hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-25 05:06:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,673 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Napalys
c12c12c416 Added modeling for react-relay functions that retrieve data. 2025-03-06 18:30:21 +01:00
Napalys
5a1991bb69 Added test cases for react-relay functions that retrieve data 2025-03-06 18:10:27 +01:00
Napalys
89040d0d06 Added missing response and request MaD source kinds. 2025-03-06 18:10:25 +01:00
Napalys
0166e76cca Add change note 2025-03-06 18:10:24 +01:00
Napalys
1443f314a1 Added react-relay useFragment as threat model source. 2025-03-06 18:10:23 +01:00
Napalys
1e3b8625e6 Added a test case where useFragment from react-relay should be marked as a source but isn't 2025-03-06 18:10:21 +01:00
Michael B. Gale
16e84d0ad0 Merge pull request #18929 from github/mbg/go/filter-more-vendor-dirs 
Go: Support more dependency managers in `IsGolangVendorDirectory`
 2025-03-06 16:10:18 +00:00
Michael B. Gale
b872c60e1c Go: Support more dependency managers in IsGolangVendorDirectory 2025-03-06 15:40:44 +00:00
Anders Schack-Mulligen
da579c27fc Merge pull request #18934 from aschackmull/ssa/refactor5 
SSA: Replace the Guards interface in the SSA data flow integration.
 2025-03-06 15:11:52 +01:00
Taus
6546bb1b1d Merge branch 'main' into tausbn/python-fix-match-pruning-logic 2025-03-06 14:37:58 +01:00
Geoffrey White
9a35febe80 Rust: Query framework and basic tests. 2025-03-06 13:24:05 +00:00
Anders Schack-Mulligen
97a3411c0c Ruby: Accept test output. 2025-03-06 13:58:14 +01:00
Michael Nebel
61c043fd4a Merge pull request #18935 from michaelnebel/csharp/useless-if-statement 
C#: Fewer alerts in `cs/useless-if-statement`.
 2025-03-06 13:53:20 +01:00
Taus
a9ab39da1b Merge pull request #18448 from github/tausbn/python-add-type-annotation-metrics-query 
Python: Add metrics query for type annotations
 2025-03-06 13:52:26 +01:00
Anders Schack-Mulligen
5e722eecf7 Ruby: Push in casts to Definition to delete the then unused DefinitionExt. 2025-03-06 13:31:31 +01:00
Anders Schack-Mulligen
9e6bdbbcbb SSA: Don't add phi-reads for frontiers of uncertain reads. 2025-03-06 12:47:38 +01:00
Anders Schack-Mulligen
947a85ed28 Java: Enable SSA consistency queries. 2025-03-06 12:47:38 +01:00
Anders Schack-Mulligen
d95114fb1d SSA: Extend consistency queries. 2025-03-06 12:47:37 +01:00
Michael Nebel
fb3ce464be C#: Address review comments. 2025-03-06 11:48:35 +01:00
Michael B. Gale
7e984ad48e Merge pull request #18938 from github/dependabot/go_modules/go/extractor/extractor-dependencies-94582fc3a1 
Bump the extractor-dependencies group in /go/extractor with 2 updates
 2025-03-06 10:47:50 +00:00
Owen Mansel-Chan
7b2912376b Add failing test for os.File.Sync with defered Close calls 2025-03-06 10:14:28 +00:00
Owen Mansel-Chan
cbe7edd9c6 Merge pull request #18907 from teuron/cwe-925 
[CWE-925] Intent verification is only needed on non-empty onReceive methods.
 2025-03-06 10:00:05 +00:00
Joe Farebrother
2692b8fa9f Merge pull request #18936 from joefarebrother/python-add-not-named-self-cls-ccr 
Python: Include `py/not-named-self` and `py/not-named-cls` in the CCR suite
 2025-03-06 09:51:14 +00:00
Owen Mansel-Chan
0c091ffe31 Merge pull request #18920 from owen-mc/go/mad/improve-sync-models 
Go: Do not track taint into a `sync.Map` via the key of a key-value pair
 2025-03-06 09:40:49 +00:00
Lukas Abfalterer
32e1589745 Update java/ql/src/change-notes/2025-03-03-fix-improper-intent-verification-query.md 
Co-authored-by: Edward Minnix III <egregius313@github.com>
 2025-03-06 09:57:16 +01:00
Tom Hvitved
ec063d0dbd Rust: Fix bad joins 
```
Evaluated relational algebra for predicate _Synth::Synth::TFormatArgument#5cbf2ffd_63#join_rhs__Format::Format.getArgumentRef/0#dispred#38d664c__#antijoin_rhs@889ee4br with tuple counts:
           11356  ~0%    {5} r1 = JOIN `_Format::Format.getArgumentRef/0#dispred#38d664cb_Format::Format.getParent/0#dispred#f6ec3e8b_10#joi__#shared` WITH Synth::Synth::TFormatArgument#5cbf2ffd_63#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.0
        19631351  ~0%    {6}    | JOIN WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
           45933  ~0%    {6}    | JOIN WITH format_args_arg_names_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
             747  ~0%    {5}    | JOIN WITH format_args_expr_args_02#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Lhs.3, Lhs.4, Lhs.5
                         return r1

Evaluated relational algebra for predicate __Format::Format.getParent/0#dispred#f6ec3e8b_FormatArgument::FormatArgument.getParent/0#dispred#864__#antijoin_rhs@01d9d70k with tuple counts:
