github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
59 709 коммитов 1 541 ветка 130 Теги 483 MiB
Граф коммитов

59709 Коммитов

Автор SHA1 Сообщение Дата
Owen Mansel-Chan 53561008a1
Merge pull request #14445 from owen-mc/go/automated-mad-coverage-report 
Go: automated mad coverage report
 2023-10-15 21:49:47 +01:00
Owen Mansel-Chan 39bca2d4bb
Merge pull request #14276 from tunnelshade/enable-gokit-by-default 
Go: Enable GoKit module into the default list
 2023-10-15 21:44:27 +01:00
BD 0ef83b3c74
Merge branch 'main' into enable-gokit-by-default 2023-10-15 10:22:27 +05:30
Jeroen Ketema d56a9f0781
Merge pull request #14424 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-13 17:57:04 +02:00
Mathias Vorreiter Pedersen fb0016e4f6
Merge pull request #14485 from geoffw0/logging 
Swift: Add more sinks to `swift/cleartext-logging`
 2023-10-13 16:09:19 +01:00
Mathias Vorreiter Pedersen 9a2ac65f53
Merge pull request #14394 from geoffw0/sqlpathinject3 
Swift: Add sinks for sqlite3 and SQLite.swift to swift/hardcoded-key
 2023-10-13 16:07:09 +01:00
Jeroen Ketema 61676277e8
C++: Fix barrier in `cpp/cgi-xss` 2023-10-13 14:05:47 +02:00
Harry Maclean 1297acf5b1
Merge pull request #14216 from hmac/hmac-graphql-enum 
Ruby: Restrict GraphQL remote flow sources
 2023-10-13 11:31:50 +01:00
Tony Torralba 5e921784fb
Merge pull request #14399 from ebickle/fix/thread-resource-arithmetic 
Java: Flow taint through arithmetic expressions for java/thread-resource-abuse experimental query
 2023-10-13 10:06:33 +02:00
Erik Krogh Kristensen b1ad61e27d
Merge pull request #14481 from erik-krogh/proper-codepoints 
ReDoS: use the new codePointAt and codePointCount methods instead of regex hacks
 2023-10-13 09:35:55 +02:00
Felicity Chapman 2ddcd1d9cc
Merge pull request #14489 from github/felicitymay-typo-fix 
Fix typo in link
 2023-10-12 21:45:30 +01:00
Felicity Chapman 8f70b55158
Fix typo in link 2023-10-12 20:53:44 +01:00
Ian Lynagh 2edc70da79
Merge pull request #14390 from igfoo/igfoo/compr 
Kotlin: Improve support for TRAP compression options
 2023-10-12 20:22:10 +01:00
Geoffrey White fe57cd0784
Merge pull request #14488 from geoffw0/strlentest 
Swift: Additional test cases for `swift\string-length-conflation`
 2023-10-12 19:39:43 +01:00
AlexDenisov 6ab2de10e3
Merge pull request #14437 from github/alexdenisov/ignore-unavailable-declarations 
Swift: skip declarations marked as unavailable
 2023-10-12 20:08:18 +02:00
Ian Lynagh ed9502fd0b Kotlin: Enhance the TRAP compression test 2023-10-12 18:13:07 +01:00
Ian Lynagh adb47399c7 Kotlin: Improve support for TRAP compression options 
While you could control compression with
    CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION
before, most TRAP files used gzip regardless for compatibility with the
Java extractor. Now Java understands the option too we can use it for
shared TRAP files.
