hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,673 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cornelius Riemenschneider
e8aa5db07a Rust: Update cargo dependencies. 
There was a recent round of tree-sitter-* package releases,
so the latest code is now a) released and b) available on crates.io.

Therefore, move away from the (super slow on CI) git dependencies to released crates instead.
This also includes a run of `cargo update`, so there's a bunch of more changes to the lockfile.
 2024-11-11 12:13:14 +01:00
Simon Friis Vindum
ad6bd88f0a Merge pull request #17954 from paldepind/rust-data-flow-fix-inconsistencies 
Rust: Fix data flow fix inconsistencies
 2024-11-11 11:56:10 +01:00
Chris Smowton
89a2f0dc00 Merge pull request #17890 from smowton/smowton/fix/kotlin-use-nulltype 
Kotlin extractor: use special <nulltype> for null literals
 2024-11-11 10:54:21 +00:00
Simon Friis Vindum
aebce746df Rust: Create data flow nodes for parameters in the CFG 
Before data flow nodes where created for all parameters in the AST. But
some AST parameters does not lead to any data flow (for instance
parameters in function pointer types).
 2024-11-11 11:46:10 +01:00
Simon Friis Vindum
6a3d417836 Rust: Implement enclosing callable for additional classes 2024-11-11 11:11:29 +01:00
Napalys
ae57c12b15 Added change notes 2024-11-11 10:38:14 +01:00
Napalys
82f09f1f8b Updated TS version to 5.7.1-release candidate 2024-11-11 10:19:32 +01:00
Michael Nebel
404ca27aec Java: Move non-experimental models out of the experimental folder. 2024-11-11 10:08:45 +01:00
Paolo Tranquilli
07c59f7562 Rust: fix integration tests 2024-11-11 09:55:46 +01:00
Simon Friis Vindum
bf07aa1cbd Merge pull request #17947 from paldepind/rust-ssa-node-printing 
Rust: Mark SSA data flow nodes in output and hide them in paths
 2024-11-11 09:55:26 +01:00
Paolo Tranquilli
0298743f2a Merge branch 'main' into redsun82/rust-cargo-options 2024-11-11 09:47:59 +01:00
Simon Friis Vindum
9f0fba16cd Rust: Fix grammar and add documentation comments 2024-11-11 09:46:47 +01:00
Simon Friis Vindum
db1b698689 Rust: Accept fixed spurious results 2024-11-11 08:59:34 +01:00
Simon Friis Vindum
54172774d5 Merge branch 'main' into rust-async-blocks 2024-11-11 08:50:51 +01:00
Simon Friis Vindum
55796badaf Rust: Mark SSA data flow nodes in output and hide them in paths 2024-11-11 08:48:48 +01:00
Simon Friis Vindum
e3662fa97f Merge pull request #17923 from geoffw0/unreachable4 
Rust: More tests for rust/deadcode
 2024-11-11 08:45:47 +01:00
Napalys
81bc7cd19f Refactored SortTaintStep to ArrayInPlaceManipulationTaintStep to support both sort and reverse functions. Fixed newly added test case. from 8026a99db7 2024-11-11 08:32:03 +01:00
Napalys
1c298f0231 Added test case for Array.prototype.reverse, which is currently not flagged as a potential sink. 2024-11-11 08:32:02 +01:00
Napalys
f1c6dc1d9b Moved SortTaintStep to more appropriate home TaintTracking->Arrays 2024-11-11 08:32:01 +01:00
dependabot[bot]
916184964b Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.26.0 to 0.27.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-11 03:24:36 +00:00
Simon Friis Vindum
a5e13ee71b Rust: Handle async blocks in SSA analysis 2024-11-10 11:59:37 +01:00
Simon Friis Vindum
74a6d9812d Rust: Add SSA test for async blocks 2024-11-10 11:33:03 +01:00
Simon Friis Vindum
8e6844e4da Merge branch 'main' into rust-async-blocks 2024-11-10 09:28:14 +01:00
Alvaro Muñoz
064c983b47 Merge branch 'master' of https://github.com/github/codeql-actions 2024-11-09 10:40:14 +01:00
