hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,714 Branches 163 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
120fb93c23 Go: Improve QHelp for go/unsafe-quoting. 2024-03-25 13:32:51 +00:00
Paolo Tranquilli
dea922958b Merge pull request #16034 from github/redsun82/swift-move-integration-tests-to-internal 
Swift: prepare integration tests for internal running
 2024-03-25 14:08:47 +01:00
Paolo Tranquilli
9c9f4b956e Swift: fix db in diagnostics_test_utils.py 2024-03-25 13:53:27 +01:00
Tamas Vajk
2f0b54c801 Refactor buildless telemetry logging 2024-03-25 12:48:27 +01:00
Geoffrey White
88ea9197d9 C++: Add more tests for uncommon cases. 2024-03-25 11:40:15 +00:00
Ian Lynagh
55226c48a6 Merge pull request #16022 from igfoo/igfoo/k2_exprs 
Kotlin 2: Accept more location changes
 2024-03-25 11:38:15 +00:00
Tamas Vajk
b94d33d78d Add buildless failed diagnostic 2024-03-25 12:27:36 +01:00
Paolo Tranquilli
7f53509022 Merge branch 'main' into redsun82/swift-move-integration-tests-to-internal 2024-03-25 12:22:00 +01:00
Geoffrey White
46b8e3be66 C++: Fix another mistake in the test. 2024-03-25 11:20:55 +00:00
Geoffrey White
dec5fc0f48 C++: Switch MAD syntax from *Argument[0] style to Argument[*0] style. 2024-03-25 11:20:55 +00:00
Geoffrey White
40270e1f70 C++: Fix mistake in test model. 2024-03-25 11:20:55 +00:00
Geoffrey White
b598b4ac45 C++: Fix for field content indirection (1-based). 2024-03-25 11:20:55 +00:00
Geoffrey White
73e95d67b9 C++: Implement Field indirection. 2024-03-25 11:20:55 +00:00
Geoffrey White
393bd7277c C++: Add some negative test cases for indirection. 2024-03-25 11:20:55 +00:00
Geoffrey White
af4320df50 C++: Modify a summary test case to only test the summary model, not a source model as well. 2024-03-25 11:20:55 +00:00
Geoffrey White
14deb06e80 C++: Implement Argument + Parameter indirection. 2024-03-25 11:20:55 +00:00
Paolo Tranquilli
6707fc3a7c Swift: remove wrong flag in runner.py 2024-03-25 12:20:13 +01:00
Geoffrey White
638bfff09d C++: Implement ReturnValue indirection (this version only worked with a small change to the shared library parsing to permit '*' in the token name; we no longer need this, so I rebased it out). 2024-03-25 11:20:09 +00:00
Paolo Tranquilli
148033e020 Swift: fix assertion diagnostics test 2024-03-25 12:05:22 +01:00
Tamas Vajk
5ab5244171 Change public messages to not include 'buildless' 2024-03-25 11:59:29 +01:00
Chris Smowton
10afb1cd93 Merge pull request #16030 from smowton/smowton/admin/buildless-wording-update 
Java: Update buildless test expectations
 2024-03-25 10:57:56 +00:00
Paolo Tranquilli
ca5d85c57e Merge branch 'main' into redsun82/swift-move-integration-tests-to-internal 2024-03-25 11:56:48 +01:00
Paolo Tranquilli
0fa40af131 Swift: fix last references to old integration test location 2024-03-25 11:49:19 +01:00
Rasmus Wriedt Larsen
0515b12305 JS: Add example of bad NodeJS detection 
Notice the TRAP lines

```
is_module(#20001)
is_es2015_module(#20001)
```
 2024-03-25 11:36:21 +01:00
Max Schaefer
ffbe3e6ed4 Merge pull request #16020 from github/max-schaefer/go-path-injection-qhelp 
Go: Update query help for `go/path-injection` to include example fixes.
