hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-05 01:31:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,527 Commits 1,691 Branches 159 Tags
codeql-cli/v2.16.0
Commit Graph

62527 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
1601846478 Add exclusion to the ZipSlip query to avoid FPs 2023-06-06 10:28:49 +02:00
Tony Torralba
0065e6e1d6 Apply suggestions from code review 
Fix incorrect models-as-data rows
 2023-06-06 10:04:22 +02:00
Tony Torralba
1ccec90c6f Apply suggestions from code review 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-06 09:10:18 +02:00
Erik Krogh Kristensen
b78cd48954 Merge pull request #13329 from erik-krogh/sqlhelp 
JS: improve the sql-injection help page
 2023-06-06 08:44:44 +02:00
Erik Krogh Kristensen
29bbf58a29 Merge pull request #13377 from github/dependabot/cargo/ql/regex-1.8.4 
Bump regex from 1.8.3 to 1.8.4 in /ql
 2023-06-06 07:57:04 +02:00
dependabot[bot]
d38bca1e8c Bump regex from 1.8.3 to 1.8.4 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.3...1.8.4)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-06 04:02:46 +00:00
Geoffrey White
e04f6bff27 Swift: Add a simple Regex library. 2023-06-05 23:55:01 +01:00
Geoffrey White
c994b4b9dd Swift: Create test cases for a regular expression library. 2023-06-05 23:55:01 +01:00
Jami Cogswell
5a23421d9a Shared: minor updates to comments 2023-06-05 13:46:56 -04:00
Jeroen Ketema
272ced6ea5 Merge pull request #13374 from jketema/ptr-deref-min 
C++: Remove `cpp/invalid-pointer-deref` results duplicating ones with smaller `k`
 2023-06-05 19:31:24 +02:00
Jami Cogswell
7a4b74dd6a C#: fix typo with outdated sink msg location 2023-06-05 13:21:39 -04:00
Jami Cogswell
6c46cd9c21 Java/C#/Go/Swift: move 'SharedModelValidation.qll' to internal folder 2023-06-05 13:11:08 -04:00
erik-krogh
3cb2ec4e87 fix nits from doc review 2023-06-05 19:06:07 +02:00
Jami Cogswell
9d5972acc2 Shared: update qldocs 2023-06-05 12:18:34 -04:00
Jami Cogswell
3f1dc8e5c7 Shared: add outdated Swift sink kinds 2023-06-05 12:18:34 -04:00
Jami Cogswell
62ac0dc471 Shared: add outdated sink kind msg to 'getInvalidModelKind' for all languages 2023-06-05 12:18:33 -04:00
Jami Cogswell
76f5dca861 Shared: move 'OutdatedSinkKind' to shared file and add outdated JS and C# sink kinds 2023-06-05 12:18:33 -04:00
Jami Cogswell
7b629f5d63 Shared: include 'qltest%' and 'test-%' 2023-06-05 12:18:33 -04:00
Jami Cogswell
76508d17c6 Go/Swift: validate source/sink kinds 2023-06-05 12:18:33 -04:00
Jami Cogswell
254e447923 JS/Python/Ruby: update getInvalidModelKind 2023-06-05 12:18:33 -04:00
Jami Cogswell
615f2a573b Java/C#/Go/Swift: remove commented-out code 2023-06-05 12:18:33 -04:00
Jami Cogswell
9f42ae3f29 Shared: remove cpp note 2023-06-05 12:18:33 -04:00
Jami Cogswell
7317c29eea Shared: update kind information 2023-06-05 12:18:33 -04:00
Jami Cogswell
79f61cc645 Java/C#/Go/Swift: use 'SharedModelValidation' file 2023-06-05 12:18:33 -04:00
Jami Cogswell
0ab1848b70 JS/Python/Ruby: use 'SharedModelValidation' file 2023-06-05 12:18:33 -04:00
Jami Cogswell
ddb5d92ef8 Shared: add source, summary, and neutral shared valid kinds 2023-06-05 12:18:33 -04:00
Jami Cogswell
869f820fcf Shared: add 'SharedModelValidation' file as experiment 2023-06-05 12:18:33 -04:00
Jami Cogswell
e24e3a6115 JS/Python/Ruby: add getInvalidModelKind as experiment 2023-06-05 12:18:33 -04:00
Taus
7ad860fc98 Java: Update MaD declarations after triage 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2023-06-05 18:00:40 +02:00
Ian Lynagh
e49b278d61 Java/Kotlin: Add a changenote for the lines-of-code changes. 2023-06-05 16:33:12 +01:00
Jeroen Ketema
93215ba7e1 Merge pull request #13355 from jketema/ptr-deref-forward 
C++: Ensure that the sink instruction occurs last in `cpp/invalid-pointer-deref`
 2023-06-05 15:56:50 +02:00
Jeroen Ketema
86df424fca C++: Fix query formatting 2023-06-05 15:10:54 +02:00
Jeroen Ketema
4a27028768 C++: Remove cpp/invalid-pointer-deref results duplicating ones with smaller k 2023-06-05 15:03:58 +02:00
Jeroen Ketema
90f0209095 C++: Add cpp/invalid-pointer-deref test case with almost duplicated results 2023-06-05 15:03:57 +02:00
Jeroen Ketema
7f7b048f50 C++: Update expected test results 2023-06-05 15:00:11 +02:00
Ian Lynagh
a4a7ad8f99 Java/Kotlin: Split lines of code by language 
We were giving the sum of all lines for both languages, but labelling it
as "Total lines of Java code in the database", which was confusing.

