hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 11:11:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
787fe38d90 build(deps): bump actions/setup-dotnet from 2 to 3.0.2 
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 2 to 3.0.2.
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](https://github.com/actions/setup-dotnet/compare/v2...v3.0.2)

---
updated-dependencies:
- dependency-name: actions/setup-dotnet
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-02 08:09:43 +00:00
Michael Nebel
7271d9987e Merge pull request #11940 from michaelnebel/csharp/dotnet7 
C#: Update project targets, workflows and other scripts to use .NET 7.
 2023-02-02 08:14:55 +01:00
Nora Dimitrijević
e137993acd Merge pull request #12061 from d10c/cpp/missing-check-scanf-join-order-fix 2023-02-02 07:57:21 +01:00
Kristen Newbury
dc5eb40d5f Update JS CleartextLogging qhelp 2023-02-01 16:29:13 -05:00
Harry Maclean
d671cc6e43 Merge pull request #12052 from hmac/barrier-guard-fix 2023-02-02 08:16:07 +13:00
Chuan-kai Lin
255f989ede Merge pull request #12034 from cklin/document-assume-small-delta 
Document pragma[assume_small_delta]
 2023-02-01 10:36:40 -08:00
Alvaro Muñoz
d6f1dfa205 update tests 2023-02-01 17:58:32 +01:00
Philip Ginsbach
c5deb8544b rework documentation of namespaces to take account of shadowing 2023-02-01 16:56:35 +00:00
Tony Torralba
24527bfc4e Minor change in WKNavigationDelegateSource to work around a bug 2023-02-01 17:44:08 +01:00
Tony Torralba
644bc56568 Add new source and flow step related to WkWebView 2023-02-01 17:44:06 +01:00
Tony Torralba
407e7cbbde Merge pull request #12045 from atorralba/atorralba/more-custom-url-schemes 
Swift: Add more sources for custom URL schemes
 2023-02-01 17:40:20 +01:00
Joe Farebrother
97b2e852c9 Merge pull request #11713 from joefarebrother/sensitive-result-receiver 
Java: Add query for leaking sensitive data through a ResultReceiver
 2023-02-01 16:34:17 +00:00
Nora Dimitrijević
1df0be3ca2 C++: Fix join order in cpp/missing-check-scanf 
The issues were:
* `revFlow`: `revFlow` joins `fwdFlow` on `vn`.
* `Node.getASuccessor()`: `MkNode` self-join on `vn`.
* `hasFlow/5`: `MkNode` self-join on `vn`.
 2023-02-01 16:29:43 +01:00
Tony Torralba
834fc51a3a Update java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql 2023-02-01 15:26:26 +01:00
Tony Torralba
43b234eeb5 Switch to MaD models for UISceneDelegate methods 2023-02-01 15:15:51 +01:00
Tony Torralba
f7cc5f9627 Add more sources for custom URL schemes 
Also add the appropriate steps so that these sources are useful
 2023-02-01 15:07:37 +01:00
Alvaro Muñoz
4d6b35f891 apply gofmt 2023-02-01 14:51:48 +01:00
Alvaro Muñoz
70a151af02 add change-notes 2023-02-01 14:49:30 +01:00
Geoffrey White
96ee0f68b0 Merge pull request #11935 from geoffw0/protocol-extension 
Swift: Flow sources through protocol extensions
 2023-02-01 13:47:09 +00:00
Alvaro Muñoz
a3188f2e10 address review feedback 2023-02-01 14:43:51 +01:00
Mathias Vorreiter Pedersen
eb31160ae0 C++: Accept test changes. 2023-02-01 13:42:03 +00:00
Alvaro Muñoz
3502ab6523 fix missing QLDocs and refactor ServiceInterface 2023-02-01 14:37:38 +01:00
Mathias Vorreiter Pedersen
702b10ff96 Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into global-flow 2023-02-01 13:37:10 +00:00
Mathias Vorreiter Pedersen
0e1dcc8062 C++: Accept test changes. These all appear to be good changes. 2023-02-01 13:25:37 +00:00
Mathias Vorreiter Pedersen
136b5d189c C++: Small cleanup by making 'GlobalUse' extend 'UseImpl'. 2023-02-01 13:24:40 +00:00
Rasmus Wriedt Larsen
fdb33ff48e Python: Fix grammar in change-note 
