hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 08:54:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,679 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
a5eb2dd906 update the QHelp for cs/web/unvalidated-url-redirection with examples inspired by the JS QHelp 2024-02-15 12:41:01 +01:00
Erik Krogh Kristensen
7c0557269a Merge pull request #15596 from erik-krogh/url-san 
C#: Add a few more sanitizers to `cs/web/unvalidated-url-redirection`
 2024-02-15 12:09:06 +01:00
Angela P Wen
0643184a7e Merge pull request #15493 from jsoref/declare-permissions 
Declare permissions in workflows
 2024-02-15 02:52:24 -08:00
Tony Torralba
f4c9052ba9 Merge pull request #15622 from atorralba/atorralba/java/path-sanitizer-equals 
Java: Expand ExactPathSanitizer to work on the argument of 'equals' too
 2024-02-15 11:29:09 +01:00
Tamás Vajk
a5e3643faf Merge pull request #15621 from tamasvajk/buildless/cleanup 
C#: Code quality improvements (fixed log message, removed unused interface)
 2024-02-15 10:54:47 +01:00
Rasmus Wriedt Larsen
e4c30371f9 Merge pull request #13557 from am0o0/amammad-python-bombs 
Python: Decompression Bombs
 2024-02-15 10:43:12 +01:00
Tony Torralba
90a9d82b9d Java: Expand ExactPathSanitizer to work on the argument of 'equals' too 2024-02-15 10:00:24 +01:00
Harry Maclean
a9abba5859 Merge pull request #15520 from hmac/hmac-erb-raw-output-directive 
Ruby: Recognise raw Erb output as XSS sink
 2024-02-15 08:05:16 +00:00
Harry Maclean
babae65e41 Merge pull request #15488 from hmac/ruby-mad-docs 
Ruby: add docs for customizing library models with data extensions
 2024-02-15 07:58:22 +00:00
Tamas Vajk
2f1472fa48 Code quality improvements (fixed log message, removed unused interface) 2024-02-15 08:52:44 +01:00
Tamás Vajk
8aff913c3c Merge pull request #15614 from tamasvajk/buildless/razor-cleanup 
C# Only remove temp files for MVC view generation if needed
 2024-02-15 08:27:40 +01:00
Joe Farebrother
37eb81097f Add additional sinks for connection methods 2024-02-14 22:42:03 +00:00
Chris Smowton
7e41a895d8 Merge pull request #15618 from JLLeitschuh/patch-6 
Fix typo in NettyRequestSplitting.java
 2024-02-14 20:44:40 +00:00
Josh Soref
b58c856756 Declare permissions 
Repositories can be configured with Default access (restricted)
https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Best practice says that workflows should declare the minimal permissions they require.
Without declaring permissions, paranoid forks fail miserably.