 2024-03-25 10:25:36 +00:00
Owen Mansel-Chan
f2db9ce312 Merge pull request #16028 from owen-mc/java/sensitive-log-whitelist-tokenimage 
Java: whitelist variable name `tokenImage` for `java/sensitive-log` as it's used in code generated by JavaCC
 2024-03-25 10:02:19 +00:00
Paolo Tranquilli
5a771ad2cf Swift: bump python version 2024-03-25 10:42:16 +01:00
Tamás Vajk
d6374f65e4 Merge pull request #15957 from tamasvajk/feature/limit-message-extraction 
C#: Limit extracted compilation and extraction messages
 2024-03-25 10:30:10 +01:00
Paolo Tranquilli
762b4ce42e Swift: prepare integration tests for internal running 
This harmonizes Swift integration tests with the rest of the repository,
to prepare for the internal integration test runner to run them. The
stripped down runner is kept compatible, so that current CI can still
use it now. Maybe it will be kept for developer use.

This PR includes:
* moving the integration tests inside `ql`
* editing `qlpack.yml` so that the internal runner can use it
* change database directory to be `test-db` rather than `db`
 2024-03-25 10:17:55 +01:00
dependabot[bot]
0c73340e47 Bump regex from 1.10.3 to 1.10.4 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.3 to 1.10.4.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.3...1.10.4)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-25 03:31:03 +00:00
Owen Mansel-Chan
ac6c4add14 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-03-24 20:20:37 +00:00
Chris Smowton
d8686e02a8 Update test expectations 2024-03-24 17:57:27 +00:00
Owen Mansel-Chan
821f399193 Add change note 2024-03-23 23:51:52 +00:00
Owen Mansel-Chan
f4b3bae88b Add test for ParseException use of tokenImage 2024-03-23 23:48:16 +00:00
Owen Mansel-Chan
4832dc51ed Whitelist variable name tokenImage 2024-03-23 21:33:02 +00:00
Owen Mansel-Chan
63a04c056a Add test with tokenImage as used in JavaCC 2024-03-23 21:30:33 +00:00
Alvaro Muñoz
822e9bcaab env var injection query 2024-03-23 21:55:54 +01:00
Alvaro Muñoz
ff3759eca8 Merge pull request #40 from GitHubSecurityLab/refactor_source_checks 
feat(sources): Do not take triggers into consideration
 2024-03-23 21:42:19 +01:00
erik-krogh
051120e958 add qldoc for ReflectedXssSanitizers 2024-03-22 17:58:25 +01:00
erik-krogh
c60cec36d4 add calls to .html_safe? as a shared XSS sanitizer 2024-03-22 17:46:39 +01:00
Aditya Sharad
1a8932bc28 Merge pull request #16024 from github/changedocs/2.16.5 
Update CodeQL CLI to version 2.16.5
 2024-03-22 09:32:52 -07:00
Erik Krogh Kristensen
45ce988943 Merge pull request #16002 from erik-krogh/tarBlank 
JS: change the precision of the `js/unsafe-external-link` query to `low`
 2024-03-22 17:12:58 +01:00
Florin Coada
c653f1ce8c Add CodeQL 2.16.5 changelog 2024-03-22 15:28:54 +00:00
Joe Farebrother
592acb94d2 Add missing .s to qldoc 2024-03-22 15:28:34 +00:00
Max Schaefer
034ed17227 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-22 15:24:29 +00:00
Jeroen Ketema
d9b0a5918c Merge pull request #16018 from jketema/tls-precision 
C++: Add precision to `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol`
 2024-03-22 16:17:34 +01:00
Jeroen Ketema
453cdfa513 C++: Add change note 2024-03-22 15:52:52 +01:00
Joe Farebrother
a6ee19ca2d Fix query id 2024-03-22 14:36:47 +00:00
Ian Lynagh
63e34c4dec Kotlin 2: Accept more location changes 2024-03-22 14:09:20 +00:00
Joe Farebrother
01f712476b Add change note and update severity 2024-03-22 14:07:11 +00:00