hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,712 Branches 163 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
148033e020 Swift: fix assertion diagnostics test 2024-03-25 12:05:22 +01:00
Tamas Vajk
5ab5244171 Change public messages to not include 'buildless' 2024-03-25 11:59:29 +01:00
Chris Smowton
10afb1cd93 Merge pull request #16030 from smowton/smowton/admin/buildless-wording-update 
Java: Update buildless test expectations
 2024-03-25 10:57:56 +00:00
Paolo Tranquilli
ca5d85c57e Merge branch 'main' into redsun82/swift-move-integration-tests-to-internal 2024-03-25 11:56:48 +01:00
Paolo Tranquilli
0fa40af131 Swift: fix last references to old integration test location 2024-03-25 11:49:19 +01:00
Rasmus Wriedt Larsen
0515b12305 JS: Add example of bad NodeJS detection 
Notice the TRAP lines

```
is_module(#20001)
is_es2015_module(#20001)
```
 2024-03-25 11:36:21 +01:00
Max Schaefer
ffbe3e6ed4 Merge pull request #16020 from github/max-schaefer/go-path-injection-qhelp 
Go: Update query help for `go/path-injection` to include example fixes.
 2024-03-25 10:25:36 +00:00
Owen Mansel-Chan
f2db9ce312 Merge pull request #16028 from owen-mc/java/sensitive-log-whitelist-tokenimage 
Java: whitelist variable name `tokenImage` for `java/sensitive-log` as it's used in code generated by JavaCC
 2024-03-25 10:02:19 +00:00
Paolo Tranquilli
5a771ad2cf Swift: bump python version 2024-03-25 10:42:16 +01:00
Tamás Vajk
d6374f65e4 Merge pull request #15957 from tamasvajk/feature/limit-message-extraction 
C#: Limit extracted compilation and extraction messages
 2024-03-25 10:30:10 +01:00
Paolo Tranquilli
762b4ce42e Swift: prepare integration tests for internal running 
This harmonizes Swift integration tests with the rest of the repository,
to prepare for the internal integration test runner to run them. The
stripped down runner is kept compatible, so that current CI can still
use it now. Maybe it will be kept for developer use.

This PR includes:
* moving the integration tests inside `ql`
* editing `qlpack.yml` so that the internal runner can use it
* change database directory to be `test-db` rather than `db`
 2024-03-25 10:17:55 +01:00
dependabot[bot]
0c73340e47 Bump regex from 1.10.3 to 1.10.4 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.3 to 1.10.4.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.3...1.10.4)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-25 03:31:03 +00:00
Owen Mansel-Chan
ac6c4add14 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-03-24 20:20:37 +00:00
Chris Smowton
d8686e02a8 Update test expectations 2024-03-24 17:57:27 +00:00
Owen Mansel-Chan
821f399193 Add change note 2024-03-23 23:51:52 +00:00
Owen Mansel-Chan
f4b3bae88b Add test for ParseException use of tokenImage 2024-03-23 23:48:16 +00:00
Owen Mansel-Chan
4832dc51ed Whitelist variable name tokenImage 2024-03-23 21:33:02 +00:00
Owen Mansel-Chan
63a04c056a Add test with tokenImage as used in JavaCC 2024-03-23 21:30:33 +00:00
Alvaro Muñoz
822e9bcaab env var injection query 2024-03-23 21:55:54 +01:00
Alvaro Muñoz
ff3759eca8 Merge pull request #40 from GitHubSecurityLab/refactor_source_checks 
feat(sources): Do not take triggers into consideration
 2024-03-23 21:42:19 +01:00
erik-krogh
051120e958 add qldoc for ReflectedXssSanitizers 2024-03-22 17:58:25 +01:00
erik-krogh
c60cec36d4 add calls to .html_safe? as a shared XSS sanitizer 2024-03-22 17:46:39 +01:00
Aditya Sharad
1a8932bc28 Merge pull request #16024 from github/changedocs/2.16.5 
Update CodeQL CLI to version 2.16.5
 2024-03-22 09:32:52 -07:00
Erik Krogh Kristensen
45ce988943 Merge pull request #16002 from erik-krogh/tarBlank 
JS: change the precision of the `js/unsafe-external-link` query to `low`
 2024-03-22 17:12:58 +01:00
Florin Coada
c653f1ce8c Add CodeQL 2.16.5 changelog 2024-03-22 15:28:54 +00:00
Joe Farebrother
592acb94d2 Add missing .s to qldoc 2024-03-22 15:28:34 +00:00
Max Schaefer
034ed17227 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-22 15:24:29 +00:00
Jeroen Ketema
d9b0a5918c Merge pull request #16018 from jketema/tls-precision 
C++: Add precision to `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol`
 2024-03-22 16:17:34 +01:00
Jeroen Ketema
453cdfa513 C++: Add change note 2024-03-22 15:52:52 +01:00
Joe Farebrother
a6ee19ca2d Fix query id 2024-03-22 14:36:47 +00:00
Ian Lynagh
63e34c4dec Kotlin 2: Accept more location changes 2024-03-22 14:09:20 +00:00
Joe Farebrother
01f712476b Add change note and update severity 2024-03-22 14:07:11 +00:00
Joe Farebrother
b74145349b Add test cases 2024-03-22 14:07:11 +00:00
Joe Farebrother
507a6102a2 Reorganise into Custimizations file + add some more sinks on ActiveRecord methods 2024-03-22 14:07:04 +00:00
Joe Farebrother
a8aac318d0 Add qhelp 2024-03-22 14:04:52 +00:00
Joe Farebrother
89838981b7 Add test cases 2024-03-22 14:04:52 +00:00
Joe Farebrother
0f45a53adc Add mass assignment query 2024-03-22 14:04:52 +00:00
Edward Minnix III
1785086ccb Merge pull request #15784 from egregius313/egregius313/csharp/dataflow/sources/file 
C#: Add source models for `file` threat model/source kind for .NET standard library
 2024-03-22 09:50:30 -04:00
Michael Nebel
a07ee8e961 C#: Update the AsList model to a value flow model. 2024-03-22 14:40:25 +01:00
Tamas Vajk
178a45af25 C#: Add high level diagnostic messages for buildless extraction (start, success) 2024-03-22 14:27:36 +01:00
Max Schaefer
bc9396e0e6 Address suggestions from review. 2024-03-22 13:19:36 +00:00
Michael B. Gale
f48e295f4a Merge pull request #16019 from p-/p--weak-enc-ecb-qhelp 
C#: add hint regarding ECB to weak encryption QHelp
 2024-03-22 13:09:08 +00:00
Michael Nebel
ca72b0583d C#: Update source and sink expected test output. 2024-03-22 13:59:47 +01:00
Erik Krogh Kristensen
7d968184fd improve the change-note 
Co-authored-by: Asger F <asgerf@github.com>
 2024-03-22 13:58:34 +01:00
Ed Minnix
4b13ad1310 Fix flow summary tests 2024-03-22 13:46:20 +01:00
Ed Minnix
9ed8ca27a1 Fix test and model 2024-03-22 13:46:19 +01:00
Ed Minnix
1f04229def Fix typo 2024-03-22 13:46:19 +01:00
Ed Minnix
73b4e8fe6a Add WithElement identifier to AsList method 2024-03-22 13:46:19 +01:00
Ed Minnix
9b23bfa038 Execute methods which return objects 
The `Execute` method returns `int` for "number of rows affected". But
some of the other `Execute*` methods return objects.
 2024-03-22 13:46:19 +01:00
Ed Minnix
5885938eaf Use wildcard signatures for Query methods 2024-03-22 13:46:19 +01:00