hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 13:46:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,673 Branches 157 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
6bfc49c069 C#: Address review comments 2021-03-25 11:43:25 +01:00
yoff
32b264bdee Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2021-03-25 10:48:59 +01:00
Anders Schack-Mulligen
d53c334488 Merge branch 'java/fix-experimental-query-metadata' into java/cleanup 2021-03-25 10:36:36 +01:00
Anders Schack-Mulligen
28ff3f412d Java: Add severity and precision metadata to experimental queries. 2021-03-25 10:29:47 +01:00
Cornelius Riemenschneider
867471b122 C++: Delete old queries. 2021-03-25 10:23:17 +01:00
CodeQL CI
9d52db3ca7 Merge pull request #5507 from erik-krogh/joins 
Approved by asgerf
 2021-03-25 09:18:26 +00:00
Anders Schack-Mulligen
5b905cfe18 Java: Add change note for code duplication library removal. 2021-03-25 10:12:58 +01:00
Anders Schack-Mulligen
1564aee57a Java: Add change note for filter query removal. 2021-03-25 10:11:30 +01:00
Anders Schack-Mulligen
c82b5eb040 Java: Remove code duplication library. 2021-03-25 10:06:10 +01:00
Asger Feldthaus
dbc6cf63c2 JS: Fix bad join order in PropertyProjection 2021-03-25 09:00:10 +00:00
Asger Feldthaus
bd3f6d1234 JS: Add o[o.length] = y taint step 2021-03-25 09:00:10 +00:00
Asger Feldthaus
51f489211b JS: Support react-native-base64 2021-03-25 09:00:10 +00:00
Asger Feldthaus
5d9778c64d JS: Step through babel.transform 2021-03-25 09:00:10 +00:00
Asger Feldthaus
3e67ebacb0 JS: Support lodash-es 2021-03-25 09:00:10 +00:00
Erik Krogh Kristensen
3b6b40489f Merge branch 'main' into topPack 2021-03-25 09:58:15 +01:00
Anders Schack-Mulligen
4b7440d4d5 Java: Remove precision tag from metric queries. 2021-03-25 09:52:05 +01:00
Tom Hvitved
419fbe77ab C#: Remove @precision tags from metric queries 2021-03-25 09:50:24 +01:00
Tom Hvitved
b83da2255c C#: Add change note 2021-03-25 09:50:24 +01:00
Tom Hvitved
b94c189946 C#: Remove VulnerablePackage.ql query 2021-03-25 09:50:24 +01:00
Tom Hvitved
7e33b571c9 C#: Add change note 2021-03-25 09:50:24 +01:00
Tom Hvitved
eeb8c74666 C#: Remove filter and external queries 
These are legacy queries that are no longer used.
 2021-03-25 09:50:01 +01:00
Anders Schack-Mulligen
70824b3f0b Java: Delete filter queries. 2021-03-25 09:47:31 +01:00
Esben Sparre Andreasen
801eb538db Merge pull request #5514 from github/aibaars/fix-javascript-metadata 
Javascript: remove bad QLDoc tag
 2021-03-25 08:56:08 +01:00
Taus Brock-Nannestad
0ae8b69102 Python: Prevent joining on scope in PointsToContext::appliesTo 
One of those cases where I _wish_ `pragma[inline]` also meant "don't
join on the stuff inside this predicate -- it's inlined for a reason".

Unsurprisingly, joining on the scope first works poorly.
 2021-03-24 23:12:48 +01:00
Taus Brock-Nannestad
28d6cad3d0 Python: Prevent joining on name as the first thing 
Many instances of `lookup` are restricted by the presence of
`attributeRequired`, but this does not work well if we join on
`name`. A few instances of `only_bind_into` prevents this.
 2021-03-24 23:11:09 +01:00
yo-h
72ae902e0d Merge pull request #5371 from aschackmull/java/framework-coverage 
Java: Add query for CSV framework coverage.
