hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 04:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,686 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sarita Iyer
b6b554f384 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-09-29 10:07:22 -04:00
Sarita Iyer
c0653adc85 remove trailing space 2023-09-29 09:57:48 -04:00
Sarita Iyer
925d8e21ce Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-09-29 09:45:34 -04:00
Mathew Payne
41bb8377d9 Add change notes 2023-09-29 14:44:36 +01:00
Mathew Payne
19c93b0228 Add RestFramework tests 2023-09-29 14:41:57 +01:00
Michael Nebel
81e4cddf9f Merge pull request #14333 from michaelnebel/csharp/windowsunittests 
C#: Also run extractor unit tests on a windows runner.
 2023-09-29 15:28:26 +02:00
Rasmus Lerchedahl Petersen
177db998c7 Python: add change note 2023-09-29 15:28:08 +02:00
Mathew Payne
eb9b32473e Add support for ModelViewSet functions 2023-09-29 14:26:39 +01:00
Rasmus Lerchedahl Petersen
ed3ffde5e6 Python: modules are now possibly non-unique 
We should consider if this is the right way..
 2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
be506c64ba Python: update test-expectations 
These are semantic differences.
They generally look good, except perhaps
we should exclude illegal package names?
(It passes `legalShortName`, though).
 2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
4f35a62583 Python: broaden search for imports 
This now finds vulnerabilities in
https://github.com/github/field-security-codeql/issues/100
 2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
d9854eb409 Python: Add QLDoc 2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
1d4832cbfe python: allow namespace packages as packages 
remove the logic around isPotentialPackage
 2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
362cf107a4 python: add tests for module import 
- `--max-import-depth=3` to give points-to a chance
- `not_root` dir to force namespace package logic
- add usage in `example.py` to get files extracted
 2023-09-29 15:10:19 +02:00
yoff
dbecb1bd0f Merge pull request #14070 from yoff/python/promote-nosql-query 
Python: promote nosql query
 2023-09-29 14:21:22 +02:00
Rasmus Wriedt Larsen
9b73bbfc31 Python: Add keyword argument support 
and a fair bit of refactoring
 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
d6d13f84a9 Python: -> NoSQL in QLDocs 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
3676262313 Python: Clean trailing whitespace 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
d7ad5a0f23 Python: List NoSQL injection sinks 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
16e1a00e88 Python: NoSQLInjection -> NoSqlInjection 2023-09-29 13:52:51 +02:00
Rasmus Lerchedahl Petersen
97696680e6 Python: require dict sinks be dangerous. 2023-09-29 13:45:23 +02:00
Rasmus Lerchedahl Petersen
f3a01612e8 Python: rename flow states 
Close to being a revert of
3043633d9c
but with slightly shorter names and added comments.
 2023-09-29 13:23:36 +02:00
Rasmus Lerchedahl Petersen
e1708054a4 Python: fix QL alert 2023-09-29 12:06:51 +02:00
Anders Schack-Mulligen
efb49fcd3e Merge pull request #14336 from aschackmull/java/switch-rule-stmt-cfg 
Java: Fix CFG for case rule statements.
 2023-09-29 12:02:48 +02:00
Rasmus Lerchedahl Petersen
2d845e3e55 Python: nicer paths 
turn "the long jump" that would end up
straight at the argument into a short jump
that ends up at the dictionary being written to.
Dataflow takes care of the rest of the path.
 2023-09-29 12:02:16 +02:00
Rasmus Lerchedahl Petersen
74d6f37467 Python: update meta query TaintSinks 2023-09-29 12:02:16 +02:00
yoff
2e028a41ee Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-09-29 11:32:51 +02:00
Michael Nebel
c25113ae46 C#: Execute tests via the bash shell to ensure that we stop on error. 2023-09-29 09:35:43 +02:00
Michael Nebel
3fd083b249 C#: Enable the stub generator tests. 2023-09-29 09:35:43 +02:00
Michael Nebel
086588982e C#: Ensure that always use the same newline symbol for stub generation. 2023-09-29 09:35:42 +02:00
Michael Nebel
e42741e8ed C#: Also run extractor unit tests on a windows runner. 2023-09-29 09:33:33 +02:00
Stephan Brandauer
d7beda79ab Merge pull request #14197 from github/kaeluka/framework-mode-source-candidates 
Java: Framework mode source candidates
 2023-09-28 21:09:54 +02:00
Ian Lynagh
30d7f0cf0a Merge pull request #14334 from igfoo/igfoo/ext-frag 
Kotlin: Handle IrExternalPackageFragment properly for more external entities
 2023-09-28 20:01:52 +01:00
erik-krogh
5d4b542995 escape unicode chars in overly-large-range 2023-09-28 20:16:09 +02:00
Ian Lynagh
7f5f25c362 Merge pull request #14338 from igfoo/igfoo/dedupe 
Kotlin: Differentiate 2 error messages
 2023-09-28 17:56:53 +01:00
Alex Eyers-Taylor
6b0ae0f312 CPP: Remove unned argument from use-after-free 2023-09-28 17:53:32 +01:00
amammad
97c27ac11b revert SqlInjection.ql changes 2023-09-29 01:36:00 +10:00
amammad
58f4cd77dc add TypeORM to javascript.qll file 
add tests
improvement on comments
 2023-09-29 01:23:22 +10:00
amammad
e3c89011a9 perfomed gofmt on fasthttp.go 2023-09-29 00:57:17 +10:00
amammad
8d47a7b21d Update python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-09-28 18:13:34 +03:30
Stephan Brandauer
fdbc553029 Java: Automodel Framework mode: no longer skip non-public methods 2023-09-28 16:17:44 +02:00
Ian Lynagh
e9482fb096 Kotlin: Differentiate 2 error messages 2023-09-28 14:59:21 +01:00
Ian Lynagh
5db283e86a Kotlin: Fix comment 2023-09-28 14:26:02 +01:00
yoff
bc17bf69f4 Merge pull request #14317 from yoff/python/fix-regex-string-part-locations 
Python: Improve computation of regex fragments inside string parts
 2023-09-28 14:35:27 +02:00
Anders Schack-Mulligen
15e1098791 Java: Add change note. 2023-09-28 14:28:24 +02:00
Rasmus Lerchedahl Petersen
3043633d9c Python: Some renaming of flow states 2023-09-28 14:24:49 +02:00
Anders Schack-Mulligen
94556078f1 Java: Add guards logic for SwitchExpr default cases. 2023-09-28 14:21:04 +02:00
Rasmus Lerchedahl Petersen
d5b64c5ff2 Python: update test expectations 2023-09-28 14:20:30 +02:00
Anders Schack-Mulligen
917a15647e Java: Fix CFG for rule statements. 2023-09-28 14:19:36 +02:00
Anders Schack-Mulligen
922a4e8ddf Java: Add failing test 2023-09-28 14:15:56 +02:00