes FPs in e.g. youtube-dl 2023-02-03 14:47:55 +01:00
erik-krogh
d228cf0e7b use more API-nodes to model subprocess.run (and friends) 2023-02-03 14:47:55 +01:00
erik-krogh
bce83bfc4e add failing test for indirectly setting the shell=true flag for subprocess.run 2023-02-03 14:47:55 +01:00
erik-krogh
0a2c7d062c add Fabric test, and add tracking of the shell flag in Fabric 2023-02-03 14:47:55 +01:00
erik-krogh
6bbc4f4a48 add more tests 2023-02-03 14:47:55 +01:00
erik-krogh
33c506d7fe add minimal test for Array join as a sink, and learn that the order is flipped compared to JS. Thanks Copilot! 2023-02-03 14:47:55 +01:00
erik-krogh
5bddfc0d79 add test for f-strings as sink 2023-02-03 14:47:55 +01:00
erik-krogh
47a06d2824 add library inputs as a source, and get minimal test to work 2023-02-03 14:47:55 +01:00
erik-krogh
7fcc548665 add py/shell-command-constructed-from-input, but without a source. 
It's a very direct port from Ruby, with only minor adjustments to fit the Python APIs
 2023-02-03 14:47:55 +01:00
erik-krogh
187cfd7be7 add isShellInterpreted to the SystemCommandExecution concept 2023-02-03 14:47:54 +01:00
Geoffrey White
38eeb9c747 Swift: Model String methods. 2023-02-03 12:26:55 +00:00
Alex Ford
e17b3d975d JS: pick up CryptographicKeys used in asmCrypto encrypt/decrypt calls 2023-02-03 12:16:25 +00:00
Alex Ford
6b2a92a7ca JS: update CryptographicKey.expected 2023-02-03 12:12:47 +00:00
Geoffrey White
1077dcd2e3 Swift: Model String initializers. 2023-02-03 11:36:35 +00:00
Philip Ginsbach
b8bd98e476 Merge pull request #12075 from github/ginsbach/RemoveIncorrectStatement 
remove statement about namespaces from documentation that no longer holds
 2023-02-03 11:18:07 +00:00
Geoffrey White
142ca0c9fb Swift: Model StringProtocol initializers. 2023-02-03 10:53:44 +00:00
Geoffrey White
d888510688 Swift: Fix incorrect taint to String fields. 2023-02-03 10:21:52 +00:00
Geoffrey White
d25de8c764 Swift: Taint fields of StringProtocol. 2023-02-03 10:16:33 +00:00
Philip Ginsbach
e552a6206d shadowing and visibility of default predicates 2023-02-03 10:11:25 +00:00
Geoffrey White
21abe54d8d Swift: Greatly extend tests of taint through strings. 2023-02-03 10:11:12 +00:00
Philip Ginsbach
09fdf744d4 introduce module signature member defaults 2023-02-03 10:01:59 +00:00
Geoffrey White
bf6ef43451 Swift: Document library model files consistently. 2023-02-03 09:59:35 +00:00
erik-krogh
3545bb0819 adjust qhelp based on review 2023-02-03 10:50:18 +01:00
Mathias Vorreiter Pedersen
4e7ca1a175 Merge pull request #12082 from github/post-release-prep/codeql-cli-2.12.2 
Post-release preparation for codeql-cli-2.12.2
 2023-02-03 09:40:57 +00:00
Philip Ginsbach
808d3e3a1f Merge pull request #12084 from github/ginsbach/IncorrectEnvironmentNumbering 
we actually only distinguish four environments
 2023-02-03 09:37:39 +00:00
Alvaro Muñoz
50bd0707ce remove redundant import 2023-02-03 10:19:35 +01:00
Alvaro Muñoz
3a9d650cb9 add qldocs for member predicates 2023-02-03 10:09:16 +01:00
Philip Ginsbach
56e0b19df8 we actually only distinguish four environments 2023-02-03 09:04:43 +00:00
Alvaro Muñoz
8cb022713e include review feedback 2023-02-03 10:01:55 +01:00
Arthur Baars
9a4cec7691 Merge pull request #11956 from aibaars/json-log 
Ruby: structured logging
 2023-02-03 09:54:49 +01:00
Alvaro Muñoz
13242df149 Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-02-03 09:45:00 +01:00
Alvaro Muñoz
dd31be43e0 Support for Twirp framework 2023-02-03 09:35:22 +01:00
github-actions[bot]
faf21f3edb Post-release preparation for codeql-cli-2.12.2 2023-02-02 23:01:04 +00:00
erik-krogh
6e712b293a add tracking of strings to compile-sites for poly-redos, in the style of Ruby 2023-02-02 22:56:20 +01:00
Jami Cogswell
30b1a2edbc Java: add first argument to copy sink 2023-02-02 16:20:54 -05:00
Jami Cogswell
61a8f5e425 Java: add signature to createTempDirectory sink 2023-02-02 16:19:20 -05:00