codeql

mirror of https://github.com/github/codeql.git synced 2026-02-16 06:53:41 +01:00

Author	SHA1	Message	Date
Ian Lynagh	dd7ec499df	Kotlin: Ignore tags when comparing versions We thought that 1.7.20-Beta > 1.7.20, and so tried to use 1.7.0's extractor with 1.7.20.	2022-10-26 12:21:55 +01:00
erik-krogh	0f9b4334cc	remove some FPs in `js/password-in-configuration-file`	2022-10-26 11:51:56 +02:00
Paolo Tranquilli	e422a4eef9	Swift: move `TargetFile` to a separate lib	2022-10-26 10:54:51 +02:00
erik-krogh	21e7e27e1f	push more context into load/store steps from the exploratory flow-analysis	2022-10-26 10:52:47 +02:00
Erik Krogh Kristensen	52cd200ca0	Merge pull request #10985 from asgerf/js/reaches-return-escape JS: Do not track returned values out of the enclosing function	2022-10-26 10:52:11 +02:00
Tony Torralba	924995d9e1	Merge pull request #10977 from github/workflow/coverage/update Update CSV framework coverage reports	2022-10-26 09:51:17 +02:00
Asger F	414bd40c41	JS: Do not track returned values out of the enclosing function	2022-10-26 09:29:49 +02:00
Paolo Tranquilli	a3234503b8	Merge pull request #10983 from github/redsun82/swift-third-party Swift: move libraries from `tools` to `third_party`	2022-10-26 08:59:50 +02:00
Mathias Vorreiter Pedersen	58b6c45d27	Merge pull request #10958 from geoffw0/comma C++: Fix performance issue on cpp/comma-before-misleading-indentation	2022-10-26 08:29:18 +02:00
tyage	7a19744cf2	add change note	2022-10-26 15:17:50 +09:00
tyage	95dca7c3ed	update comment	2022-10-26 15:13:59 +09:00
tyage	09f8ca8cc0	add `query` in comment	2022-10-26 15:13:03 +09:00
tyage	232893aafa	make query parameters in ServerSideProps and next/router as a RemoteFlowSource	2022-10-26 14:41:07 +09:00
Paolo Tranquilli	c8788bb5cd	Swift: move libraries from `tools` to `third_party`	2022-10-26 07:05:56 +02:00
tyage	1f4fc7fc2d	add params, query to test	2022-10-26 10:53:11 +09:00
tyage	06925681b0	add test for context.params	2022-10-26 10:53:11 +09:00
github-actions[bot]	5454f9a738	Add changed framework coverage reports	2022-10-26 00:20:29 +00:00
Jami Cogswell	1e80fa118c	add modules	2022-10-25 18:26:00 -04:00
Daniel Santos	f7ace6f801	Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-25 14:27:03 -05:00
Geoffrey White	1e8b4bdd6f	Merge pull request #10973 from geoffw0/comment Swift: Fix UrlRemoteFlowSource name clash	2022-10-25 18:51:51 +01:00
Robert Marsh	8a125d1ae5	C++: repair InconsistentLoopDirection	2022-10-25 13:34:08 -04:00
thiggy1342	9c1fbfd330	Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new	2022-10-25 13:09:17 -04:00
Chris Smowton	004f4be5fb	Kotlin: don't try to call nonexistent `j.l.Number.toChar` Previously we thought this could be callable because Kotlin's view of `j.l.Integer` inherits `k.Number` which defines `toChar`.	2022-10-25 17:09:05 +01:00
Geoffrey White	53fa91f8ba	Swift: Add comment.	2022-10-25 16:51:57 +01:00
Daniel Santos	feece6f7b4	Merge branch 'github:main' into main	2022-10-25 10:43:20 -05:00
