github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
58 132 коммитов 1 544 Ветки 131 Тег 485 MiB
Граф коммитов

58132 Коммитов

Автор SHA1 Сообщение Дата
Jeroen Ketema f996fa2f8b
Merge pull request #14043 from jketema/ir-regres 
C++: Add IR test case that shows regression after frontend update
 2023-08-24 09:23:58 +02:00
AlexDenisov d89a86fea4
Merge pull request #13979 from github/alexdenisov/autobuilder-spm 
Swift: teach autobuilder about SPM, CocoaPods, and Carthage
 2023-08-24 08:50:04 +02:00
Jeroen Ketema c882945e30
C++: Add IR test case that shows regression after frontend update 2023-08-24 08:36:22 +02:00
erik-krogh db2b8d4bcc
remove some test code I accidentially commited 2023-08-24 07:56:05 +02:00
Harry Maclean 96e9dfc7b2
Merge pull request #13969 from hmac/shared-extractor-globs 
Shared extractor: support file path globs
 2023-08-23 16:41:39 +01:00
Harry Maclean b76842ad3d Shared: Fix clippy lint 2023-08-23 16:24:57 +01:00
Harry Maclean 3680613f2d Shared: Restrict extractor file globs to filenames 2023-08-23 16:09:56 +01:00
Mathias Vorreiter Pedersen 6cf99688e1
Merge pull request #13985 from alexet/ir-tainted-sql 
CPP: Convert SQL tainted away from away from DefaultTaintTracking.
 2023-08-23 15:40:55 +01:00
Rasmus Wriedt Larsen 89b790d048
Merge pull request #14037 from RasmusWL/fix-tests 
Python: Fix tests
 2023-08-23 16:37:40 +02:00
Rasmus Wriedt Larsen f33359bd5c
Python: Fix tests 2023-08-23 15:37:55 +02:00
Asger F 2b540e251a
Merge pull request #14007 from asgerf/js/import-path-string 
JS: Follow immediate predecessors in path resolution
 2023-08-23 15:28:22 +02:00
Harry Maclean 54c2221f35
Merge pull request #14033 from hmac/excon-bugfix 
Ruby: Fix bug in excon model
 2023-08-23 14:24:53 +01:00
Harry Maclean cc7ef5dac1 Shared: Fix clippy lint in shared extractor 2023-08-23 14:11:22 +01:00
Harry Maclean ed40d72e4f Shared: Bump extractor version 2023-08-23 14:11:22 +01:00
Harry Maclean 24ac6c0596 QL: Update for shared extractor changes 2023-08-23 14:11:21 +01:00
Harry Maclean 7e2abf20c6 Shared: Support glob patterns in shared extractor 
Replace the `file_extensions` field with `file_globs`, which supports
UNIX style glob patterns powered by the `globset` crate.

This allows files with no extension (e.g. Dockerfiles) to be extracted,
by specifying a glob such as `*Dockerfile`.

One surprising aspect of this change is that the globs match against the
whole path, rather than just the file name.

