hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 15:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,239 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.2
Commit Graph

60239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
b1ad61e27d Merge pull request #14481 from erik-krogh/proper-codepoints 
ReDoS: use the new codePointAt and codePointCount methods instead of regex hacks
 2023-10-13 09:35:55 +02:00
Felicity Chapman
2ddcd1d9cc Merge pull request #14489 from github/felicitymay-typo-fix 
Fix typo in link
 2023-10-12 21:45:30 +01:00
Felicity Chapman
8f70b55158 Fix typo in link 2023-10-12 20:53:44 +01:00
Ian Lynagh
2edc70da79 Merge pull request #14390 from igfoo/igfoo/compr 
Kotlin: Improve support for TRAP compression options
 2023-10-12 20:22:10 +01:00
Robert Marsh
dd71204128 Swift: update test expectations for for-in locations 2023-10-12 18:59:36 +00:00
Geoffrey White
fe57cd0784 Merge pull request #14488 from geoffw0/strlentest 
Swift: Additional test cases for `swift\string-length-conflation`
 2023-10-12 19:39:43 +01:00
AlexDenisov
6ab2de10e3 Merge pull request #14437 from github/alexdenisov/ignore-unavailable-declarations 
Swift: skip declarations marked as unavailable
 2023-10-12 20:08:18 +02:00
Ian Lynagh
ed9502fd0b Kotlin: Enhance the TRAP compression test 2023-10-12 18:13:07 +01:00
Ian Lynagh
adb47399c7 Kotlin: Improve support for TRAP compression options 
While you could control compression with
    CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION
before, most TRAP files used gzip regardless for compatibility with the
Java extractor. Now Java understands the option too we can use it for
shared TRAP files.
 2023-10-12 18:13:06 +01:00
Mathias Vorreiter Pedersen
3c34638438 Merge pull request #14486 from MathiasVP/simplify-overrun-write 
C++: Remove unnecessary `FlowState` from `cpp/overrun-write`
 2023-10-12 17:48:52 +01:00
Geoffrey White
9f683b8630 Swift: Remove duplicate results. 2023-10-12 17:38:58 +01:00
Geoffrey White
cf7f355fc4 Swift: Additional test cases. 2023-10-12 17:11:56 +01:00
Stephan Brandauer
bcde466d6c use of characteristics 2023-10-12 17:22:05 +02:00
Stephan Brandauer
1bbf88f208 Java: basic version of automodel extraction queries 2023-10-12 17:07:46 +02:00
Ed Minnix
31c04b50f7 Change note 2023-10-12 09:58:09 -04:00
Ed Minnix
4eeaf84133 Sync NumericCastTaintedQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
ec84f072eb Sync ArithmeticTaintedLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
da933fb77a Sync ExternallyControlledFormatStringLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
f1886320e5 Sync ImproperValidationOfArrayIndexLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
69531b9f7c Sync ResponseSplittingLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
ef282955fd Sync SqlTaintedLocalQuery with SqlInjectionQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
e4f567979a Sync XSS Local 2023-10-12 09:58:08 -04:00
Mathias Vorreiter Pedersen
64fa6c8bbd C++: Remove the hacky flow state since this is no longer needed after #13717. 2023-10-12 13:58:36 +01:00
Geoffrey White
5c0085880f Swift: Change note. 2023-10-12 13:24:10 +01:00
Geoffrey White
e2a8569940 Swift: Clean up indentation. 2023-10-12 13:05:20 +01:00
Geoffrey White
8f852f2e7d Swift: Turn sink models into flow summary models, where appropriate. 2023-10-12 12:57:05 +01:00
erik-krogh
fa1e8ee426 add getACodepoint to the shared Strings library, and use it in NfaUtils 2023-10-12 13:38:19 +02:00
erik-krogh
822ba2ae59 add documentation for the new string methods in ql-language-specification.rst 2023-10-12 13:38:19 +02:00
erik-krogh
116025c569 use the new codePointAt and codePointCount methods instead of regex hacks 2023-10-12 13:38:19 +02:00
Arthur Baars
a4d0ef6350 Add changenote 2023-10-12 13:04:00 +02:00
Arthur Baars
a9a21aa313 Rename DynamicImportExpr::getImport{Attributes => Options} 2023-10-12 13:00:39 +02:00
Arthur Baars
1f4fcf1f31 Rename test files 2023-10-12 13:00:39 +02:00
Arthur Baars
a1c1f7b910 Add tests for deprecated 'assert' syntax 2023-10-12 13:00:39 +02:00
Arthur Baars
f38d2e1b89 Replace 'assert' with 'with' in QL test files 2023-10-12 13:00:39 +02:00
Arthur Baars
c28004f2a6 Rename 'getImportAssertion()' to 'getImportAttributes()' in QL library 2023-10-12 13:00:39 +02:00
Arthur Baars
07172da1bc Add tests for deprecated 'assert' syntax 2023-10-12 12:51:13 +02:00
Arthur Baars
f7b02c01dd Rename getAssertion() to getAttributes() in the extractor 2023-10-12 12:51:13 +02:00
Arthur Baars
1d9ee5da3c Rename 'assertions' to 'attributes' in JS extractor 2023-10-12 12:49:25 +02:00
Erik Krogh Kristensen
59c43c7904 Merge pull request #14410 from erik-krogh/bigger-compilation-cache 
use a bigger compilation cache in the compile-queries workflow
 2023-10-12 12:35:44 +02:00
Mathias Vorreiter Pedersen
782ecd77b7 C++: Add change notes. 2023-10-12 11:15:41 +01:00
Mathias Vorreiter Pedersen
02f73145d6 Merge pull request #14354 from geoffw0/conversions2 
Swift: Improve models for Numeric, RangeReplaceableCollection
 2023-10-12 11:13:50 +01:00
Michael B. Gale
75900f05c9 Go: group golang.org dependencies 2023-10-12 10:55:45 +01:00
Michael B. Gale
114a875f3d Go: re-add Dependabot allow list 2023-10-12 10:55:31 +01:00
Arthur Baars
b936e91fe9 Support JS import attributes (previously import assertions) 2023-10-12 11:43:42 +02:00
Mathias Vorreiter Pedersen
6865ce56bc C++: Add an abstract class that can be used to extend 'viableCallable'. 2023-10-12 10:35:36 +01:00
Michael B. Gale
f6570710e7 Merge pull request #14441 from github/dependabot/go_modules/go/extractor/golang.org/x/tools-0.14.0 
Bump golang.org/x/tools from 0.13.0 to 0.14.0 in /go/extractor
 2023-10-12 10:19:34 +01:00
Tamas Vajk
3b4ea27caf Be more explicit about expected assembly loading exceptions 2023-10-12 11:10:30 +02:00
Tamas Vajk
09c1c715a3 Filter analyzer assemblies from nuget packages 2023-10-12 11:10:30 +02:00
Geoffrey White
7916bd39b4 Swift: Generalize 'write' models. 2023-10-12 09:21:33 +01:00
Geoffrey White
09974b5176 Swift: Extend sink models. 2023-10-12 09:17:04 +01:00