hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 01:38:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,721 Branches 163 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Lynagh
f6d6a04ba2 Kotlin 2: Accept location changes in library-tests/exprs 2024-02-14 17:01:21 +00:00
Ian Lynagh
4fcc1c26d4 Kotlin 2: Accept location changes in library-tests/exprs 2024-02-14 16:56:22 +00:00
Ian Lynagh
b95c69dc66 Kotlin 2: Accept location changes in library-tests/exprs 2024-02-14 16:54:20 +00:00
Ian Lynagh
2fe4c8c519 Kotlin 2: Accept some loc changes in library-tests/exprs/exprs 2024-02-14 16:47:46 +00:00
Ian Lynagh
14979585c9 Kotlin 2: Accept loc changes for library-tests/exprs/funcExprs.kt 2024-02-14 16:40:54 +00:00
Tony Torralba
f5d9fe6b08 Merge pull request #15615 from atorralba/atorralba/go/hardcoded-credentials-test-fix 
Go: Use less confusing name for hardcoded credentials tests
 2024-02-14 17:33:43 +01:00
Tony Torralba
582f341d9e Add references to qhelp 2024-02-14 17:25:09 +01:00
Tony Torralba
f9638760ff Fix MaD rows 2024-02-14 17:25:08 +01:00
Tony Torralba
769ec16803 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-02-14 17:25:08 +01:00
Tony Torralba
5a82d2188a Fix double quotes in MaD row 2024-02-14 17:25:08 +01:00
Tony Torralba
551875cb5a Add 'jwt' as valid sink kind 2024-02-14 17:25:08 +01:00
Tony Torralba
85b22a2b98 Fix QHelp 2024-02-14 17:25:08 +01:00
Tony Torralba
ad7d40f0af Add missing QLDoc 2024-02-14 17:25:08 +01:00
Tony Torralba
2a30898af6 Go: Promote go/missing-jwt-signature-check from experimental 2024-02-14 17:25:03 +01:00
Alvaro Muñoz
700882730c Merge pull request #10 from GitHubSecurityLab/job_outputs 
feat(field-flow): Refactor flow through job outputs
 2024-02-14 17:14:09 +01:00
Ian Lynagh
efe5184a74 Kotlin 2: Accept loc change for fn in library-tests/exprs/funcExprs.kt 2024-02-14 16:09:14 +00:00
Alvaro Muñoz
f65587e5cf feat(fieldflow): Refactor flow through Job outputs 
Job output should flow to the “key” (YamlString) and be read from there
from the JobOutputAccessExpr.

- NeedsCtxAccessExpr.getRefExpr should point to the UsesExpr(RW calling Job)
  or to the OutputsStmt(Regular Job).
- JobsCtxAccessExpr.getRefExpr should point to the OutputsStmt(Regular Job).
- Create storeStep from OutputExpr to OutputStmt using output var name
  as the field name.
- Create a readStep for CtxAccessExpr to read the referenced fields from
  the job outputs.
