hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-07 16:14:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,732 Branches 164 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
b343dcaadd put string/object in the alert-message for sql-injection 2023-05-31 08:06:04 +02:00
Erik Krogh Kristensen
b9ffa11915 Merge pull request #13328 from github/dependabot/cargo/ql/chrono-0.4.26 
Bump chrono from 0.4.25 to 0.4.26 in /ql
 2023-05-31 07:42:37 +02:00
dependabot[bot]
75f6355bd6 Bump chrono from 0.4.25 to 0.4.26 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.25 to 0.4.26.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.25...v0.4.26)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-31 04:06:22 +00:00
Mathias Vorreiter Pedersen
a646749380 Merge pull request #13318 from MathiasVP/exclude-std-in-constant-size-array-off-by-one 
C++: Exclude `StdNamespace` sources in `cpp/constant-size-array-off-by-one`
 2023-05-30 14:31:18 -07:00
Mathias Vorreiter Pedersen
65eebf1f40 Merge branch 'main' into exclude-std-in-constant-size-array-off-by-one 2023-05-30 13:40:01 -07:00
Arthur Baars
490d22d123 Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3 2023-05-30 21:31:28 +02:00
Arthur Baars
60a5ef744f Merge pull request #13319 from aibaars/print-cfg 
Ruby: add print-cfg query
 2023-05-30 21:15:06 +02:00
Jeroen Ketema
dd30acf1e3 C++: Add nodes query predicate to cpp/invalid-pointer-deref 2023-05-30 18:43:01 +02:00
Jeroen Ketema
f5ed02a433 C++: Take into account the delta at the final sink in cpp/invalid-pointer-deref 2023-05-30 18:33:20 +02:00
Jeroen Ketema
de974cc18a C++: Add cpp/invalid-pointer-deref test case that shows some duplicate results 2023-05-30 18:18:13 +02:00
Jeroen Ketema
a8c76388c0 C++: Fix configuration names in comments in cpp/invalid-pointer-deref 2023-05-30 18:15:37 +02:00
Tony Torralba
70138448c3 Visibility 2023-05-30 17:54:59 +02:00
Tony Torralba
0151a728f8 Add change note 2023-05-30 17:53:03 +02:00
Tony Torralba
d3d67f0fb0 Add tests & stubs 2023-05-30 17:52:00 +02:00
Tony Torralba
977263a126 Use container flow for more precision 2023-05-30 17:51:41 +02:00
Tony Torralba
54e011188d Formatting 2023-05-30 17:50:50 +02:00
Andrew Eisenberg
6ba8f9eb36 Merge pull request #13314 from github/aeisenberg/adds-to-pack 
Fix `addsTo.pack` references
 2023-05-30 08:30:16 -07:00
Arthur Baars
d91fa2d038 Ruby: add print-cfg query 2023-05-30 17:30:04 +02:00
Mathias Vorreiter Pedersen
f00b29d3d2 C++: The small-string optimization commonly used inside 'std::string' is causing a lot of FPs. Let's exclude this for now to reduce the number of results for this query. 2023-05-30 07:33:07 -07:00
Robert Marsh
2afda5f3f1 Merge pull request #13305 from MathiasVP/fix-join-of-pointerArithOverflow0 
C++: Fix join in `pointerArithOverflow0`
 2023-05-30 10:24:35 -04:00
Taus
00e4c455b5 Update MaD Declarations after Triage 2023-05-30 16:11:30 +02:00
Asger F
d7f747e684 Merge pull request #13195 from asgerf/js/no-globals-in-example 
JS: Avoid using global vars in documentation examples
 2023-05-30 15:44:38 +02:00
Tamás Vajk
19f1d2b116 Merge pull request #13290 from tamasvajk/feature/source-generators 
C#: Extract source files generated by source generators
 2023-05-30 15:40:46 +02:00
Geoffrey White
560aa43953 Swift: Repair for AccountID / AccountKey. 2023-05-30 14:20:17 +01:00
Rasmus Lerchedahl Petersen
820b5f235e python: add change note 2023-05-30 13:36:10 +02:00
Rasmus Lerchedahl Petersen
2daa9577bb ruby/python: implement shared module 
ruby:
- create new shared file `SummaryTypeTracker.qll`
- move much logic into the module
- instantiate the module
- remove old logic, now provided by module

python:
- clone shared file
- instantiate module
- use (some of the) steps provided by the module
 2023-05-30 13:31:24 +02:00
Taus
73aa790cdd Java: Improve sampling strategy 
Instead of the "random" sampling used before (which could -- in rare circumstances -- end up sampling fewer points than we want) we now sample an equally distributed set of points.
