hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-26 01:08:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,717 Branches 163 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
amammad
95c9a3fc9a add ssh client libraries, add SecondaryServerCmdInjectionCustomizations 2024-02-25 12:50:12 +04:00
amammad
385c3ba7ff continue to convert paramiko query to a more general query, 
the proxy command is not a secondary command execution
so we can add proxy command to SystemCommandExecution::Range, update QLDocs,
add a proper Paramiko test case
fix a typo
 2024-02-25 01:18:34 +04:00
amammad
70282f9ebe convert paramiko query to SecondaryServerCmdInjection query, Add inline tests 2024-02-24 18:10:13 +04:00
amammad
d234a53c50 update Fabric models, add new sink to Fabric, add proper test cases 2024-02-24 17:43:51 +04:00
amammad
076faa3a4e add pyTorch :) code execution sinks, add proper tests 2024-02-24 15:55:33 +04:00
amammad
3d7db0e46b add panas code execution sinks, add proper tests 2024-02-24 14:44:06 +04:00
Tom Hvitved
2683e40038 Merge pull request #15708 from hvitved/share-ide-contextual 
Share `getFileBySourceArchiveName` implementation
 2024-02-23 19:56:33 +01:00
Chris Smowton
12213a0a08 Add test 2024-02-23 18:39:16 +00:00
Ian Lynagh
bfea40fca0 Kotlin 2: Accept some PrintAst changes in library-tests/exprs 2024-02-23 18:39:06 +00:00
Chris Smowton
d57160db5c Direct map stores via a post-update node 2024-02-23 16:37:26 +00:00
Robert Marsh
da5e3d64ac C++: autoformat 2024-02-23 16:20:42 +00:00
Robert Marsh
dd97584eff C++: fix for duplicated parent of ReturnVoid statements 2024-02-23 16:19:34 +00:00
Ian Lynagh
1abd81ec34 Kotlin 2: Accept loc changes in library-tests/reflection 2024-02-23 13:52:05 +00:00
Ian Lynagh
f43e929d1a Kotlin: More generated elements in Kotlin 2 in library-tests/reflection 2024-02-23 13:45:58 +00:00
Paolo Tranquilli
6b63492d6b Merge pull request #15699 from github/criemen/bazel7-2 
Upgrade to bazel 7.0.2.
 2024-02-23 14:15:00 +01:00
Tamás Vajk
72f73553ca Merge pull request #15692 from tamasvajk/buildless/no-dotnet-sdk 
C#: Download latest dotnet SDK when missing
 2024-02-23 13:24:46 +01:00
Tony Torralba
759b74791c Java: Re-enable Widget.qll flow steps 
The library Widget.qll was accidentally removed from the global context when its sources were migrated to models-as-data in #13136. This re-adds it so that its flow steps are enabled again.
 2024-02-23 13:07:35 +01:00
Harry Maclean
f5be407989 Ruby: deprecate old ProtectFromForgeryCall class 2024-02-23 12:02:26 +00:00
Ian Lynagh
047a8b400e Merge pull request #15703 from igfoo/igfoo/k2mf 
Kotlin: Accept changes in library-tests/multiple_files
 2024-02-23 11:49:05 +00:00
Ian Lynagh
ee967e62e1 Merge pull request #15704 from igfoo/igfoo/k2ministdlib 
Kotlin: Remove the Kotlin 2 ministdlib test
 2024-02-23 11:48:55 +00:00
Owen Mansel-Chan
3dc6918356 Merge pull request #15648 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-02-23 11:48:17 +00:00
Harry Maclean
7b3f1a0982 Ruby: fix comment 2024-02-23 11:14:52 +00:00
Harry Maclean
081c1201ed Ruby: Make csrf query more specific 
CSRF protection only needs to be explicitly enabled on Rails
applications < 5.2 _or_ those that don't include a `load_defaults` call
with a version >= 5.2.
 2024-02-23 11:13:17 +00:00
Harry Maclean
3ee425cc47 Ruby: Identify ActionController::API 
`ActionController::API < ActionController::Base` is a base controller
class, so we should recognise it as such.
 2024-02-23 11:13:17 +00:00
Harry Maclean
32b775fdc3 Ruby: reduce duplicate alerts for csrf query 
Only generate an alert on the top-most vulnerable Rails controller in
the controller tree.
