hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-26 01:08:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,717 Branches 163 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
bc98712da5 C#: Add one more using statement to the attributes test file. 2024-02-26 13:14:03 +01:00
amammad
32f5667bb6 revert YAML.qll and yaml sinks to previous PR, make a separate experimental query only for yaml 2024-02-26 12:12:03 +00:00
amammad
c582ea626d update expected test file 2024-02-26 12:10:04 +00:00
amammad
1c1a6f13df fix QLDoc style 2024-02-26 12:05:35 +00:00
amammad
9c5c8c8362 fix test file 2024-02-26 12:05:35 +00:00
amammad
464e2e4291 fix qldoc and test files 2024-02-26 12:04:52 +00:00
Alvaro Muñoz
c29f3a7779 Merge pull request #21 from GitHubSecurityLab/refactor_env_access 
refactor env access
 2024-02-26 13:02:33 +01:00
amammad
18fa91bde4 add transform method that is an alias for to_ruby 2024-02-26 11:59:41 +00:00
amammad
a75a004942 add more additional steps, change parse* sinks to reciever of them 2024-02-26 11:59:41 +00:00
amammad
474a4f8abd thanks @asgerf for informing me that Successor wants to be deprecated and thank him that providing the solution 2024-02-26 11:59:41 +00:00
amammad
1410574f76 make seperate steps for YAML.parse* and use getAsuccessor*() to reach final to_ruby method call, All parts have Rewritten with API graphs exclusively 2024-02-26 11:59:35 +00:00
Harry Maclean
f7b8e8af41 Ruby: Include request forgery sinks from MaD 2024-02-26 11:34:11 +00:00
Harry Maclean
8bed3fbed4 Ruby: Add basic model for Terrapin library 2024-02-26 11:32:41 +00:00
Harry Maclean
9d13a1ff51 Ruby: Add model for Process.spawn 2024-02-26 11:26:38 +00:00
Harry Maclean
d1847566b6 Ruby: Ql4QL fix 2024-02-26 11:26:38 +00:00
Harry Maclean
beef9965cc Ruby: Model Open4 library 
Also remove duplicate modeling of Process.spawn.
 2024-02-26 11:26:38 +00:00
Harry Maclean
a03c06802e Ruby: Add some more command injection sinks 2024-02-26 11:26:38 +00:00
Cornelius Riemenschneider
1657b314c1 Re-pin ruby extractor deps. 2024-02-26 11:21:23 +00:00
Cornelius Riemenschneider
688b9955a0 Address review, start accomodating bzlmod. 2024-02-26 11:21:23 +00:00
Cornelius Riemenschneider
b82ffd40e7 Fix windows CI build. 
As we're now checking out the `codeql` repo in a sub-path,
we need to enable long paths on Windows.
 2024-02-26 11:21:23 +00:00
Cornelius Riemenschneider
fd85c44129 Ruby: Start building the language pack using bazel. 
This PR introduces a bazel and `rules_rust`-based build system
for the ruby extractor and language pack.
This replacese the existing, `cargo` and `cross`-based build system.

For local development, nothing changes, and the existing `cargo`-based
build still keeps working as-is.

We no longer need to use `cross` to compile our Linux binaries,
as we now can link against our hermetic C++ toolchain, which ships
with an old enough glibc, so that we don't run into symbol version issues
when deploying the binaries to older systems.
Besides the one change in dependency (explained in detail in `Cargo.toml`
and in https://github.com/github/codeql/pull/15595), nothing ought to
change in how we build the extractor.
 2024-02-26 11:21:22 +00:00
Joe Farebrother
386defc3c7 Update test output 2024-02-26 11:21:03 +00:00
Anders Schack-Mulligen
c22cbf5b01 Merge pull request #15721 from aschackmull/workflows/format-check-shared 
Workflows: Run format check on shared.
 2024-02-26 12:12:29 +01:00
Joe Farebrother
fb06e9f6b2 Merge pull request #15719 from joefarebrother/ruby-changenote-formatting 
Ruby: Fix change note formatting
 2024-02-26 11:12:01 +00:00
Harry Maclean
dd092fd18f Ruby: Fix CSRF test 2024-02-26 11:02:54 +00:00
Jeroen Ketema
acf3a99dff Merge pull request #15716 from jketema/command-line-options 
C++: Update test after extractor changes
 2024-02-26 12:01:03 +01:00
Rasmus Wriedt Larsen
4ede553b21 Merge pull request #15365 from RasmusWL/lgtm_index_filter_handling 
Tree sitter extractor: Proper handling of `LGTM_INDEX_FILTERS`
 2024-02-26 11:59:45 +01:00
Tom Hvitved
5f5bcf686d Update csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2024-02-26 11:35:28 +01:00
Anders Schack-Mulligen
dab8e237e6 Workflows: Run format check on shared. 2024-02-26 11:33:00 +01:00
Tom Hvitved
5b1fb8789a C#: Implement View CFG query 2024-02-26 11:23:49 +01:00
Tom Hvitved
5b6e76c030 Move View CFG implementation from Ruby/Swift into shared library 2024-02-26 11:23:49 +01:00
Rasmus Wriedt Larsen
1cfac50749 Python: Add precision to NoSQL query 
Due to this, it was not part of any query suite :O
 2024-02-26 11:23:43 +01:00
Joe Farebrother
403a1ac483 Fix change note formatting 2024-02-26 10:21:26 +00:00
Joe Farebrother
2257df5c6f Model Arel::Nodes::SqlLiteral.new 2024-02-26 10:09:33 +00:00
Alvaro Muñoz
98f3a1e7bf fix(env): Improve env access support 2024-02-26 10:43:55 +01:00
Tom Hvitved
8fbe62ccae Swift: Implement getExtension and getStem 2024-02-26 10:33:57 +01:00
Jeroen Ketema
788100d475 C++: Update test after extractor changes 2024-02-26 10:04:42 +01:00
Tom Hvitved
03a125de38 Merge pull request #15562 from Marcono1234/patch-2 
Ruby: Fix formatting in changelog
 2024-02-26 10:03:29 +01:00
Tom Hvitved
4bd79c0eb3 Add change note 2024-02-26 09:58:23 +01:00
Rasmus Wriedt Larsen
07223031e8 Merge branch 'main' into lgtm_index_filter_handling 2024-02-26 09:56:02 +01:00
Tom Hvitved
acd52192d1 C#: Adopt shared variable capture library 2024-02-26 09:53:30 +01:00
Tom Hvitved
7197c64e2d C#: Add more variable capture tests 2024-02-26 09:53:29 +01:00
Alvaro Muñoz
645177cc80 Account for github.event.label check as a sanitizer for untrusted checkout 2024-02-26 09:39:42 +01:00
erik-krogh
0056067a17 Merge branch 'main' into ts-54 2024-02-25 21:20:43 +01:00
erik-krogh
083f56921c update to 5.4.1-rc 2024-02-25 21:20:41 +01:00
am0o0
a636c47c84 minor test cases change: remove unused dict 2024-02-25 23:57:58 +04:00
amammad
4321c5c2da update Twisted document link 2024-02-25 17:53:19 +04:00
amammad
7dd1389b9e add twisted SSH client as secondary server command injection sinks, add proper test cases 2024-02-25 17:52:24 +04:00
amammad
ab219902a9 add jsonpickle and pexpect libs in case of unsafe decoding and secondary command execution, add proper test cases 2024-02-25 17:15:35 +04:00
amammad
3e6b4a161b finalize Secondary server command injection queries and tests. 2024-02-25 14:24:42 +04:00