hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-08 00:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,731 Branches 164 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
27763d6bbe Improve ZipSlip exclusion to take varargs into account 2023-06-07 09:25:56 +02:00
Paolo Tranquilli
700e3d5e53 Codegen: rename ipa to synth 2023-06-07 09:12:39 +02:00
Tony Torralba
8001ae9669 Update java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-07 09:08:24 +02:00
Tony Torralba
60725e9580 Update java/ql/lib/ext/org.springframework.core.io.model.yml 2023-06-07 09:07:22 +02:00
Tom Hvitved
48ac3e58ee Python: Use CallGraphConstruction in call graph construction 2023-06-07 09:02:03 +02:00
Tom Hvitved
88c5700c24 Ruby: Use CallGraphConstruction in call graph construction 2023-06-07 09:02:03 +02:00
Tom Hvitved
4bf124bffe Ruby/Python: Add CallGraphConstruction module for recursive type-tracking based call graph construction 2023-06-07 09:02:03 +02:00
Tony Torralba
2f12ae2e0d Update java/ql/lib/ext/okhttp3.model.yml 2023-06-07 08:57:12 +02:00
github-actions[bot]
a14e7fa694 Add changed framework coverage reports 2023-06-07 00:16:58 +00:00
Tom Hvitved
322b254cba Type tracking: Use noopt+inline_late in TypeBackTracker::[small]step 2023-06-06 20:46:14 +02:00
Nora Dimitrijević
189dee69bc Merge branch 'main' into swift/brace-stmt-variables 2023-06-06 17:40:25 +02:00
Nora Dimitrijević
03e94c7137 Swift: add library pack change note 2023-06-06 17:37:02 +02:00
Michael Nebel
4dae7ad35a C#: Only inject the shared compilation flag, if argument is not exe or dll. 2023-06-06 17:22:52 +02:00
Stephan Brandauer
b31131d33a Merge pull request #13344 from github/java/update-mad-decls-after-triage-2023-06-01T12-58-13 
Java: Update MaD Declarations after Triage
 2023-06-06 17:08:50 +02:00
Nora Dimitrijević
a831456e94 Swift: make BraceStmt's variable a synth property 2023-06-06 16:54:47 +02:00
Nora Dimitrijević
4a29087ce7 Swift: update Cfg test: VarDecls no longer in BraceStmt basic blocks 
This is a consequence of VarDecls not being Elements of BraceStmts. =
 2023-06-06 16:54:47 +02:00
Nora Dimitrijević
8ccbad601b Swift: PrintAst test changes 2023-06-06 16:54:47 +02:00
Nora Dimitrijević
026492836c Swift: codegen 2023-06-06 16:54:46 +02:00
Nora Dimitrijević
387cde5972 Swift: add BraceStmt.getVariable(_) child with logic in QL. 2023-06-06 16:54:46 +02:00
Michael Nebel
0f010afce1 C#: Add dotnet test that targets dll. 2023-06-06 16:53:26 +02:00
Stephan Brandauer
75cbcdd72e Update MaD Declarations after Triage 2023-06-06 16:38:31 +02:00
Tamás Vajk
e8f56f2981 Update csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2023-06-06 16:20:48 +02:00
Nora Dimitrijević
2529312d1d Codegen: fix test.qlgen failure 2023-06-06 15:58:19 +02:00
Nora Dimitrijević
928da77d10 Merge branch 'main' into redsun82/swift-synth-properties 2023-06-06 15:34:02 +02:00
Ian Lynagh
ca63122ce4 Kotlin: Relax version requirements 
If the latest version we know about is 1.9, and we are faced with 1.10,
then we try 1.9 rather than failing with an exception.
