hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-18 13:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,714 Branches 162 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
80364e9570 Ruby: Repin in Cargo.toml 2024-05-21 11:25:21 +02:00
Jeroen Ketema
bddc69e409 Merge pull request #16537 from jketema/memcmp 
C++: Fix typo in `cpp/network-to-host-function-as-array-bound`
 2024-05-21 11:14:48 +02:00
Tom Hvitved
bf2ae9890f Tree-sitter: Bump to 0.22.6 2024-05-21 11:14:06 +02:00
Jeroen Ketema
c8fec336ce C++: Fix typo in cpp/network-to-host-function-as-array-bound 2024-05-21 10:29:17 +02:00
Jeroen Ketema
1a60c01723 C++: Add memcmp test for cpp/network-to-host-function-as-array-bound 2024-05-21 10:27:38 +02:00
Joe Farebrother
01a6c5e82f Merge pull request #16446 from joefarebrother/shared-sensitive-heuristics 
Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics
 2024-05-21 09:07:13 +01:00
Tom Hvitved
60ee7fb0d3 Merge pull request #16473 from hvitved/csharp/entity-framework-perf 
C#: Fix performance issue in EntityFramework modelling
 2024-05-21 10:03:21 +02:00
Tamás Vajk
1a20a624d6 Merge pull request #16498 from tamasvajk/buildless/use-nuget-from-path 
C#: Use nuget.exe from the executing machine instead of always downlo…
 2024-05-21 09:38:47 +02:00
Tamas Vajk
c9b4e83e73 Add empty Directory.Build.props to ql subdirectory 2024-05-21 09:30:25 +02:00
Cornelius Riemenschneider
731b9412df Fix integration test expectations. 2024-05-21 09:14:15 +02:00
Cornelius Riemenschneider
36922f2625 Remove GitInfo dependency. 
GitInfo doesn't work with the bazel-based build.
Instead, we pull in the information from bazel,
which correctly works with the bazel cache.
 2024-05-21 09:14:14 +02:00
Cornelius Riemenschneider
71372bc74c C#: Add Bazel-based build system. 
This commits a bazel-based build system for C#
using `rules_dotnet`. External dependencies are managed
via `paket`, and updates to the generated bazel files
are done via `./update-deps.sh`.
We're providing our own (minimal) test runner for `xunit`
tests.
 2024-05-21 09:14:13 +02:00
Paolo Tranquilli
9d21e2cda3 Merge pull request #16522 from github/redsun82/lfs 
Bazel: allow LFS rules to use cached downloads without internet
 2024-05-21 08:56:47 +02:00
Tamas Vajk
cecaa0de3a C#: Clear possibly inherited Directory.Build.props and Directory.Build.targets in stub generator 2024-05-21 08:55:19 +02:00
Tamas Vajk
6da0592ab6 C#: Refactor common msbuild properties 2024-05-21 08:55:12 +02:00
Tom Hvitved
d9019f9676 C#: Fix performance issue in EntityFramework modelling 2024-05-21 08:53:51 +02:00
erik-krogh
c166cb406a Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-21 08:48:12 +02:00
Mathias Vorreiter Pedersen
5893e38567 C++: Accept test changes. 2024-05-20 22:28:17 +01:00
Mathias Vorreiter Pedersen
0a550bb919 C++: Support 'if(!p)' for C programs in IRGuards. 2024-05-20 22:28:17 +01:00
Philippe Antoine
8ace9da14a fixup dataflow path and formatting 2024-05-20 21:31:47 +02:00
Mathias Vorreiter Pedersen
398b90a15d C++: Rename a few predicates. 2024-05-20 17:15:20 +01:00
Joe Farebrother
553500d9f2 Fix change note 2024-05-20 15:47:07 +01:00
Geoffrey White
13a7d9acb6 Merge pull request #16528 from geoffw0/docfix2 
C++: Update an instance of the name 'Semmle' in a doc page.