 2024-02-23 11:13:17 +00:00
Harry Maclean
1fbf177b54 Ruby: QLDoc fix 2024-02-23 11:13:16 +00:00
Harry Maclean
3499d169f9 Ruby: Add missing QLDoc 2024-02-23 11:13:16 +00:00
Harry Maclean
0597b2ed1b Ruby: recognise csrf_meta_tag 
csrf_meta_tag is an alias for csrf_meta_tags, retained for backwards
compatibility.
 2024-02-23 11:13:16 +00:00
Harry Maclean
f19a5a9837 Ruby: Add tests for Gemfile modeling 2024-02-23 11:13:16 +00:00
Harry Maclean
3c69ab10f2 Ruby: Restrict rb/csrf-protection-not-enabled 
This query only applies to codebases using Ruby on Rails < 5.2, or where
there is no call to `csrf_meta_tags` in the base ERb template.
 2024-02-23 11:13:15 +00:00
Harry Maclean
581072721c Ruby: Add change note 2024-02-23 11:13:15 +00:00
Harry Maclean
6d6f8ba512 Ruby: Make CSRF query more sensitive 
Generate an alert for every controller class that doesn't have or
inherity a `protect_from_forgery` setting.
 2024-02-23 11:13:15 +00:00
Harry Maclean
49d826f667 Ruby: Add a query for CSRF protection not enabled 
Specifically in Rails apps, we look for root ActionController classes
without a call to `protect_from_forgery`.
 2024-02-23 11:13:14 +00:00
Erik Krogh Kristensen
a0f91fbc15 Merge pull request #15706 from erik-krogh/pol-reg 
ReDoS: Restrict some edges related to upper/lower-case when constructing possible attack strings for polynomial-redos.
 2024-02-23 12:06:17 +01:00
Alvaro Muñoz
1458434504 Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-02-23 11:54:41 +01:00
Alvaro Muñoz
f513a19c24 fix: restrict EnvCtxAccessExpr to Env decarlations on the same file 2024-02-23 11:53:47 +01:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
Tamas Vajk
20f795c03a Code quality improvements 2024-02-23 11:20:15 +01:00
Michael Nebel
1a155b3a30 Merge pull request #15667 from michaelnebel/csharp/syntheticconstructorbody 
C#: Add synthetic bodies and inititializers for default constuctors.
 2024-02-23 11:14:00 +01:00
Tom Hvitved
94113521d1 Merge pull request #15689 from hvitved/ruby/no-field-branch-limit-summarized-callable 
Ruby: No `fieldFlowBranchLimit` for `SummarizedCallable`s
 2024-02-23 10:47:22 +01:00
Tom Hvitved
d8645cc960 Merge pull request #15694 from hvitved/csharp/assignable-definition-node 
C#: Use separate `newtype` branch for `AssignableDefinitionNode`
 2024-02-23 10:45:04 +01:00
github-actions[bot]
b2b5aa18b2 Add changed framework coverage reports 2024-02-23 00:16:49 +00:00
Tom Hvitved
303a2bb63a C#: Update expected test output 2024-02-22 21:04:55 +01:00
Tom Hvitved
ea7d9c97fd C#: Use separate newtype branch for AssignableDefinitionNode 2024-02-22 21:04:55 +01:00
Ian Lynagh
8d358a9f64 Kotlin: Remove the Kotlin 2 ministdlib test 
Upstream doesn't plan to fix it before the K2 release:
    https://youtrack.jetbrains.com/issue/KT-62183/K2-no-stdlib-doesnt-behave-as-expected

I've made a ticket to remind us to return to this later.
 2024-02-22 19:01:22 +00:00
Geoffrey White
573763a4b3 Shared: More revisions, manual and aided by further discussion with Copilot. 2024-02-22 18:59:35 +00:00
Ian Lynagh
cf441d1a30 Kotlin: Accept changes in library-tests/multiple_files 
I think that this is a regression, but one that we're not likely to fix
soon, so let's just accept the output for now. I've opened a ticket to
remind us to return to this.
 2024-02-22 18:57:12 +00:00
Robert Marsh
6f7f68fee8 Merge branch 'main' into rdmarsh2/cpp/ir-synthetic-destructors 2024-02-22 18:10:13 +00:00
Geoffrey White
797fee9c9e Swift: Change note. 2024-02-22 17:54:53 +00:00
Mathias Vorreiter Pedersen
63a5b49846 Merge pull request #15633 from MathiasVP/model-experiments 
C++: Assume modelled functions always override buffers by default
 2024-02-22 18:48:24 +01:00