hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 08:54:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,679 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Harry Maclean
581072721c Ruby: Add change note 2024-02-23 11:13:15 +00:00
Harry Maclean
6d6f8ba512 Ruby: Make CSRF query more sensitive 
Generate an alert for every controller class that doesn't have or
inherity a `protect_from_forgery` setting.
 2024-02-23 11:13:15 +00:00
Harry Maclean
49d826f667 Ruby: Add a query for CSRF protection not enabled 
Specifically in Rails apps, we look for root ActionController classes
without a call to `protect_from_forgery`.
 2024-02-23 11:13:14 +00:00
Erik Krogh Kristensen
a0f91fbc15 Merge pull request #15706 from erik-krogh/pol-reg 
ReDoS: Restrict some edges related to upper/lower-case when constructing possible attack strings for polynomial-redos.
 2024-02-23 12:06:17 +01:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
Tamas Vajk
20f795c03a Code quality improvements 2024-02-23 11:20:15 +01:00
Michael Nebel
1a155b3a30 Merge pull request #15667 from michaelnebel/csharp/syntheticconstructorbody 
C#: Add synthetic bodies and inititializers for default constuctors.
 2024-02-23 11:14:00 +01:00
Tom Hvitved
94113521d1 Merge pull request #15689 from hvitved/ruby/no-field-branch-limit-summarized-callable 
Ruby: No `fieldFlowBranchLimit` for `SummarizedCallable`s
 2024-02-23 10:47:22 +01:00
Tom Hvitved
d8645cc960 Merge pull request #15694 from hvitved/csharp/assignable-definition-node 
C#: Use separate `newtype` branch for `AssignableDefinitionNode`
 2024-02-23 10:45:04 +01:00
github-actions[bot]
b2b5aa18b2 Add changed framework coverage reports 2024-02-23 00:16:49 +00:00
Tom Hvitved
303a2bb63a C#: Update expected test output 2024-02-22 21:04:55 +01:00
Tom Hvitved
ea7d9c97fd C#: Use separate newtype branch for AssignableDefinitionNode 2024-02-22 21:04:55 +01:00
Ian Lynagh
8d358a9f64 Kotlin: Remove the Kotlin 2 ministdlib test 
Upstream doesn't plan to fix it before the K2 release:
    https://youtrack.jetbrains.com/issue/KT-62183/K2-no-stdlib-doesnt-behave-as-expected

I've made a ticket to remind us to return to this later.
 2024-02-22 19:01:22 +00:00
Geoffrey White
573763a4b3 Shared: More revisions, manual and aided by further discussion with Copilot. 2024-02-22 18:59:35 +00:00
Ian Lynagh
cf441d1a30 Kotlin: Accept changes in library-tests/multiple_files 
I think that this is a regression, but one that we're not likely to fix
soon, so let's just accept the output for now. I've opened a ticket to
remind us to return to this.
 2024-02-22 18:57:12 +00:00
Robert Marsh
6f7f68fee8 Merge branch 'main' into rdmarsh2/cpp/ir-synthetic-destructors 2024-02-22 18:10:13 +00:00
Geoffrey White
797fee9c9e Swift: Change note. 2024-02-22 17:54:53 +00:00
Mathias Vorreiter Pedersen
63a5b49846 Merge pull request #15633 from MathiasVP/model-experiments 
C++: Assume modelled functions always override buffers by default
 2024-02-22 18:48:24 +01:00
Geoffrey White
47a9a8b82a Swift: MAke TypeDecl.getFullName robust to when there's an ExtensionDecl extending more than one thing. 2024-02-22 17:39:57 +00:00
Geoffrey White
515e93522f Swift: Make ExtensionDecl.toString robust to when there's more than one extended thing. 2024-02-22 17:39:57 +00:00
Cornelius Riemenschneider
d2e6746e7f Upgrade to bazel 7.0.2. 2024-02-22 17:51:17 +01:00
Robert Marsh
