hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-20 18:04:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,683 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
0c4e1fca1b C#: Add testcase with false positive for CWE-117 (overload of String.Relace not correctly recognized as a sanitizer). 2024-01-03 10:56:56 +01:00
Owen Mansel-Chan
13b00bae17 Update test expectation 2024-01-02 22:38:30 +00:00
Eric Bickle
4fa5b2ae41 Add change nodes for GSON coverage 2024-01-02 14:17:23 -08:00
Eric Bickle
0cd89bf815 Merge branch 'main' into fix/update-gson-model 2024-01-02 14:05:33 -08:00
Owen Mansel-Chan
9f8b5bccc2 Go: report any extracted file as successfully extracted 2024-01-02 21:39:28 +00:00
Jeroen Ketema
262985a760 C++: Add change note 2024-01-02 16:32:24 +01:00
Harry Maclean
22830c7311 Ruby: Address review comments 2024-01-02 14:39:53 +00:00
Jeroen Ketema
9c1de5b2b6 C++: Support more function types 2024-01-02 15:13:20 +01:00
Harry Maclean
4c6855ed93 Ruby: Address review comments 2024-01-02 13:51:12 +00:00
Jeroen Ketema
671343619f Merge pull request #15197 from jketema/attr-expr-arg 
C++: Support attribute arguments that are expressions
 2024-01-02 13:34:44 +01:00
Jeroen Ketema
f59a00c5ea Update cpp/ql/lib/semmle/code/cpp/Specifier.qll 
Co-authored-by: Calum Grant <42069085+calumgrant@users.noreply.github.com>
 2024-01-02 12:52:18 +01:00
Alvaro Muñoz
2964aef083 Update Kernel.qll to include send aliases 
Add `public_send` and `__send__` as Code Injection sinks as proposed by @vcsjones
 2023-12-28 19:08:03 +01:00
Owen Mansel-Chan
19c5d1fd1d Merge pull request #15181 from felickz/go-xxe-libxml2 
GO - Add sink for libxml2 in go/xml/xpath-injection via XPath.qll
 2023-12-24 22:04:46 +00:00
Jeroen Ketema
ad2fb7c6d5 C++: Support attribute arguments that are expressions 2023-12-23 10:04:50 +01:00
Aditya Sharad
bbe3269b8c Merge pull request #15189 from github/adityasharad/merge/3.12-main 
Merge `rc/3.12` into `main`
 2023-12-22 11:26:37 -08:00
Robert Marsh
a9c917010f Swift: fix missing keypath CFGs 2023-12-22 17:55:00 +00:00
Chad Bentz
730f6ed5b0 Merge branch 'main' into go-xxe-libxml2 2023-12-22 11:57:43 -05:00
Chad Bentz
86c258df7e mention sinks in changelog 2023-12-22 16:56:54 +00:00
Chad Bentz
cf25cc9531 Add docs 2023-12-22 16:53:21 +00:00
Edward Minnix III
d6d76fa4f1 Merge pull request #15183 from egregius313/egregius313/java/fix-weak-hashing-adddition 
Java: Fix minor error in `java/potentially-weak-cryptographic-algorithm`
 2023-12-22 11:38:55 -05:00
Edward Minnix III
be50696746 Merge pull request #100 from atorralba/atorralba/java/weak-hashing-suggestion 
Java: Generalize MaybeBrokenCryptoAlgorithmQuery.qll
 2023-12-22 09:03:59 -05:00
Jeroen Ketema
9c039c4a08 Merge pull request #12125 from jketema/unique-function 
C++: Ensure that only one `Function` exists for every function
 2023-12-22 13:56:35 +01:00
Jeroen Ketema
1cb02475a8 Update cpp/ql/lib/change-notes/2023-12-22-unique-function.md 2023-12-22 13:33:20 +01:00
Jeroen Ketema
d4f9e89b5b C++: Add change note 2023-12-22 13:20:38 +01:00
Mathias Vorreiter Pedersen
ecd2003c14 Merge pull request #15191 from MathiasVP/show-indirections-in-ssainternals-2 
C++: Show base variable in SSA variable `toString`s
 2023-12-22 12:58:12 +01:00
Arthur Baars
c5b6f48569 Merge pull request #15127 from smowton/smowton/feature/buildless-tests 
Add buildless tests
 2023-12-22 11:39:16 +01:00
Mathias Vorreiter Pedersen
ffdd28eaa9 C++: Show base variable in SSA variable 'toString's. 2023-12-22 10:29:31 +01:00
Tony Torralba
67f8bcce44 Merge pull request #14752 from masterofnow/LoadClassNoSignatureCheck 
Java: Insecure Loading of Class in Android App without Package Signature Checking
 2023-12-22 10:24:34 +01:00
Tony Torralba
8ad787f3b8 Java: Generelize MaybeBrokenCryptoAlgorithmQuery.qll 2023-12-22 10:15:40 +01:00
fossilet
611f1cede7 Add missing override. 2023-12-22 15:52:02 +08:00
Ed Minnix
8051cfcef5 Fix tests and fix getStringValue method 2023-12-21 22:48:08 -05:00
Ed Minnix
6455e1893d Add more test cases 2023-12-21 22:48:08 -05:00
Ed Minnix
7f9dff2dc7 Fix minor error in Weak Hashing 2023-12-21 22:48:07 -05:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
masterofnow
0fd09759df Added sample java file for qhelp to render correctly. 2023-12-22 08:31:23 +08:00
masterofnow
cb5733d647 Apply suggestions from code review 
Update to documentation.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-22 08:25:05 +08:00
AlexDenisov
e43fafc249 Merge pull request #15116 from github/alexdenisov/improve-swift-autobuilder-further 
Swift: separate installation of dependencies and autobuilding
 2023-12-21 17:35:34 +01:00
Jeroen Ketema
f7da6f56f3 C++: Ensure that only one Function exists for every function 2023-12-21 16:33:22 +01:00
Stephan Brandauer
a9d21cef01 Update MaD Declarations after Triage 2023-12-21 15:39:03 +01:00
Mathias Vorreiter Pedersen
7a10d88f36 Merge pull request #15185 from MathiasVP/show-indirections-in-ssainternals 2023-12-21 13:52:14 +01:00
masterofnow
7162540faf Added options, .qhelp and .expected file for unit test. 2023-12-21 19:57:37 +08:00
Mathias Vorreiter Pedersen
1007c4fc83 C++: Show indirections when printing SSA variables. 2023-12-21 10:38:58 +01:00
Tony Torralba
55f15d2deb Merge pull request #15182 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-12-21 09:39:36 +01:00
masterofnow
8dc522fb5f Merge remote-tracking branch 'origin/LoadClassNoSignatureCheck' into LoadClassNoSignatureCheck 2023-12-21 12:15:06 +08:00
masterofnow
25c818f425 Added unit test files. 2023-12-21 12:13:00 +08:00
Chad Bentz
7c93a2c825 Add const XMLParseNoEnt to stub 2023-12-21 00:49:14 +00:00
Chad Bentz
667861f575 depstubber with latest change 
- still failing with ./tst.go:195:25: undefined: parser.XMLParseNoEnt
 2023-12-21 00:42:37 +00:00
Chad Bentz
6f3867d804 stub the type Parser + the function New 
(it will automatically make stubs for all the methods on that type)

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-12-20 19:25:48 -05:00
Chad Bentz
4c46be1ed0 Use 3 arg overload on Method for hasQualifiedName for Package/Name/Type 2023-12-21 00:23:01 +00:00
github-actions[bot]
d77e8df800 Add changed framework coverage reports 2023-12-21 00:16:28 +00:00