github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
55 127 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

55127 Коммитов

Автор SHA1 Сообщение Дата
erik-krogh 3cb2ec4e87
fix nits from doc review 2023-06-05 19:06:07 +02:00
erik-krogh 9aeba4f31e
changes based on review 2023-06-01 17:24:44 +02:00
erik-krogh 1e08105863
less duplicated headers in the sql-injection samples 2023-05-31 18:04:34 +02:00
erik-krogh 98820780af
show how to use mysql.escape in the sql-injection qhelp 2023-05-31 18:04:34 +02:00
erik-krogh 7d801e05ee
add an example of using dollar eq 2023-05-31 18:04:23 +02:00
erik-krogh e24b45b423
elaborate on both SQL and NoSQL injection in the js/sql-injection qhelp 2023-05-31 09:57:38 +02:00
erik-krogh b343dcaadd
put string/object in the alert-message for sql-injection 2023-05-31 08:06:04 +02:00
Erik Krogh Kristensen b9ffa11915
Merge pull request #13328 from github/dependabot/cargo/ql/chrono-0.4.26 
Bump chrono from 0.4.25 to 0.4.26 in /ql
 2023-05-31 07:42:37 +02:00
dependabot[bot] 75f6355bd6
Bump chrono from 0.4.25 to 0.4.26 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.25 to 0.4.26.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.25...v0.4.26)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-31 04:06:22 +00:00
Mathias Vorreiter Pedersen a646749380
Merge pull request #13318 from MathiasVP/exclude-std-in-constant-size-array-off-by-one 
C++: Exclude `StdNamespace` sources in `cpp/constant-size-array-off-by-one`
 2023-05-30 14:31:18 -07:00
Mathias Vorreiter Pedersen 65eebf1f40
Merge branch 'main' into exclude-std-in-constant-size-array-off-by-one 2023-05-30 13:40:01 -07:00
Arthur Baars 60a5ef744f
Merge pull request #13319 from aibaars/print-cfg 
Ruby: add print-cfg query
 2023-05-30 21:15:06 +02:00
Andrew Eisenberg 6ba8f9eb36
Merge pull request #13314 from github/aeisenberg/adds-to-pack 
Fix `addsTo.pack` references
 2023-05-30 08:30:16 -07:00
Arthur Baars d91fa2d038 Ruby: add print-cfg query 2023-05-30 17:30:04 +02:00
Mathias Vorreiter Pedersen f00b29d3d2 C++: The small-string optimization commonly used inside 'std::string' is causing a lot of FPs. Let's exclude this for now to reduce the number of results for this query. 2023-05-30 07:33:07 -07:00
Robert Marsh 2afda5f3f1
Merge pull request #13305 from MathiasVP/fix-join-of-pointerArithOverflow0 
C++: Fix join in `pointerArithOverflow0`
 2023-05-30 10:24:35 -04:00
Asger F d7f747e684
Merge pull request #13195 from asgerf/js/no-globals-in-example 
JS: Avoid using global vars in documentation examples
 2023-05-30 15:44:38 +02:00
Tamás Vajk 19f1d2b116
Merge pull request #13290 from tamasvajk/feature/source-generators 
C#: Extract source files generated by source generators
 2023-05-30 15:40:46 +02:00
Tamas Vajk 138bfad3d0 Add change note 2023-05-30 12:00:31 +02:00
Jeroen Ketema 16bc584bd1
Merge pull request #13294 from MathiasVP/better-test-for-range-analysis 
C++: Change range-analysis test to not use `getAst`
 2023-05-30 10:49:58 +02:00
Tony Torralba db4e82e2f3
Merge pull request #13301 from atorralba/atorralba/java/stub-generator-perf-fix 
Java: Fix performance issue in the stub generator
 2023-05-30 10:21:16 +02:00
Geoffrey White 4a8320fafd
Merge pull request #13287 from geoffw0/stringfp 
Swift: Fix some string length conflation false positives
 2023-05-30 08:57:48 +01:00
Michael Nebel e764b46c88
Merge pull request #13306 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-05-30 09:23:09 +02:00
Erik Krogh Kristensen 073e31917a
Merge pull request #13315 from github/dependabot/cargo/ql/chrono-0.4.25 
Bump chrono from 0.4.24 to 0.4.25 in /ql
 2023-05-30 07:53:01 +02:00
dependabot[bot] 39a07d42a1
Bump chrono from 0.4.24 to 0.4.25 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.24 to 0.4.25.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.24...v0.4.25)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-30 04:03:50 +00:00
github-actions[bot] 53aecb1949 Add changed framework coverage reports 2023-05-30 00:17:04 +00:00
Andrew Eisenberg 2d81e30d81 Fix `addsTo.pack` references 
This change is a prerequisite for a CLI change where there will be
strict testing of the `addsTo.pack` values. It must resolve to a pack
reference that is a transitive dependency of the current query's pack.
