codeql

mirror of https://github.com/github/codeql.git synced 2026-01-16 16:04:45 +01:00

Author	SHA1	Message	Date
Jami Cogswell	1da1e896cb	Java: convert SpringModelAndViewSink to MaD	2024-03-13 16:28:41 -04:00
Jami Cogswell	8d66097483	Java: switch StaplerResponse.forward from request-forgery sink to url-forward sink	2024-03-13 16:28:41 -04:00
Jami Cogswell	42e3825ea3	Java: convert RequestDispatcherSink to MaD	2024-03-13 16:28:40 -04:00
Jami Cogswell	4ff884e26c	Java: remove more path-injection related classes (will maybe add some of these back in a separate PR)	2024-03-13 16:28:40 -04:00
Jami Cogswell	2a682995ae	Java: move MaD models to correct files, delete ones that already exist	2024-03-13 16:28:40 -04:00
Jami Cogswell	915e106ab3	Java: remove path-injection related models and tests for now	2024-03-13 16:28:40 -04:00
Jami Cogswell	35a083ae9e	Java: update test cases to use inline expectations	2024-03-13 16:28:40 -04:00
Jami Cogswell	2793f28428	Java: move config to Query.qll file	2024-03-13 16:28:40 -04:00
Jami Cogswell	0d38a9625e	Java: copy files from experimental	2024-03-13 16:28:39 -04:00
Jeroen Ketema	866a3934d4	C++: suppress destructors with reuse expressions until proper support is added	2024-03-13 20:17:00 +01:00
Tom Hvitved	54fa8181da	Address review comment	2024-03-13 20:03:01 +01:00
Jeroen Ketema	67b3670d06	Merge pull request #15901 from jketema/destructors11 C++: Introduce re-use expressions in the database scheme	2024-03-13 18:27:28 +01:00
Geoffrey White	8d3fc735ea	C++: Fix compilation issue in UseAfterFree.qll.	2024-03-13 17:03:00 +00:00
Geoffrey White	f52b6e0449	C++: Add more test cases for taint through qualifier fields.	2024-03-13 16:20:12 +00:00
Geoffrey White	6019a38266	C++: Add more test cases for indirection (4).	2024-03-13 16:20:08 +00:00
Geoffrey White	23da0c16c7	C++: Add more test cases for indirection (3).	2024-03-13 16:20:04 +00:00
Geoffrey White	7c4927c2e3	C++: Add more test cases for indirection (2).	2024-03-13 16:19:58 +00:00
Tony Torralba	039bea1625	Java: Add more neutral JDK models This is similar to https://github.com/github/codeql/pull/15766, in the sense that it adds neutral models to prevent the model generator from generating summaries for them. These models were spotted while evaluating https://github.com/github/codeql/pull/14919.	2024-03-13 16:59:38 +01:00
Geoffrey White	fcda0c9819	C++: Add more test cases for indirection (1).	2024-03-13 15:35:28 +00:00
Geoffrey White	c17a36ec07	C++: Add more test cases for taint through qualifiers.	2024-03-13 15:30:13 +00:00
Mathias Vorreiter Pedersen	b638d4d0ba	Merge pull request #15900 from MathiasVP/glib-alloc-and-dealloc C++: Add models for `GLib` allocation and deallocation	2024-03-13 15:29:46 +00:00
Geoffrey White	92d57ab504	C++: Correct some existing cases that are in fact indirect.	2024-03-13 15:26:21 +00:00
Erik Krogh Kristensen	bd121b98ae	Merge pull request #15893 from erik-krogh/more-filter-taint JS: allow more flow through .filter()	2024-03-13 16:19:28 +01:00
Rasmus Lerchedahl Petersen	533b63743b	Python: test MaD syntax for keyword argument use the combined positional/keyword syntax as that is what we will probably mostly use.	2024-03-13 15:28:34 +01:00