942a4ed925 C++: move handlesDestructorsExplicitly up to TranslatedReturnStmt 2024-02-22 16:46:19 +00:00
Robert Marsh
ebe6ee5257 C++: accept test changes from extractor fixes 2024-02-22 16:44:19 +00:00
Mathias Vorreiter Pedersen
c7ee5b2912 Merge branch 'main' into model-experiments 2024-02-22 16:40:17 +00:00
Harry Maclean
fbc689227d Merge pull request #15604 from p-/p--rails-more-request-sources 
Ruby: add additional sources on the request object of Rails
 2024-02-22 16:35:59 +00:00
Tamas Vajk
50f9354ca8 Remove redundant using 2024-02-22 17:14:02 +01:00
Tamas Vajk
e176b32a83 Remove environment dictionary passing 2024-02-22 17:12:38 +01:00
Paolo Tranquilli
6c5e5966c3 Merge pull request #15583 from github/redsun82/bzlmod 
Bazel: use bzlmod
 2024-02-22 17:06:59 +01:00
Tamas Vajk
648c06ce27 Simplify dotnet SDK check in autobuilder 2024-02-22 16:44:46 +01:00
Mathias Vorreiter Pedersen
0bf29f0a62 Merge branch 'main' into model-experiments 2024-02-22 15:05:53 +00:00
Paolo Tranquilli
b7df26e6c9 Bazel: make codeql compatible with workspace setup 2024-02-22 15:50:02 +01:00
Paolo Tranquilli
b1e0287a7c Merge branch 'main' into redsun82/bzlmod 2024-02-22 15:35:41 +01:00
Ben Rodes
47f94e2ebe Merge branch 'main' into cpp-non-constant-format-as-path-query 2024-02-22 06:24:18 -08:00
Ian Lynagh
2b4b512611 Merge pull request #15693 from igfoo/igfoo/kot2b4 
Kotlin: Update to 2.0.0-Beta4
 2024-02-22 14:06:32 +00:00
Joe Farebrother
2ebb80b632 Merge pull request #15548 from joefarebrother/android-local-auth-keys 
Java: Add query for insecurely generated keys for local authentication.
 2024-02-22 14:04:17 +00:00
Joe Farebrother
67e8f17c4c Merge pull request #15619 from joefarebrother/ruby-activerecord-connection 
Ruby: Add additional sql sinks for ActiveRecord connection methods
 2024-02-22 14:02:31 +00:00
Joe Farebrother
1f409b0456 Merge pull request #15671 from joefarebrother/ruby-activerecord-extra-args 
Ruby: Consider additional arguments to certain `ActiveRecord` methods as sql injection sinks.
 2024-02-22 14:01:56 +00:00
Tamas Vajk
c0d82cb73e Minor improvement to not start dotnet process when it is known to fail 2024-02-22 14:58:00 +01:00
Tom Hvitved
c55354b544 Merge pull request #15688 from hvitved/ruby/multi-variable-capture 
Ruby: Fix bug in `allowParameterReturnInSelf`
 2024-02-22 14:51:09 +01:00
Mathias Vorreiter Pedersen
350d5bf0ce C++: Update QLDoc on 'modeledFlowBarrier'. 2024-02-22 13:30:39 +00:00
Tamas Vajk
8e64880e86 Fix and add unit tests 2024-02-22 14:27:28 +01:00
Mathias Vorreiter Pedersen
671904d58c C++: Fix QLoc on 'PartialFlowFunction'. 2024-02-22 13:27:10 +00:00
Mathias Vorreiter Pedersen
aca3970c33 C++: Fix QLoc on 'isPartialWrite'. 2024-02-22 13:25:13 +00:00
Taus
f1392712ee Python: Add .copy() as a copy step 2024-02-22 13:09:27 +00:00
Taus
5125973f9b Python: Add test case for .copy() as a copy step 2024-02-22 13:01:03 +00:00
Paolo Tranquilli
fe6b27bcf8 Merge branch 'main' into redsun82/bzlmod 2024-02-22 13:45:09 +01:00
Michael Nebel
a24a57c586 C#: Update most other test cases to reflect the synthesized constructor calls and bodies. 2024-02-22 13:33:30 +01:00
Michael Nebel
a4ab163532 C#: Update test output for cfg tests. 2024-02-22 13:33:29 +01:00
Michael Nebel
d19c83228e C#: Do not bind comments to compiler generated statements. 2024-02-22 13:33:29 +01:00
Michael Nebel
cf9c3d5dd1 C#: Remove un-needed code as we extract synthetic default constructors. 2024-02-22 13:33:29 +01:00