codeql

mirror of https://github.com/github/codeql.git synced 2026-02-04 17:21:08 +01:00

Author	SHA1	Message	Date
jorgectf	3e8c7f72b6	Add changenote	2023-06-02 18:20:55 +02:00
Alex Ford	c95cf5ad6f	Merge pull request #13062 from maikypedia/maikypedia/sqli-sink Ruby: Add MySQL as SQL Injection Sink	2023-06-02 17:06:35 +01:00
jorgectf	5608082f35	Update `py/unsafe-deserialization` name	2023-06-02 17:57:24 +02:00
Jeroen Ketema	8ac1d56a7f	C++: Fix join order in `cpp/invalid-pointer-deref`	2023-06-02 16:37:35 +02:00
Erik Krogh Kristensen	219ec9d05d	Merge pull request #13127 from erik-krogh/polReDoS ReDoS: revert new superlinear algorithm.	2023-06-02 16:10:24 +02:00
Geoffrey White	4c8225724b	Swift: Fix QL-for-QL warnings.	2023-06-02 12:21:17 +01:00
Geoffrey White	14d193383e	Swift: Put the change note in the right place.	2023-06-02 12:03:22 +01:00
Geoffrey White	8e8696a8ed	Swift: Autoformat.	2023-06-02 12:02:33 +01:00
Geoffrey White	c7c8807f40	Swift: Use FieldDecl.hasQualifiedName.	2023-06-02 11:56:16 +01:00
Jeroen Ketema	ac4933a9cc	C++: Ensure that the sink instruction occurs last in `cpp/invalid-pointer-deref` This avoids some counter-intuitive paths where we would seemingly jump back to an earlier instruction, which might actually have been in bounds.	2023-06-02 12:36:34 +02:00
Jeroen Ketema	5f64354a70	Merge pull request #13353 from jketema/expecation Fix typo in spelling of expectation	2023-06-02 12:29:49 +02:00
Mathias Vorreiter Pedersen	05e5ebe4f4	Merge pull request #13331 from aibaars/use-shortest-distances-to-count-indirections C++: Use the shortestDistances HOP to count indirections (rebased copy of #13323)	2023-06-02 11:22:59 +01:00
Geoffrey White	5bf82aeddf	Swift: Add FieldDecl.hasQualifiedName.	2023-06-02 11:13:57 +01:00
erik-krogh	ac9ede4ec0	add change-notes	2023-06-02 11:58:11 +02:00
erik-krogh	f61b781386	JS: delete effectively empty file	2023-06-02 11:58:09 +02:00
erik-krogh	5cbe6db37d	C++: sync files from C#	2023-06-02 11:58:08 +02:00
erik-krogh	3584e85fe8	JS: fix tutorial	2023-06-02 11:58:08 +02:00
erik-krogh	3dfe2b30b1	C#: delete override where the parent predicate no longer existed	2023-06-02 11:58:08 +02:00
erik-krogh	c3e57382f7	Ruby: fix compilation	2023-06-02 11:58:08 +02:00
erik-krogh	9000243828	JS: fix compilation	2023-06-02 11:58:08 +02:00
erik-krogh	44b6366586	delete old deprecations	2023-06-02 11:58:08 +02:00
Geoffrey White	d7e4c5f044	Swift: Change note.	2023-06-02 10:42:52 +01:00
Geoffrey White	00cd347117	Swift: Add more heuristic expressions.	2023-06-02 10:42:52 +01:00
Geoffrey White	bc57e464e5	Swift: Add some more test cases.	2023-06-02 10:42:51 +01:00
Mathias Vorreiter Pedersen	0adff53afd	Merge pull request #13190 from geoffw0/sharedsensitive Swift: Adopt the shared sensitive data library	2023-06-02 10:36:22 +01:00
Tony Torralba	41bd1ae54e	Merge pull request #13351 from github/workflow/coverage/update Update CSV framework coverage reports	2023-06-02 11:19:04 +02:00
Mathias Vorreiter Pedersen	cc8aac5435	C++: Use the 'shortestDistances' HOP to count indirections instead of manual recursion. This avoids cyclic problems when we have invalid types.	2023-06-02 11:17:08 +02:00
Tony Torralba	ad2f558002	Add Hudson models Includes models-as-data rows, flow sources, and XSS sanitizers. Tests for models-as-data rows not included.	2023-06-02 11:06:24 +02:00
Michael Nebel	3a3f9a2655	Merge pull request #13298 from michaelnebel/csharp/paramdefaultimplicitconversion C#: Extract default parameter values.	2023-06-02 10:52:24 +02:00
Erik Krogh Kristensen	d7c3ac4830	Merge pull request #13349 from erik-krogh/stopRecLaterAccess JS: stop recursive fromRhs related to getLaterBaseAccess	2023-06-02 10:39:14 +02:00
Jeroen Ketema	7b17b92aca	Fix typo in spelling of expectation	2023-06-02 10:36:11 +02:00
Asger F	77d2799278	Update javascript/ql/lib/semmle/javascript/Regexp.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-06-02 10:33:44 +02:00
Tony Torralba	527fe523a8	Add PathCreation.qll sinks to models-as-data The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.	2023-06-02 09:14:35 +02:00
Tony Torralba	c3b1ef2cdf	Merge branch 'main' into atorralba/java/command-injection-mad-sinks	2023-06-02 08:57:24 +02:00
github-actions[bot]	ef7e9a674c	Add changed framework coverage reports	2023-06-02 00:16:55 +00:00
erik-krogh	1b44b59842	add stress test	2023-06-01 23:20:23 +02:00
erik-krogh	8eed1a95f6	stop recursive fromRhs related to getLaterBaseAccess	2023-06-01 23:16:52 +02:00
erik-krogh	97afa5733b	add support for namespaced JSX attributes	2023-06-01 21:52:14 +02:00
erik-krogh	f4b68fb8c3	bump TypeScript to stable version	2023-06-01 21:51:43 +02:00
Jami	84a7b3ca52	Merge pull request #13157 from jcogs33/jcogs33/update-javascript-sink-kinds JS: update MaD sink kinds	2023-06-01 15:04:19 -04:00
Jami	1a82e21fdb	Merge pull request #13136 from jcogs33/jcogs33/revamp-java-source-kinds Java: change `android-widget` MaD source kind to `remote`	2023-06-01 14:18:02 -04:00
Jami	3886ebffa9	Merge branch 'main' into jcogs33/update-javascript-sink-kinds	2023-06-01 14:09:10 -04:00
Jami Cogswell	b8cedfa817	Java: switch 'deprecated' to 'outdated'	2023-06-01 13:30:27 -04:00
Jami Cogswell	d10857fbdb	Java: fix typo blank qldoc	2023-06-01 12:57:06 -04:00
Jami Cogswell	0355b78f13	Java: add deprecation deletion comment	2023-06-01 12:57:06 -04:00
Jami Cogswell	b3d218a503	Java: condense 'replacementKind' code	2023-06-01 12:57:06 -04:00
Jami Cogswell	06c83ee14d	Java: add error message for deprecated sink kinds to 'getInvalidModelKind'	2023-06-01 12:57:05 -04:00
Robert Marsh	c9c93ca701	C++: test for strncmp false positives	2023-06-01 12:52:17 -04:00
Jami	617107de35	Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds Java: revamp MaD sink kinds	2023-06-01 12:48:30 -04:00
Jami Cogswell	de15013715	Java: remove RemoteFlowSources module	2023-06-01 12:25:26 -04:00

... 139 140 141 142 143 ...

62527 Commits