hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 19:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,755 Commits 1,689 Branches 160 Tags
codeql-cli/v2.9.0
Commit Graph

34755 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
2182bb5c91 C++: Remove unused qhelp files. 2021-10-27 15:47:01 +01:00
Geoffrey White
d990e790e7 C++: Remove unused index.qhelp files. 2021-10-27 15:40:34 +01:00
Arthur Baars
aeedfd9987 Filter out non-qhelp files 2021-10-27 16:00:19 +02:00
Arthur Baars
b128c7ca00 Don't use local actions 2021-10-27 15:57:54 +02:00
Arthur Baars
19e010e6fe fetch-codeql action: unzip in runner.temp 2021-10-27 15:57:54 +02:00
Anders Schack-Mulligen
6eabb610b4 Dataflow: Sync Ruby 2021-10-27 13:58:30 +02:00
Anders Schack-Mulligen
699630af54 Dataflow: Sync. 2021-10-27 13:57:44 +02:00
Anders Schack-Mulligen
92e4a1ed17 Dataflow: Review fixes. 2021-10-27 13:57:44 +02:00
Anders Schack-Mulligen
034c7f3538 Dataflow: Sync. 2021-10-27 13:57:44 +02:00
Anders Schack-Mulligen
51cebdce83 Dataflow: Add support for call context restrictions on sources/sinks. 2021-10-27 13:57:44 +02:00
Arthur Baars
dc24361f89 Merge pull request #6974 from github/nickrolfe/Cargo_lock 
Ruby: update Cargo.lock
 2021-10-27 13:47:22 +02:00
Arthur Baars
ce3a19458d Set persist-credentials: false 2021-10-27 13:30:22 +02:00
Arthur Baars
54e946918a QHelp preview: run if paths.txt is non-empty 2021-10-27 12:47:51 +02:00
Nick Rolfe
0a89028663 Ruby: update Cargo.lock 2021-10-27 11:43:09 +01:00
Arthur Baars
8077a49109 Switch qhelp-pr-preview.yml to pull_request_target 2021-10-27 12:38:52 +02:00
Rasmus Lerchedahl Petersen
06586a13a3 Python: merge tests files 2021-10-27 11:55:04 +02:00
Rasmus Lerchedahl Petersen
826f44d98e Python: Share implementation of awaited 2021-10-27 11:41:18 +02:00
Rasmus Lerchedahl Petersen
01ad19b82b Python: correct qldoc 2021-10-27 11:40:57 +02:00
yoff
c850554467 Update python/ql/lib/semmle/python/frameworks/SqlAlchemy.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-10-27 11:09:37 +02:00
Rasmus Lerchedahl Petersen
fed6a97eb8 Python: Promote ReDoS queries 2021-10-27 11:03:57 +02:00
Anders Schack-Mulligen
4a67ac5e0b Merge pull request #4991 from JLLeitschuh/feat/JLL/early_ratpack_support 
Java: Simple support for Ratpack HTTP Framework
 2021-10-27 09:25:52 +02:00
Rasmus Wriedt Larsen
89e713a25c Python: Update PyYAML comment with 6.0 release 2021-10-26 17:58:06 +02:00
Rasmus Wriedt Larsen
cd6d73d553 Python: Handle kwarg in PyYAML 
Really surprised that we didn't already :|
 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
6c0083e584 Python: Add PoC for PyYAML code execution 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
1ce09afa08 Python: Add modeling of ruamel.yaml PyPI package 2021-10-26 17:48:10 +02:00
Tony Torralba
6f7d0b62d7 Add ExplicitIntentSanitizer and allowIntentExtrasImplicitRead 2021-10-26 17:11:27 +02:00
Erik Krogh Kristensen
8a4b043cb1 fix imports 2021-10-26 15:39:45 +02:00
Rasmus Wriedt Larsen
29e3abc977 Python: FastAPI: Add HTTP header taint example 2021-10-26 15:34:16 +02:00
Erik Krogh Kristensen
62e729501c make the RegExpEscape::getUnescaped predicate public in python 2021-10-26 15:25:14 +02:00
Erik Krogh Kristensen
97264b5dda add the bad tag filter query to ruby 2021-10-26 15:25:12 +02:00
Edoardo Pirovano
fe39823942 Fix LGTM version number in language reference 2021-10-26 14:18:35 +01:00
Erik Krogh Kristensen
c15ddf6e92 update ReDoSUtil in ruby 2021-10-26 15:03:09 +02:00
Erik Krogh Kristensen
2ddf445caf move ruby files to match file structure from js/py 2021-10-26 14:54:12 +02:00
Joe Farebrother
02b440b0ed Merge pull request #6599 from joefarebrother/android-sensitive-communication 
Java: Promote android sensitive broadcast query
 2021-10-26 13:48:58 +01:00
Erik Krogh Kristensen
44afa34e37 Merge branch 'main' of github.com:github/codeql into htmlReg 2021-10-26 14:46:27 +02:00
CodeQL CI
e5e1046c81 Merge pull request #6962 from asgerf/js/template-db-constraint-err 
Approved by erik-krogh
 2021-10-26 13:43:57 +01:00
Jonathan Leitschuh
21aeee6378 Actually remove the last non-ascii quote from Promise 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-26 08:28:44 -04:00
Erik Krogh Kristensen
8ba545999e add change-note 2021-10-26 14:13:56 +02:00
Alexander Eyers-Taylor
3bae95a93a Merge pull request #6939 from edoardopirovano/bump-version 
Fix version number in language reference
 2021-10-26 13:11:30 +01:00
Anders Schack-Mulligen
90bebaa5a9 Merge pull request #6960 from erik-krogh/useSetLiteral 
use set literal instead of big disjunction of literals
 2021-10-26 14:06:05 +02:00
Anders Schack-Mulligen
ba95d46ec3 Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2021-10-26 14:04:13 +02:00
Erik Krogh Kristensen
090fb2df10 Merge pull request #6857 from erik-krogh/fixPipes 
JS: skip pipes and other special files when determining which files to extract
 2021-10-26 13:59:40 +02:00
Mathias Vorreiter Pedersen
4a58349fcd Merge pull request #6961 from MathiasVP/fix-join-order-in-in-def-dominance-frontier 
C#: Fix join order in `inDefDominanceFrontier`
 2021-10-26 12:55:31 +01:00
Edoardo Pirovano
6a3de20e7a Fix version number in language reference 2021-10-26 12:53:48 +01:00
Erik Krogh Kristensen
9c8a51bca6 cache SensitiveExpr 2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen
038438edca assume that setting the secure/httpOnly flag to some unknown value is good 2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen
5228196f79 fix typos and update docs 2021-10-26 13:47:21 +02:00
Erik Krogh Kristensen
311df4d2b7 add test for the cookie npm package 2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen
92d59aa11c refactor most of the isSensitive predicates into a common helper predicate 2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen
834d5ec6ad add session{key,id} as sensitive info 2021-10-26 13:46:59 +02:00