hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-16 20:46:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,714 Branches 162 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
60ed51781e Merge pull request #16790 from github/max-schaefer-patch-1 
JavaScript: Fix CodeQL alert in extractor
 2024-06-20 20:20:00 +02:00
Erik Krogh Kristensen
e84028d01e Merge pull request #14088 from am0o0/amammad-js-JWT 
JS: decoding JWT without signature verification
 2024-06-20 20:13:40 +02:00
Mathias Vorreiter Pedersen
d308178781 C++: Add extensible predicate for allocation. 2024-06-20 16:26:52 +01:00
Mathias Vorreiter Pedersen
ce5ab4c4b7 C++: Add qlpack dependency. 2024-06-20 16:26:50 +01:00
Mathias Vorreiter Pedersen
3457551264 C++: Replace deallocation models with models from extensible predicates. 2024-06-20 16:26:49 +01:00
Jeroen Ketema
0e04a59c08 Merge pull request #16795 from jketema/test-cleanup 
C++: Remove unneeded options from tests
 2024-06-20 16:24:07 +02:00
Mathias Vorreiter Pedersen
e5c20b13cf C++: Add extensible predicate for deallocation. 2024-06-20 14:51:09 +01:00
Jeroen Ketema
4c4c15b425 C++: Remove unneeded options from tests 2024-06-20 14:21:34 +02:00
Owen Mansel-Chan
aa35bd771b Fix bug removing "vendor/" from package paths 2024-06-20 13:18:21 +01:00
Asger F
a36e39359f Merge pull request #16739 from RasmusWL/js-array-steps 
JS: Allow many Array steps to be used in type-tracking
 2024-06-20 11:39:46 +02:00
Rasmus Lerchedahl Petersen
a7386b6670 Python: include new documentation 2024-06-20 11:25:25 +02:00
Rasmus Lerchedahl Petersen
f0e68887d4 Python: autoformat 2024-06-20 10:59:39 +02:00
yoff
b4fdf3c342 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-06-20 10:57:54 +02:00
Rasmus Wriedt Larsen
596102d3fb Update javascript/ql/lib/change-notes/2024-06-14-type-tracking-array-steps.md 
Co-authored-by: Asger F <asgerf@github.com>
 2024-06-20 10:07:49 +02:00
Alvaro Muñoz
1e4df62a39 Merge pull request #45 from github/change_packages 
Move from githubsecuritylab packages to github
 2024-06-20 09:51:17 +02:00
Alvaro Muñoz
4619128c11 Move from githubsecuritylab packages to github 2024-06-20 09:50:36 +02:00
Owen Mansel-Chan
754fd8e84c Drop leading . from getQualifiedName for built-in functions 
So it will be "panic" instead of ".panic".
 2024-06-19 22:04:21 +01:00
Owen Mansel-Chan
68a661f3c7 Write out whole function names 2024-06-19 21:58:31 +01:00
Owen Mansel-Chan
b79711b17e Move deprecated notice to top of comment 2024-06-19 21:58:28 +01:00
aegilops
1ecd72727d Renamed README to CUSTOMIZING, removed details from qhelp and referenced md doc instead 2024-06-19 17:59:43 +01:00
aegilops
a07639f4f6 Set severity to 7.0, in line with other configuration queries 2024-06-19 17:43:41 +01:00
aegilops
26f1b36736 Fixed formatting 2024-06-19 17:41:58 +01:00
aegilops
252c9e9416 Added data extension to set defaults, updated help, added README to explain customization 2024-06-19 17:27:17 +01:00
Max Schaefer
2be171746b JavaScript: Fix CodeQL alert in extractor 
This doesn't make a difference in practice because we only run the method on arrays of even length, but we might as well fix it.
 2024-06-19 17:13:01 +01:00
Rasmus Lerchedahl Petersen
5cb37f5c4c python: Document MaD format 
- add a few tests reflecting the documentation
- make the mentioned sink-kinds have an effect on relevant queries
 2024-06-19 17:00:15 +02:00
Mathias Vorreiter Pedersen
901fac4282 C++: Support 'Element' content in flow summaries. 2024-06-19 13:40:06 +01:00
Mathias Vorreiter Pedersen
013ee9c15e C++: Add support for 'Element' content in dataflow. 2024-06-19 13:39:39 +01:00
Mathias Vorreiter Pedersen
c158f8054e C++: Get rid of all the 'StdContainer' taint models. 2024-06-19 13:36:19 +01:00
Michael Nebel
aa962f9b03 Java: Update expected output of model generation. 2024-06-19 14:10:59 +02:00
Michael Nebel
1185e28ea2 Java: Add some spurious source and sink model generation examples. 2024-06-19 14:10:56 +02:00
Michael Nebel
ed3f1e40db Java: Sync changes and make dummy language specific implementation. 2024-06-19 14:10:54 +02:00
Michael Nebel
99907471b2 C#: Update model generator expected output. 2024-06-19 14:10:52 +02:00
Michael Nebel
40204911bc C#: Only allow source propgatation upwards in the call stack if the call path consists of unique call targets (to avoid unwanted virtual dispatch). This severely tightens the generation of extrapolated sources. 2024-06-19 14:10:49 +02:00
Paul Hodgkinson
3a98edb60b Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-06-19 12:53:32 +01:00
Tom Hvitved
6dbdc9e17f Merge pull request #16784 from github/redsun82/fix-warnings-in-ql-tests 
C++/Java: Accept new warning format in ql tests
 2024-06-19 13:05:50 +02:00
aegilops
d142f830da Change note and changed name of query in .ql file 2024-06-19 12:04:32 +01:00
aegilops
8a3cec4977 Fix formatting for check 2024-06-19 11:38:20 +01:00
Paolo Tranquilli
b7a2ea8981 CI: accept other diagnostic format related test changes 2024-06-19 11:33:50 +02:00
Paolo Tranquilli
59f8f8a394 Merge branch 'main' into redsun82/fix-warnings-in-ql-tests 2024-06-19 11:21:36 +02:00
aegilops
de96d3951d Renamed to helmetProperty everywhere 2024-06-19 10:15:06 +01:00
aegilops
f4691b1919 Changed to more-modern Dataflow libraries 2024-06-19 10:11:06 +01:00
aegilops
81ef255a87 Change to helmetProperty from helmetSetting variable name 2024-06-19 10:09:50 +01:00
Tamás Vajk
45ece48b6f Merge pull request #16776 from tamasvajk/fix/source-generator-folder 
C#: Make sure no file is added twice to the compilation
 2024-06-19 10:09:50 +02:00
Paolo Tranquilli
919ddccfdb C++/Java: Accept new warning format in ql tests 2024-06-19 09:13:18 +02:00
aegilops
da9e1e61a4 Moved examples into separate files 2024-06-18 19:50:06 +01:00
Edward Minnix III
7adfa6bbed Merge pull request #16709 from egregius313/egregius313/go/df/threat-models/refactor-queries 
Go: Refactor queries to use `ThreatModelFlowSource` instead of `RemoteFlowSource`
 2024-06-18 13:56:00 -04:00
Alex Ford
51f3f15e42 Ruby: remove outdated test comment 2024-06-18 17:51:49 +01:00
Alex Ford
d79a253c20 Ruby: remove unused import 2024-06-18 17:49:14 +01:00
Alex Ford
7380e29774 Ruby: changenote for rb/weak-sensitive-data-hashing 2024-06-18 17:48:51 +01:00
Alex Ford
d994959720 Ruby: add tests for rb/weak-sensitive-data-hashing 2024-06-18 17:47:32 +01:00