hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-19 14:06:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,714 Branches 162 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Farebrother
cf8db4e425 Update instances of experimental concept to the main one, and anotate missing experimental test results. 2024-04-24 14:05:39 +01:00
Joe Farebrother
daa31b5bb7 Add documentation 2024-04-24 14:05:38 +01:00
Joe Farebrother
8636a50190 Fix qldoc + remove deprecation from experimental concepts (as they are still used in another experimental query) 2024-04-24 14:05:38 +01:00
Joe Farebrother
fa28d94363 Added a sanitizer for replacing newlines. 2024-04-24 14:05:38 +01:00
Joe Farebrother
dbbc944f32 Correct spelling 2024-04-24 14:05:38 +01:00
Joe Farebrother
a88ad62c00 Implemented sinks for bulk header updates, and added corresponding tests. 2024-04-24 14:05:38 +01:00
Joe Farebrother
3e9341ff8a Model class instantiation for werkzueg headers 2024-04-24 14:05:37 +01:00
Joe Farebrother
b9984beb16 Add test cases 2024-04-24 14:05:37 +01:00
Joe Farebrother
68d90918cf Add to header write concept a specification of whether the name or value arg allows newlines. 
Ported sink defenitions from Flask and Werzeug from experimental to main.
Removed experimental sink definitions for Django, as neither name nor value are vulnerable.
 2024-04-24 14:05:37 +01:00
Joe Farebrother
25ffcb2fde Split into customizations file 2024-04-24 14:05:37 +01:00
Joe Farebrother
6021d9238c Move headers injection query and concept from experimental to main 2024-04-24 14:05:37 +01:00
Tamás Vajk
3b44b131b9 Merge pull request #16311 from tamasvajk/fix/resx 
C#: Do not download `Microsoft.CodeAnalysis.ResxSourceGenerator` when…
 2024-04-24 13:49:55 +02:00
Tamas Vajk
4a97f95890 Improve code quality 2024-04-24 13:47:25 +02:00
Paolo Tranquilli
a23327c399 Merge branch 'main' into HEAD 2024-04-24 13:39:44 +02:00
Paolo Tranquilli
4aa0a8ebae Kotlin: make wrapper more robust for windows 2024-04-24 13:39:32 +02:00
Tamás Vajk
84ea3a9a2c Merge pull request #16310 from tamasvajk/buildless/nuget_versions 
C#: Add integration test with multiple versions of the same nuget pac…
 2024-04-24 13:33:27 +02:00
Nick Rolfe
8f2e51faa6 Ruby: do fewer regexp matches in SensitiveActions 2024-04-24 12:32:49 +01:00
Owen Mansel-Chan
f828f8ea65 Merge pull request #16250 from owen-mc/go/rename-untrusted-flow-source 
Go: Rename `UntrustedFlowSource` to `RemoteFlowSource` to match other language libraries
 2024-04-24 11:37:00 +01:00
Tom Hvitved
95d579d9de Data flow: Fix bad join 
```
Evaluated relational algebra for predicate _DataFlowImpl::Impl<HardcodedDataInterpretedAsCodeQuery::HardcodedDataInterpretedAsCodeFlow::C>::ret__#count_range@d112335l with tuple counts:
            285176  ~2%    {3} r1 = SCAN `_DataFlowDispatch::DataFlowCall.getEnclosingCallable/0#dispred#b7b78b19_DataFlowImpl::Impl<Hardcoded__#shared` OUTPUT In.1, In.0, In.2
        3265592261  ~3%    {5}    | JOIN WITH `DataFlowImpl::Impl<HardcodedDataInterpretedAsCodeQuery::HardcodedDataInterpretedAsCodeFlow::C>::returnCallEdge1/4#d02cae42_2301#join_rhs` ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Rhs.2, Lhs.1, Rhs.3
             39070  ~8%    {6}    | JOIN WITH `DataFlowImplCommon::Cached::viableImplInCallContextExt/2#58e931ad` ON FIRST 3 OUTPUT Lhs.0, Lhs.3, Lhs.1, Lhs.2, Lhs.4, _
             39070  ~0%    {6}    | REWRITE WITH Out.5 := 1
                           return r1
```
 2024-04-24 12:22:28 +02:00
Tamas Vajk
f3daba510b C#: Fix global.json and packages.config lookup 2024-04-24 11:57:45 +02:00
Tamas Vajk