 2021-03-24 17:36:13 -04:00
Erik Krogh Kristensen
c146b27c1a Merge branch 'main' into shellTrue 2021-03-24 20:09:23 +01:00
CodeQL CI
8ff9c98d26 Merge pull request #5449 from erik-krogh/asExec 
Approved by esbena
 2021-03-24 19:04:30 +00:00
Aditya Sharad
32dc894d54 Merge pull request #5516 from github/adityasharad/actions/remove-docs-review-workflow 
Actions: Remove docs-review workflow
 2021-03-24 11:48:03 -07:00
Aditya Sharad
a0465d20cb Actions: Remove docs-review workflow 
Being replaced by internal automation that polls the repo for open labelled PRs, since this workflow currently cannot tag the docs team in a comment.
 2021-03-24 11:26:00 -07:00
Taus Brock-Nannestad
ed8ffab356 Python: Prevent potentially bad join order 
This has no effect on the current compilation (indeed,
`ssa_filter_definition_bool` is not currently inlined), but will
prevent this from ever occurring, should the heuristics for inlining
ever change...
 2021-03-24 19:20:19 +01:00
Cornelius Riemenschneider
47530d7526 C++: Fix query metadata warnings. 2021-03-24 18:01:21 +01:00
Arthur Baars
b25dc03dac Javascript: remove bad QLDoc tag 2021-03-24 16:47:27 +01:00
Asger Feldthaus
e13a9c9716 JS: Avoid recursion through SourceNode::Range, again 2021-03-24 15:26:50 +00:00
Anders Schack-Mulligen
d3485cac34 Merge pull request #5512 from aschackmull/java/csv-argument-ranges 
Java: Support argument and parameter ranges in CSV models.
 2021-03-24 15:03:22 +01:00
yoff
8d15680af4 Merge pull request #5506 from tausbn/python-allow-absolute-imports-from-source-directory 
Python: Allow absolute imports in directories with scripts
 2021-03-24 14:42:14 +01:00
Anders Schack-Mulligen
4955f95f64 Apply suggestions from code review 
Clarify documentation.

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-03-24 14:32:18 +01:00
Anders Schack-Mulligen
63831cc62b Merge pull request #5099 from porcupineyhairs/javaLogInjection 
Java : Add Log Injection Vulnerability
 2021-03-24 14:30:34 +01:00
yoff
b023d73016 Merge pull request #5504 from RasmusWL/type-tracking-first-predicate-private 
Python: Ensure first type-tracking predicate is private
 2021-03-24 14:23:27 +01:00
Rasmus Wriedt Larsen
1473778bb8 Merge pull request #5493 from yoff/python-add-experimental-structure 
Python: Add stub structure to `experimental` for external contributions
 2021-03-24 14:11:13 +01:00
Rasmus Wriedt Larsen
70974ea197 Python: Fix grammar in QLDoc 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-03-24 14:06:06 +01:00
Taus Brock-Nannestad
47686a6e4c Python: Disregard all files matching .py% 2021-03-24 14:03:00 +01:00
Taus Brock-Nannestad
8d30ee5c3c Python: Include unmarked Python file in snapshot 
Sadly, it seems we're not interpreting this as Python code, even if we
explicitly ask to have it included.
 2021-03-24 14:01:13 +01:00
Anders Schack-Mulligen
a1ccbcdaf1 Merge pull request #5260 from artem-smotrakov/spring-http-invoker 
Java: Query for detecting unsafe deserialization with Spring exporters
 2021-03-24 13:57:17 +01:00
Asger Feldthaus
de879c0707 JS: Make PropRef.getBase non-recursive 2021-03-24 12:57:16 +00:00
Asger Feldthaus
2f2d72f282 JS: Improve react-router support 2021-03-24 12:53:26 +00:00
Asger Feldthaus
88932a495c JS: Handle redux-form HOCs 2021-03-24 12:53:26 +00:00
Rasmus Wriedt Larsen
59200386a7 Python: Fix mistake in refactor 2021-03-24 13:51:29 +01:00
Tom Hvitved
f2fb26df37 C#: Document input/output stack restrictions 2021-03-24 13:48:32 +01:00
CodeQL CI
e3ab94fc6b Merge pull request #5498 from asgerf/js/flow-through-accessors 
Approved by erik-krogh, max-schaefer
 2021-03-24 12:46:05 +00:00