hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-15 20:16:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,708 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
2720aaf097 Add new test for secrets in artifact query 2024-09-06 23:36:29 +02:00
Alvaro Muñoz
279b0bb8f1 Change description for CWE-1395 query 2024-09-06 23:33:46 +02:00
Alvaro Muñoz
d34a0ba306 Add change note 2024-09-06 23:28:57 +02:00
Alvaro Muñoz
5d1da861a2 fix: Use YamlScalar for booleans 2024-09-06 23:21:41 +02:00
Alvaro Muñoz
5df3af2272 Fix alert message 2024-09-06 23:06:57 +02:00
Alvaro Muñoz
d9e8792d33 [javascript] Query to detect GITHUB_TOKEN leaked in artifacts 2024-09-06 22:55:58 +02:00
Alvaro Muñoz
84b02febfe Bump qlpack versions 2024-09-06 22:53:53 +02:00
Alvaro Muñoz
72e0851e91 Update metadata for Secrets in Artifact query 2024-09-06 22:53:16 +02:00
Michael B. Gale
e165fc77b5 Merge pull request #17386 from github/dependabot/go_modules/go/extractor/extractor-dependencies-cf6e4563c3 
Bump golang.org/x/mod from 0.20.0 to 0.21.0 in /go/extractor in the extractor-dependencies group
 2024-09-06 18:54:36 +01:00
Arthur Baars
1a9b2329f4 Add SlicePat::{slice, suffix} 2024-09-06 19:27:35 +02:00
Arthur Baars
406d03edfc Rename IfLet::else_branch to IfLet::else_ 2024-09-06 18:40:03 +02:00
Arthur Baars
e8277015ab Add subclasses for Array 2024-09-06 18:23:01 +02:00
Arthur Baars
69b05e835c Add fields for OffsetOf 2024-09-06 18:17:15 +02:00
Arthur Baars
75113367c9 Add InlineAsm::expr 2024-09-06 18:14:14 +02:00
Arthur Baars
bc6da117d2 Fix type of Closure::arg_types 2024-09-06 17:59:24 +02:00
Jeroen Ketema
915d24c62f C++: Re-introduce the original version of the many_defs_per_use IR test 
See: 28cff2ea20
 2024-09-06 17:38:29 +02:00
Alvaro Muñoz
5e92026f14 Bump qlpack versions 2024-09-06 17:34:55 +02:00
Alvaro Muñoz
0e3097d604 Merge pull request #79 from github/secrets-in-artifacts 
feat: New query to report GITHUB_TOKEN exposed in artifacts
 2024-09-06 17:32:49 +02:00
Alvaro Muñoz
25eb417acc Remove public wording 2024-09-06 17:32:35 +02:00
Alvaro Muñoz
37fc6156d0 Removing experimental flag 2024-09-06 17:30:49 +02:00
Alvaro Muñoz
6eef51e415 fix: add path checks 2024-09-06 17:22:44 +02:00
Alvaro Muñoz
fefeae4469 feat: New query to report GITHUB_TOKEN exposed in artifacts 2024-09-06 17:00:15 +02:00
Alvaro Muñoz
b2f6ef246c Merge pull request #78 from github/rasmuswl/syntax-error-query 2024-09-06 15:48:35 +02:00
Rasmus Wriedt Larsen
2f68e6f26e Add missing test file 2024-09-06 14:53:46 +02:00
Paolo Tranquilli
928f3f11f1 Rust: remove <> from function wrapper 2024-09-06 14:34:12 +02:00
Paolo Tranquilli
ac9e977baa Rust: remove accidental test source file 2024-09-06 14:29:10 +02:00
Paolo Tranquilli
18c423eb55 Rust: fix formatting of code snippet in docstring 2024-09-06 14:27:57 +02:00
Paolo Tranquilli
6111a7497d Rust: remove accidental schema annotation 2024-09-06 14:26:36 +02:00
Paolo Tranquilli
8c5cc2efdc Rust: generate test code from schema docstrings 
This generates test source files from code blocks in class docstrings.

