hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 10:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,527 Commits 1,690 Branches 160 Tags
codeql-cli/v2.16.0
Commit Graph

62527 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
7225ef09ba Script for detecting out-of-sync dbscheme fragments 2023-05-16 17:03:41 +02:00
Tom Hvitved
c412bfde68 Add change note 2023-05-16 16:54:59 +02:00
Paolo Tranquilli
7e61e99e4a Swift: make help links optional argument more explicit 2023-05-16 16:52:22 +02:00
Michael B. Gale
ed79113c7f Merge pull request #13180 from github/mbg/java/fix-java-version-too-old 
Java: Hide GHA variables in `java-version-too-old` test
 2023-05-16 15:49:38 +01:00
Tom Hvitved
3027ed2ca8 C#: Include arguments to ILogger extension method calls in LogMessageSink 2023-05-16 16:04:58 +02:00
Geoffrey White
35b35ec377 Swift: Mirror changes made in the docs. 2023-05-16 14:26:16 +01:00
Michael B. Gale
9660b47879 Hide GHA variables in java-version-too-old test 2023-05-16 14:20:17 +01:00
Alexandre Boulgakov
9e9be4fc5e Merge pull request #13169 from github/sashabu/swift-tests 
Swift: Use `...` to find and run all Bazel tests instead of having list them.
 2023-05-16 14:20:03 +01:00
Paolo Tranquilli
8291b2229a Swift: turn internal error into a TSP warning 2023-05-16 15:18:29 +02:00
Geoffrey White
94b4ebe38b Update swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-05-16 14:16:30 +01:00
Alvaro Muñoz
d17199a9e1 add gson models 2023-05-16 15:00:26 +02:00
Rasmus Lerchedahl Petersen
5d68473d12 python: elide nodes without location from basic 2023-05-16 14:38:51 +02:00
Rasmus Lerchedahl Petersen
5b4f98d6c4 python: Add summaries for container constructors 
Also:
- turn on flow summaries for taint
- do not restrict node type
  (as now we need summary nodes)
 2023-05-16 14:38:51 +02:00
Jeroen Ketema
e8423f858f Merge pull request #13149 from MathiasVP/barrier-out-on-phi-back-edges 
C++: Block flow through back-edges in `cpp/overrun-write`
 2023-05-16 14:22:55 +02:00
Mathias Vorreiter Pedersen
03ef18b286 Swift: Recommend a proper source of randomness in 'swift/hardcoded-key'. 2023-05-16 11:59:41 +01:00
Kasper Svendsen
843640c486 Merge pull request #13173 from kaspersv/kaspersv/enable-implicit-this-warnings-shared-packs 
Enable implicit this warnings for shared packs
 2023-05-16 10:50:28 +02:00
Rasmus Lerchedahl Petersen
145eaf3947 python: remove steps for container constructors 2023-05-16 10:35:10 +02:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Kasper Svendsen
bfb098c3d6 Enable implicit this warnings for shared packs 2023-05-16 09:22:29 +02:00
Tony Torralba
ac1df4de91 Merge pull request #13166 from atorralba/atorralba/java/xpath-xxe-sink 
Java: Add `XPath.evaluate` as XXE sink
 2023-05-16 09:14:56 +02:00
Erik Krogh Kristensen
57858afbd9 Merge pull request #13165 from erik-krogh/proto-assign-qhelp 
JS: fixup in the qhelp for `js/prototype-polluting-assignment`
 2023-05-16 08:52:52 +02:00
Owen Mansel-Chan
1a9bd9ccde Merge pull request #13135 from owen-mc/go/fix-unit-test 
Go: fix unit test
 2023-05-16 07:50:50 +01:00
Alexandre Boulgakov
8db945a11e Swift: Use ... to find and run all Bazel tests instead of having to list them. 2023-05-15 20:51:31 +01:00
Geoffrey White
5019d3befa Swift: Update test annotations. 2023-05-15 18:23:48 +01:00
Geoffrey White
3f206cce00 Swift: Simplify out toLowerCase(). 2023-05-15 18:23:33 +01:00
Geoffrey White
047494dc95 Swift: Bank account numbers are a credential now, I guess they don't need to be private data as well. 2023-05-15 18:22:55 +01:00
Geoffrey White
252b72b573 Swift: Add some special cases to preserve (for now) result quality. 2023-05-15 18:22:50 +01:00
Geoffrey White
245e8fbc92 Swift: Use SensitiveDataHeuristics.qll in SensitiveCredential. 2023-05-15 18:14:52 +01:00
Geoffrey White
a91c45049e Swift: Add some special cases to preserve (for now) result quality. 2023-05-15 18:06:33 +01:00
Geoffrey White
e2080c5d00 Swift: SensitiveDataHeuristics.qll expects function names without an (argument:list:). 2023-05-15 17:45:56 +01:00
Geoffrey White
35e2e5d785 Swift: Use SensitiveDataHeuristics.qll in regexpProbablySafe. 2023-05-15 17:44:54 +01:00
Geoffrey White
cc72bfbbbb Swift: Add the shared SensitiveDataHeuristics.qll to Swift. 2023-05-15 17:38:14 +01:00
Philip Ginsbach
167a5723b4 Merge pull request #13156 from github/ginsbach/SpecifyParameterisedSyntax 
add parameter syntax for module declarations and module references
 2023-05-15 17:07:20 +01:00
Tony Torralba
7d79d87d48 Add XPath.evaluate as XXE sink 2023-05-15 17:39:35 +02:00
erik-krogh
2ebce99eae add another example of how to fix the prototype pollution issue 2023-05-15 17:24:02 +02:00
erik-krogh
7a338c408e fix typo, the variable in the example is called items 2023-05-15 17:23:40 +02:00
erik-krogh
83ca1495e0 trim the whitespace in the poly-redos examples 2023-05-15 16:47:24 +02:00
erik-krogh
d989359656 add another example to the qhelp in poly-redos, showing how to just limit the length of the input 2023-05-15 16:47:02 +02:00
Geoffrey White
4781881a6a Swift: Improve mobile/phone number regexp. 2023-05-15 15:30:30 +01:00
Tom Hvitved
826b6219a0 Ruby: Include self parameters in type tracking flow-through logic 2023-05-15 16:02:33 +02:00
Tom Hvitved
3cdb27725a Ruby: Add more call graph tests 2023-05-15 16:02:33 +02:00
Tom Hvitved
9dede31c0d Merge pull request #13077 from hvitved/ruby/track-regexp-improvements 
Ruby: Improvements to `RegExpTracking`
 2023-05-15 16:02:00 +02:00
Maiky
3c00235375 Add SqlSanitization to Concepts and turn private 2023-05-15 15:56:52 +02:00
Geoffrey White
a0cba8cb6b Swift: Address boolean value FPs. 2023-05-15 14:24:18 +01:00
Maiky
f46620c455 Var only used in one side of disjunct 2023-05-15 15:09:44 +02:00
Geoffrey White
27c8eb301e Swift: Fix URL-related FPs. 2023-05-15 14:08:43 +01:00
Mathias Vorreiter Pedersen
650e9e1088 C++: Fix Code Scanning error. 2023-05-15 14:05:41 +01:00
Mathias Vorreiter Pedersen
f1c124a3da C++: Share more code between 'ValidState' and 'StringSizeConfig'. 2023-05-15 14:01:17 +01:00
Geoffrey White
e59d7e0345 Swift: Remove assumption that 'username' is not sensitive (in the tests). 2023-05-15 13:58:44 +01:00
Geoffrey White
dba951111a Swift: Add more sensitive data test cases. 2023-05-15 13:58:44 +01:00