        19631351  ~1%    {6} r1 = JOIN `_Format::Format.getParent/0#dispred#f6ec3e8b_FormatArgument::FormatArgument.getParent/0#dispred#8641__#shared` WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Lhs.4, Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1
         5173010  ~0%    {7}    | JOIN WITH format_args_expr_args ON FIRST 1 OUTPUT Rhs.2, Lhs.5, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
             747  ~0%    {5}    | JOIN WITH format_args_arg_names ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.5, Lhs.6
                         return r1

Evaluated relational algebra for predicate _NamedFormatArgument::NamedFormatArgument#18940f8e__Format::Format.getParent/0#dispred#f6ec3e8b_10#j__#antijoin_rhs@dafbd6hr with tuple counts:
           11356  ~0%    {5} r1 = JOIN `_Format::Format.getParent/0#dispred#f6ec3e8b_10#join_rhs_FormatArgument::FormatArgument.getParent/0#__#shared` WITH NamedFormatArgument::NamedFormatArgument#18940f8e ON FIRST 1 OUTPUT Rhs.4, Lhs.1, Lhs.2, Lhs.3, Lhs.0
        19631351  ~0%    {6}    | JOIN WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
           45933  ~0%    {6}    | JOIN WITH format_args_arg_names_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
             747  ~0%    {5}    | JOIN WITH format_args_expr_args_02#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Lhs.3, Lhs.4, Lhs.5
                         return r1

```
 2025-03-06 09:02:42 +01:00
dependabot[bot]
1037626a28 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/mod/compare/v0.23.0...v0.24.0)

Updates `golang.org/x/tools` from 0.30.0 to 0.31.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-06 04:02:51 +00:00
Owen Mansel-Chan
63bfa36be8 Convert to inline expectations test 2025-03-05 21:39:04 +00:00
REDMOND\brodes
6083df2b7f Completed tying algorithm instances to consumers. Now the model should have known literals for cipher instances, and it traces those instances to consumers (inits) and those inits are traced to cipher operations. 2025-03-05 15:48:08 -05:00
REDMOND\brodes
de3ff45cba Misc updates for OpenSSL modeling to trace algorithm literals to known alg getters, and converting the literal to a TCipherType. 2025-03-05 15:17:52 -05:00
Ed Minnix
ca14c5722d Add likely XSS case to integration tests 2025-03-05 12:40:26 -05:00
Ed Minnix
e2f0a61f89 Add XSS test to integration tests 2025-03-05 12:40:02 -05:00
Ed Minnix
a0fe7d6a1a Remove unused line 2025-03-05 11:04:41 -05:00
Joe Farebrother
a06de21f45 Python: Include py/not-named-self and py/not-named-cls in the CCR suite. 2025-03-05 15:13:20 +00:00
Michael Nebel
c73eeec814 C#: Add change note. 2025-03-05 15:33:02 +01:00
Michael Nebel
dd7d5d031c C#: Update test expected output. 2025-03-05 15:27:01 +01:00
Michael Nebel
35fbaf4ac3 C#: Do flag empty if statements if there is a comment in cs/useless-if-statement. 2025-03-05 15:26:39 +01:00
Michael Nebel
361bdfac12 C#: Add a testcase with an empty if statement containing a comment. 2025-03-05 15:22:22 +01:00
Owen Mansel-Chan
f2947f7066 Fix indentation 2025-03-05 14:13:53 +00:00
Jami Cogswell
0eec951218 Java: update change note to mention removal from Community Packs 2025-03-05 08:55:51 -05:00
Michael Nebel
a9d45a2aa2 C#: Add some tests for cs/useless-if-statement. 2025-03-05 14:32:41 +01:00
Lukas Abfalterer
b4c75d832c Merge branch 'main' into cwe-925 2025-03-05 14:15:07 +01:00
Anders Schack-Mulligen
c6761db2fc SSA: Replace the Guards interface in the SSA data flow integration. 2025-03-05 13:29:31 +01:00
Anders Schack-Mulligen
a02735326a Ruby: Remove some DefinitionExt references and deprecate the rest. 2025-03-05 12:57:15 +01:00
Lukas Abfalterer
41e9a837e5 Fix naming 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2025-03-05 12:50:54 +01:00
Mathias Vorreiter Pedersen
38bf9c6835 Merge pull request #18908 from aschackmull/cpp/branchlimit-adjustment-refactor 
C++: Change countNumberOfBranchesUsingParameter to match qldoc closer.
 2025-03-05 11:21:38 +00:00
Anders Schack-Mulligen
709d36b502 Merge pull request #18869 from aschackmull/ssa/refactor3 
Ssa: Update qltests including consistency checks
 2025-03-05 11:40:27 +01:00
Napalys
d884e5fe6b Upgraded javascrip database schema 2025-03-05 11:06:56 +01:00
Napalys
95d05ceab8 Now store vFlagEnabled instead of each time searching for it. 
Added `uFlagEnabled` for checking how should `\p{}` be treated. And small optimization.
 2025-03-05 10:34:38 +01:00
Lukas Abfalterer
c9b75afc2a Fix QLL and add change notes with tests 2025-03-05 10:23:35 +01:00