hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 11:11:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,691 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sim4n6
aaa0040612 Seperate the dataflow config from the query 2023-01-26 08:53:47 +01:00
dependabot[bot]
6e69acdd7e Bump serde from 1.0.131 to 1.0.152 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.131 to 1.0.152.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.131...v1.0.152)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-26 03:08:58 +00:00
Sim4n6
9464940214 Add expected results for argparse source 2023-01-26 01:00:19 +01:00
Sim4n6
2e4cb63049 Optimize the Argparse filename as a source. 2023-01-26 01:00:01 +01:00
Sim4n6
f867c9008f Commit the expected results 2023-01-26 00:08:54 +01:00
Sim4n6
9b5b0c60b8 Handle the download of a tarball using wget pkg. 2023-01-26 00:02:20 +01:00
Sim4n6
22af6f5182 Restrict download_file() to boto3 lib 2023-01-25 23:00:00 +01:00
Harry Maclean
07a7a213b3 Merge pull request #11871 from hmac/rack 2023-01-26 08:40:30 +13:00
Sim4n6
2d38993075 Add a missing "and" 2023-01-25 19:46:13 +01:00
Sim4n6
0ed480855a Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql 
Yes, definitely

Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-25 19:44:28 +01:00
Sim4n6
10d6ebf95b Use of inline tests for dataflow queries 2023-01-25 19:28:05 +01:00
Sim4n6
b5a6f6e165 Merge pull request #1 from github/main 
Sync with the upstream
 2023-01-25 19:13:35 +01:00
Rasmus Wriedt Larsen
1fcfae2464 Merge pull request #11987 from RasmusWL/suite-lists 
Misc: Add `security-experimental` to `generate-code-scanning-query-list.py`
 2023-01-25 17:29:36 +01:00
Geoffrey White
e92a5eb467 Merge pull request #11911 from geoffw0/rncrypt2 
Swift: Add RNCryptor sinks to swift/hardcoded-key
 2023-01-25 15:11:16 +00:00
Rasmus Wriedt Larsen
e8714c9edb Misc: Add Swift to generate-code-scanning-query-list.py 2023-01-25 15:22:20 +01:00
Rasmus Wriedt Larsen
b220c2f51d Misc: Add security-experimental to generate-code-scanning-query-list.py 
Since not all experimental queries is part of this new suite, it's nice
to be able to list them explicitly without having to replicate the logic
from the .qls file.
 2023-01-25 15:20:49 +01:00
Geoffrey White
f6fe627f4b Merge pull request #11914 from geoffw0/rncrypt3 
Swift: Add RNCryptor sinks to swift/constant-salt
 2023-01-25 13:05:33 +00:00
Alex Ford
3dd9392f5e Merge pull request #11869 from alexrford/rails/render_locals_shared 
Ruby: Rails - generalize rails flow step for accessing render locals hash in view
 2023-01-25 12:07:26 +00:00
Erik Krogh Kristensen
39e9eaf2bc Merge pull request #11986 from erik-krogh/redosNote2 
RB: add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS
 2023-01-25 11:56:04 +01:00
Paolo Tranquilli
f4cb920624 Merge pull request #11932 from github/redsun82/swift-docs 
Swift: add and fix some `schema.py` documentation
 2023-01-25 10:52:00 +01:00
Geoffrey White
fe13137b48 Swift: Make default implementations private. 2023-01-25 09:29:03 +00:00
erik-krogh
54b0350cac add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS 2023-01-25 10:24:11 +01:00
Rasmus Wriedt Larsen
f262dc68f8 Python: Reword note about debugging getNextClassInMro 2023-01-25 10:08:43 +01:00
dependabot[bot]
531c0559a0 Bump num_cpus from 1.13.0 to 1.14.0 in /ruby 
Bumps [num_cpus](https://github.com/seanmonstar/num_cpus) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/seanmonstar/num_cpus/releases)
- [Changelog](https://github.com/seanmonstar/num_cpus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/num_cpus/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: num_cpus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-25 08:48:08 +00:00
Arthur Baars
358ae7529b Merge pull request #11973 from github/dependabot/cargo/ruby/serde_json-1.0.91 
Bump serde_json from 1.0.72 to 1.0.91 in /ruby
 2023-01-25 09:45:32 +01:00
Arthur Baars
068b71bc3d Merge pull request #11972 from github/dependabot/cargo/ruby/regex-1.7.1 
Bump regex from 1.5.5 to 1.7.1 in /ruby
 2023-01-25 09:44:57 +01:00
Arthur Baars
e634ab771f Merge pull request #11971 from github/dependabot/cargo/ruby/flate2-1.0.25 
Bump flate2 from 1.0.22 to 1.0.25 in /ruby
 2023-01-25 09:44:29 +01:00
Rasmus Wriedt Larsen
63b2bd0871 Python: Fixup test_only_starargs addition 
validTest.py did not pass, since we use `SINK3_F`.

