hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 03:01:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,691 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
177fcbb4eb C#: Update attribute test to exclude OS specific declarations. 2023-01-31 13:21:00 +01:00
Michael Nebel
0ed48616a7 C#: Use stubs for CWE-321/HardcodedSymmetricEncryptionKey. 2023-01-31 13:21:00 +01:00
Michael Nebel
9808482c41 C#: Update Minimal stubs from source testcase expected output. 2023-01-31 13:21:00 +01:00
Michael Nebel
3510f465b2 C#: Use stubs for ThreadUnsafeICryptoTransformLambda. 2023-01-31 13:21:00 +01:00
Michael Nebel
f3555b1076 C#: Update options files as some classes has been moved to other dll's. 2023-01-31 13:21:00 +01:00
Michael Nebel
5ccfc4d3f4 C#: Add System.Security.Cryptography as a dependency to the HashWithoutSalt query test. 2023-01-31 13:21:00 +01:00
Michael Nebel
fd74c10b06 C#: Use stubs for ThreadUnsafeICryptoTransform. 2023-01-31 13:21:00 +01:00
Michael Nebel
14888d4382 C#: Use stubs for CWE-327 test cases. 2023-01-31 13:21:00 +01:00
Michael Nebel
89de6cb8a0 C#: Update library tests. 2023-01-31 13:20:59 +01:00
Michael Nebel
33a923a85b C#: Use IsKind instead of Kind (compiler warning). 2023-01-31 13:20:59 +01:00
Michael Nebel
3a4e5700e8 C#: Update project targets, workflows and other scripts to use .NET 7. 2023-01-31 13:20:59 +01:00
Michael Nebel
86e9bf2f81 Merge pull request #11996 from michaelnebel/csharp/refstructreffield 
C# 11: Extractor support for `ref` fields in `ref struct`.
 2023-01-31 13:08:57 +01:00
dependabot[bot]
423bab54d3 Bump num_cpus from 1.13.1 to 1.14.0 in /ql 
Bumps [num_cpus](https://github.com/seanmonstar/num_cpus) from 1.13.1 to 1.14.0.
- [Release notes](https://github.com/seanmonstar/num_cpus/releases)
- [Changelog](https://github.com/seanmonstar/num_cpus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/num_cpus/compare/v1.13.1...v1.14.0)

---
updated-dependencies:
- dependency-name: num_cpus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 12:05:11 +00:00
Erik Krogh Kristensen
38bcb2b727 Merge pull request #12039 from github/dependabot/cargo/ql/serde-1.0.152 
Bump serde from 1.0.140 to 1.0.152 in /ql
 2023-01-31 13:03:03 +01:00
dependabot[bot]
198b97ca8d Bump serde from 1.0.140 to 1.0.152 in /ql 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.140 to 1.0.152.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.140...v1.0.152)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 11:48:44 +00:00
Erik Krogh Kristensen
f2526d1784 Merge pull request #12040 from github/dependabot/cargo/ql/tree-sitter-0.20.9 
Bump tree-sitter from 0.20.8 to 0.20.9 in /ql
 2023-01-31 12:46:43 +01:00
Gulshan Singh
1a109cab4d Remove unicode characters 2023-01-31 03:38:03 -08:00
dependabot[bot]
807b715320 Bump tree-sitter from 0.20.8 to 0.20.9 in /ql 
Bumps [tree-sitter](https://github.com/tree-sitter/tree-sitter) from 0.20.8 to 0.20.9.