 2023-06-06 14:09:55 +01:00
Tamas Vajk
a4dec591c7 C#: Improve error message for missing explicit interface implementation 2023-06-06 15:01:54 +02:00
Tamas Vajk
75bc8756f2 C#: Change standalone extraction to allow unsafe code 2023-06-06 14:43:09 +02:00
Tony Torralba
49c6ea27a0 Merge pull request #13379 from atorralba/atorralba/kotlin/use-with-flow 
Kotlin: Add flow through kotlin.io.use and kotlin.with
 2023-06-06 13:44:14 +02:00
Asger F
17f9239c33 JS: Fix invalid source kind in test 2023-06-06 13:40:06 +02:00
Taus
f4fd908f7f Java: Comment out sinks for which no query exists 2023-06-06 13:01:59 +02:00
Ian Lynagh
f690d150b0 Merge pull request #13373 from igfoo/igfoo/kotlin-loc 
Java/Kotlin: Split lines of code by language
 2023-06-06 11:49:18 +01:00
Arthur Baars
7324d1705e Merge branch 'main' into amammad-ruby-YAMLunsafeLoad 2023-06-06 12:09:06 +02:00
Taus
c4bfb21f0f Merge pull request #13371 from github/nickrolfe/python-location-tostring 
Python: avoid selecting `getLocation()`
 2023-06-06 12:05:51 +02:00
Erik Krogh Kristensen
0e6693bdea Merge pull request #12874 from erik-krogh/ts51 
JS: Add support for TS 5.1
 2023-06-06 11:51:51 +02:00
Rasmus Wriedt Larsen
a1f20f84d4 Merge pull request #13359 from jorgectf/jorgectf/unsafe-deserialization-name-convention 
Python: Make `py/unsafe-deserialization` `@name` consistent with other languages
 2023-06-06 11:28:41 +02:00
Tony Torralba
1d8ca88aca Add change note 2023-06-06 11:25:07 +02:00
Tony Torralba
72af634575 Kotlin: Add flow through use and with 2023-06-06 11:22:16 +02:00
Nick Rolfe
6c5c338e6b Merge pull request #13348 from github/nickrolfe/java-location-tostring 
Java: avoid call to `Location.toString()`
 2023-06-06 09:55:42 +01:00
Nick Rolfe
3d0ecbed39 Merge pull request #13361 from github/nickrolfe/csharp-location-tostring 
C#: avoid calls to `Location::toString()`
 2023-06-06 09:55:09 +01:00
Tony Torralba
1601846478 Add exclusion to the ZipSlip query to avoid FPs 2023-06-06 10:28:49 +02:00
Tony Torralba
0065e6e1d6 Apply suggestions from code review 
Fix incorrect models-as-data rows
 2023-06-06 10:04:22 +02:00
Tony Torralba
1ccec90c6f Apply suggestions from code review 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-06 09:10:18 +02:00
Erik Krogh Kristensen
b78cd48954 Merge pull request #13329 from erik-krogh/sqlhelp 
JS: improve the sql-injection help page
 2023-06-06 08:44:44 +02:00
Erik Krogh Kristensen
29bbf58a29 Merge pull request #13377 from github/dependabot/cargo/ql/regex-1.8.4 
Bump regex from 1.8.3 to 1.8.4 in /ql
 2023-06-06 07:57:04 +02:00
dependabot[bot]
d38bca1e8c Bump regex from 1.8.3 to 1.8.4 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.3...1.8.4)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-06 04:02:46 +00:00
Geoffrey White
e04f6bff27 Swift: Add a simple Regex library. 2023-06-05 23:55:01 +01:00
Geoffrey White
c994b4b9dd Swift: Create test cases for a regular expression library. 2023-06-05 23:55:01 +01:00
Jami Cogswell
5a23421d9a Shared: minor updates to comments 2023-06-05 13:46:56 -04:00
Jeroen Ketema
272ced6ea5 Merge pull request #13374 from jketema/ptr-deref-min 
C++: Remove `cpp/invalid-pointer-deref` results duplicating ones with smaller `k`
 2023-06-05 19:31:24 +02:00
Jami Cogswell
7a4b74dd6a C#: fix typo with outdated sink msg location 2023-06-05 13:21:39 -04:00