hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,684 Branches 159 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
e463819bc2 get ParamSource.ql to compile by deleting import that got deleted - I have no if this is a good change 2023-06-14 08:31:57 +02:00
erik-krogh
3a436d1f84 do a quick-and-dirty conversion of py/hardcoded-credentials to the new dataflow library 2023-06-14 08:31:56 +02:00
erik-krogh
ae8bf5ed3c delete old deprecations 2023-06-14 08:31:51 +02:00
Rasmus Lerchedahl Petersen
f1de753400 python: add changenote 2023-06-13 21:59:51 +02:00
Rasmus Lerchedahl Petersen
4b4b9bf9da python: add missing summaries 
For append/add:
The new results in the experimental tar slip query
show that we do not recognize the sanitisers.
 2023-06-13 20:22:21 +02:00
Rasmus Lerchedahl Petersen
b72c93ff4f python: remove remaining explicit taint steps 2023-06-13 20:22:20 +02:00
yoff
1d65284011 Merge pull request #13209 from yoff/python/container-summaries-2 
python: Container summaries, part 2
 2023-06-13 18:17:09 +02:00
Rasmus Lerchedahl Petersen
775f3eaf56 python: make copy a dataflow step 2023-06-13 17:07:41 +02:00
Taus
b860b21ced Update MaD Declarations after Triage 2023-06-13 16:50:58 +02:00
Alexandre Boulgakov
7280f07611 Merge pull request #13336 from github/sashabu/c++20-todos 
Swift: Fix some C++20 todos.
 2023-06-13 15:25:29 +01:00
Alexandre Boulgakov
f5d6f50851 Merge pull request #13335 from github/sashabu/c++20 
Build: Bump build mode to C++20.
 2023-06-13 15:03:01 +01:00
yoff
4056358863 Merge pull request #13438 from RasmusWL/flask-render-string 
Python: Add modeling of `flask.render_template_string`
 2023-06-13 14:56:43 +02:00
Michael Nebel
9690ff6177 C#: Address review comments. 2023-06-13 14:19:17 +02:00
Alex Ford
75ccbe58ee Ruby: rack - use Mimetype rather than MimeType in predicate names for consistency with concepts 2023-06-13 12:44:29 +01:00
Alex Ford
977ceb89fd Ruby: rack - remove PotentialResponseNode#getAStatusCode 2023-06-13 12:42:46 +01:00
Alex Ford
af1ca7fec7 Update ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-13 12:37:31 +01:00
Rasmus Wriedt Larsen
2b7fc94aef Python: Fix validTest.py expectation 2023-06-13 12:11:28 +02:00
Erik Krogh Kristensen
4dc596f0fb Merge pull request #13381 from erik-krogh/mongooseFindByIdAndUpdate 
JS: remove the second argument of findByIdAndUpdate as a NoSQL sink
 2023-06-13 11:59:58 +02:00
Rasmus Lerchedahl Petersen
33ad15e989 ruby: use aliases 2023-06-13 11:49:30 +02:00
Rasmus Lerchedahl Petersen
e11f6b5107 ruby/python: adjust shared file 
- move `isNonLocal` to the top
- missing backtics
 2023-06-13 11:49:30 +02:00
Rasmus Lerchedahl Petersen
b5961c7f6b ruby: move to internal folder 2023-06-13 11:49:30 +02:00
Rasmus Lerchedahl Petersen
203f8226cb ruby/python: make SummaryTypeTracker private 2023-06-13 11:32:06 +02:00
Anders Schack-Mulligen
2d616d494e C#/Ruby: Add fields as per review comments. 2023-06-13 11:26:30 +02:00
yoff
8cae151883 Update python/ql/test/experimental/dataflow/typetracking-summaries/TestSummaries.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-13 11:22:54 +02:00
Rasmus Lerchedahl Petersen
b709ed47e1 python: add test 2023-06-13 11:20:15 +02:00
Jeroen Ketema
6413fcc0f9 Merge pull request #13439 from jketema/go-dead 
Go: Remove commented out code from test
 2023-06-13 10:33:51 +02:00
Michael Nebel
577bbd531d C#: Base tests on stubs, move extractor options to options file and updated expected test output. 2023-06-13 10:17:42 +02:00
Jeroen Ketema
d035491c6f Go: Remove commented out code from test 2023-06-13 10:13:42 +02:00
Jeroen Ketema
c3ba206b6a Merge pull request #13346 from jketema/inline-2 
Update inline expectation tests to use parameterized module
 2023-06-13 10:10:55 +02:00
yoff
2a5173c331 Update python/ql/lib/semmle/python/frameworks/Stdlib.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-06-13 10:04:46 +02:00
Asger F
0d45074caa Merge pull request #13422 from asgerf/rb/map_filter 
Ruby: fix bug in filter_map summary
 2023-06-13 09:43:47 +02:00
Tamás Vajk
aed6a75cd4 Merge pull request #13420 from tamasvajk/feature/standalone-mscorlib 
C#: Make sure System.Private.CoreLib is added only once as a reference in standalone extraction
 2023-06-13 09:29:16 +02:00
Tony Torralba
ffe67689ec Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-13 09:27:33 +02:00
Tony Torralba
29d4b6fadc Re-add public classes that shouldn't be removed yet 2023-06-13 09:24:27 +02:00
Tony Torralba
2fd2c434f2 Apply suggestions from code review 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-13 09:24:15 +02:00
Rasmus Wriedt Larsen
6526364045 Python: Add modeling of flask.render_template_string 2023-06-12 21:18:31 +02:00
Sarita Iyer
1073a2838c Merge pull request #13424 from github/si-10647-docs-update 
Multi-variant repository analysis docs update
 2023-06-12 11:51:42 -04:00
Paolo Tranquilli
c612a7a16b Revert "Swift: deduplicate accessors and params correctly" 
This reverts commit bab4eeeb55.
 2023-06-12 17:14:20 +02:00
Paolo Tranquilli
1d32f6efc3 Merge branch 'main' into alexdenisov+redsun82/tuple-mangling 2023-06-12 16:49:45 +02:00
Paolo Tranquilli
bab4eeeb55 Swift: deduplicate accessors and params correctly 2023-06-12 16:48:03 +02:00
erik-krogh
3fd9f26b52 use consistent indentation in mongoose.js 2023-06-12 16:40:42 +02:00
erik-krogh
cd6f738f72 add mongoose.Types.ObjectId.isValid as a sanitizer-guard for NoSQL injection 2023-06-12 16:38:11 +02:00
Anders Schack-Mulligen
bc7cb1ec47 C#: Fix some qltests. 2023-06-12 16:19:04 +02:00
Sarita Iyer
2e2a03dec2 Merge branch 'si-10647-docs-update' of https://github.com/github/codeql into si-10647-docs-update 2023-06-12 10:00:08 -04:00
Sarita Iyer
8c59ec2ec7 revise maximum info 2023-06-12 09:59:58 -04:00
Sarita Iyer
082c9a26d8 Update docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-06-12 09:22:42 -04:00
Anders Schack-Mulligen
949d4491f9 C#: Remove summaries for void-returning Reverse methods. 2023-06-12 13:18:28 +02:00
Anders Schack-Mulligen
eec012d308 Java: Fix test 2023-06-12 13:18:13 +02:00
Anders Schack-Mulligen
88fe0f089e C#: Fix expected output. 2023-06-12 13:17:55 +02:00
Anders Schack-Mulligen
f8ff575ff0 C#: Fix bugs in misc models. 2023-06-12 11:37:57 +02:00