Alvaro Muñoz
44fd14caaf Bump qlpack versions 2024-11-09 10:40:04 +01:00
Owen Mansel-Chan
0b24235de4 Update test results 2024-11-09 07:56:44 +00:00
Owen Mansel-Chan
9afdee4697 Accept changed test results and improve test 2024-11-09 07:55:02 +00:00
Florin Coada
f3c7352727 Merge pull request #17935 from github/changedocs/2.19.3 
Changedocs for 2.19.3
 2024-11-08 17:58:54 +00:00
Geoffrey White
727a7d4957 Merge branch 'main' into unreachable4 2024-11-08 17:39:15 +00:00
Paolo Tranquilli
98b7d50e8a Rust: avoid test name with * 2024-11-08 18:20:09 +01:00
Paolo Tranquilli
d9d37dc341 Merge branch 'main' into redsun82/rust-cargo-options 2024-11-08 18:17:54 +01:00
Paolo Tranquilli
5490975a27 Merge pull request #17943 from github/redsun82/rust-accept-inconsistencies 
Rust: accept some inconsitencies for now
 2024-11-08 18:17:30 +01:00
Kylie Stradley
0110988b1c Merge pull request #105 from github/immutable-actions 
Add CodeQL rule for Immutable actions, do not detect immutable actions in unpinned tag rule
 2024-11-08 12:15:54 -05:00
Paolo Tranquilli
9684df8535 Rust: accept some inconsitencies for now 
The modified result is just a change due to a semantic conflict after introducing some
`toString` implementations.

The new inconsistency should be looked at more in detail.
 2024-11-08 18:05:19 +01:00
Paolo Tranquilli
94ba6473dd Merge branch 'main' into redsun82/rust-cargo-options 2024-11-08 17:54:59 +01:00
Kylie Stradley
d6e38d5e83 Do not detect immutable actions in UnpinnedActionsTag 
* these should be handles by the UseOfUnversionedImmutableAction.qll query instead
* factor out immutableAction detection for reuse in both queries
* octokit should not longer ping in UnpinnedActionsTag
 2024-11-08 11:51:25 -05:00
Paolo Tranquilli
f77f2b7ff0 Rust: turn off the test cfg by default 2024-11-08 17:07:03 +01:00
Paolo Tranquilli
a13c70bd11 Rust: add integration test for cargo options 2024-11-08 16:50:21 +01:00
Owen Mansel-Chan
c8f41206be Add a change note 2024-11-08 14:23:55 +00:00
Geoffrey White
c7112ef278 Rust: Accept consistency check changes. 2024-11-08 14:22:04 +00:00
Simon Friis Vindum
d52a2d67a2 Rust: Create CFG scope for async blocks 2024-11-08 15:00:02 +01:00
Geoffrey White
ede72b2680 Rust: Add unresolved macro calls count as well. 2024-11-08 13:59:05 +00:00
Owen Mansel-Chan
38ee2d418a Fix bug by extracting more pointer types 2024-11-08 13:57:36 +00:00
Owen Mansel-Chan
5094cb851b Add test showing bug (SEmbedP.PMethod not showing) 2024-11-08 13:57:34 +00:00
Simon Friis Vindum
e05b126215 Rust: Add CFG tests for async/await and const 2024-11-08 14:50:07 +01:00
Anders Schack-Mulligen
a311294080 Merge pull request #17932 from aschackmull/java/kotlin-notnull-typeflow 
Kotlin: Support NotNullExpr in TypeFlow.
 2024-11-08 13:48:15 +01:00
Michael B. Gale
71e4646489 Merge pull request #17934 from github/dependabot/go_modules/go/extractor/extractor-dependencies-ede2484c43 
Bump golang.org/x/mod from 0.21.0 to 0.22.0 in /go/extractor in the extractor-dependencies group
 2024-11-08 12:43:38 +00:00
Paolo Tranquilli
9cea631399 Merge pull request #17931 from github/redsun82/rust-target-dir 
Rust: allow to specify the target directory
 2024-11-08 13:34:03 +01:00
Paolo Tranquilli
26839f5e15 Merge pull request #17882 from github/redsun82/rust-resolve 
Rust: extract some resolved paths
 2024-11-08 13:33:41 +01:00
Geoffrey White
f827ad8157 Rust: Add missing @kind diagnostic query metadata. 2024-11-08 12:33:06 +00:00