Tom Hvitved	6c0ed28e6b	Python: Implement new data flow interface	2024-03-13 14:41:57 +01:00
Tom Hvitved	02ae2d1520	Java: Implement new data flow interface	2024-03-13 14:41:57 +01:00
Tom Hvitved	e4a4c18166	Go: Implement new data flow interface	2024-03-13 14:41:57 +01:00
Michael Nebel	560b355e0c	C#: Remove hard-coded local sources from the uncontrolled-format-string query.	2024-03-13 14:26:30 +01:00
Erik Krogh Kristensen	53502a8662	Merge pull request #15510 from yoff/ts-54 JS: Add support for TS 5.4	2024-03-13 14:22:24 +01:00
Jeroen Ketema	8d5eab401d	C++: Introduce re-use expressions in the database scheme	2024-03-13 13:28:27 +01:00
Tom Hvitved	16cef92106	JS: Add `DataFlow::Node.getLocation`	2024-03-13 13:06:16 +01:00
Mathias Vorreiter Pedersen	8d504d8b32	Merge pull request #15899 from jketema/destructors10 C++: Add IR tests for the destruction of temporaries	2024-03-13 11:56:04 +00:00
Mathias Vorreiter Pedersen	465c3c18e3	C++: Add change note.	2024-03-13 11:49:26 +00:00
Asger F	c5a02dae2b	Merge pull request #15768 from asgerf/js/amd-pseudo-deps JS: Do not treat AMD pseudo-dependencies as imports	2024-03-13 12:49:17 +01:00
Mathias Vorreiter Pedersen	3ea39a2553	C++: Add some query tests.	2024-03-13 11:39:34 +00:00
Mathias Vorreiter Pedersen	bcd36b1994	C++: Recognize glib allocations and deallocations.	2024-03-13 11:39:15 +00:00
Geoffrey White	9aad43f649	C++: Add indirect test models.	2024-03-13 11:34:36 +00:00
Ian Lynagh	adefdfd59f	Merge pull request #15889 from igfoo/igfoo/k2exprs Kotlin 2: Accept more changes in the exprs test	2024-03-13 11:34:10 +00:00
erik-krogh	129286aa1c	allow more flow through .filter()	2024-03-13 12:03:00 +01:00
Jeroen Ketema	3ef1ab49ea	C++: Add IR tests for the destruction of temporaries	2024-03-13 12:00:02 +01:00
erik-krogh	013ed7adb3	Java: update the url-redirection in the same style as the C# qhelp	2024-03-13 11:58:16 +01:00
yoff	b5c0fbb827	Merge pull request #15776 from RasmusWL/tt-consistency Python: Add type-tracking consistency query	2024-03-13 11:11:07 +01:00
Tom Hvitved	4085c8ec8f	Merge pull request #15866 from hvitved/ruby/orm-tracking-ap-limit Ruby: Lower access path limit to 1 for `OrmTracking`	2024-03-13 10:57:09 +01:00
Harry Maclean	806f42ef72	Ruby: Update change note	2024-03-13 09:54:17 +00:00
Harry Maclean	dd5eb982ec	Merge pull request #15524 from hmac/hmac-process-spawn Ruby: Add some more command injection sinks	2024-03-13 09:53:10 +00:00
Tony Torralba	2fd2b4c874	Merge pull request #15891 from github/workflow/coverage/update Update CSV framework coverage reports	2024-03-13 09:51:22 +01:00
github-actions[bot]	cff2cdb9e4	Add changed framework coverage reports	2024-03-13 00:15:53 +00:00
Edward Minnix III	c190dd21db	Merge pull request #15877 from egregius313/egregius313/csharp/mad/sources/windows-registry C#: Add source models for values from the Windows registry	2024-03-12 16:41:42 -04:00
Edward Minnix III	d54489931c	Merge pull request #15869 from egregius313/egregius313/java/fix/parcelfiledescriptor-open-sink Java: Add path-injection sink for `ParcelFileDescriptor::open`	2024-03-12 16:39:20 -04:00
intrigus-lgtm	f70a39e72f	[cpp-docs] Fix 404 link in guards library doc.	2024-03-12 19:59:26 +01:00

... 27 28 29 30 31 ...

66447 Commits