 2023-05-30 11:22:26 +00:00
Rasmus Lerchedahl Petersen
47b2d48da2 python: add tests 
- add `getACallSimple` to `SummarizedCallable`
  (by adding it to `LibraryCallable`)
 2023-05-30 13:16:04 +02:00
Tamas Vajk
138bfad3d0 Add change note 2023-05-30 12:00:31 +02:00
Jeroen Ketema
16bc584bd1 Merge pull request #13294 from MathiasVP/better-test-for-range-analysis 
C++: Change range-analysis test to not use `getAst`
 2023-05-30 10:49:58 +02:00
Geoffrey White
d506172027 Swift: Change note. 2023-05-30 09:41:11 +01:00
Paolo Tranquilli
2183d380db Swift: implement review suggestions 2023-05-30 10:30:44 +02:00
Stephan Brandauer
d4b964c849 add support for sanitizers 2023-05-30 10:25:52 +02:00
Tony Torralba
db4e82e2f3 Merge pull request #13301 from atorralba/atorralba/java/stub-generator-perf-fix 
Java: Fix performance issue in the stub generator
 2023-05-30 10:21:16 +02:00
Geoffrey White
4a8320fafd Merge pull request #13287 from geoffw0/stringfp 
Swift: Fix some string length conflation false positives
 2023-05-30 08:57:48 +01:00
Michael Nebel
e764b46c88 Merge pull request #13306 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-05-30 09:23:09 +02:00
Erik Krogh Kristensen
073e31917a Merge pull request #13315 from github/dependabot/cargo/ql/chrono-0.4.25 
Bump chrono from 0.4.24 to 0.4.25 in /ql
 2023-05-30 07:53:01 +02:00
dependabot[bot]
39a07d42a1 Bump chrono from 0.4.24 to 0.4.25 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.24 to 0.4.25.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.24...v0.4.25)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-30 04:03:50 +00:00
github-actions[bot]
53aecb1949 Add changed framework coverage reports 2023-05-30 00:17:04 +00:00
Andrew Eisenberg
2d81e30d81 Fix addsTo.pack references 
This change is a prerequisite for a CLI change where there will be
strict testing of the `addsTo.pack` values. It must resolve to a pack
reference that is a transitive dependency of the current query's pack.
 2023-05-29 13:45:41 -07:00
Maiky
345f43fbae fix concepts 2023-05-29 21:17:48 +02:00
Maiky
62353122c0 Add Improper LDAP Authentication query (CWE-287) 2023-05-29 21:16:13 +02:00
Maiky
03b7c5e5e8 naming error 2023-05-29 16:34:40 +02:00
Maiky
a8f887e3f9 naming error 2023-05-29 16:33:58 +02:00
Tony Torralba
6386ef3b96 Further perf improvements 2023-05-29 09:58:52 +02:00
Harry Maclean
e70e3e52dc Ruby: fix typo in qhelp 2023-05-29 04:05:42 +00:00
Harry Maclean
ca1024e285 Ruby: Reword unsafe deserialization qhelp 2023-05-29 03:46:30 +00:00
Maiky
2d8318dc02 remove unnecessary imports and edit .qhelp 2023-05-28 17:40:31 +02:00
Maiky
065b69460d remove space 2023-05-28 17:34:16 +02:00
Maiky
5e33f14ff1 Undo Concepts changes 2023-05-28 17:33:05 +02:00