hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 02:08:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,723 Branches 164 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
766e0e61ed Merge pull request #15414 from github/release-prep/2.16.1 
Release preparation for version 2.16.1
codeql-cli/v2.16.1 		2024-01-23 19:57:39 +00:00
github-actions[bot]
7ef611e6dc Release preparation for version 2.16.1 2024-01-23 19:45:16 +00:00
Ed Minnix
dca24ded18 Add UUID and Date to the list of types in the SimpleTypeSanitizer class 2024-01-23 13:36:03 -05:00
Edward Minnix III
3c8b09307d Merge pull request #15291 from egregius313/egregius313/java/dataflow/default-sanitizers 
Java: Introduce a common sanitizer type for types which cannot realistically carry taint.
 2024-01-23 13:28:03 -05:00
Mathias Vorreiter Pedersen
145b5a30bd Merge pull request #15343 from microsoft/38-cpp-generalize-use-after-free-libraries 
Generalization of FlowAfterFree
 2024-01-23 16:49:29 +00:00
Ben Rodes
55fe8d376c Update cpp/ql/lib/semmle/code/cpp/security/flowafterfree/UseAfterFree.qll 2024-01-23 10:49:47 -05:00
Benjamin Rodes
dfb3aec002 Removing unnecessary private modules and adding comments. 2024-01-23 10:47:38 -05:00
Mathias Vorreiter Pedersen
42fd3fc836 C++: Make more things 'private' and add QLDoc to public things. (#40) 2024-01-23 10:27:01 -05:00
Geoffrey White
c10f41b168 C++: Use getClassAndName. 2024-01-23 15:02:59 +00:00
Geoffrey White
4c1f433073 C++: Move getIndirectionIndex to ReturnKind. 2024-01-23 14:52:44 +00:00
Mathias Vorreiter Pedersen
b1b236d82d Merge pull request #15410 from MathiasVP/less-dataflow-duplication 
C++: Remove more `asExpr` duplication
 2024-01-23 14:50:01 +00:00
Michael Nebel
10be0deeb5 C#: Add a couple more testcases. 2024-01-23 15:09:10 +01:00
Edward Minnix III
0e866a5447 Merge pull request #15359 from egregius313/egregius313/csharp/dataflow/threat-modeling/add-threatmodelflowsource 
C#: Threat Modeling - Introduce `ThreatModelFlowSource`
 2024-01-23 09:02:10 -05:00
Michael B. Gale
cf1aab0157 Go: Move identify environment code to separate file 2024-01-23 13:59:34 +00:00
Michael B. Gale
ee36e7424a Go: Move project analysis code to separate file 2024-01-23 13:59:33 +00:00
Michael B. Gale
0dc3c847bc Go: Move go invocations to separate file 2024-01-23 13:59:33 +00:00
erik-krogh
158ff0da0a add a trailing slash to the folder check in the QHelp for java/path-injection 2024-01-23 14:46:02 +01:00
Tamás Vajk
df8d453058 Merge pull request #15395 from tamasvajk/feature/standalone-nuget-restore-retry 
C#: Try fallback `dotnet restore` without nuget.config
 2024-01-23 14:45:00 +01:00
Erik Krogh Kristensen
f1d6f56621 Merge pull request #15393 from erik-krogh/deps-jan-2024 
All: delete outdated deprecations
 2024-01-23 13:52:38 +01:00
Mathias Vorreiter Pedersen
8b172c133d C++: Accept test changes. 2024-01-23 12:06:42 +00:00
Mathias Vorreiter Pedersen
5bc602a208 C++: Ensure that we don't create a result for 'asExpr' on an instruction node if a result also exists for an operand node (and vice versa). 2024-01-23 12:06:35 +00:00
erik-krogh
00dadeb3bf delete the markdown file again 2024-01-23 12:57:15 +01:00
erik-krogh
57e0b3cceb iterate on the java/path-injection qhelp 2024-01-23 12:56:43 +01:00
erik-krogh
4958c19c67 move the examples for the qhelps into an example/ folder 2024-01-23 12:56:23 +01:00
erik-krogh
6b66f5cbc5 check in the TaintedPath qhelp as markdown to get pretty diffs 2024-01-23 12:56:22 +01:00
Chris Smowton
43453fea52 Merge pull request #15408 from smowton/smowton/admin/log-setup-go-message 
Log advice when a newer Go version is required under Actions
 2024-01-23 11:32:38 +00:00
Mathias Vorreiter Pedersen
d29d060706 Merge pull request #15401 from alexet/make-intended-join-order 
CPP: Fix join ordering hints to make them do what they intend.
