hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 10:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,354 Commits 1,690 Branches 160 Tags
codeql-cli/v2.8.3
Commit Graph

33354 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
3791b159fb Merge pull request #7892 from erik-krogh/nanSan 
JS: Add a `isNaN` sanitizer, and use it in queries that already had a typeof check
 2022-02-11 10:13:06 +01:00
Erik Krogh Kristensen
2ffd79d451 Merge pull request #7921 from erik-krogh/snapdragon 
JS: add model for the snapdragon library
 2022-02-11 10:10:55 +01:00
Arthur Baars
58a2597c3a C++: move change note lines to correct query pack 2022-02-11 09:52:36 +01:00
Tom Hvitved
987b11c362 Merge pull request #7926 from hvitved/csharp/brotli 
C#: Use Brotli instead of Gzip
 2022-02-11 09:29:04 +01:00
Tamás Vajk
c5d917eb72 Improve formatting of 0.0.9 release notes 2022-02-11 09:19:43 +01:00
Esben Sparre Andreasen
a4447ce372 Update javascript/ql/lib/semmle/javascript/frameworks/Snapdragon.qll 2022-02-11 08:20:02 +01:00
luchua-bc
12c53baba4 Simplify the query 2022-02-11 01:05:06 +00:00
Harry Maclean
017183e7f3 Merge pull request #7919 from github/hmac/open-uri 
Ruby: recognise additional form for OpenURI
 2022-02-11 14:03:26 +13:00
Andrew Eisenberg
cba9e0b267 Fix paths in check-change-note 
Library pack changes were being ignored.
 2022-02-10 14:36:23 -08:00
github-actions[bot]
f25fc70b7c Release preparation for version 2.8.1 2022-02-10 22:08:24 +00:00
Andrew Eisenberg
9441ea940c Workflows: Augment workflow to ensure failure with invalid change notes 2022-02-10 13:52:54 -08:00
Erik Krogh Kristensen
f41bc64e30 add change-note 2022-02-10 22:41:35 +01:00
Arthur Baars
c9f898745c Merge pull request #7943 from github/aibaars/cpp-move-note 
C++: move change note
 2022-02-10 22:32:31 +01:00
Arthur Baars
6cba49abe3 C++: move change note 2022-02-10 22:13:54 +01:00
Arthur Baars
1fb3cbfeee Merge pull request #7940 from github/aibaars/js-move-note 
Javascript: move change note
 2022-02-10 21:20:06 +01:00
Arthur Baars
61ba896343 Javascript: move change note 2022-02-10 20:58:49 +01:00
Robert Marsh
dbe4770c7d C++: add initial insufficient key size query 2022-02-10 14:53:40 -05:00
Tom Hvitved
2b2196d638 Merge pull request #7927 from github/hvitved-patch-1 
Add C# 10 and .NET 6 to `versions-compilers.rst`
 2022-02-10 20:43:33 +01:00
Erik Krogh Kristensen
eb56a5aef3 support more patterns that recognize valid numbers 2022-02-10 19:50:35 +01:00
Artem Smotrakov
0ba229a64b Apply suggestions from code review (typos/formatting) 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-10 18:37:12 +00:00
Alex Ford
d55ba2542a Ruby: fix an alert 2022-02-10 18:35:22 +00:00
Geoffrey White
85d03fdbfd C++: Change note. 2022-02-10 18:05:41 +00:00
Erik Krogh Kristensen
02ed1ca392 add missing qldoc 2022-02-10 18:06:53 +01:00
yoff
a2532a86ea Merge pull request #7894 from tausbn/python-normalise-prefixes 
Python: Normalise string prefixes
 2022-02-10 17:57:11 +01:00
Erik Krogh Kristensen
9739929795 convert the ruby ApiGraphs to use IPA labels 2022-02-10 17:54:19 +01:00
Alex Ford
bc53570a25 Ruby: fewer mappings from dataflow nodes to ast nodes 2022-02-10 15:58:31 +00:00
Alex Ford
7c1bd9a533 Ruby: add a test case for cleartext logging that uses NonCleartextPasswordFlow 2022-02-10 15:50:56 +00:00
Alex Ford
83a3808bbe Ruby: avoid marking mutator methods as being safe (i.e. not returning sensitive data) 2022-02-10 15:50:56 +00:00
Alex Ford
b46e4ccd71 Ruby: drop SanitizerIn from ClearTextLoggingQuery 2022-02-10 15:50:56 +00:00
Alex Ford
7b4af39315 Ruby: track masked variables potentially containing sensitive data more accurately 2022-02-10 15:50:56 +00:00
Alex Ford
59ab384825 Ruby: rb/clear-text-logging-sensitive-data - match on CFG nodes rather than AST nodes 2022-02-10 15:50:56 +00:00
Jonathan Leitschuh
eee521e6ce Fix test failure for TempDirLocalInformationDisclosure 2022-02-10 10:40:40 -05:00
Tom Hvitved
a3d631f2df Add C# 10 and .NET 6 to versions-compilers.rst 2022-02-10 15:45:00 +01:00
Tom Hvitved
1c66444a61 C#: Use Brotli instead of Gzip 2022-02-10 14:30:24 +01:00
Felicity Chapman
efed21b99a Merge pull request #7885 from Marcono1234/marcono1234/extractor-doc-improvements 
Fix and improve Extractor options documentation formatting
 2022-02-10 12:59:45 +00:00
CodeQL CI
9ebbd9efa1 Merge pull request #7591 from asgerf/js/mysql-sinks 
Approved by esbena
 2022-02-10 12:50:36 +00:00
Felicity Chapman
5ec1fc11f9 Apply suggestions from code review 2022-02-10 12:41:37 +00:00
CodeQL CI
a57ee019c2 Merge pull request #7819 from asgerf/asgerf/ruby-def-nodes 
Approved by hvitved
 2022-02-10 12:37:34 +00:00
Taus Brock-Nannestad
be323bafaf Merge remote-tracking branch 'upstream/main' into python-normalise-prefixes 2022-02-10 12:55:49 +01:00
CodeQL CI
1a91a79b5b Merge pull request #5841 from erik-krogh/libCode 
Approved by esbena, ethanpalm
 2022-02-10 11:36:45 +00:00
Mathias Vorreiter Pedersen
d05dbb285c Merge pull request #7841 from jketema/structured-bindings-fix 
C++: Update C++ variable hiding test
 2022-02-10 11:29:38 +00:00
Geoffrey White
b0c2a144cc C++: Remove no longer relevant tests. 2022-02-10 11:11:31 +00:00
Geoffrey White
20ad92a82e C++: Filter noisiest sources. 2022-02-10 11:11:30 +00:00
Geoffrey White
7b5b2fdcd1 C++: Modernize cpp/system-data-exposure as a path-problem using IR taint, RemoteFlowSinkFunction. 2022-02-10 11:11:26 +00:00
Geoffrey White
5490809bcf C++: Expand tests. 2022-02-10 10:43:21 +00:00
Erik Krogh Kristensen
d55920ad27 add model for the snapdragon library 2022-02-10 11:32:59 +01:00
Jeroen Ketema
46821fe136 Update C++ variable hiding test 
Structured bindings are now handled better, so the false negative
related to structured bindings is now a true positive.
 2022-02-10 10:58:32 +01:00
Tom Hvitved
58d90c7f8d Python: More points-to performance improvements 2022-02-10 10:29:30 +01:00
Tom Hvitved
7fd8d6dd30 Address review comments 2022-02-10 10:29:30 +01:00
Tom Hvitved
2de892bfd8 Python: Points-to performance improvements 2022-02-10 10:29:30 +01:00