Geoffrey White	a67bd4d903	Swift: Fix name clash.	2022-10-25 16:40:27 +01:00
Ian Lynagh	4050801a17	Kotlin: Autoformat query	2022-10-25 16:26:12 +01:00
Ian Lynagh	52cfc33576	Kotlin: Accept test changes	2022-10-25 16:26:12 +01:00
Ian Lynagh	63b64e4daa	Kotlin: Test tweaks for the diags consistency query	2022-10-25 16:26:11 +01:00
Ian Lynagh	caf7ebc634	Java/Kotlin: Add a diagnostic consistency query	2022-10-25 16:26:11 +01:00
Ian Lynagh	185d43a7b0	Kotlin: Turn warnings into trace messages This is normal behaviour, nothing to be concerned about.	2022-10-25 16:26:11 +01:00
Daniel Santos	5b080481aa	TokenBuiltFromUuid formatting	2022-10-25 09:51:48 -05:00
Daniel Santos	b8d60edb49	TokenBuiltFromUuid isAdditionalTaintStep refactor	2022-10-25 09:51:07 -05:00
Daniel Santos	375edf7455	TokenAssignmentValueSink refactor	2022-10-25 09:50:04 -05:00
thiggy1342	3659eaa780	add markdown file extension	2022-10-25 10:13:19 -04:00
Geoffrey White	257748d82b	C++: Rename predicate.	2022-10-25 14:52:22 +01:00
Geoffrey White	3d025ea77e	Merge pull request #10903 from geoffw0/review Swift: Add some summary queries.	2022-10-25 14:47:09 +01:00
yo-h	01a67adb49	Merge pull request #10738 from github/yo-h-patch-1 Java: update framework list	2022-10-25 09:42:18 -04:00
Jeroen Ketema	3befa1cd96	Merge pull request #10965 from MathiasVP/fix-gettypeimpl-in-ir-dataflow C++: Fix `getType` in IR dataflow	2022-10-25 15:02:45 +02:00
Tamás Vajk	3264bbc1db	Merge pull request #10962 from tamasvajk/kotlin-unreachable-catch Kotlin: Exclude .kt files from `java/unreachable-catch-clause`	2022-10-25 15:01:25 +02:00
Tamás Vajk	7013663d13	Merge pull request #10881 from tamasvajk/kotlin-constant-expr Kotlin: Exclude constructs in serialization constructors from `java/evaluation-to-constant`	2022-10-25 15:00:58 +02:00
erik-krogh	e8dce25cc2	fix rb/code-injection	2022-10-25 14:44:23 +02:00
Geoffrey White	b59f01f968	Swift: Use UnknownFile.	2022-10-25 13:44:13 +01:00
Mathias Vorreiter Pedersen	557b94cd83	Merge pull request #10966 from jketema/spelling-comments C++: Spelling fixes and documentation clarification	2022-10-25 14:34:49 +02:00
Mathias Vorreiter Pedersen	6a7bcd384a	Merge pull request #10939 from rdmarsh2/rdmarsh2/cpp/modulus-analysis-comments C++: additional comments for modulus analysis	2022-10-25 14:29:54 +02:00
Mathias Vorreiter Pedersen	1bd48f8d02	Merge branch 'replace-ast-with-ir-use-usedataflow' into repair-cleartext-transmission-2	2022-10-25 14:27:33 +02:00
Mathias Vorreiter Pedersen	c8f81bc6b8	Merge branch 'replace-ast-with-ir-use-usedataflow' into repair-badly-bounded-write-2	2022-10-25 14:24:38 +02:00
Mathias Vorreiter Pedersen	39b268194a	C++: Accept test changes.	2022-10-25 14:10:51 +02:00
Karim Ali	18dd0f650c	update iterations threshold to most recent OWASP recommendation which is at least 120,000 iterations for secure password hashing	2022-10-25 14:01:40 +02:00
Tamas Vajk	80fa45fd8e	Fix expected fest file after rebase	2022-10-25 13:52:25 +02:00

... 174 175 176 177 178 ...

54887 Commits