 2024-01-23 11:30:20 +00:00
Chris Smowton
7e96eaa273 Log advice when a newer Go version is required under Actions 2024-01-23 10:49:52 +00:00
Tony Torralba
77e724b3ba Merge pull request #15188 from github/java/update-mad-decls-after-triage-2023-12-21T14-39-02 
Java: Update MaD Declarations after Triage
 2024-01-23 11:34:57 +01:00
Tony Torralba
fcd9a5ed71 Update java/ql/lib/change-notes/2023-12-21-new-models.md 2024-01-23 11:18:12 +01:00
Joe Farebrother
dedba1fc54 Address review comments - add barrierIn and fix a model for a PendingIntent sink 2024-01-23 09:51:42 +00:00
Joe Farebrother
0acb647e7d Fix tests and add notification sink kind to model verification 2024-01-23 09:51:41 +00:00
Joe Farebrother
b23bbf93d4 Reorder sink models 2024-01-23 09:51:41 +00:00
Joe Farebrother
69faafa194 Add change note 2024-01-23 09:51:40 +00:00
Joe Farebrother
1190352b67 Add qhelp 2024-01-23 09:51:40 +00:00
Joe Farebrother
d806fcae3d Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with) 2024-01-23 09:51:39 +00:00
Joe Farebrother
2ca164ce35 Generate androidx stubs and correct some models 2024-01-23 09:51:39 +00:00
Joe Farebrother
bafd65b1d2 Add tests to cover each modeled sink + some corrections to the models 2024-01-23 09:51:38 +00:00
Joe Farebrother
a1a2acd3ce Add additional test cases 2024-01-23 09:51:38 +00:00
Joe Farebrother
f9bb004618 Add sink models to notification builder setters 2024-01-23 09:51:38 +00:00
Joe Farebrother
cd19a91704 Add unit test 2024-01-23 09:51:37 +00:00
Joe Farebrother
3aa27148de Split existing tests under CWE-200 into separate folders 2024-01-23 09:51:37 +00:00
Joe Farebrother
143ce0b94a Add sensitive notification query 2024-01-23 09:51:37 +00:00
Stephan Brandauer
95b439bf31 Merge branch 'main' into java/update-mad-decls-after-triage-2023-12-21T14-39-02 2024-01-23 09:40:50 +01:00
Stephan Brandauer
cd765e7c19 work on review comments 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:35:36 +01:00
Stephan Brandauer
8b34407ab7 Java: java.awt.Desktop::browse is a url-redirection sink 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-23 09:28:13 +01:00
Michael Nebel
95a200453b Merge pull request #15404 from michaelnebel/csharp/inlinearraydummystats 
C#: Add dummy stats for inline_array_type.
 2024-01-23 09:17:18 +01:00
Michael Nebel
123e86e0e0 C#: Add dummy stats for inline_array_type. 2024-01-23 08:29:01 +01:00
Erik Krogh Kristensen
97071b0dc7 Merge pull request #15403 from github/dependabot/cargo/ql/chrono-0.4.32 
Bump chrono from 0.4.31 to 0.4.32 in /ql
 2024-01-23 08:20:28 +01:00
Ed Minnix
fcbee1994b Update change note 2024-01-22 23:57:31 -05:00