 2024-02-14 17:08:13 +01:00
Tony Torralba
1202b5b429 Go: Use less confusing name for hardcoded credentials tests 
We don't want name-based heuristics to pick these variable names, but also using something like 'safeName' may mislead readers into believing the test cases are intended to be GOOD cases (i.e. safe)
 2024-02-14 17:06:05 +01:00
Ian Lynagh
18a28e2623 Kotlin 2: Accept loc changes in library-tests/exprs for kFunctionInvoke.kt 2024-02-14 16:04:10 +00:00
Ian Lynagh
c11bfb3c83 Kotlin 2: Accept loc changes in library-tests/exprs for localFunctionCalls.kt 2024-02-14 16:03:23 +00:00
Tamas Vajk
12663b58f1 C# Only remove temp files for MVC view generation if needed 2024-02-14 17:00:37 +01:00
Tony Torralba
99ac640536 Merge pull request #15527 from atorralba/atorralba/go/promote-hardcoded-key 
Go: Promote `go/hardcoded-key` from experimental
 2024-02-14 16:54:03 +01:00
Rasmus Wriedt Larsen
eb401a205d Python: Fix test exclusion for stdlib Python 3.12 2024-02-14 16:53:19 +01:00
Ian Lynagh
1cc645b276 Kotlin 2: Accept location changes in library-tests/exprs for samConversion.kt 2024-02-14 15:49:44 +00:00
Ian Lynagh
9195be34a2 Kotlin 2: Accept location changes in library-tests/exprs/exprs for whenExpr.kt 2024-02-14 15:45:09 +00:00
Chris Smowton
7ed73bc4ed change note 2024-02-14 15:45:03 +00:00
Ian Lynagh
5d0b780c06 Kotlin 2: Accept some location improvements in library-tests/exprs/exprs.expected 2024-02-14 15:37:37 +00:00
Ian Lynagh
2cc2a90880 Kotlin 2: Accept some location changes in library-tests/exprs/exprs.expected 2024-02-14 15:37:35 +00:00
Jeroen Ketema
9ef2c83d71 Merge pull request #15611 from jketema/destructors4 
C++: For unnamed local variable declaration entries consider the name of the variable
 2024-02-14 16:18:33 +01:00
Chris Smowton
9016997b51 Golang: fix flow from a map value via a range statement 2024-02-14 14:56:24 +00:00
Rasmus Wriedt Larsen
59014787a1 Python: Fix DataflowQueryTest 
You're only allowed to have `result=OK` if there is a sink on that line...
 2024-02-14 15:44:40 +01:00
Rasmus Wriedt Larsen
cd596f5d05 Python: Reformat test-file 
All those newlines are not good for inline expectations
 2024-02-14 15:44:06 +01:00
Asger F
d94d4591da JS: Name instance methods using API nodes instead of special-casing 2024-02-14 15:08:19 +01:00
Asger F
c4a0f36a08 JS: Fix handling of unknown properties 
These would shorten the expected distance to a node, but would never be usable as an edge, meaning we failed to pick a preferred predecessor.
 2024-02-14 15:08:19 +01:00
Asger F
3ff950660b JS: Add test with unknown property name 2024-02-14 15:08:19 +01:00
Asger F
9838da5395 JS: Simplify isExported 2024-02-14 15:08:19 +01:00
Asger F
a3dc19fd31 JS: Check privacy earlier 2024-02-14 15:08:19 +01:00
Asger F
5c454944a9 JS: Add test for private fields 2024-02-14 15:08:19 +01:00
Asger F
2a91bb8c54 JS: Add test showing ambiguous predecessor 2024-02-14 15:08:19 +01:00
Jeroen Ketema
33413129a5 C++: For unnamed local variable declaration entries consider the name of the variable 2024-02-14 15:03:04 +01:00
Ian Lynagh
c87b7b5f88 Merge pull request #15606 from igfoo/igfoo/kt2 
Kotlin: Fix build with latest 2.0.255 snapshots
 2024-02-14 14:00:50 +00:00
Rasmus Wriedt Larsen
e5bd633028 Python: Change name/id to Decompression Bomb 
The old title/id matches how we used to write queries, but I think just
using the normal conversational name is easier for everyone :)
 2024-02-14 14:54:25 +01:00
Rasmus Wriedt Larsen
69c8ef9898 Python: Use dataflow instead of taint-tracking 2024-02-14 14:52:37 +01:00
Rasmus Wriedt Larsen
ba7dd38fc9 Python: Delete duplicated file 2024-02-14 14:48:37 +01:00
Rasmus Wriedt Larsen
9ae3ea81ff Python: Remove spurious results in stdlib 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
d8fd457310 Python: Use helper predicate 
Since the helper predicate had nice qldocs
 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
e7772f1062 Python: Use Unit class 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
ad39b8c68b Python: Accept .expected changes 2024-02-14 14:46:33 +01:00
Alvaro Muñoz
90d1ae4a05 fix: simplify Ast 2024-02-14 14:06:28 +01:00
Alvaro Muñoz
494fb2470e fix: refactor local, read and store steps 2024-02-14 14:05:13 +01:00