hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 21:16:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,714 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
2486c8423b Swift: Correct mistakes. 2024-08-01 17:02:03 +01:00
Alvaro Muñoz
c4d70e66e1 Bump qlpack versions 2024-08-01 17:49:13 +02:00
Alvaro Muñoz
822a326a4b Merge pull request #66 from github/tee_support 
feat(bash): Add support for tee as a way to write to GITHUB special files
 2024-08-01 17:47:55 +02:00
Alvaro Muñoz
f457537b34 feat(bash): Add support for tee as a way to write to GITHUB special files 2024-08-01 17:47:23 +02:00
Owen Mansel-Chan
b95189d132 Merge branch 'main' into go/gokogiri/update-import-paths 2024-08-01 16:30:52 +01:00
Owen Mansel-Chan
c23938d119 Merge pull request #17113 from owen-mc/go/xmlpath/add-more-package-paths 
Go: add more import paths for `xmlpath`
 2024-08-01 16:26:33 +01:00
Geoffrey White
14763f3bb5 Swift: Change note. 2024-08-01 16:24:53 +01:00
Geoffrey White
8e68e0dfba Swift: Change note. 2024-08-01 16:17:55 +01:00
Geoffrey White
3f26250967 Swift: Remove the sources instead (more general solution). 2024-08-01 16:14:30 +01:00
Geoffrey White
2b7b1c624d Swift: Use a barrier as a simple fix. 2024-08-01 15:58:43 +01:00
Geoffrey White
7bf61d1d7e Swift: Add test cases. 2024-08-01 15:49:33 +01:00
Geoffrey White
683ca2d578 Swift: Test spacing. 2024-08-01 15:32:45 +01:00
Owen Mansel-Chan
9167057dfd Update test expectations 2024-08-01 15:22:08 +01:00
Owen Mansel-Chan
c75db669ed Add import path for gokogiri 2024-08-01 15:21:24 +01:00
Owen Mansel-Chan
1a697fe993 Merge pull request #17115 from owen-mc/go/update-frameworks 
Go: add newly modeled packages to frameworks.csv
 2024-08-01 15:13:12 +01:00
Owen Mansel-Chan
3ccdce291a Update test expectations 2024-08-01 15:12:08 +01:00
Owen Mansel-Chan
62adb31ca6 Add more import paths for xmlpath 2024-08-01 14:52:19 +01:00
Owen Mansel-Chan
9d866192a6 Add paths from QL models to MaD models 2024-08-01 14:52:18 +01:00
Owen Mansel-Chan
e051815d96 Merge pull request #17119 from owen-mc/go/finish-converting-tests-to-model-pretty-printing 
Go: finish converting tests to model pretty printing
 2024-08-01 14:04:02 +01:00
Owen Mansel-Chan
8325c4c69c Updated .expected files 2024-08-01 13:12:21 +01:00
Owen Mansel-Chan
cbe54717f6 Revert "Revert post-processing for 6 queries pending bug fix" 
This reverts commit a8236e1545.
 2024-08-01 13:10:06 +01:00
Anders Schack-Mulligen
776c01aa8d Merge pull request #17117 from aschackmull/dataflow/qltest-provenance-workaround 
Dataflow: Allow printing multiple models for one MaDId.