 2024-05-20 15:07:42 +01:00
aegilops
8300aeb0a0 Tests for InsecureHelmet 2024-05-20 12:05:42 +01:00
aegilops
3a885eaf9f Insecure Helmet middle configuration - frameguard or CSP to 'false' 2024-05-20 11:58:55 +01:00
Joe Farebrother
be573329d8 Add change note 2024-05-20 10:54:13 +01:00
Mathias Vorreiter Pedersen
c483a4bf04 Merge pull request #16527 from codeqlhelper/main 
C++: Static variables are initialized to zero or null by compiler
 2024-05-20 10:13:23 +01:00
Geoffrey White
0ba3cd96f5 C++: Update an instance of the name 'Semmle' in a doc page. 2024-05-20 10:02:50 +01:00
Joe Farebrother
7727e465f4 Model Flask SessionInterface request parameter 2024-05-20 09:46:54 +01:00
Mathias Vorreiter Pedersen
2f7766a557 C++: Autoformat. 2024-05-20 09:04:24 +01:00
Mathias Vorreiter Pedersen
df24e5982a C++: Add tests and accept test changes. 2024-05-20 09:01:42 +01:00
Mathias Vorreiter Pedersen
e8b9d7e6fa C++: Modify change note to be more aligned with existing change notes. 2024-05-20 08:52:18 +01:00
codeqlhelper
15667dcf1e Create 2024-05-19-avoid-reporting-static-variable.md 2024-05-19 21:55:35 +08:00
codeqlhelper
1d8d45b3aa Static variables are initialized to zero or null by compiler 
Static variables are initialized to zero or null by compiler, no need to get an initializer of them
 2024-05-19 21:48:43 +08:00
Alvaro Muñoz
d3bff87f9a Add github to json contexts 2024-05-17 23:10:29 +02:00
Alvaro Muñoz
5f8bab0608 Bump qlpack versions 2024-05-17 22:36:26 +02:00
Erik Krogh Kristensen
bfc95c6f13 Merge pull request #16510 from erik-krogh/go-command 
Go: Update the QHelp for `go/command-injection`.
 2024-05-17 17:45:10 +02:00
Paolo Tranquilli
d01d657f89 Bazel: accept new SSH keys in git_lfs_probe.py 2024-05-17 16:39:18 +01:00
Philippe Antoine
73d306c8c8 Adds another rule for null deref 2024-05-17 17:35:07 +02:00
Paolo Tranquilli
170e2231d4 Bazel: allow LFS rules to use cached downloads without internet 
If the cache is prefilled, LFS rules were still trying to query LFS
urls.

Now the strategy is to first try to fetch the files from the repository
cache (which is possible by providing an empty url list and `allow_fail`
to `repository_ctx.download`), and only run the LFS protocol if that
fails. Technically this is possible by enhancing `git_lfs_probe.py` with
a `--hash-only` flag.

This is also an optimization where no uneeded access is done (including
the slightly slow SSH call) if the repository cache is warm.
 2024-05-17 16:24:38 +01:00
yoff
0ecefd6a24 Update python/ql/lib/change-notes/2024-05-17-maD-rich-type-column.md 
Co-authored-by: Taus <tausbn@github.com>
 2024-05-17 16:58:59 +02:00
Rasmus Lerchedahl Petersen
9534e56d1b Python: address review comments 2024-05-17 16:25:22 +02:00
Cornelius Riemenschneider
b639f60fa6 Merge pull request #16517 from github/criemen/paket-rewrite 
C#: Reformat project files with `paket`.
 2024-05-17 16:20:25 +02:00
Chuan-kai Lin
1a4c07a1ac Merge pull request #16425 from github/cklin/swift-entities-reorder 
Swift: Use entities in reorder directives
 2024-05-17 06:43:18 -07:00
Chuan-kai Lin
f1047606ad Merge pull request #16418 from github/cklin/cpp-entities-reorder 
C++: Use entities in reorder directives
 2024-05-17 06:43:07 -07:00
yoff
a7a12f17b5 Merge pull request #16512 from yoff/python/allow-provenance-in-additional-taint-steps 
Python: Allow provenance in additional taint steps
 2024-05-17 15:07:12 +02:00
Felicity Chapman
daf19a2468 Merge pull request #16496 from github/felicitymay/sphinx-config 
Stop building the CodeQL for VS Code docs now they've been migrated
 2024-05-17 13:37:36 +01:00
Paolo Tranquilli
ad1188be1f Merge pull request #16518 from github/redsun82/bazel-update 
Bazel: update bazel to version 7.1.2
 2024-05-17 12:14:48 +01:00
Cornelius Riemenschneider
a6ce24dc39 C#: Reformat project files with paket. 
When running `dotnet paket update` or `dotnet paket install`, `paket`
forcefully reformats the project files. This is unfortunate.
One option is to accept these changes, as they're not harmful.
They do mean that each project includes the Paket restore targets individually,
instead of doing so via `Directory.Build.targets`.
Another option would be to not merge this PR, and then I'll document that
the changes to the csproj files should be ignored when running `paket` instead.
I don't really mind either way.
 2024-05-17 12:19:53 +02:00
Paolo Tranquilli
cc4f8e038d Bazel: update bazel to version 7.1.2 2024-05-17 10:52:29 +01:00