Now we give separate sums for Kotlin and Java lines.
 2023-06-05 13:57:47 +01:00
Paolo Tranquilli
dc26dc81a9 Merge pull request #13370 from github/redsun82/swift-fix-cmake 
Swift: fix cmake generation
 2023-06-05 14:52:40 +02:00
Nick Rolfe
02395867c8 Python: avoid selecting getLocation() in py/truncated-division 2023-06-05 13:42:46 +01:00
Mathias Vorreiter Pedersen
52fb00cac3 Merge pull request #12036 from nmouha/patch-1 
CPP: Add query for CVE-2022-37454: Integer addition may overflow inside if statement
 2023-06-05 12:13:27 +01:00
Jeroen Ketema
11182e4ee4 C++: Move location where getASuccessor is used to avoid join order problems 2023-06-05 12:36:25 +02:00
Nick Rolfe
c67a350e36 Python: avoid selecting getLocation() in py/unnecessary-delete 2023-06-05 11:16:13 +01:00
Paolo Tranquilli
be9d32a6c1 Bazel/CMake: make include not use cmake include 
...but rather just pass along targets. This is required to fix CMake
generation in the internal repository.
 2023-06-05 11:43:48 +02:00
Michael B. Gale
06d48dca67 Merge pull request #13211 from github/mbg/identify-environment-stubs 
Shared: Add stubs for `identify-environment` scripts
 2023-06-05 10:29:06 +01:00
Nick Rolfe
dadb5b34e6 C#: avoid call to Location::toString() in cs/expose-implementation 2023-06-05 10:19:27 +01:00
Paolo Tranquilli
400176f677 Swift: fix cmake generation 
The bazel -> cmake generator is currently not capable of handling
separate included generated cmake files making use of common C/C++
dependencies.

To work around this limitation, a single generated cmake is now in
place. Long-term, we should either:
* make the cmake generator handle common dependencies gracefully, or
* make the cmake generation aspect travel up `pkg_` rules `srcs`
  attributes
so to avoid having to list the targets to be generated in the top-level
`BUILD` file.

Other things fixed:
* removed some warning spam about redefined `BAZEL_CURRENT_REPOSITORY`
* fixed the final link step, that was failing because `libswiftCore.so`
  was not being linked.
 2023-06-05 11:12:11 +02:00
Michael B. Gale
5d89b0739b Swift: Remove .cmd script 2023-06-05 09:12:21 +01:00
Maiky
1a9bfb38aa Correct barrier 2023-06-05 01:25:17 +02:00
Maiky
bf9d0b93d7 Add Improper LDAP Auth Query (CWE-287) 2023-06-03 23:20:11 +02:00
Nick Rolfe
79b3a8c955 C#: avoid call to Location::toString() 2023-06-02 19:39:24 +01:00
Jami
64830809a6 Merge pull request #13228 from jcogs33/jcogs33/deprecated-sink-error-message 
Java: add error message for outdated sink kinds in `getInvalidModelKind`
 2023-06-02 13:44:18 -04:00