hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-09 04:30:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,744 Commits 1,680 Branches 157 Tags
codeql-cli/v2.14.3
Commit Graph

57744 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
8875487109 Swift: Expand the URL taint models. 2023-07-06 13:27:13 +01:00
Alex Denisov
c517fc6c6f Swift: 5.9 preparation 2023-07-06 14:02:37 +02:00
Max Schaefer
1d3e3440f2 Add example of manual sanitisation. 2023-07-06 12:54:30 +01:00
Max Schaefer
240e0799b0 Fix spurious character in code example. 2023-07-06 12:54:03 +01:00
Max Schaefer
83a854c3ff Update javascript/ql/src/Security/CWE-078/IndirectCommandInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-07-06 12:47:06 +01:00
Michael Nebel
6a87755ff1 C#: Use dotnet --list-runtimes to find runtime locations. 2023-07-06 13:27:22 +02:00
Max Schaefer
6fb41adc61 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-07-06 12:02:44 +01:00
Mathias Vorreiter Pedersen
bb521d7c75 Merge pull request #13665 from MathiasVP/fix-join-in-isUse 
C++: Fix join in `isUse`
 2023-07-06 11:09:38 +01:00
Rasmus Wriedt Larsen
1f93e5b58d Python: Relax restriction of flow through async with 2023-07-06 11:51:58 +02:00
Rasmus Wriedt Larsen
43af8d7ac5 Python: Fix test to use async with 
It doesn't work if just using plain `with`
 2023-07-06 11:34:05 +02:00
Rasmus Wriedt Larsen
79039dc7b8 Python: Wrap aiohttp client request in async def 
And I added `await` before all the `resp` assignments
 2023-07-06 11:29:14 +02:00
Tamás Vajk
14caaf119c Merge pull request #13658 from tamasvajk/cs/standalone/restore-impr 
C#: Improve dotnet restore success rate in standalone extraction
 2023-07-06 10:10:05 +02:00
Erik Krogh Kristensen
fab231c284 Merge pull request #13674 from github/dependabot/cargo/ql/regex-1.9.0 
Bump regex from 1.8.4 to 1.9.0 in /ql
 2023-07-06 08:55:27 +02:00
dependabot[bot]
562270709c Bump regex from 1.8.4 to 1.9.0 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.4...1.9.0)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-06 03:24:52 +00:00
Maiky
a3c58c66e9 Using DataFlow::ConfigSig instead of TaintTracking::Configuration 2023-07-06 03:14:49 +02:00
Maiky
25814f76b9 Apply suggested changes 2023-07-06 02:20:42 +02:00
Owen Mansel-Chan
972aacc5da Accept test changes due to new paramater nodes 2023-07-05 22:25:47 +01:00
Owen Mansel-Chan
af5558a397 Add ParameterNodes for unused parameters 2023-07-05 22:25:44 +01:00
Owen Mansel-Chan
12723f5a7d Add change note 2023-07-05 22:10:54 +01:00
jorgectf
c82ab2b2ab Add markupsafe as XXE sanitizer 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-07-05 20:23:20 +02:00
Mathias Vorreiter Pedersen
3bbe95452a Merge branch 'main' into fix-join-in-isUse 2023-07-05 17:51:47 +01:00
Geoffrey White
45d32c3933 Swift: I'm not convinced these SPURIOUS tags are true and useful. 2023-07-05 17:50:48 +01:00
Joe Farebrother
c10a66809d Merge pull request #13094 from joefarebrother/csharp-missing-access-control 
C#: Add query for missing function level access control
 2023-07-05 17:40:59 +01:00
AlexDenisov
dbffe54b28 Merge pull request #13657 from github/alexdenisov/update-supported-swift-version 