 2024-02-14 14:31:45 -05:00
Josh Soref
e468f4062f use github/codeql-action...@main 2024-02-14 14:31:31 -05:00
amammad
09d8a75844 Fix QLDoc issues 2024-02-14 23:31:22 +04:00
Michael B. Gale
6267506a77 Go: Postpone go.mod creation until necessary 2024-02-14 19:12:36 +00:00
Michael B. Gale
1055e773ef Go: Export InitGoModForLegacyProject 2024-02-14 19:12:35 +00:00
Michael B. Gale
4387c73d12 Go: Fix missing word in comment for discoverWorkspace 2024-02-14 19:12:35 +00:00
Michael B. Gale
6dbb5c5fdb Go: Refactor Autobuild to use pairs of scripts and tools from a reusable array 2024-02-14 19:12:35 +00:00
Michael B. Gale
e2c673417f Go: Only call EmitNewerGoVersionNeeded at most once 2024-02-14 19:12:35 +00:00
Michael B. Gale
6eac48caba Go: Refactor greatest version logic into dedicated function 2024-02-14 19:12:34 +00:00
Michael B. Gale
a9d8643f5a Go: check for extracted files in go-files-found-not-processed test 2024-02-14 19:12:34 +00:00
Michael B. Gale
a26d11bcea Go: Revert expected diagnostics for go-files-found-not-processed 2024-02-14 19:12:34 +00:00
Michael B. Gale
058bf32ad0 Go: Initialise Go modules for stray source files outside of existing modules 2024-02-14 19:12:34 +00:00
Michael B. Gale
d99ad01efa Go: Add module files which don't belong to a workspace, if there are workspaces 2024-02-14 19:12:34 +00:00
Michael B. Gale
251888a0bd Go: Tell extractor to extract subdirectories as well 2024-02-14 19:12:33 +00:00
Michael B. Gale
925e99cdb2 Go: Use GoFilesOutsideDirs to find stray source files 2024-02-14 19:12:33 +00:00
Michael B. Gale
f0df7cd5c5 Go: Add GoFilesOutsideDirs function 2024-02-14 19:12:33 +00:00
Michael B. Gale
d4ea45bdaf Go: Add comment to AnyGoFilesOutsideDirs and use slices.Contains 2024-02-14 19:12:33 +00:00
Michael B. Gale
843f7694fd Go: Only relocate project to temp dir if there is only one workspace 2024-02-14 19:12:32 +00:00
Michael B. Gale
3a982de16f Go: Workspaces only support mod=readonly 2024-02-14 19:12:32 +00:00
Michael B. Gale
9c3667dbf7 Go: Improve go.work file(s) found log message 2024-02-14 19:12:32 +00:00
Michael B. Gale
fd54350ba8 Go: Fix comment for getBuildRoots 2024-02-14 19:12:32 +00:00
Michael B. Gale
f084829154 Go: Only fail autobuilder if all projects cannot be extracted 2024-02-14 19:12:31 +00:00
Michael B. Gale
20836c7088 Go: Add test for multiple modules, where one cannot be extracted 2024-02-14 19:12:31 +00:00
Michael B. Gale
fbd7946cfd Go: Fall back to ./... if there are no modules 
Fixes issues for `dep` and `glide`
 2024-02-14 19:12:31 +00:00
Michael B. Gale
0b8a917584 Go: Fix crash if WorkspaceFile.Go is nil 2024-02-14 19:12:30 +00:00
Michael B. Gale
46c553e802 Go: Add test case for go.mod file without a Go version 2024-02-14 19:12:30 +00:00
Michael B. Gale
a961e276c1 Go: Initialise filesToRemove to an empty array 2024-02-14 19:12:30 +00:00
Michael B. Gale
51eb487022 Go: Handle filepath.Rel failure 2024-02-14 19:12:30 +00:00
Michael B. Gale
c96735e17a Go: Remove auto-generated go.mod files when done 2024-02-14 19:12:30 +00:00
Michael B. Gale
db1d24a900 Go: Update expected diagnostics for go-files-not-processed 2024-02-14 19:12:29 +00:00
Michael B. Gale
e79f5905e7 Go: Fix checks for dep and glide not working correctly 2024-02-14 19:12:29 +00:00
Michael B. Gale
ec902827f6 Go: Initialise go.mod for stray source files 2024-02-14 19:12:29 +00:00
Michael B. Gale
b9e96e4a27 Fixup: closing curly brace 2024-02-14 19:12:29 +00:00
Michael B. Gale
21fbb1b051 Go: Only initialise module if there are source files 2024-02-14 19:12:28 +00:00
Michael B. Gale
f48b1e57d7 Go: Check for relative paths warning even if go mod tidy is successful 2024-02-14 19:12:28 +00:00
Michael B. Gale
aa5e14f59f Go: Replace BuildInfo with GoWorkspace 2024-02-14 19:12:28 +00:00
Michael B. Gale
8b376e7a35 Go: Include ModMode in GoWorkspace 2024-02-14 19:12:28 +00:00