- [Release notes](https://github.com/tree-sitter/tree-sitter/releases)
- [Commits](https://github.com/tree-sitter/tree-sitter/commits)

---
updated-dependencies:
- dependency-name: tree-sitter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 11:27:40 +00:00
Erik Krogh Kristensen
34ca12e5d2 Merge pull request #12042 from erik-krogh/qlTools 
QL: update codeql-action in QL-for-QL
 2023-01-31 12:24:37 +01:00
Mathias Vorreiter Pedersen
1a27a069ac Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-31 11:15:42 +00:00
erik-krogh
94cec17505 bump codeql-action 2023-01-31 12:09:21 +01:00
erik-krogh
4436ec070e ensure the test is run when the workflow is updated 2023-01-31 12:09:21 +01:00
Geoffrey White
ee442e4d4b Merge pull request #11979 from geoffw0/modern1 
Swift: Modernize injection queries
 2023-01-31 10:54:35 +00:00
erik-krogh
0cefa98490 add missing word to the change-note 2023-01-31 11:53:17 +01:00
Mathias Vorreiter Pedersen
daf7d1b7e7 C++: Add more QLDoc. 2023-01-31 10:37:51 +00:00
Mathias Vorreiter Pedersen
7583fe2ad8 C++: Respond to PR reviews. 2023-01-31 10:31:02 +00:00
Tony Torralba
e9a46c926d Add taint for URLRequest fields 2023-01-31 11:15:45 +01:00
erik-krogh
95c19698c7 add change-note 2023-01-31 11:09:07 +01:00
Jeroen Ketema
24891c3f43 C++: Fix missing subpaths when displaying dataflow paths 2023-01-31 10:57:06 +01:00
erik-krogh
e5e8496084 fix QL-for-QL warnings 2023-01-31 10:55:27 +01:00
Arthur Baars
d944c2bd79 Ruby: address comments 2023-01-31 10:22:12 +01:00
Gulshan Singh
2f38d363ff Fix typo in dependsOnChild 2023-01-30 19:55:53 -08:00
Gulshan Singh
fb31570af3 Fix bitshift test 2023-01-30 19:55:53 -08:00
Gulshan Singh
1758e25207 Merge lshift/rshift range expressions into a single file and address PR comments 2023-01-30 19:55:53 -08:00
Gulshan Singh
051d36ee6a Add ConstantLShiftExprRange and ConstantRShiftExprRange classes 2023-01-30 19:55:53 -08:00
Gulshan Singh
5710289460 Add bitshift test 2023-01-30 19:55:53 -08:00
Harry Maclean
c99a096c9b Ruby: Update test fixtures 2023-01-31 11:27:19 +13:00
Harry Maclean
69ed00cdf1 Ruby: QL4QL fix 2023-01-31 11:06:32 +13:00
Mathias Vorreiter Pedersen
cd596403a0 Merge pull request #12031 from MathiasVP/ir-get-call-predicate 2023-01-30 21:23:02 +00:00
erik-krogh
c2e8206090 add more array taint steps that taint the entire array 2023-01-30 21:14:27 +01:00
Chuan-kai Lin
396d2de6e7 Document pragma[assume_small_delta] 2023-01-30 11:42:57 -08:00
intrigus-lgtm
f23d517236 Fix errorneous slash 
The additional slash causes the request to fail.
Compare `gh api /repos/openjdk/jdk/code-scanning/codeql/databases/` (fails) with:
```
gh api /repos/openjdk/jdk/code-scanning/codeql/databases/
{
  "message": "Not Found",
  "documentation_url": "https://docs.github.com/rest"
}
gh: Not Found (HTTP 404)
```
While `gh api /repos/openjdk/jdk/code-scanning/codeql/databases` (works).
 2023-01-30 20:26:40 +01:00
Mathias Vorreiter Pedersen
a01a4734ed C++/C#: Sync identical files. 2023-01-30 17:32:53 +00:00
Mathias Vorreiter Pedersen
3a1a9a771c C++: Add a 'getCall' predicate to 'ArgumentOperand'. 2023-01-30 17:31:52 +00:00
Mathias Vorreiter Pedersen
f90007ae71 C++: Make our iterator models public. 2023-01-30 17:23:52 +00:00
erik-krogh
962465f77a add array-taint-steps to unsafe-shell-command-construction 2023-01-30 16:56:03 +01:00
Mathias Vorreiter Pedersen
be359a32c0 Merge pull request #11976 from MathiasVP/fewer-uses-2 
C++: Don't count every conversion as a use
 2023-01-30 15:51:12 +00:00
erik-krogh
a4c42aa14b more custom array steps from unsafe-code-construction to a utility predicate 2023-01-30 16:46:13 +01:00
erik-krogh
31743afa87 add change-note 2023-01-30 16:34:23 +01:00
erik-krogh
e01002368f add query detecting validators that use badly anchored regular expressions on library/remote input 2023-01-30 16:34:20 +01:00