hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 00:31:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,687 Branches 159 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
35e2e5d785 Swift: Use SensitiveDataHeuristics.qll in regexpProbablySafe. 2023-05-15 17:44:54 +01:00
Geoffrey White
cc72bfbbbb Swift: Add the shared SensitiveDataHeuristics.qll to Swift. 2023-05-15 17:38:14 +01:00
Philip Ginsbach
167a5723b4 Merge pull request #13156 from github/ginsbach/SpecifyParameterisedSyntax 
add parameter syntax for module declarations and module references
 2023-05-15 17:07:20 +01:00
Tony Torralba
7d79d87d48 Add XPath.evaluate as XXE sink 2023-05-15 17:39:35 +02:00
erik-krogh
2ebce99eae add another example of how to fix the prototype pollution issue 2023-05-15 17:24:02 +02:00
erik-krogh
7a338c408e fix typo, the variable in the example is called items 2023-05-15 17:23:40 +02:00
erik-krogh
83ca1495e0 trim the whitespace in the poly-redos examples 2023-05-15 16:47:24 +02:00
erik-krogh
d989359656 add another example to the qhelp in poly-redos, showing how to just limit the length of the input 2023-05-15 16:47:02 +02:00
Geoffrey White
4781881a6a Swift: Improve mobile/phone number regexp. 2023-05-15 15:30:30 +01:00
Tom Hvitved
826b6219a0 Ruby: Include self parameters in type tracking flow-through logic 2023-05-15 16:02:33 +02:00
Tom Hvitved
3cdb27725a Ruby: Add more call graph tests 2023-05-15 16:02:33 +02:00
Tom Hvitved
9dede31c0d Merge pull request #13077 from hvitved/ruby/track-regexp-improvements 
Ruby: Improvements to `RegExpTracking`
 2023-05-15 16:02:00 +02:00
Maiky
3c00235375 Add SqlSanitization to Concepts and turn private 2023-05-15 15:56:52 +02:00
Geoffrey White
a0cba8cb6b Swift: Address boolean value FPs. 2023-05-15 14:24:18 +01:00
Maiky
f46620c455 Var only used in one side of disjunct 2023-05-15 15:09:44 +02:00
Geoffrey White
27c8eb301e Swift: Fix URL-related FPs. 2023-05-15 14:08:43 +01:00
Mathias Vorreiter Pedersen
650e9e1088 C++: Fix Code Scanning error. 2023-05-15 14:05:41 +01:00
Mathias Vorreiter Pedersen
f1c124a3da C++: Share more code between 'ValidState' and 'StringSizeConfig'. 2023-05-15 14:01:17 +01:00
Geoffrey White
e59d7e0345 Swift: Remove assumption that 'username' is not sensitive (in the tests). 2023-05-15 13:58:44 +01:00
Geoffrey White
dba951111a Swift: Add more sensitive data test cases. 2023-05-15 13:58:44 +01:00
Paolo Tranquilli
725a0a5eec Merge pull request #13161 from github/redsun82/swift-markdown-diagnostics 
Swift: support markdown TSP diagnostics
 2023-05-15 14:47:59 +02:00
Mathias Vorreiter Pedersen
f31709fb29 C++: Make comment more clear. 2023-05-15 13:36:29 +01:00
Paolo Tranquilli
10d084fbbf Swift: update comment 2023-05-15 13:48:24 +02:00
Paolo Tranquilli
cfcd26cf0d Swift: support markdown TSP diagnostics 2023-05-15 13:48:24 +02:00
Paolo Tranquilli
d8c0054ea9 Merge pull request #13133 from github/redsun82/swift-diagnostics-locations 
Swift: add location and visibility support to TSP diagnostics
 2023-05-15 13:47:52 +02:00
Geoffrey White
2a4d7cb642 Swift: Make the result message consistent as well. 2023-05-15 11:53:58 +01:00
Mathias Vorreiter Pedersen
a7712b608a C++: Add more comments. 2023-05-15 11:14:06 +01:00
Geoffrey White
3193b3b171 Swift: Make the CleartextLogging.ql query ID consistent with the other swift/cleartext-* queries. 2023-05-15 10:51:21 +01:00
Rasmus Wriedt Larsen
4be226ffe4 Merge pull request #13113 from yoff/python/test-container-steps 
python: Add tests for container steps
 2023-05-15 11:07:27 +02:00
Asger F
20e8ee8423 Merge pull request #12748 from JarLob/yi 
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
 2023-05-15 11:03:00 +02:00
Tom Hvitved
cc6da7e38e Merge pull request #13031 from hvitved/identity-consistency-check 
C#: Remove local identity flow steps
 2023-05-15 10:45:35 +02:00
Paolo Tranquilli
dbff3e4fa4 Swift: remove unneeded SwiftDiagnosticLogWrapper 2023-05-15 10:08:43 +02:00
Paolo Tranquilli
a2cb331ebe Swift: remove hacky binlog interception 2023-05-15 10:02:24 +02:00
Paolo Tranquilli
9a555aea5f Merge branch 'main' into redsun82/swift-diagnostics-locations 2023-05-15 10:01:45 +02:00
Tom Hvitved
027cb2d335 C#: Reenable consistency check 2023-05-15 09:36:37 +02:00
Tom Hvitved
3c173df69e C#: Update expected test output 2023-05-15 09:35:20 +02:00
Tom Hvitved
165dc0b9bf C#: Filter away phi (read) input steps from a node into itself 2023-05-15 09:35:04 +02:00
Tom Hvitved
75dd4c8653 C#: Filter away use-use steps from a node into itself 2023-05-15 09:35:04 +02:00
Paolo Tranquilli
b214003720 Merge pull request #13131 from github/sashabu/tsp-incompatible-os 
Swift: Emit a diagnostic when attempting to use the autobuilder on Linux.
 2023-05-15 08:23:40 +02:00
Paolo Tranquilli
95cd948f09 Swift: order help links in integration test checks 
They are currently a set within the codeql cli.
 2023-05-14 22:33:48 +02:00
tyage
93af0d0c2f formatting 2023-05-13 17:37:31 +00:00
tyage
6f66c047d0 JS: ignoresub pkgs in node_modules directory 2023-05-13 09:12:28 +00:00
Ian Lynagh
202037e925 Merge pull request #13148 from igfoo/igfoo/arrays 
Kotlin: Add some documentation on arrays, and tweak the tests we use for them
 2023-05-12 18:52:16 +01:00
Robert Marsh
584adf843a C++: restrict flowstates in constant off-by-one query 2023-05-12 12:43:10 -04:00
Max Schaefer
5dfe52afd0 Merge pull request #13152 from github/max-schaefer/unsafe-shell-command-construction-examples-sync 
JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input.
 2023-05-12 16:50:25 +01:00
Tony Torralba
549fa7e288 Java: make inputStreamWrapper only act on constructors from outside of source 2023-05-12 17:47:56 +02:00
Jeroen Ketema
ed0524d08c Merge pull request #13155 from jketema/invalid-pointer-deref-fp 
C++: Add FP test case for `cpp/invalid-pointer-deref`
 2023-05-12 17:33:28 +02:00
Mathias Vorreiter Pedersen
e1cc7dcdc1 C++: Tweak join orders. 2023-05-12 16:12:15 +01:00
Philip Ginsbach
c5be3fb6c0 add missing syntax for parameterised module declaration 2023-05-12 15:50:28 +01:00
Max Schaefer
ef659310d3 Merge pull request #13151 from github/max-schaefer-patch-1 
JavaScript: Use gender-neutral language in qhelp for js/user-controlled-bypass
 2023-05-12 15:37:32 +01:00