hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 10:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,527 Commits 1,690 Branches 160 Tags
codeql-cli/v2.16.0
Commit Graph

62527 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
e58b99ddd1 C++: Don't carry the sources around as columns during the main loop of product flow. 2023-05-12 11:58:43 +01:00
yoff
62b60f490c Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-05-12 12:54:17 +02:00
Kasper Svendsen
d40cd0f275 Java: Make implicit this receivers explicit 2023-05-12 12:47:21 +02:00
Kasper Svendsen
8e18627eae Merge pull request #13144 from kaspersv/kaspersv/go-explicit-this-receivers2 
Go: Make implicit this receivers explicit
 2023-05-12 12:44:35 +02:00
Kasper Svendsen
7c5625a4dc Go: Make implicit this receivers explicit 2023-05-12 12:14:13 +02:00
Kasper Svendsen
fe2f36a1fe JS: Make implicit this receivers explicit 2023-05-12 12:12:48 +02:00
Kasper Svendsen
dd7a64d8e9 Merge pull request #13141 from kaspersv/kaspersv/ql-explicit-this-receivers 
QL: Enable implicit this receiver warnings
 2023-05-12 11:54:46 +02:00
Mathias Vorreiter Pedersen
75e36e89de C++: Precompute the set of necessary states. 2023-05-12 10:47:23 +01:00
Kasper Svendsen
1af1bf8917 QL: Enable implicit this receiver warnings 2023-05-12 11:35:35 +02:00
Kasper Svendsen
3dbc0cf0b6 QL: Make implicit receivers explicit 2023-05-12 11:35:35 +02:00
Kasper Svendsen
a6e8b00c26 Merge pull request #13138 from kaspersv/kaspersv/js-implicit-this-warnings 
JS: Enable implicit this receiver warnings
 2023-05-12 11:23:27 +02:00
Mathias Vorreiter Pedersen
f7924bda0d Merge pull request #13099 from MathiasVP/heuristic-allocation-for-overrun-write 
C++: Use heuristic allocation functions in `cpp/overrun-write`
 2023-05-12 10:15:28 +01:00
Tony Torralba
a48fa652ce Java: Add SQLi sinks for Spring JDBC 2023-05-12 10:57:49 +02:00
Paolo Tranquilli
d7cc506080 Merge branch 'main' into sashabu/tsp-incompatible-os 2023-05-12 09:58:36 +02:00
Kasper Svendsen
7dd9906e95 JS: Enable implicit this receiver warnings 2023-05-12 09:49:14 +02:00
Kasper Svendsen
189f8515c0 JS: Make implicit this receivers explicit 2023-05-12 09:49:14 +02:00
Tony Torralba
d0451609a7 Merge pull request #13137 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-05-12 09:23:00 +02:00
Paolo Tranquilli
9ffada31a8 Swift: make internal error telemetry only for the moment 2023-05-12 09:19:44 +02:00
Paolo Tranquilli
cce9352272 Swift: add visibility customization to diagnostics 2023-05-12 09:05:45 +02:00
Paolo Tranquilli
dedbd9ab63 Swift: remove unneeded SwiftDiagnosticsDumper 2023-05-12 08:30:43 +02:00
Paolo Tranquilli
86777fa4c2 Swift: remove obsolete comment 2023-05-12 08:23:14 +02:00
Kasper Svendsen
2184fefe7f Merge pull request #13121 from kaspersv/kaspersv/javascript-explicit-this-receivers4 
JS: Make implicit this receivers explicit
 2023-05-12 08:21:52 +02:00
Paolo Tranquilli
03f4625b5f Swift: go back to explicit DIAGNOSE_ERROR macros 2023-05-12 06:30:58 +02:00
github-actions[bot]
996d864e73 Add changed framework coverage reports 2023-05-12 00:15:01 +00:00
Chris Smowton
ee64ea59e1 Merge pull request #12901 from porcupineyhairs/goDsn 
Go: Add query to detect DSN Injection.
 2023-05-11 22:45:43 +01:00
Chris Smowton
820673470e Merge pull request #13119 from porcupineyhairs/goTiming 
Go : Add query to detect potential timing attacks
 2023-05-11 22:38:13 +01:00
Chris Smowton
99f4eef9c5 Fix spelling 2023-05-11 22:12:35 +01:00
Chris Smowton
a10b11e09e Fix spelling and remove dead code 2023-05-11 22:12:17 +01:00
Chris Smowton
b6c2db6baf Fix duplicate query ID 2023-05-11 22:10:09 +01:00
Porcupiney Hairs
2c518c1fa6 Include changes from review 2023-05-12 01:59:42 +05:30
Porcupiney Hairs
ae6fda03b7 Include changes from review 2023-05-11 23:56:50 +05:30
Ian Lynagh
4885e584a0 Merge pull request #13042 from igfoo/igfoo/ODASA_JAVA_LAYOUT 
Kotlin: Remove ODASA_JAVA_LAYOUT support
 2023-05-11 18:35:08 +01:00
Owen Mansel-Chan
77c8357705 Do not obscure exit code with call to grep 
The output is a bit more verbose, but this is hard to avoid
 2023-05-11 18:15:41 +01:00
Owen Mansel-Chan
3981bb1f58 Indent comment in Makefile better 2023-05-11 17:12:27 +01:00
Stephan Brandauer
510febf46d Merge pull request #12830 from github/kaeluka/parameter-candidate-extraction 
Java: Automodel Framework Mode Extraction Queries
 2023-05-11 18:00:55 +02:00
Paolo Tranquilli
3f2a059b3b Swift: add location support to TSP diagnostics 
This required a bit of an overhaul of the original integration of
JSON diagnostics into binlog.