88e67715a1 C#: Do not download Microsoft.CodeAnalysis.ResxSourceGenerator when there are no resx files to process 2024-04-24 11:53:29 +02:00
Tamas Vajk
53eb753346 C#: Add integration test with multiple versions of the same nuget package 2024-04-24 11:50:43 +02:00
Mathias Vorreiter Pedersen
037114b336 Merge pull request #16309 from geoffw0/newtests 
C++: Add test cases
 2024-04-24 10:06:51 +01:00
Nick Rolfe
af72c0848e Merge pull request #16306 from github/nickrolfe/js-sensitive 
JS: do fewer regexp matches in SensitiveActions
 2024-04-24 09:49:44 +01:00
Tamás Vajk
de58ee5a22 Merge pull request #16225 from tamasvajk/buildless/resx 
C#: Add resource generator
 2024-04-24 10:10:45 +02:00
Tom Hvitved
a1a93c7331 Merge pull request #16304 from hvitved/csharp/fix-bad-join 
C#: Fix a bad join
 2024-04-24 08:11:25 +02:00
Asger F
db07c162e4 JS: Allow generated models to use (package) 2024-04-23 20:25:55 +02:00
Asger F
9d00f660f1 Update ModelGeneration.expected 2024-04-23 20:08:21 +02:00
Owen Mansel-Chan
0311888fd4 Update change note 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2024-04-23 19:07:02 +01:00
Asger F
e4f23b31c6 JS: Add quotes around package name to correct parsing 2024-04-23 20:04:23 +02:00
Geoffrey White
57a53891e9 C++: Effect of recent QL changes. 2024-04-23 18:12:05 +01:00
Geoffrey White
b6703bc25c C++: Add test cases inspired by QA results differences. 2024-04-23 18:06:12 +01:00
Nick Rolfe
003d208574 JS: do fewer regexp matches in SensitiveActions 2024-04-23 15:31:38 +01:00
Tom Hvitved
d8d7688f88 C#: Fix another bad join 2024-04-23 15:39:59 +02:00
Paolo Tranquilli
c014cd84f4 Bazel: fix kotlin wrapper version dependency 2024-04-23 15:15:38 +02:00
Paolo Tranquilli
5b143cee96 Kotlin: make wrapper install quietly unless --select is explicit 
This allows `kotlinc -version` to always produce something parseable.
 2024-04-23 15:15:38 +02:00
Alvaro Muñoz
944bd84a58 Add missing spaces 2024-04-23 15:15:16 +02:00
Alvaro Muñoz
16cf60af00 Add double quotes to env var 2024-04-23 15:05:40 +02:00
Paolo Tranquilli
072e2edd34 Merge branch 'main' into redsun82/kotlin 2024-04-23 14:29:33 +02:00
Alvaro Muñoz
6237a8e24c Update action.yml 2024-04-23 13:27:44 +02:00
Alvaro Muñoz
5cd8d70a9c Bump qlpack versions 2024-04-23 13:09:06 +02:00
Alvaro Muñoz
858df49012 Generate yaml file 2024-04-23 13:08:27 +02:00
Anders Schack-Mulligen
830b83f653 Dataflow: Use doublyBoundedFastTC. 2024-04-23 13:07:20 +02:00
Alvaro Muñoz
a2ed07ec35 Update scan action 2024-04-23 12:43:23 +02:00
Mathias Vorreiter Pedersen
3592e76269 Merge pull request #16302 from MathiasVP/fieldflowbranchlimit-follow-up-1 
C++: `fieldFlowBranchLimit` follow-up (1)
 2024-04-23 11:35:49 +01:00
Tom Hvitved
6aa4c5c187 C#: Fix a bad join 2024-04-23 11:47:55 +02:00
Michael B. Gale
fb8ee07b43 Merge pull request #16262 from github/dependabot/go_modules/go/ql/integration-tests/all-platforms/go/two-go-mods-not-nested/src/subdir1/golang.org/x/net-0.23.0 2024-04-23 10:44:54 +01:00
Michael B. Gale
4ccff1a630 Merge pull request #16263 from github/dependabot/go_modules/go/ql/integration-tests/all-platforms/go/ninja-sample/src/golang.org/x/net-0.23.0 2024-04-23 10:44:17 +01:00
Michael B. Gale
4b7160d4b2 Merge pull request #16267 from github/dependabot/go_modules/go/ql/integration-tests/all-platforms/go/go-mod-without-version/src/golang.org/x/net-0.23.0 2024-04-23 10:43:43 +01:00
Michael B. Gale
5cce5008a3 Merge pull request #16264 from github/dependabot/go_modules/go/ql/integration-tests/all-platforms/go/single-go-work-not-in-root/src/modules/subdir2/golang.org/x/net-0.23.0 2024-04-23 10:42:53 +01:00