 2024-08-01 13:52:58 +02:00
Anders Schack-Mulligen
90272ddbfa Dataflow: Allow printing multiple models for one MaDId. 2024-08-01 13:04:24 +02:00
Geoffrey White
2ed2a76866 Swift: Add a note about escaping as an alternative way to fix these issues. 2024-08-01 11:52:08 +01:00
Geoffrey White
2fd4b57d74 Swift: Expand the swift/sql-injection qhelp examples by labelling the API that's used, adding SQLite3 C API examples, and adding an example of using a prepared statement incorrectly. 2024-08-01 11:52:06 +01:00
Geoffrey White
9f6a5d9e13 Swift: Fix typo in example. 2024-08-01 11:52:05 +01:00
Geoffrey White
61eb5cd55c Swift: Put a barrier on the qualifiers as well. 2024-08-01 11:49:10 +01:00
Geoffrey White
0c3e8ced4b Swift: Make append methods and string interpolation barriers for swift/constant-salt. 2024-08-01 11:49:09 +01:00
Geoffrey White
2543f3ecfb Swift: Make + a barrier for swift/constant-salt. 2024-08-01 11:49:08 +01:00
Geoffrey White
c8438c38f2 Swift: Tests for string appending with swift/constant-salt. 2024-08-01 11:49:07 +01:00
Geoffrey White
69c18f9cd2 Swift: Use in swift/constant-salt so that the source node is clickable + visible to autofix. 2024-08-01 11:49:06 +01:00
Geoffrey White
b944d47f58 Swift: Fix the example for swift/constant-salt. 2024-08-01 11:49:05 +01:00
Owen Mansel-Chan
d5dc95f1e6 Update frameworks.csv 2024-08-01 11:03:50 +01:00
Alvaro Muñoz
def170425a Bump qlpack versions 2024-08-01 11:43:48 +02:00
Alvaro Muñoz
e043cf3a54 Merge branch 'master' of https://github.com/github/codeql-actions 2024-08-01 11:38:55 +02:00
Alvaro Muñoz
c9b7340718 Bump qlpack versions 2024-08-01 11:38:46 +02:00
Alvaro Muñoz
5006b81565 Merge pull request #65 from github/query/vulnerable_versions 
feat(queries): Improve Use Of Vulnerable Actions query
 2024-08-01 11:37:24 +02:00
Alvaro Muñoz
6cfec0d245 feat(queries): Improve Use Of Vulnerable Actions query 
Move all info to a MaD config file so its easier to mantain
Add other vulnerable actions
 2024-08-01 11:37:00 +02:00
Anders Schack-Mulligen
377301a55a Merge pull request #17108 from aschackmull/dataflow/flowthrough-provenance 
Dataflow: Propagate provenance correctly for flow-through wrappers.
 2024-08-01 09:35:56 +02:00
Owen Mansel-Chan
97c9207595 Merge pull request #17104 from owen-mc/go/add-extra-go-jose-package-path 
Go: Fix missing `go-jose` package path
 2024-08-01 00:14:46 +01:00
Alvaro Muñoz
a05dd49b74 Merge pull request #64 from github/query/path_traversal 
query/path traversal
 2024-07-31 23:14:48 +02:00
Alvaro Muñoz
5f1884aa32 feat(queries): Add new queries to report path traversal via artifact poisoning 2024-07-31 23:03:34 +02:00
Alvaro Muñoz
483f6229ff refactor: Create abstract class for known vulnerable actions 2024-07-31 23:02:52 +02:00
Alvaro Muñoz
4334524ac4 Merge pull request #63 from github/cwe_1395 
feat(queries): Add query to report vulnerable 3rd party actions
 2024-07-31 18:30:27 +02:00
Alvaro Muñoz
2b55d79c93 feat(queries): Add query to report vulnerable 3rd party actions 2024-07-31 18:29:17 +02:00
yoff
251036c6b4 Merge pull request #17080 from sylwia-budzynska/streamlit 
Python: Add Streamlit models
 2024-07-31 18:20:11 +02:00
Jami
f9f57e9122 Merge pull request #17023 from jcogs33/jcogs33/java/add-apache-ant-path-inj-sinks 
Java: add apache-ant `Property` path injection sinks
 2024-07-31 11:04:13 -04:00
Geoffrey White
20672acb74 Merge pull request #17110 from geoffw0/memfree 
C++: Improve cpp/memory-may-not-be-freed
 2024-07-31 15:59:42 +01:00
Mathias Vorreiter Pedersen
06a4f907ef Merge pull request #17109 from MathiasVP/constexpr-if-unevaluated 
C++: Mark `constexpr if` as unevaluated
 2024-07-31 15:34:29 +01:00
Alvaro Muñoz
a69fa5cb83 Merge pull request #62 from github/actions_download_artifact 
feat(queries): Add actions/download-artifact as a source of Artifact Poisoning
 2024-07-31 16:31:54 +02:00