I initially tried swapping the order

```
args = (arg1, arg2) # $ arg1 arg2 func=starargs_only
more_args = (arg4, arg3)
starargs_only(*args, *more_args)
```

But then asked myself, what is it _actually_ we're testing here? and it
seems to be the way we handle multiple *args arguments in the same call,
so I converted the test to be that instead! (and it matches what we do
in test_stararg_mixed)
 2023-01-25 09:37:07 +01:00
Erik Krogh Kristensen
99bad77972 Merge pull request #11906 from erik-krogh/moreStem 
JS: expand what is parsed as the stem of a pathexpr
 2023-01-25 08:44:44 +01:00
erik-krogh
80d05c0425 also recognize protected methods as library-input sources 2023-01-24 20:55:25 +01:00
erik-krogh
a017b7500b Merge branch 'main' into rbPoly 2023-01-24 20:51:36 +01:00
Geoffrey White
439d9199be Swift: Add CSV extension points. 2023-01-24 19:28:05 +00:00
Geoffrey White
13d308a4d6 Swift: Autoformat. 2023-01-24 19:15:51 +00:00
Geoffrey White
5375678ca6 Swift: Add consistent CSV extension points. 2023-01-24 18:49:50 +00:00
Geoffrey White
6a210d719b Swift: Rename QueryExtensions.qll files for consistency. 2023-01-24 17:58:13 +00:00
Paolo Tranquilli
ddef87f6e2 Merge pull request #10956 from github/redsun82/swift-linkage-awareness 
Swift: disambuigate entities using linkage awareness on modules
 2023-01-24 18:49:24 +01:00
Geoffrey White
6a946f6eed Swift: Modernize. 2023-01-24 17:26:51 +00:00
Paolo Tranquilli
4880ab41a2 Swift: use weakly_canonical instead of canonical 
`weakly_canonical` will resolve as much as possible in the path, and not
return an error if it can't resolve everything (for example due to a
non existant file). In any case in case of problems with the file we
will see an error when actually using the resolved path.

This tunes down some unhelpful log messages.
 2023-01-24 16:34:47 +01:00
Paolo Tranquilli
a74247e5d8 Swift: add filename to an error message 2023-01-24 16:29:10 +01:00
Paolo Tranquilli
6b77e6748a Swift: use same implementation for createTarget{Link,Object}Domain 2023-01-24 16:27:21 +01:00
Geoffrey White
78eff0dc60 Swift: Split off the Extensions.qll as well. 2023-01-24 15:19:41 +00:00
James Fletcher
176b2cae19 Merge pull request #11882 from github/charisk/rename-vscode-run-query-cmd 
Rename VS Code Extension Run Query command
 2023-01-24 15:17:30 +00:00
Geoffrey White
cbfa7e7252 Swift: Move query logic into .qlls. 2023-01-24 15:04:10 +00:00
Paolo Tranquilli
23344a7183 Merge branch 'main' into redsun82/swift-linkage-awareness 2023-01-24 15:47:44 +01:00
Jeroen Ketema
ae2fa6c1a4 Merge pull request #11975 from MathiasVP/another-dataflow-loop 
C++: Add another looping dataflow test
 2023-01-24 14:21:16 +01:00
Mathias Vorreiter Pedersen
b1dcb01ed7 Merge pull request #11977 from MathiasVP/accept-test-changes 
C++: Accept test changes on the use-use flow branch
 2023-01-24 12:00:04 +00:00
Mathias Vorreiter Pedersen
ec297fb838 C++: Accept more test changes. 2023-01-24 11:59:14 +00:00
Mathias Vorreiter Pedersen
9f9c486268 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-24 11:39:04 +00:00
Mathias Vorreiter Pedersen
7fb9db49be C++: Accept test changes. 2023-01-24 11:11:11 +00:00
Calum Grant
522c9d640d Merge pull request #11957 from github/yoff-list-support-for-python-3.11 
Update supported-versions-compilers.rst
 2023-01-24 10:15:11 +00:00