hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 10:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,691 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
507c8addb2 add cwe-942 to js/cors-misconfiguration-for-credentials 2021-11-08 13:12:19 +01:00
Cornelius Riemenschneider
76d2665132 Merge pull request #7071 from github/criemen/simplify-csharp-tracing-config 
C#: Remove macos compatibility stanzas from tracing config.
 2021-11-08 13:11:44 +01:00
james
96ff2f5125 use correct type of link 2021-11-08 12:06:20 +00:00
james
dfe77f844f fix errors in debugging-data-flow-queries-using-partial-flow.rst 2021-11-08 11:59:53 +00:00
Erik Krogh Kristensen
0ab510f543 add test that requires flowToExpr 2021-11-08 12:25:45 +01:00
james
c94bfc306a improve links 2021-11-08 11:18:41 +00:00
Erik Krogh Kristensen
3d6a5263e0 improve qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-11-08 12:02:39 +01:00
Mathias Vorreiter Pedersen
8e496f7121 C++: Pull in the latest changes to 'SsaImplCommon'. 2021-11-08 10:46:54 +00:00
Mathias Vorreiter Pedersen
fff5d293ff Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-11-08 10:44:36 +00:00
Anders Schack-Mulligen
92fb7f555c Java: Fix bad magic in SynchSetUnsynchGet. 2021-11-08 11:42:20 +01:00
Cornelius Riemenschneider
03ff2c622a Remove macos compatibility stanzas from tracing config. 2021-11-08 11:30:31 +01:00
Anders Schack-Mulligen
613e971987 Merge pull request #7039 from github/turbo-js-java-lib-modeling-ghes-3-3-p-1 
Add updated framework support for JS/Java
 2021-11-08 11:08:34 +01:00
CodeQL CI
6f80387ac1 Merge pull request #6993 from asgerf/js/tainted-path-regexp-contains-check 
Approved by erik-krogh
 2021-11-08 01:52:28 -08:00
CodeQL CI
618d135b0a Merge pull request #7060 from RasmusWL/hashlib-new-type-tracker 
Approved by yoff
 2021-11-08 01:31:40 -08:00
Tom Hvitved
77aca0a365 Merge pull request #7041 from hvitved/csharp/consistent-ids 
C#: Use `cs/` prefix in all query IDs
 2021-11-08 09:55:11 +01:00
Anders Schack-Mulligen
85fdbda16f Merge pull request #7002 from aschackmull/java/field-node 
Java: Add FieldValueNode to break up cartesian step relation.
 2021-11-08 09:31:42 +01:00
Mathias Vorreiter Pedersen
021d9415b8 Merge branch 'main' into use-range-analysis-in-buffer-write 2021-11-08 08:22:49 +00:00
Anders Schack-Mulligen
e0b121cd90 Merge pull request #7047 from hvitved/csharp/ssa/dominance-frontier 
Shared SSA: Improved dominance frontier calculation
 2021-11-08 08:50:46 +01:00
Pierre
4af3775b72 Add requirements for Apple Silicon 2021-11-08 01:37:31 +01:00
Chris Smowton
b639e82d79 Merge pull request #7064 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-11-05 09:27:25 +00:00
ihsinme
cedc5fd743 Update InsecureTemporaryFile.ql 2021-11-05 09:42:06 +03:00
github-actions[bot]
d7bfaec0f5 Add changed framework coverage reports 2021-11-05 00:09:28 +00:00
Mathias Vorreiter Pedersen
34aa4981be Merge pull request #7018 from geoffw0/nullterm3 
C++: Further performance improvement for the null termination queries
 2021-11-04 21:37:58 +00:00
Mathias Vorreiter Pedersen
a9b7fed537 C++: Accept test changes. 2021-11-04 21:25:37 +00:00
Mathias Vorreiter Pedersen
ac90259906 C++: Teach 'getMaxConvertedLength' to use 'SimpleRangeAnalysis'. 2021-11-04 21:25:28 +00:00
Mathias Vorreiter Pedersen
693baae1ba C++: Add test cases with false positives due to missing range analysis in 'cpp/overrunning-write'. 2021-11-04 21:13:28 +00:00
Alex Ford
5f78bbbf52 add missing documentation 2021-11-04 21:07:54 +00:00
Ethan Palm
f1ac23eff5 Merge pull request #7040 from ethanpalm/extractor-options-docs 
New docs for extractor options
 2021-11-04 13:53:22 -07:00
Ethan P
fab3479f68 Fix numbered lists 2021-11-04 13:41:59 -07:00
Ethan P
457ece152a Fix list formatting 2021-11-04 13:31:52 -07:00
Ethan P
5bfe0fff89 Test using dash for LIs 2021-11-04 13:20:00 -07:00
Ethan P
10e5a8b3e5 Adjust spacing 2021-11-04 13:18:37 -07:00
Alex Ford
543bd28b03 add a change note for rb/csrf-protection-disabled 2021-11-04 20:14:54 +00:00
Ethan P
ad2b068429 fix list formatting 2021-11-04 13:05:22 -07:00
Alex Ford
d324f9397c qhelp for rb/csrf-protection-disabled 2021-11-04 19:56:56 +00:00
Alex Ford
25da904314 test cases for rb/csrf-protection-disabled 2021-11-04 19:56:56 +00:00
Alex Ford
4666024419 model some ways to configure Rails 2021-11-04 19:56:56 +00:00
Alex Ford
91f99ed2a1 model skip_forgery_protection calls in ActionController classes 2021-11-04 19:56:56 +00:00
Alex Ford
fad7e9489b Add a query to detect instances of CSRF protection being disabled 2021-11-04 19:56:55 +00:00
Ethan P
f3fda42b83 Fix link 2021-11-04 12:53:03 -07:00
Ethan Palm
f41c4702c3 Apply suggestions from code review 
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
 2021-11-04 12:41:07 -07:00
Alex Ford
8a412dc5fd Add CSRFProtectionSetting concept 2021-11-04 18:18:29 +00:00
Rasmus Lerchedahl Petersen
624b794980 Python: separate taint sources in with 2021-11-04 17:06:36 +01:00
james
5ea93d6447 further imrpovements 2021-11-04 14:54:30 +00:00
Rasmus Wriedt Larsen
9e2bc41648 Python: Improve hashlib.new modeling 
By using a backwards type-tracker to find possible hashing algorithm
names.
 2021-11-04 15:36:32 +01:00
Rasmus Wriedt Larsen
9e91f3a341 Python: Highlight shortcomings of hashlib.new modeling 2021-11-04 15:29:40 +01:00
Ian Wright
95f21b5308 Merge pull request #7027 from github/z80coder/faster-callee-api-name-feature 
more efficient implementation of calleeApiName
 2021-11-04 14:23:13 +00:00
Tom Hvitved
3544c85445 Ruby: Make the target of basicStoreStep the post-update node 2021-11-04 14:21:22 +01:00
Tom Hvitved
1101b1054d Ruby: Make target of basicStoreStep a normal data flow node 2021-11-04 14:20:07 +01:00
Tom Hvitved
a56a5e4e7d Ruby: Add type tracker tests 2021-11-04 14:19:16 +01:00