 2023-10-12 18:13:06 +01:00
Mathias Vorreiter Pedersen 3c34638438
Merge pull request #14486 from MathiasVP/simplify-overrun-write 
C++: Remove unnecessary `FlowState` from `cpp/overrun-write`
 2023-10-12 17:48:52 +01:00
Geoffrey White 9f683b8630 Swift: Remove duplicate results. 2023-10-12 17:38:58 +01:00
Geoffrey White cf7f355fc4 Swift: Additional test cases. 2023-10-12 17:11:56 +01:00
Mathias Vorreiter Pedersen 64fa6c8bbd C++: Remove the hacky flow state since this is no longer needed after #13717. 2023-10-12 13:58:36 +01:00
Geoffrey White 5c0085880f Swift: Change note. 2023-10-12 13:24:10 +01:00
Geoffrey White e2a8569940 Swift: Clean up indentation. 2023-10-12 13:05:20 +01:00
Geoffrey White 8f852f2e7d Swift: Turn sink models into flow summary models, where appropriate. 2023-10-12 12:57:05 +01:00
erik-krogh fa1e8ee426
add getACodepoint to the shared Strings library, and use it in NfaUtils 2023-10-12 13:38:19 +02:00
erik-krogh 822ba2ae59
add documentation for the new string methods in `ql-language-specification.rst` 2023-10-12 13:38:19 +02:00
erik-krogh 116025c569
use the new codePointAt and codePointCount methods instead of regex hacks 2023-10-12 13:38:19 +02:00
Erik Krogh Kristensen 59c43c7904
Merge pull request #14410 from erik-krogh/bigger-compilation-cache 
use a bigger compilation cache in the compile-queries workflow
 2023-10-12 12:35:44 +02:00
Mathias Vorreiter Pedersen 02f73145d6
Merge pull request #14354 from geoffw0/conversions2 
Swift: Improve models for Numeric, RangeReplaceableCollection
 2023-10-12 11:13:50 +01:00
Michael B. Gale f6570710e7
Merge pull request #14441 from github/dependabot/go_modules/go/extractor/golang.org/x/tools-0.14.0 
Bump golang.org/x/tools from 0.13.0 to 0.14.0 in /go/extractor
 2023-10-12 10:19:34 +01:00
Geoffrey White 7916bd39b4 Swift: Generalize 'write' models. 2023-10-12 09:21:33 +01:00
Geoffrey White 09974b5176 Swift: Extend sink models. 2023-10-12 09:17:04 +01:00
Owen Mansel-Chan 5fcdb9e112
Merge pull request #14442 from owen-mc/go/test-qldoc-coverage 
Fix module name
 2023-10-11 23:45:53 +01:00
Owen Mansel-Chan 286271340e
Merge branch 'main' into go/automated-mad-coverage-report 2023-10-11 21:31:25 +01:00
Owen Mansel-Chan e300440a8b
Delete redundant import 2023-10-11 21:28:31 +01:00
Owen Mansel-Chan dfcdb4ace8
Update CSV to MaD in description for java and C# 2023-10-11 21:09:59 +01:00
Eric Bickle ee2d8f84de
Merge branch 'main' into fix/thread-resource-arithmetic 2023-10-11 13:09:57 -07:00
Owen Mansel-Chan e5e9c33005
Generated reports 2023-10-11 21:09:55 +01:00
Owen Mansel-Chan 06a600c7fb
Set up automated coverage reports for Go 
Copied from https://github.com/github/codeql/pull/6148
 2023-10-11 21:09:54 +01:00
Eric Bickle f018d83951 Merge branch 'fix/thread-resource-arithmetic' of https://github.com/ebickle/codeql into fix/thread-resource-arithmetic 2023-10-11 13:09:39 -07:00
Eric Bickle 4cb78ab3c7 Remove change notes 2023-10-11 13:08:56 -07:00
Geoffrey White 0e4cd7f52f Swift: Additional test cases. 2023-10-11 18:37:24 +01:00
Henry Mercer 1a370bfbbe
Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0 
Post-release preparation for codeql-cli-2.15.0
 2023-10-11 17:39:04 +01:00
github-actions[bot] ae6af17c74 Post-release preparation for codeql-cli-2.15.0 2023-10-11 14:19:20 +00:00
Tamás Vajk a31f946d6f
Merge pull request #14436 from tamasvajk/void-type-value-type 
C#: Include the `void` type in value types
 2023-10-11 16:16:06 +02:00
Asger F 7780fe9472
Merge pull request #14435 from asgerf/ruby/port-synced-queries 
JS/Ruby: desync two queries and port the Ruby version to ConfigSig-style
 2023-10-11 15:50:58 +02:00
Owen Mansel-Chan b6bf4d04ff
Fix module name 2023-10-11 14:47:46 +01:00
dependabot[bot] 442a4fe9cf
Bump golang.org/x/tools from 0.13.0 to 0.14.0 in /go/extractor 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-11 13:12:49 +00:00
Michael B. Gale 7a98afe6ec
Merge pull request #14439 from github/mbg/go/workspace-experiments 
Go: Move `go.mod` into `extractor` subdirectory
 2023-10-11 14:11:07 +01:00
Jean Helie a4eb3fd997
Merge pull request #14438 from github/jhelie/fix-automodel-extraction-queries 
Automodel: Fix automodel extraction queries
 2023-10-11 14:30:01 +02:00