idrissrio
14a84c3209
C++: update expected test results after extractor changes
2025-04-02 15:20:06 +02:00
Owen Mansel-Chan
ecd09edf64
Add stubs for gogf/gf and uptrace/bun
2025-04-02 14:17:40 +01:00
Owen Mansel-Chan
1687042c3b
Add Bun models and tests
2025-04-02 14:17:39 +01:00
Owen Mansel-Chan
ddb7da4c13
Add gogf models and tests
2025-04-02 14:17:37 +01:00
Ed Minnix
9cf4117120
Add tests for gogf/gf/database/gdb
2025-04-02 14:17:35 +01:00
Ed Minnix
db65a6ff85
[gogf] Model github.com/gogf/gf/database/gdb
...
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com >
2025-04-02 14:17:34 +01:00
Ed Minnix
c54f0d82e2
[bun] Model github.com/uptrace/bun
2025-04-02 14:17:32 +01:00
Owen Mansel-Chan
89e853b4be
Don't use non-existent dependency
...
This makes some go tooling, like `go mod tidy`, not work.
2025-04-02 14:17:31 +01:00
Owen Mansel-Chan
88b061e27e
Add change note
2025-04-02 14:17:30 +01:00
Michael Nebel
93d0f364d6
C#: Add ConstantConditionBad file.
2025-04-02 15:00:05 +02:00
Nicolas Will
10564fac4d
Add @ps-codeql to CODEOWNERS for experimental cryptography
...
This pull request adds @github/ps-codeql as a code owner of `**/experimental/quantum/` to support the development of post-quantum cryptography-related libraries and queries.
We’ll be committing stable but experimental work to these directories as it becomes ready for public use, with a near-term goal of moving it out of experimental.
To get started, we’d also need write access to `github/codeql`.
cc @adityasharad @lcartey
2025-04-02 14:20:24 +02:00
Asger F
6c3bc941c5
Merge branch 'main' into js/name-resolution-independent-fixes
2025-04-02 14:15:44 +02:00
Asger F
2c40359143
JS: Change note
2025-04-02 14:12:07 +02:00
Asger F
30a9cd7c8a
JS: Include document as a DOM value
2025-04-02 14:09:52 +02:00
Michael Nebel
6820cbabc8
C#: Accept file sync mismatch for C# testfiles if they are identical modulo comments.
2025-04-02 14:01:00 +02:00
Asger F
9ebaac82cf
JS: Add tests for Response object sink
2025-04-02 13:47:18 +02:00
Geoffrey White
fbde235253
Rust: Rename the test as well.
2025-04-02 12:16:10 +01:00
Geoffrey White
02245af3ca
Rust: Rename the query file.
2025-04-02 12:11:55 +01:00
Geoffrey White
9fc0ee185b
Rust: Change the query ID to rust/summary/summary-statistics-reduced.
2025-04-02 12:03:20 +01:00
Taus
f461763938
Merge pull request #19186 from github/tausbn/actions-fix-gettargetpath-performance
...
Actions: Fix bad performance in `getTargetPath`
2025-04-02 12:53:56 +02:00
Napalys
390d9ffe66
Added change note
2025-04-02 12:50:53 +02:00
Napalys
b16b407f89
Add rimraf model and update tests for path injection vulnerabilities
2025-04-02 12:49:48 +02:00
Napalys
14999c19da
Added test cases for rimraf library.
2025-04-02 12:46:48 +02:00
Tom Hvitved
8663f3b8b2
Rust: Add another disjunct to postWithInFlowExclude
2025-04-02 12:32:28 +02:00
Geoffrey White
c737ee9b52
Rust: Accept another consistency check failure.
2025-04-02 10:58:56 +01:00
Michael Nebel
22c943657a
C#: Update change note.
2025-04-02 11:21:11 +02:00
Michael Nebel
d7f5ce2492
C#: Update log forging expected test output.
2025-04-02 11:21:07 +02:00
Michael Nebel
cf75493fe9
C#: Consider Enums and System.DateTimeOffset as having a sanitizing effect.
2025-04-02 11:21:05 +02:00
Michael Nebel
08159896f3
C#: Convert cs/log-forging tests to inline expectations.
2025-04-02 11:21:03 +02:00
Michael Nebel
60e3b4351a
C#: Fix simple types testcases.
2025-04-02 11:21:01 +02:00
Michael Nebel
024712c073
C#: Temporarily comment out considering Enums as having a sanitizing effect.
2025-04-02 11:20:59 +02:00
Chris Smowton
77e4d9e692
Fix stray references to the javax package name
...
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com >
2025-04-02 10:03:49 +01:00
Joe Farebrother
c37809a187
Reduce scope of allowImplicitRead to avoid cartesian product.
2025-04-02 09:35:50 +01:00
Joe Farebrother
2d6476ad21
Update names and alert message
2025-04-02 09:35:43 +01:00
Joe Farebrother
11830bf661
Move to separate folder
2025-04-02 09:35:39 +01:00
Joe Farebrother
5b7200a041
Use flow path in alerts
2025-04-02 09:35:32 +01:00
Joe Farebrother
08b4281187
Update query message and remove field case
2025-04-02 09:35:25 +01:00
Joe Farebrother
efdb4a6d82
Use global dataflow for loop variable capture
2025-04-02 09:35:17 +01:00
Anders Schack-Mulligen
e6cf737f99
Merge pull request #19178 from aschackmull/csharp/pressa-useuse
...
C#: Update PreSSA to reference the new use-use predicates.
2025-04-02 10:30:36 +02:00
Anders Schack-Mulligen
47b1c3d3ce
Merge pull request #19154 from aschackmull/ssa/variablecapture
...
Ssa: Replace phi-read references in VariableCapture with default use-use flow
2025-04-02 10:16:17 +02:00
Asger F
78b25388ca
JS: Protect against bad join in BadRandomness
...
This code resulted in bad join orders in response to certain library
changes. The actual library changes have to be split into smaller pieces
but I'd like to ensure I don't run into the bad join again.
2025-04-02 10:14:07 +02:00
Asger F
46f88e7ce7
JS: Updates to DOM model
2025-04-02 10:14:03 +02:00
Asger F
48db2b9315
JS: Add test
2025-04-02 10:12:36 +02:00
Ian Roof
1d81c77fcd
C#: Enhanced LogForgingQuery to treat C# Enums as simple types.
2025-04-02 09:40:10 +02:00
yoff
c18529086a
actions: add change note
2025-04-02 08:50:05 +02:00
yoff
7bf4a47549
Apply suggestions from code review
...
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com >
2025-04-02 08:43:29 +02:00
Michael Nebel
45b55c05ae
Merge pull request #19191 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2025-04-02 08:02:39 +02:00
Aditya Sharad
3b8c4d970f
Docs: Remove spurious predicate reference
2025-04-01 19:07:34 -07:00
Aditya Sharad
9db5cdf957
Docs: Add query help page placeholders for Actions
2025-04-01 19:03:59 -07:00
Aditya Sharad
a1ceaa0aa3
Docs: Add initial library docs for Actions
...
Create the basic structure, state the key importable libraries.
Describe a workflow.
State the extensible predicates available.
Other elements are to be filled in later.
2025-04-01 19:02:49 -07:00