By default the test code is generated as is, but it can optionally:
* be wrapped in a function providing an adequate context using
  `@rust.doc_test_function(name, *, lifetimes=(), return_type="()", **kwargs)`,
  with `kwargs` providing both generic and normal params depending on
  capitalization
* be skipped altogether using `@rust.skip_doc_test`

So for example an annotation like
```python
@rust.doc_test_function("foo",
                        lifetimes=("a",),
                        T="Eq",
                        x="&'a T",
                        y="&'a T",
                        return_type="&'a T")
```
will result in the following wrapper:
```rust
fn foo<'a, T: Eq>(x: &'a T, y: &'a T) -> &'a T {
    // example code here
}
```
 2024-09-06 14:24:42 +02:00
Rasmus Wriedt Larsen
4820626f29 Add SyntaxError query 
This can be used by autofix, but might also be nice to help find YAML syntax errors 🤷
 2024-09-06 14:04:46 +02:00
Felicity Chapman
967367bba6 Apply suggestions from code review 
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
 2024-09-06 12:30:18 +01:00
Arthur Baars
a33c7703cd Add Label class 2024-09-06 12:42:43 +02:00
Arthur Baars
e14b626917 Add 'BlockBase' class 2024-09-06 12:15:35 +02:00
Paolo Tranquilli
122e5a7598 Rust: remove accidental IDE files 2024-09-06 12:05:11 +02:00
Cornelius Riemenschneider
9b12df5ae4 Merge pull request #17389 from github/criemen/bzlmod-upgrades 
CI: Upgrade bazel rules.
 2024-09-06 12:02:13 +02:00
Michael B. Gale
c34fe9eda2 Go: Add change note for 1.23 support 2024-09-06 10:52:10 +01:00
Michael B. Gale
3f94ed19bd Docs: Add Go 1.23 to supported range 2024-09-06 10:50:08 +01:00
Arthur Baars
ce2fdb3463 Address comments 2024-09-06 11:47:08 +02:00
Michael B. Gale
d1b311f11f Merge pull request #17358 from github/mbg/go/1.23-transparent-aliases 
Go: Support 1.23 (Transparent aliases)
 2024-09-06 10:46:41 +01:00
Michael Nebel
a5b462292f Merge pull request #17330 from michaelnebel/java/modelgenfieldbased 
Java/C#: Field based model generator (Experimental).
 2024-09-06 11:11:46 +02:00
Alvaro Muñoz
ac7b7b7162 Bump qlpack versions 2024-09-06 10:50:58 +02:00
Alvaro Muñoz
4f57aade35 Improve accuracy of actions/download-artifact as a source 
If upload is on the same workflow, it needs to be triggered by a priv
workflow
 2024-09-06 10:49:27 +02:00
Cornelius Riemenschneider
c75f55debf Merge branch 'main' into criemen/bzlmod-upgrades 2024-09-06 10:41:52 +02:00
Jeroen Ketema
b73b8682b4 Merge pull request #17371 from jketema/correct-include 
C++: Update expected test results after extractor changes
 2024-09-06 09:38:06 +02:00
Paolo Tranquilli
8ecba44ea9 Rust: add experimental bazel target 2024-09-06 09:29:54 +02:00
Asger F
fb9732a33f JS: Add another test and TODO about an issue with constant array indices 2024-09-06 08:43:11 +02:00
Asger F
1da68aac73 JS: Benign test output change 
This happened as a result of the bugfix in the previous commit
 2024-09-06 08:43:10 +02:00
Asger F
a9a8351cce JS: Fix one case of missing handling of unknown array index 2024-09-06 08:43:09 +02:00
Asger F
379c7ef20a JS: Add test to show lack of unknown array element being propagated 2024-09-06 08:43:08 +02:00
dependabot[bot]
3c1e3b66ec Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/mod/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-06 03:21:50 +00:00