github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
59 946 коммитов 1 542 Ветки 132 Теги 495 MiB
Граф коммитов

59946 Коммитов

Автор SHA1 Сообщение Дата
Mathias Vorreiter Pedersen ba27a0d515
Update cpp/ql/src/change-notes/2023-10-16-redundant-null-check-simple.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-10-16 12:48:53 +02:00
Rasmus Wriedt Larsen 883bd9f3b3
Python: Add test for type-tracking with `yield` 2023-10-16 12:09:07 +02:00
Mathias Vorreiter Pedersen 32d82380f1 C++: Add change note. 2023-10-16 11:08:27 +01:00
Mathias Vorreiter Pedersen d8a049f5cc C++: Accept test changes. 2023-10-16 10:51:47 +01:00
Mathias Vorreiter Pedersen 7e6857d36b C++: Make 'hasSize' slightly smarter when handling ternary operators. 2023-10-16 10:48:28 +01:00
Mathias Vorreiter Pedersen 6a7b2e4aa4 C++: Add failing test. 2023-10-16 10:47:45 +01:00
Joe Farebrother fe2468e7d0
Merge pull request #14498 from joefarebrother/csharp-missing-access-control 
C#: Fix FP in Missing Function Level Access Control and Insecure Direct Object Reference
 2023-10-16 10:46:19 +01:00
Mathias Vorreiter Pedersen 20c3984872 C++: Add the 'security' tag and add a 'security-severity' rating to 'cpp/redundant-null-check-simple'. 2023-10-16 09:54:36 +01:00
Arthur Baars 0e3369f93f
Merge pull request #14484 from aibaars/ts53-js 
JS: Support import attributes
 2023-10-16 10:47:49 +02:00
Erik Krogh Kristensen 80c5e1ea77
Merge pull request #14497 from erik-krogh/jsp 
JS: add support for extracting `.jsp` files
 2023-10-16 09:27:46 +02:00
Erik Krogh Kristensen c30e004506
Merge pull request #14506 from github/dependabot/cargo/ql/tracing-0.1.39 
Bump tracing from 0.1.38 to 0.1.39 in /ql
 2023-10-16 09:24:12 +02:00
Tony Torralba ae8e237f2c
Merge pull request #14494 from atorralba/atorralba/remove-library 
Java/C/C#: Remove library annotations
 2023-10-16 09:01:40 +02:00
Tamás Vajk d723905035
Merge pull request #14368 from tamasvajk/standalone/use-legacy-framework-dlls 
C#: Choose between .NET framework or core DLLs in standalone
 2023-10-16 08:53:55 +02:00
dependabot[bot] 7700210ed2
Bump tracing from 0.1.38 to 0.1.39 in /ql 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.38 to 0.1.39.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.38...tracing-0.1.39)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-16 03:21:13 +00:00
Owen Mansel-Chan 53561008a1
Merge pull request #14445 from owen-mc/go/automated-mad-coverage-report 
Go: automated mad coverage report
 2023-10-15 21:49:47 +01:00
Owen Mansel-Chan 39bca2d4bb
Merge pull request #14276 from tunnelshade/enable-gokit-by-default 
Go: Enable GoKit module into the default list
 2023-10-15 21:44:27 +01:00
Maiky e204100701 Resolve conflict in `Concepts.qll` 2023-10-15 10:37:10 +02:00
Maiky 17210c76a5
change-note edition 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-10-15 10:25:58 +02:00
BD 0ef83b3c74
Merge branch 'main' into enable-gokit-by-default 2023-10-15 10:22:27 +05:30
Chris Smowton 7fbba3a659 Java: adapt stub to ExecutorService change in JDK19 2023-10-13 20:30:28 +01:00
Chris Smowton 8f985e0045 Java: restrict test to source classes 2023-10-13 20:30:28 +01:00
Chris Smowton 0510b0c825 Java: restrict test to source methods 
Otherwise it finds standard library methods that depend on stdlib internals as to what happens to get extracted. In particular the extractor bump to JDK21 led to MethodHandles being in scope and a new method being found; seems better to avoid considering the standard library at all.
