hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 15:06:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,712 Branches 163 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
92699d18ac Merge pull request #16508 from github/redsun82/updated-prebuilt 
Swift: update prebuilt package
 2024-05-16 14:58:17 +01:00
Jaroslav Lobačevski
558bea84d4 Create label_actor.yml 2024-05-16 15:57:13 +02:00
Alvaro Muñoz
e28ad1d644 Reduce FP for actor/association checks that cannot be bypassed this way 2024-05-16 15:57:13 +02:00
Alvaro Muñoz
f325d40a22 Ensure event sources are available for triggering events 2024-05-16 15:55:12 +02:00
am0o0
dcadda23cd update expected file 2024-05-16 15:15:27 +02:00
am0o0
f06c3fddd9 fix qhelp, fix duplicate query id 2024-05-16 15:12:31 +02:00
Michael Nebel
18fc92247b C#: Update flowsummaries expected output. 2024-05-16 15:09:04 +02:00
Michael Nebel
763d53afed C#: Remove the override and ext column from the summaries printing test. 2024-05-16 15:08:45 +02:00
Alex Ford
78dc6502f5 Merge branch 'main' into amammad-ruby-bombs 2024-05-16 13:53:31 +01:00
Michael Nebel
b1329fd806 Merge pull request #16362 from michaelnebel/java/removelocalqueries 
Java: Remove local query variants.
 2024-05-16 14:34:04 +02:00
am0o0
42a9962519 make shellJSMember predicate private, improve predicate document 2024-05-16 14:05:06 +02:00
Rasmus Lerchedahl Petersen
4378924785 Python: Example use of provenance for additional taint steps 2024-05-16 14:04:35 +02:00
Rasmus Lerchedahl Petersen
20ea9255a1 Python: Allow provenance in additional taint steps 2024-05-16 14:04:10 +02:00
yoff
ea3cc51286 Merge pull request #16194 from yoff/python/test-constructor-MaD-path 
Python: test the MaD path for constructor calls
 2024-05-16 13:52:30 +02:00
Cornelius Riemenschneider
47f679dc34 C#: Remove version constraints on most dependencies. 
This means that `dotnet paket update` will pull in the
latest matching versions of all dependencies, except
the pinned roslyn versions.
GitInfo also remains pinned, as we're removing that
dependency when converting the build to bazel anyways.

This removes a whole bunch of transitive dependencies
we no longer need, resulting in a smaller distribution,
and hopefully a smaller build.
 2024-05-16 13:51:36 +02:00
Cornelius Riemenschneider
8dc9c95be4 Merge pull request #16376 from github/criemen/dotnet-paket 
C#/C++: Convert C# code to use `paket` package manager
 2024-05-16 13:45:25 +02:00
Owen Mansel-Chan
2dd42f7aa5 Merge pull request #16509 from owen-mc/go/fix-missing-underlying-types 
Go: make two barriers recognise named types whose underlying types are integer types
 2024-05-16 12:41:42 +01:00
Owen Mansel-Chan
2b7394cd42 Merge pull request #16305 from github/go/value-flow-instead-of-taint-flow 
Go: Use value flow instead of taint flow for `go/incorrect-integer-conversion`
 2024-05-16 12:40:53 +01:00
Asger F
499c4df79b Merge pull request #13554 from am0o0/amammad-js-bombs 
JS: Decompression Bombs
 2024-05-16 13:25:41 +02:00
Erik Krogh Kristensen
a2994c073a Merge pull request #16507 from erik-krogh/up-insecure-randomness 
JS: Update the insecure-randomness QHelp
 2024-05-16 12:52:09 +02:00
Owen Mansel-Chan
8cc118f781 Add change note 2024-05-16 11:16:54 +01:00
Owen Mansel-Chan
b008f98782 Fix missing getUnderlyingType() calls 
In both cases we also care about named types whose underlying type is
an integer type.
 2024-05-16 11:10:15 +01:00
Paolo Tranquilli
451f601a65 Swift: update prebuilt package 2024-05-16 11:07:07 +01:00
Max Schaefer
98d2c848bb Merge pull request #16497 from github/max-schaefer/comparison-with-wider-type 
Java: Add tests for `comparison-with-wider-type`.