 2023-05-29 13:45:41 -07:00
Tony Torralba 6386ef3b96 Further perf improvements 2023-05-29 09:58:52 +02:00
Mathias Vorreiter Pedersen 9828af45a1 C++: Change separator from ':' to '|'. 2023-05-26 15:23:48 -07:00
Mathias Vorreiter Pedersen 0f08642653 C++: Fix join in 'pointerArithOverflow0'. 2023-05-26 11:16:44 -07:00
Robert Marsh 5bc844c4c6
Merge pull request #13207 from MathiasVP/use-equiv-class-in-getInstruction 
C++: Reduce memory pressure from `getInstruction`
 2023-05-26 13:13:57 -04:00
Robert Marsh b2fb2aa0d1
Merge pull request #13045 from rdmarsh2/rdmarsh2/cpp/improve-constant-off-by-one 
C++: stitch paths and ignore cast arrays in constant off-by-one query
 2023-05-26 12:47:08 -04:00
Philip Ginsbach ded98c5a5f
Merge pull request #13304 from github/ginsbach/SmallSpecificationFixes 
two small QL specification fixes
 2023-05-26 16:18:36 +01:00
Paolo Tranquilli ddf45b27ca
Merge pull request #13300 from github/redsun82/swift-fix-autobuild-corner-case 
Swift: exclude unknown type targets ending in `Tests` or `Test` from autobuilding
 2023-05-26 16:49:01 +02:00
Philip Ginsbach 47a0d4b774 more explicit mentioning of QLL files 2023-05-26 15:03:34 +01:00
Philip Ginsbach ba51ded516 bindingset is not really a pragma 2023-05-26 15:03:34 +01:00
Asger F 3831dc7785
Merge pull request #13288 from asgerf/rb/super-and-flow-through 
Ruby: two bug fixes
 2023-05-26 15:04:52 +02:00
Asger F cfaa27ab5d Ruby: change note 2023-05-26 14:44:00 +02:00
Paolo Tranquilli c5cee0d419 Swift: exclude targets ending in `Tests` or `Test` from autobuilding 2023-05-26 14:19:07 +02:00
Jami 6867e94ed5
Merge pull request #13158 from jcogs33/jcogs33/update-csharp-sink-kinds 
C#: update MaD sink kinds
 2023-05-26 08:03:21 -04:00
yoff af1f4c30fb
Merge pull request #13299 from asgerf/rb/meta-query-summarised-callable-sites 
Ruby/Python: add meta-queries for calls to summarised callables
 2023-05-26 13:27:56 +02:00
Arthur Baars e0466900ad
Merge pull request #12992 from Sim4n6/ruby-UBV 
[Ruby] Add Unicode Bypass Validation query, test and help file
 2023-05-26 13:00:21 +02:00
Tony Torralba 4dfc9b13cd Java: Fix performance issue in the stub generator 2023-05-26 12:44:53 +02:00
Alex Ford baabd2d1fa
Merge pull request #12832 from maikypedia/maikypedia/pg-sqli 
Ruby: Add SQL Injection Sinks
 2023-05-26 11:36:17 +01:00
Paolo Tranquilli a6e21dac8f
Merge pull request #13284 from github/redsun82/swift-remove-property-wrapper-inconsistencies 
Swift: remove some AST and CFG inconsistencies
 2023-05-26 12:22:56 +02:00
Asger F 75fd20b3b8 Python: add meta-query for calls to summarized callables 2023-05-26 11:40:58 +02:00
Jeroen Ketema 63657396c5
Merge pull request #13267 from MathiasVP/promote-overrun-write 
C++: Promote `cpp/overrun-write` out of experimental
 2023-05-26 11:34:26 +02:00
Asger F 1c7f6dc32e Ruby: add meta-query for calls to summarized callables 2023-05-26 11:34:23 +02:00
Tamas Vajk 918cfd6f44 Add integration test 2023-05-26 09:50:06 +02:00
Tamas Vajk 74a585222c C#: Extract source files generated by source generators 2023-05-26 09:13:41 +02:00