hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 18:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,865 Commits 1,691 Branches 160 Tags
codeql-cli/v2.13.1
Commit Graph

53865 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
d325082db3 C++: Fix another place that assumed that 'Expr' was always 'Instruction'. 2023-03-22 16:51:39 +00:00
Mathias Vorreiter Pedersen
6e38105615 C++: Fix implicit 'this'. 2023-03-22 16:51:39 +00:00
Mathias Vorreiter Pedersen
4d029acb11 C++: Accept test changes. 2023-03-22 16:51:39 +00:00
Mathias Vorreiter Pedersen
4cc3bfae33 C++: Fix places that assumed that 'Expr' was always 'Instruction'. 2023-03-22 16:51:38 +00:00
Geoffrey White
a4e9d38abb Swift: Fix the test regression. 2023-03-22 16:44:29 +00:00
Mathias Vorreiter Pedersen
0aa90d6f09 Merge pull request #12635 from MathiasVP/bool-to-int-is-safe 
C++: `bool` -> `int` are safe conversions
 2023-03-22 16:29:29 +00:00
Geoffrey White
cbe5243c89 Swift: Accept test regressions. :( 2023-03-22 16:24:32 +00:00
Mathias Vorreiter Pedersen
08e8604430 C++: Change 'Expr' to be EquivalenceClasses instead of Instructions. 2023-03-22 15:26:26 +00:00
Michael Nebel
915efffe21 Merge pull request #12610 from michaelnebel/java/validatespecs 
Java/C#: Validate all AccessPaths.
 2023-03-22 16:22:54 +01:00
Mathias Vorreiter Pedersen
59f2c75186 C++: bool -> int conversions are safe conversions. 2023-03-22 15:01:54 +00:00
Rasmus Wriedt Larsen
77f1539e71 Python: Add change-note 2023-03-22 15:57:09 +01:00
Rasmus Wriedt Larsen
7b3f710e91 Python: Model aiosqlite 2023-03-22 15:51:47 +01:00
Jami Cogswell
3f40e3863f Add yml files to change note check 2023-03-22 10:51:36 -04:00
Rasmus Wriedt Larsen
9975facf9d Python: Make asyncio version of PEP249 modeling library 
so it's also easy to modeling asyncio libraries

Also ports aiomysql/aiopg to use this new modeling
 2023-03-22 15:51:33 +01:00
Rasmus Wriedt Larsen
2b4ebf7377 Python: Add support for .executescript 2023-03-22 15:20:06 +01:00
Alex Ford
0f267e012a Merge pull request #12631 from alexrford/js/weak-cryptographic-algorithm_space 
JS: add a missing space in alert message for `js/weak-cryptographic-algorithm`
 2023-03-22 14:12:35 +00:00
Arthur Baars
65d129dee1 Merge pull request #12529 from hmac/ruby-extractor-bump-rust-version 
Ruby: Bump rust toolchain to 1.68
 2023-03-22 15:12:08 +01:00
Rasmus Wriedt Larsen
eb43fa2644 Python: Make API graph version of PEP249 modeling 
This will allow us to more easily handle the executescript method, which
we'll do in next commit.
 2023-03-22 15:07:03 +01:00
Jami Cogswell
5f8d6c3c07 Java: add change note 2023-03-22 10:05:55 -04:00
Jami Cogswell
82daf50ed4 Java: add signature 2023-03-22 10:05:55 -04:00
Jami Cogswell
974f4bc371 Java: remove nativeSql sink 2023-03-22 10:05:55 -04:00
Jami Cogswell
ea626a03b6 Java: add nativeSQL as summary model 2023-03-22 10:05:55 -04:00
Rasmus Wriedt Larsen
5930499f1d Python: Add test for missing .executescript SQL method 2023-03-22 14:57:08 +01:00
Ian Lynagh
536bc9ac89 Merge pull request #12589 from igfoo/igfoo/distutils 
Kotlin: Don't use distutils in build script
 2023-03-22 13:18:51 +00:00
Alex Denisov
635564531c Swift: add a query showing successfully extracted files 
(cherry picked from commit 7c15527300)
 2023-03-22 13:52:09 +01:00
erik-krogh
2bba9057a0 better callgraph support for global variables 2023-03-22 13:49:33 +01:00
Anders Schack-Mulligen
dc6729d0bf Merge pull request #12616 from aschackmull/java-csharp/redundant-sign-analysis-case 
Java/C#: Remove useless disjuncts.