This is a breaking change.
 2023-08-23 14:11:21 +01:00
Asger F d146514275
Merge pull request #13928 from asgerf/js/ignore-huge-files 
JS: Ignore files larger than 10 MB during extraction
 2023-08-23 15:09:58 +02:00
Asger F d2fca1b804
Merge pull request #13926 from asgerf/js/fix-cyclic-alias-extraction 
JS: fix crash in case of cyclic alias
 2023-08-23 15:09:39 +02:00
Asger F ee1b3fd7e9 Java: update test after VariableCapture.qll change 2023-08-23 14:57:26 +02:00
Asger F 8aec87ea57 Update VariableCapture.qll 2023-08-23 14:57:26 +02:00
Alex Eyers-Taylor 949b0a2613 CPP:Move import to start of file 2023-08-23 13:39:29 +01:00
Alex Eyers-Taylor 7d99d61662 CPP: Convert SQL tainted to IR dataflow. 2023-08-23 13:39:29 +01:00
Michael Nebel 08d44c1bdc
Merge pull request #14019 from michaelnebel/csharp/excludedlls 
C#: Exclude dll files when getting files in the dependency manager.
 2023-08-23 14:15:32 +02:00
Asger F b8fc84e8e4 JS: Change note 2023-08-23 14:11:07 +02:00
Asger F c6a757e085 JS: More robust handling of cyclic aliases 2023-08-23 14:11:07 +02:00
Asger F 794a459c1b JS: Add reproduction test 2023-08-23 14:11:07 +02:00
Asger F b93e404441 JS: Change log 2023-08-23 14:05:21 +02:00
Harry Maclean d18ca3f5d7 Ruby: Fix bug in excon model 
If a codebase included a definition for `Excon.new`, we matched
connection nodes to unrelated request nodes.
 2023-08-23 12:55:36 +01:00
Tony Torralba 0f3918af16
Merge pull request #13773 from atorralba/atorralba/java/mdht-xxe-sink 
Java: Add XXE sinks for MDHT
 2023-08-23 13:49:49 +02:00
Asger F ae2a1c7399 JS: Change note 2023-08-23 13:39:56 +02:00
Anders Schack-Mulligen 736c4beb9e Java: Add change note. 2023-08-23 13:26:41 +02:00
Anders Schack-Mulligen 6c02e30f56 Java: Update models. 2023-08-23 13:24:55 +02:00
Anders Schack-Mulligen 4b0a1cf74b Java: Remove old interpretation. 2023-08-23 13:19:16 +02:00
Anders Schack-Mulligen 410c09270f Java: Use nested names in MaD signatures. 2023-08-23 13:17:52 +02:00
Harry Maclean a5c8917ff0
Merge pull request #14031 from hmac/hmac-fix-test 
Ruby: Update test fixture
 2023-08-23 10:15:23 +01:00
Harry Maclean 842da58269 Ruby: Update test fixture 2023-08-23 09:59:04 +01:00
Harry Maclean fb4b774c0d
Merge pull request #13967 from hmac/remove-splat-all 
Ruby: Remove isSplatAll
 2023-08-23 09:40:06 +01:00
Michael Nebel 1f1d48f768
Merge pull request #14020 from tamasvajk/fix/dependency-fetching-1 
C#: Fix lazy evaluation of not yet downloaded packages
 2023-08-23 10:39:29 +02:00
Michael Nebel 95193633fe
Update csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2023-08-23 10:35:20 +02:00
erik-krogh 25e4f2c3a2
limit concretize to strings of at most length 100 2023-08-23 10:26:29 +02:00
Tom Hvitved 3810b796a0 Data flow: Use call contexts in stage 3 2023-08-23 10:05:57 +02:00
Asger F d8462ad1b3 JS: Add a file size limit to extractor 2023-08-23 09:54:55 +02:00
Asger F bc47646a79 JS: Move getMegabyteCountFromPrefixedEnv into a shared place 2023-08-23 09:54:55 +02:00
Asger F dec6039469 JS: Follow immediate predecessors in path resolution 2023-08-23 09:53:51 +02:00
Michael Nebel 672d1637ab C#: Exclude dll files when getting files in the dependency manager. 2023-08-23 09:28:49 +02:00
Maiky 664c1eba72 Add `""` and `nil` as sources 2023-08-22 18:10:33 +02:00
Jeroen Ketema cf53956d39
Merge pull request #14021 from jketema/non-const-format-test 
C++: Add `cpp/non-constant-format` test
 2023-08-22 17:38:45 +02:00
Jeroen Ketema 6566b91355
C++: Add indication that the test result is good 2023-08-22 16:38:46 +02:00
Robert Marsh 5734e475d4
Merge pull request #14014 from rdmarsh2/rdmarsh2/swift/keypath-force-steps 
Swift: flow through keypath optional components
 2023-08-22 10:35:36 -04:00
Jeroen Ketema 1e8daff02a
C++: Add `cpp/non-constant-format` test 2023-08-22 16:23:47 +02:00