Co-authored-by: Taus <tausbn@github.com>
 2023-02-01 14:01:20 +01:00
Alvaro Muñoz
afa6b1cec5 Initial support for Twirp framework 2023-02-01 13:55:09 +01:00
Joe Farebrother
74dba953ca Apply suggestions from docs review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-02-01 12:54:19 +00:00
Erik Krogh Kristensen
bc36a75bde Merge pull request #12057 from erik-krogh/syncPyFlow 
PY: Sync a dataflow config
 2023-02-01 11:58:40 +01:00
erik-krogh
77e014c5a4 sync added dataflow config 2023-02-01 11:46:57 +01:00
Erik Krogh Kristensen
01f6862965 Merge pull request #11833 from erik-krogh/trackPyReg 
PY: track string-constants to regular expression uses
 2023-02-01 11:40:42 +01:00
Arthur Baars
a46061541b Ruby: address review comment 2023-02-01 09:59:05 +01:00
Arthur Baars
fa81d9da18 Apply suggestions from code review 
Co-authored-by: Harry Maclean <hmac@github.com>
 2023-02-01 09:47:39 +01:00
Tony Torralba
837cdf7782 Merge pull request #12046 from atorralba/atorralba/urlrequest-models 
Swift: Add taint for URLRequest fields
 2023-02-01 09:24:17 +01:00
Geoffrey White
b9d487ac35 Merge branch 'main' into protocol-extension 2023-02-01 08:21:05 +00:00
Jeroen Ketema
ce8a84abb3 Merge pull request #12043 from jketema/subpaths 
C++: Fix missing subpaths when displaying dataflow paths
 2023-02-01 09:17:16 +01:00
Erik Krogh Kristensen
16049d694b Merge pull request #12055 from github/dependabot/cargo/ql/tracing-0.1.37 
Bump tracing from 0.1.35 to 0.1.37 in /ql
 2023-02-01 09:07:11 +01:00
dependabot[bot]
373148decd Bump tracing from 0.1.35 to 0.1.37 in /ql 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.35 to 0.1.37.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.35...tracing-0.1.37)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-01 03:11:28 +00:00
Harry Maclean
da45d3aa7f Ruby: Fix string comparison barrier guard 
`strNode` was not properly restricted for some cases.
 2023-02-01 14:40:53 +13:00
Harry Maclean
0d68d88741 Merge pull request #11934 from hmac/actioncontroller-filters 2023-02-01 09:10:30 +13:00
Geoffrey White
7f58a2222a Merge branch 'main' into protocol-extension 2023-01-31 16:06:55 +00:00
Mathias Vorreiter Pedersen
88338bdfcf C++: Flow out of functions that write to iterators. 2023-01-31 15:11:47 +00:00
Chris Smowton
6b0b73b5f6 Merge pull request #12033 from intrigus-lgtm/patch-8 
Fix errorneous slash
 2023-01-31 14:39:51 +00:00
Mathias Vorreiter Pedersen
41ea71c31c Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-31 14:12:23 +00:00
Mathias Vorreiter Pedersen
a2248e6ca6 Merge pull request #12030 from MathiasVP/iterator-public-models 
C++: Make iterator classes public
 2023-01-31 14:11:52 +00:00
Mathias Vorreiter Pedersen
0d38ff8e8c Merge pull request #11920 from gsingh93/bit-shift-range 
C++: Improve left shift and right shift range analysis accuracy
 2023-01-31 14:01:41 +00:00
Erik Krogh Kristensen
8bc9ce749f Merge pull request #12038 from github/dependabot/cargo/ql/tracing-subscriber-0.3.16 
Bump tracing-subscriber from 0.3.15 to 0.3.16 in /ql
 2023-01-31 14:35:35 +01:00
Arthur Baars
57012714d6 Ruby: serialize timestamps as ISO8601 2023-01-31 14:32:29 +01:00
dependabot[bot]
56a0b1d2d8 Merge pull request #12024 from github/dependabot/cargo/ruby/clap-3.0.14 2023-01-31 13:30:21 +00:00
dependabot[bot]
597c71011e Bump tracing-subscriber from 0.3.15 to 0.3.16 in /ql 
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.15 to 0.3.16.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.15...tracing-subscriber-0.3.16)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 13:09:13 +00:00