Docs: update supported Swift versions
 2023-07-05 18:14:13 +02:00
Philip Ginsbach
2ec5e72e9b Merge pull request #13633 from github/ginsbach/SpecifyExtendsFinal 
document final extensions in the language specification
 2023-07-05 16:43:06 +01:00
Geoffrey White
aeb5199cd9 Swift: Expand the URL taint flow test. 2023-07-05 16:36:35 +01:00
Alex Ford
08784d24b4 Ruby: rack - add tests for env['QUERY_STRING'] 2023-07-05 15:49:00 +01:00
Alex Ford
ec2c9f20f6 Ruby: rack - env['QUERY_STRING'] changenote 2023-07-05 15:46:56 +01:00
Joe Farebrother
a53bf4ddd7 Apply doc review suggestions 2023-07-05 15:37:48 +01:00
Mathias Vorreiter Pedersen
93f1a3bdb9 C++: Fix join in 'isUse'. 2023-07-05 15:24:40 +01:00
Alex Ford
2b0b2855e1 Ruby: rack - Rack::Response changenote 2023-07-05 15:15:34 +01:00
Mathias Vorreiter Pedersen
b651c02dd9 Merge pull request #13653 from rdmarsh2/rdmarsh2/cpp/constant-array-overflow-tests 
C++: more constant-array-overflow tests
 2023-07-05 15:06:11 +01:00
Jeroen Ketema
dc6fd8fd7f Merge pull request #13666 from jketema/ir-test 
C++: Add IR tests that cause regressions after extractor frontend update
 2023-07-05 15:00:13 +02:00
Mathias Vorreiter Pedersen
d24a05a1b9 Merge branch 'main' into rdmarsh2/cpp/constant-array-overflow-tests 2023-07-05 13:49:17 +01:00
Mathias Vorreiter Pedersen
f714de0040 Merge pull request #13610 from MathiasVP/promote-overrun-write-again 
C++: Move `cpp/overrun-write` back to `medium` precision
 2023-07-05 13:39:12 +01:00
Tamas Vajk
d0b8b683af Adjust error handling when dotnet --info is called 2023-07-05 14:26:00 +02:00
Jeroen Ketema
7bb77abac7 C++: Add IR tests that cause regressions after extractor frontend update 2023-07-05 14:01:11 +02:00
Alex Ford
df62cf8a5a qlformat 2023-07-05 12:19:57 +01:00
Alex Ford
082f26bcb1 Ruby: update TaintStep.ql output 2023-07-05 12:19:55 +01:00
Alex Ford
9a263e12ec Ruby: rack - add some qldoc 2023-07-05 12:18:52 +01:00
Alex Ford
bf25b07c17 Ruby: rack - request input tests 2023-07-05 12:18:52 +01:00
Alex Ford
175d524146 Ruby: rack - add Rack#Utils.parse_query summary 2023-07-05 12:18:52 +01:00
Alex Ford
cc6f6418f5 Ruby: rack - start modelling request inputs 2023-07-05 12:18:52 +01:00
Mathias Vorreiter Pedersen
60c0226dce Update cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp 
Co-authored-by: Calum Grant <42069085+calumgrant@users.noreply.github.com>
 2023-07-05 12:03:47 +01:00
Max Schaefer
f89992eb16 Address more review feedback. 2023-07-05 12:02:11 +01:00
Alex Ford
9b2cd768e1 Ruby: rack - add env['QUERY_STRING'] as an http request input 2023-07-05 11:59:18 +01:00
Alex Ford
b6912decc1 Merge pull request #13483 from alexrford/rb/rack-extend-app-and-resp 
Ruby: rack - model more responses and app types
 2023-07-05 11:58:01 +01:00
Tamás Vajk
9eae9464c9 Merge pull request #13659 from tamasvajk/standalone-minor-fixes 
C#: Minor fixes in standalone extraction
 2023-07-05 12:22:16 +02:00
Max Schaefer
921d8de8dc Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-07-05 11:19:30 +01:00
Mathias Vorreiter Pedersen
5ea929dbdb Merge pull request #13662 from geoffw0/swapmodel 
Swift: Add dataflow model for 'swap'
 2023-07-05 09:44:51 +01:00