 2023-10-13 20:30:28 +01:00
Geoffrey White cea87a53e0 Swift: Fix LocalTaint.expected. 2023-10-13 18:19:26 +01:00
Ed Minnix 3356261031 Static IV refactor to MaD 2023-10-13 12:50:49 -04:00
Jeroen Ketema d56a9f0781
Merge pull request #14424 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-13 17:57:04 +02:00
Mathias Vorreiter Pedersen fb0016e4f6
Merge pull request #14485 from geoffw0/logging 
Swift: Add more sinks to `swift/cleartext-logging`
 2023-10-13 16:09:19 +01:00
Mathias Vorreiter Pedersen 9a2ac65f53
Merge pull request #14394 from geoffw0/sqlpathinject3 
Swift: Add sinks for sqlite3 and SQLite.swift to swift/hardcoded-key
 2023-10-13 16:07:09 +01:00
Robert Marsh b832fc8e32 Swift: additional QLDoc around closures 2023-10-13 14:54:38 +00:00
Mathias Vorreiter Pedersen 140ff537c0 C++: Split 'defaultViableCallable' and 'viableCallable'. 2023-10-13 15:47:02 +01:00
Joe Farebrother 915352861d Check for generic base types in Missing Function Level Access Control and Insecure Direct Object Reference. 2023-10-13 14:22:45 +01:00
erik-krogh 69c3e62965
add change-note 2023-10-13 15:16:39 +02:00
Tamas Vajk 15ec0a10c9 Code quality improvements 2023-10-13 14:09:58 +02:00
Calum Grant 192c16bbb3 C++: Format QL and delete note 2023-10-13 13:07:43 +01:00
Jeroen Ketema 61676277e8
C++: Fix barrier in `cpp/cgi-xss` 2023-10-13 14:05:47 +02:00
Geoffrey White 33f83a2089 Swift: Add some failing data flow test cases. 2023-10-13 12:24:43 +01:00
Calum Grant 552221868f C++: Expand ImplicitThisFieldAccess 2023-10-13 12:05:20 +01:00
Tony Torralba 0cea3f8531 Remove library annotations 2023-10-13 12:46:56 +02:00
Harry Maclean 1297acf5b1
Merge pull request #14216 from hmac/hmac-graphql-enum 
Ruby: Restrict GraphQL remote flow sources
 2023-10-13 11:31:50 +01:00
erik-krogh 9080e84fc9
add support for extracting `.jsp` files 2023-10-13 12:09:27 +02:00
Tony Torralba 5e921784fb
Merge pull request #14399 from ebickle/fix/thread-resource-arithmetic 
Java: Flow taint through arithmetic expressions for java/thread-resource-abuse experimental query
 2023-10-13 10:06:33 +02:00
Erik Krogh Kristensen b1ad61e27d
Merge pull request #14481 from erik-krogh/proper-codepoints 
ReDoS: use the new codePointAt and codePointCount methods instead of regex hacks
 2023-10-13 09:35:55 +02:00
Felicity Chapman 2ddcd1d9cc
Merge pull request #14489 from github/felicitymay-typo-fix 
Fix typo in link
 2023-10-12 21:45:30 +01:00
Felicity Chapman 8f70b55158
Fix typo in link 2023-10-12 20:53:44 +01:00
Ian Lynagh 2edc70da79
Merge pull request #14390 from igfoo/igfoo/compr 
Kotlin: Improve support for TRAP compression options
 2023-10-12 20:22:10 +01:00
Robert Marsh dd71204128 Swift: update test expectations for for-in locations 2023-10-12 18:59:36 +00:00
Geoffrey White fe57cd0784
Merge pull request #14488 from geoffw0/strlentest 
Swift: Additional test cases for `swift\string-length-conflation`
 2023-10-12 19:39:43 +01:00
AlexDenisov 6ab2de10e3
Merge pull request #14437 from github/alexdenisov/ignore-unavailable-declarations 
Swift: skip declarations marked as unavailable
 2023-10-12 20:08:18 +02:00
Ian Lynagh ed9502fd0b Kotlin: Enhance the TRAP compression test 2023-10-12 18:13:07 +01:00
Ian Lynagh adb47399c7 Kotlin: Improve support for TRAP compression options 
While you could control compression with
    CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION
before, most TRAP files used gzip regardless for compatibility with the
Java extractor. Now Java understands the option too we can use it for
shared TRAP files.
 2023-10-12 18:13:06 +01:00
Mathias Vorreiter Pedersen 3c34638438
Merge pull request #14486 from MathiasVP/simplify-overrun-write 
C++: Remove unnecessary `FlowState` from `cpp/overrun-write`
 2023-10-12 17:48:52 +01:00