 2023-03-22 13:33:46 +01:00
Erik Krogh Kristensen
663d4e8e3b Merge pull request #12592 from erik-krogh/rhsRegress 
JS: Fix performance regression in the `GetLaterAccess` module.
 2023-03-22 12:55:56 +01:00
Arthur Baars
bed5eeb372 Apply suggestions from code review 2023-03-22 12:30:15 +01:00
Erik Krogh Kristensen
5dc5c8e683 Merge pull request #12629 from erik-krogh/qlTreeSitterQll 
QL: regen TreeSitter.qll
 2023-03-22 12:28:27 +01:00
Alex Ford
b000b9b5c0 JS: add a missing space in alert message for js/weak-cryptographic-algorithm 2023-03-22 11:12:13 +00:00
Erik Krogh Kristensen
a93c2ec20b Merge pull request #12630 from erik-krogh/disableConsis 
QL: disable the consistency check
 2023-03-22 11:06:15 +01:00
erik-krogh
5a3ddcfca6 QL: disable the consistency check 2023-03-22 10:53:39 +01:00
erik-krogh
4bc6a0927d fix queries that relied on the old TreeSitter.qll 2023-03-22 10:45:50 +01:00
erik-krogh
53d9e4d4eb QL: regen TreeSitter.qll 2023-03-22 10:29:30 +01:00
Rasmus Wriedt Larsen
170a93cc4f Python: Model cassandra-driver PyPI package 2023-03-22 10:28:04 +01:00
Rasmus Wriedt Larsen
e4db5f9a64 Python: Model asyncpg.connection.connect() 2023-03-22 10:28:04 +01:00
Rasmus Wriedt Larsen
4f9117963d Python: Model sqlite3.dbapi2 2023-03-22 10:28:04 +01:00
Erik Krogh Kristensen
bdab57b9d3 Update javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-03-22 10:19:48 +01:00
erik-krogh
3d9bbd7824 ReDoS: fix potential bad mistake caught by QL-for-QL 2023-03-22 10:16:23 +01:00
erik-krogh
b071d3557e JS/PY/RB: add a worst-case test, that now performs OK 2023-03-22 10:13:18 +01:00
erik-krogh
801e0ff050 ReDoS: implement a better super-linear algorithm, with better worst-case performance 2023-03-22 10:13:16 +01:00
Michael Nebel
71d184e8c0 C#: Validate all access paths except for Field and Property. 2023-03-22 10:05:46 +01:00
Michael Nebel
46ef954d5c Java: Validate all accesspaths except for Field. 2023-03-22 10:05:46 +01:00
Tony Torralba
6c0c06c963 Merge pull request #12624 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-03-22 09:49:41 +01:00
Erik Krogh Kristensen
5fcc0d3e28 Merge pull request #12625 from github/dependabot/cargo/ql/regex-1.7.2 
Bump regex from 1.7.1 to 1.7.2 in /ql
 2023-03-22 09:30:36 +01:00
yoff
a328d8c93b Merge pull request #12594 from yoff/python/add-test-to-valid 
python: add test to validation (and fix it)
 2023-03-22 09:07:27 +01:00
Anders Schack-Mulligen
b2d436ccc1 Merge pull request #12533 from aschackmull/java/misc-perf 
Java/dataflow: Misc performance fixes
 2023-03-22 08:39:43 +01:00
dependabot[bot]
b7600c6022 Bump regex from 1.7.1 to 1.7.2 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.7.1...1.7.2)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-22 04:06:21 +00:00
Harry Maclean
6cb1348988 Ruby: Try different workaround for Actions bug 2023-03-22 15:02:36 +13:00