codeql

mirror of https://github.com/github/codeql.git synced 2026-03-18 21:46:46 +01:00

Author	SHA1	Message	Date
Asger F	499c4df79b	Merge pull request #13554 from am0o0/amammad-js-bombs JS: Decompression Bombs	2024-05-16 13:25:41 +02:00
Erik Krogh Kristensen	a2994c073a	Merge pull request #16507 from erik-krogh/up-insecure-randomness JS: Update the insecure-randomness QHelp	2024-05-16 12:52:09 +02:00
Owen Mansel-Chan	8cc118f781	Add change note	2024-05-16 11:16:54 +01:00
Owen Mansel-Chan	b008f98782	Fix missing `getUnderlyingType()` calls In both cases we also care about named types whose underlying type is an integer type.	2024-05-16 11:10:15 +01:00
Paolo Tranquilli	451f601a65	Swift: update prebuilt package	2024-05-16 11:07:07 +01:00
Max Schaefer	98d2c848bb	Merge pull request #16497 from github/max-schaefer/comparison-with-wider-type Java: Add tests for `comparison-with-wider-type`.	2024-05-16 10:59:59 +01:00
Cornelius Riemenschneider	74e446ea3b	Paket/C#: Only pull in the tool restore targt via `InitialTargets`.	2024-05-16 11:42:20 +02:00
Alvaro Muñoz	1b4246e7f1	Update tests for cache poisoning	2024-05-16 11:32:21 +02:00
erik-krogh	56dff8540f	add an example of how to get a floating point value between 0 and 1	2024-05-16 11:15:07 +02:00
erik-krogh	066f3b61a2	RandomSource is deprecated, it's crypto now	2024-05-16 11:14:50 +02:00
Owen Mansel-Chan	410543f26b	Add change note	2024-05-16 10:10:22 +01:00
Owen Mansel-Chan	e71cf0ff1d	Use value flow instead of taint flow	2024-05-16 10:10:18 +01:00
Jaroslav Lobačevski	c47fdd123d	Create label_actor.yml	2024-05-16 10:56:01 +02:00
Owen Mansel-Chan	5dbb91f508	Merge pull request #16504 from owen-mc/go/allow-array-reads-from-named-types Go: allow read and store steps from named types	2024-05-16 09:47:54 +01:00
Alvaro Muñoz	888b9fecca	Reduce FP for actor/association checks that cannot be bypassed this way	2024-05-16 10:28:24 +02:00
Tamás Vajk	c4d33fbede	Merge pull request #16505 from tamasvajk/fix/pin-sdk-version-in-test C#: Pin dotnet SDK version in integration test relying on razor sourc…	2024-05-16 10:18:17 +02:00
Chris Smowton	e8d064e291	Java: Add change note for Gradle JDK version detection	2024-05-16 09:15:47 +01:00
erik-krogh	ea2b73bda2	add a sanitizer that checks that the string does not start with "--"	2024-05-16 09:25:19 +02:00
Tamas Vajk	62faab320b	C#: Pin dotnet SDK version in integration test relying on razor source generator	2024-05-16 09:00:53 +02:00
yoff	5076b1a214	Merge pull request #16135 from sylwia-budzynska/gradio-model Python: Add Gradio models	2024-05-16 09:00:50 +02:00
erik-krogh	b9a7f6a8f7	add regexp check as a sanitizer for command-injection	2024-05-16 08:55:03 +02:00
erik-krogh	761f9cac97	make a new go/command-injection qhelp	2024-05-16 08:54:55 +02:00
erik-krogh	e2a4c2aa1b	move the code samples for the Go command-injection queries to an examples/ folder	2024-05-16 08:54:54 +02:00
Owen Mansel-Chan	6ffa821aa3	Add change note	2024-05-16 00:41:28 +01:00
Owen Mansel-Chan	21ff705b73	Fix bug with read/store steps and named types	2024-05-16 00:35:45 +01:00
Owen Mansel-Chan	1af3374322	Add tests for data flow through ranged for loops Including the case where the type of the domain is a named type rather than an array type or map type or whatever.	2024-05-16 00:32:30 +01:00
Mathias Vorreiter Pedersen	533c5218dd	Swift: Remove more beta references.	2024-05-15 22:56:50 +01:00
Mathias Vorreiter Pedersen	8f15b0b6c1	Swift: Remove beta label on documentation.	2024-05-15 22:54:34 +01:00
Alvaro Muñoz	446765bcbb	Update Cache Poisoning rule	2024-05-15 22:08:03 +02:00
Cornelius Riemenschneider	1b22e0879a	Paket/C#: Automatically restore tools for `CSharp.sln`. This is not a general fix, as we not always build the solution file, but this should improve the DX for local developers that use the solution file.	2024-05-15 21:51:33 +02:00
Alvaro Muñoz	731889bf88	Bump qlpack versions	2024-05-15 21:29:51 +02:00
Alvaro Muñoz	d15dc68e43	Merge pull request #35 from github/default_branch_name	2024-05-15 17:57:25 +02:00
Alvaro Muñoz	d5e679a340	Merge pull request #36 from github/JarLob-patch-1	2024-05-15 17:52:00 +02:00
Jaroslav Lobačevski	6f87b75504	Update test.yml	2024-05-15 17:44:16 +02:00
Jaroslav Lobačevski	00052d1ea1	exists	2024-05-15 15:37:57 +00:00
Jaroslav Lobačevski	17a6d28e18	Fix OR	2024-05-15 15:37:17 +00:00
Jaroslav Lobačevski	11edff936b	Fix tests	2024-05-15 15:27:59 +00:00
Chris Smowton	4617c055e2	Merge pull request #16336 from smowton/smowton/admin/android-8-test Java: Add Android Gradle Plugin 8 and Spring Boot 3 tests	2024-05-15 16:23:21 +01:00
Jaroslav Lobačevski	1a4939a13b	Apply suggestions from code review Co-authored-by: Alvaro Muñoz <pwntester@github.com>	2024-05-15 16:19:58 +02:00
Alvaro Muñoz	f09e79a79b	Merge pull request #33 from github/fix_32 Add context paths containing tainted fields	2024-05-15 16:00:22 +02:00
Chris Smowton	a50584c665	Comment on Java version selection testing strategy	2024-05-15 14:52:09 +01:00
Chris Smowton	44edff7661	AGP 8 test: ignore and remove the .gradle directory	2024-05-15 14:52:09 +01:00
Chris Smowton	9c823d708d	Expose toolchains to some Android tests, which would otherwise now try to upgrade to JDK17	2024-05-15 14:52:09 +01:00
Chris Smowton	c328957bf3	Add Spring Boot 3 test	2024-05-15 14:52:09 +01:00
Chris Smowton	7e13c88f1d	Add Android 8 integration test	2024-05-15 14:52:09 +01:00
Sylwia Budzynska	72493a6bd1	Change classes to private Co-authored-by: yoff <lerchedahl@gmail.com>	2024-05-15 15:08:27 +02:00
Cornelius Riemenschneider	950e8c85e7	Paket: Prevent recursion into ql/csharp/ql directory.	2024-05-15 14:17:04 +02:00
Cornelius Riemenschneider	a158e40cc2	MSBuild: Move paket restore target inclusion to global file.	2024-05-15 14:17:02 +02:00
Cornelius Riemenschneider	90bb0ba33f	Paket: Mark lockfile as generated.	2024-05-15 14:17:01 +02:00
Cornelius Riemenschneider	8f207e7a06	Add `dotnet tool restore` to local CI.	2024-05-15 14:16:47 +02:00

... 334 335 336 337 338 ...

84550 Commits