The problem is that it is quite hard to add a kind of metadata to
binlog entries without changing its code. Another problem is that when
wanting to avoid double evaluation of logging macro arguments one
cannot really add a separate "diagnose" step easily.

The proposed solution consists in two things:
* hook into a binlog plumbing function by providing a better overload
  resolution match, which happens after logging macro expansion,
  bypassing the problem of double evaluation
* in that hook, produce the diagnostic directly, without waiting to
  reconstruct the diagnostics entry from the binlog serialized entry.

This allows to forgo the weird category to diagnostic mapping, and now a
diagnostics emission simply happens when a diagnostic source is given
as the first argument after the log format string. A flavour of
diganostics sources with locations is then added with the same
mechanism, allowing to write something like
```cpp
LOG_ERROR("[{}] ouch!", internalError.withLocation("foo.swift", 32));
```
 2023-05-11 17:52:02 +02:00
Owen Mansel-Chan
760ba82c7a Fix unit tests 2023-05-11 16:40:59 +01:00
Anders Schack-Mulligen
82e780d175 Merge pull request #13128 from aschackmull/java/externalapi-jar 
Java: Fix ExternalApi.jarContainer().
 2023-05-11 16:31:05 +02:00
Owen Mansel-Chan
d570914fdd Merge pull request #13129 from owen-mc/go/identify-environment-output-to-stdout 
Go: --identify-environment output to stdout
 2023-05-11 15:20:50 +01:00
Stephan Brandauer
c31ad01579 squash ql-for-ql warnings 2023-05-11 16:18:52 +02:00
Rasmus Wriedt Larsen
62f0c64a03 Merge pull request #12552 from erik-krogh/py-type-trackers 
Py: refactor regex tracking to type-trackers
 2023-05-11 16:18:34 +02:00
Stephan Brandauer
61b0514b53 Merge pull request #13122 from github/java/update-mad-decls-after-triage-2023-05-11T08-52-07 
Java: Update MaD Declarations after Triage
 2023-05-11 16:04:36 +02:00
Alexandre Boulgakov
0915d2ad77 Swift: Emit a diagnostic when attempting to use the autobuilder on Linux. 2023-05-11 14:43:13 +01:00
Maiky
0227b94ab5 Edit change note 2023-05-11 15:40:36 +02:00
Maiky
071a77cedc Ruby : XPath Injection Query (CWE-643) 2023-05-11 15:29:54 +02:00
Owen Mansel-Chan
1beb348d95 Fix outdated message 2023-05-11 14:29:14 +01:00
Owen Mansel-Chan
02a224c28f --identify-environment should write json to stdout 2023-05-11 14:29:14 +01:00
Tony Torralba
ca6ae26aad Change provenance to ai-manual 2023-05-11 14:56:16 +02:00
Tony Torralba
c17b0e809f Apply suggestions from code review 2023-05-11 14:53:56 +02:00
Michael Nebel
a0a8468071 Merge pull request #13124 from michaelnebel/csharp/dataflowconsistency-identity-only-source 
C#: Only report dataflow inconsistencies (step to itself) in source code.
 2023-05-11 14:47:35 +02:00