 2024-05-16 10:59:59 +01:00
Cornelius Riemenschneider
74e446ea3b Paket/C#: Only pull in the tool restore targt via InitialTargets. 2024-05-16 11:42:20 +02:00
Alvaro Muñoz
1b4246e7f1 Update tests for cache poisoning 2024-05-16 11:32:21 +02:00
erik-krogh
56dff8540f add an example of how to get a floating point value between 0 and 1 2024-05-16 11:15:07 +02:00
erik-krogh
066f3b61a2 RandomSource is deprecated, it's crypto now 2024-05-16 11:14:50 +02:00
Owen Mansel-Chan
410543f26b Add change note 2024-05-16 10:10:22 +01:00
Owen Mansel-Chan
e71cf0ff1d Use value flow instead of taint flow 2024-05-16 10:10:18 +01:00
Jaroslav Lobačevski
c47fdd123d Create label_actor.yml 2024-05-16 10:56:01 +02:00
Owen Mansel-Chan
5dbb91f508 Merge pull request #16504 from owen-mc/go/allow-array-reads-from-named-types 
Go: allow read and store steps from named types
 2024-05-16 09:47:54 +01:00
Alvaro Muñoz
888b9fecca Reduce FP for actor/association checks that cannot be bypassed this way 2024-05-16 10:28:24 +02:00
Tamás Vajk
c4d33fbede Merge pull request #16505 from tamasvajk/fix/pin-sdk-version-in-test 
C#: Pin dotnet SDK version in integration test relying on razor sourc…
 2024-05-16 10:18:17 +02:00
Chris Smowton
e8d064e291 Java: Add change note for Gradle JDK version detection 2024-05-16 09:15:47 +01:00
erik-krogh
ea2b73bda2 add a sanitizer that checks that the string does not start with "--" 2024-05-16 09:25:19 +02:00
Tamas Vajk
62faab320b C#: Pin dotnet SDK version in integration test relying on razor source generator 2024-05-16 09:00:53 +02:00
yoff
5076b1a214 Merge pull request #16135 from sylwia-budzynska/gradio-model 
Python: Add Gradio models
 2024-05-16 09:00:50 +02:00
erik-krogh
b9a7f6a8f7 add regexp check as a sanitizer for command-injection 2024-05-16 08:55:03 +02:00
erik-krogh
761f9cac97 make a new go/command-injection qhelp 2024-05-16 08:54:55 +02:00
erik-krogh
e2a4c2aa1b move the code samples for the Go command-injection queries to an examples/ folder 2024-05-16 08:54:54 +02:00
Owen Mansel-Chan
6ffa821aa3 Add change note 2024-05-16 00:41:28 +01:00
Owen Mansel-Chan
21ff705b73 Fix bug with read/store steps and named types 2024-05-16 00:35:45 +01:00
Owen Mansel-Chan
1af3374322 Add tests for data flow through ranged for loops 
Including the case where the type of the domain is a named type rather
than an array type or map type or whatever.
 2024-05-16 00:32:30 +01:00
Mathias Vorreiter Pedersen
533c5218dd Swift: Remove more beta references. 2024-05-15 22:56:50 +01:00
Mathias Vorreiter Pedersen
8f15b0b6c1 Swift: Remove beta label on documentation. 2024-05-15 22:54:34 +01:00
Alvaro Muñoz
446765bcbb Update Cache Poisoning rule 2024-05-15 22:08:03 +02:00
Cornelius Riemenschneider
1b22e0879a Paket/C#: Automatically restore tools for CSharp.sln. 
This is not a general fix, as we not always build the
solution file, but this should improve the DX for
local developers that use the solution file.
 2024-05-15 21:51:33 +02:00
Alvaro Muñoz
731889bf88 Bump qlpack versions 2024-05-15 21:29:51 +02:00
Alvaro Muñoz
d15dc68e43 Merge pull request #35 from github/default_branch_name 2024-05-15 17:57:25 +02:00