hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 15:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,673 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
39b61598e9 C++: Accept test changes. 2024-11-26 13:57:38 +00:00
Mathias Vorreiter Pedersen
f7cf5af720 C++: Actually check the function name. 2024-11-26 13:56:22 +00:00
Jami
36acfeb305 Merge pull request #18087 from jcogs33/jcogs33/java-sha2 
Java: add SHA-384 to list of secure crypto algorithms
 2024-11-26 08:51:58 -05:00
yoff
6d6f269e6c Merge pull request #17997 from yoff/java/inline-range-tests 2024-11-26 14:48:07 +01:00
Tom Hvitved
0c6b4cdb8f Merge pull request #18078 from hvitved/rust/variant-flow 
Rust: Data flow through variants
 2024-11-26 14:45:00 +01:00
Mathias Vorreiter Pedersen
f65f11b404 C++: Add a test for a somewhat embarrasing bug: MaD didn't check the function name in some cases. 2024-11-26 13:43:42 +00:00
Asger F
c2e9dca1de Merge pull request #18043 from asgerf/jss/jump-and-test-exclusion 
JS: Fix jump steps generated by IIFEs and exception flow
 2024-11-26 14:33:42 +01:00
Taus
2734377e5d Python: Add API graph support for parameter annotations 
Adds API graph support for observing that in
```python
def foo(x : Bar): ...
```
The variable `x` is likely to be an instance of the type `Bar` inside
this function.
In particular, we add `getInstanceFromAnnotation` as a predicate on API
graph nodes that tracks this step (corresponding to a new edge type
labeled with "annotation" in the API graph), and extend the existing
`getAnInstance` predicate to also include instances arising from type
annotations.

A more complete solution would also add support for annotated
assignments (`x : Foo = ...` or just `x : Foo`) as well as track types
through type aliases (`type Foo = Bar`). This turns out to be
non-trivial, however, as these type constructs don't have any CFG nodes
(and so no data-flow nodes by default either). In order to not have
perfect be the enemy of good, this commit is only targeting the type
parameter case (which is also likely to be the most common use case
anyway).

The tests for API graphs have been extended accordingly, including tests
for the kinds of type ascriptions that we _don't_ currently model in API
graphs (marked with `MISSING:` in the inline tests).
 2024-11-26 13:03:06 +00:00
Jeroen Ketema
6aa7c93af2 C++: More qlhelp fixes 2024-11-26 13:58:54 +01:00
Jeroen Ketema
fc6c327ab7 C++: Add change note 2024-11-26 13:55:30 +01:00
Taus
047e9742a0 Merge pull request #18086 from github/tausbn/add-vscode-task-for-creating-change-notes 
Add script and VSCode task for creating change notes
 2024-11-26 13:55:21 +01:00
Jeroen Ketema
e1f70a0dec C++: Add missing </p> to qlhelp 2024-11-26 13:50:09 +01:00
Taus
5279857d06 Fix comment 2024-11-26 12:48:20 +00:00
Asger F
f073f3b791 JS: Rename file to foo.test.js 2024-11-26 13:44:00 +01:00
Asger F
65da9b41b5 JS: Add cross-file test in InsecureRandom 2024-11-26 13:43:24 +01:00
Taus
adbd4d35ed Add support for both query and library change notes 2024-11-26 12:39:17 +00:00
Anders Schack-Mulligen
a6fc41ec4b Java: Accept consistency failure. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
38eb3e4952 Java: Adjust expected output. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
2ff2d25784 Java: Cherry-pick test from https://github.com/github/codeql/pull/17051 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
408a38d9fb Java: Address review comment, include addFirst,addLast. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
0d45f0efb2 Java: Accept consistency check result. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
2b1caa8a35 Java: Add test. 2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen
5a4b720322 Java: Add change note. 2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen
6f32c4129d Java: Add a default taint sanitizer for contains-checks on lists of constants. 2024-11-26 13:25:41 +01:00
Anders Schack-Mulligen
7f86f8cac7 Java: Prepare TypeFlow for separate instantiation of universal flow. 2024-11-26 13:25:41 +01:00
Owen Mansel-Chan
bcc89ecb7c Add change note 2024-11-26 12:07:32 +00:00
Owen Mansel-Chan
196634ecdb Model slices package 
Skipping functions that involve iterators for now.
 2024-11-26 12:01:09 +00:00
Tom Hvitved
8c111382ad Address review comments 2024-11-26 13:00:59 +01:00
Owen Mansel-Chan
47eb407be9 Update Go version in stdlib tests 2024-11-26 12:00:10 +00:00
Paolo Tranquilli
9f09454db9 Merge pull request #18107 from github/redsun82/rust-rename 
Rust: rename `MatchExpr.expr` to `scrutinee` in all layers
 2024-11-26 12:59:06 +01:00
Asger F
b4bd8e701c JS: Add test for file classification change 2024-11-26 12:33:39 +01:00
Geoffrey White
d1915c707d Swift: Add a test revealing the issue in pure dataflow. 2024-11-26 11:24:42 +00:00
Geoffrey White
45858527e2 Swift: Add another test case. 2024-11-26 11:15:24 +00:00
Geoffrey White
6130679c34 Swift: Label the now missing cases for CWE-020 and dataflow. 2024-11-26 11:13:19 +00:00
Paolo Tranquilli
cb0ac61db6 Merge pull request #18069 from geoffw0/sourcemodels 
Rust: Add some flow source models
 2024-11-26 12:08:02 +01:00
Jeroen Ketema
d9b278de66 C++: Promote cpp/guarded-free 2024-11-26 11:45:55 +01:00
Rasmus Lerchedahl Petersen
f508f8eb83 Java: address review comments 2024-11-26 11:44:16 +01:00
Paolo Tranquilli
7a86257968 Merge branch 'main' into redsun82/rust-rename 2024-11-26 10:48:19 +01:00
Paolo Tranquilli
d73dcd6753 Merge pull request #18105 from paldepind/rust-string-to-str 
Rust: Change `&String` to `&str`
 2024-11-26 10:45:44 +01:00
Paolo Tranquilli
8a01161d4a Rust: rename MatchExpr.expr to scrutinee in all layers 
This doesn't require `ql.name` and is simpler while we don't have
to write upgrade scripts. The `ql.name` mechanism might get useful
once we do have to write upgrade scripts, as that doesn't change the
dbscheme.
 2024-11-26 10:42:13 +01:00
Simon Friis Vindum
8252e1da02 Rust: Change &String to &str 2024-11-26 09:21:44 +01:00
Simon Friis Vindum
44b1ad52d9 Rust: Support self parameters in variable and SSA library 2024-11-26 09:02:13 +01:00
Ed Minnix
8c6e08c94e Add `slices.Concat` example 2024-11-25 21:57:24 -05:00
Ed Minnix
96a796585f fix formatting issue 2024-11-25 21:57:09 -05:00
Ed Minnix
460df89f28 Add `slices.Max` example 2024-11-25 21:56:52 -05:00
Geoffrey White
1090164b77 Merge branch 'main' into sourcemodels 2024-11-25 21:12:24 +00:00
Geoffrey White
28c0e899b7 Rust: Autoformat. 2024-11-25 20:50:56 +00:00
Geoffrey White
e6302cae53 Rust: Address CI and ql-for-ql issues. 2024-11-25 20:07:47 +00:00
Geoffrey White
e8981a505d Rust: Fix qhelp. 2024-11-25 20:00:22 +00:00
Geoffrey White
77f5168590 Rust: Query metadata and path edges. 2024-11-25 19:54:06 +00:00