hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 08:42:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,673 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kylie Stradley
5bf02e73ea Update ql/src/Security/CWE-829/UnpinnedActionsTag.ql 
Co-authored-by: Alvaro Muñoz <pwntester@github.com>
 2024-11-04 11:30:29 -05:00
Simon Friis Vindum
8d59b9289b Rust: Make improvements to data flow based on PR feedback 2024-11-04 16:42:05 +01:00
Geoffrey White
5a34c166b7 Rust: Remove the workaround in rust/unused-variable. 2024-11-04 15:31:43 +00:00
Simon Friis Vindum
2818893010 Rust: Refactor AstCfgNode to use a field 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2024-11-04 15:01:25 +01:00
Florin Coada
7418d8ed24 Merge pull request #17832 from github/changedocs/2.19.2 
CodeQL 2.19.2 changedocs
 2024-11-04 13:56:28 +00:00
Tom Hvitved
0aee809697 Merge pull request #17899 from hvitved/accept-changes-multi-jobs 
Handle matrix jobs in accept changes script
 2024-11-04 14:54:21 +01:00
Alvaro Muñoz
ae6856ab5a models: add new control check model 2024-11-04 14:44:13 +01:00
Rasmus Wriedt Larsen
5f20f1984c expected-changes: Use set constructor 2024-11-04 14:14:15 +01:00
Rasmus Wriedt Larsen
8f80c24270 Merge pull request #17256 from RasmusWL/js-threat-models 
JS: Add support for threat models
 2024-11-04 14:04:12 +01:00
Simon Friis Vindum
34e8ea17d8 Merge pull request #17898 from paldepind/rust-cfg-refactor 
Rust: CFG classes are in expression module iff they correspond to exp…
 2024-11-04 13:01:15 +01:00
Tom Hvitved
95e9d013cc Update expected test output 2024-11-04 12:07:06 +01:00
Tom Hvitved
a89c82bf74 Handle matrix jobs in accept changes script 2024-11-04 11:49:35 +01:00
Simon Friis Vindum
6b25bea2e5 Rust: Accept consistency results 2024-11-04 11:28:26 +01:00
Simon Friis Vindum
a3c7d5a469 Merge branch 'main' into rust-data-flow-consistency 2024-11-04 11:10:48 +01:00
Simon Friis Vindum
fb26f7861f Merge pull request #17895 from paldepind/rust-data-flow-consistency-query 
Rust: Add data flow consistency queries
 2024-11-04 11:07:46 +01:00
Simon Friis Vindum
714e2fc2c1 Merge branch 'main' into rust-data-flow-consistency-query 2024-11-04 10:42:53 +01:00
Simon Friis Vindum
2ae721bd54 Merge pull request #17897 from github/redsun82/rust-fix-compilation 
Rust: fix semantic merge conflict about semantics
 2024-11-04 10:35:47 +01:00
Simon Friis Vindum
633bac633c Rust: CFG classes are in expression module iff they correspond to expressions 2024-11-04 10:34:08 +01:00
Simon Friis Vindum
7f344fab78 Rust: Add data flow consistency queries 2024-11-04 10:17:50 +01:00
Alvaro Muñoz
4f62573d17 Bump qlpack versions 2024-11-04 10:11:52 +01:00
Alvaro Muñoz
55476af179 Merge pull request #107 from github/query_if 
query: split if expression is always true query
 2024-11-04 10:11:14 +01:00
Alvaro Muñoz
db6f174b79 query: split if expression is always true query 
critical - if the if statement contains a known control check
high - otherwise
 2024-11-04 10:10:47 +01:00
Paolo Tranquilli
6848a22c65 Rust: fix semantic merge conflict about semantics 2024-11-04 10:04:40 +01:00
Paolo Tranquilli
bde517fcb1 Merge pull request #17849 from github/aibaars/single-semantics 
Rust: try to speed things up a bit
 2024-11-04 09:24:26 +01:00
Tom Hvitved
8b8b721788 Data flow: Order provenance output by textual representation 2024-11-04 08:47:30 +01:00
Jami Cogswell
459d16824e Java: weak crypto: do not report weak hash algorithms 2024-11-03 18:22:06 -05:00
Alvaro Muñoz
80f2b24eeb Bump qlpack versions 2024-11-03 22:29:50 +01:00
Alvaro Muñoz
ea20e9b337 fix: Add versioned python binaries to poisonable steps 2024-11-03 22:29:20 +01:00
Simon Friis Vindum
82076ee0b8 Rust: Propagate data flow through a few expression types 2024-11-03 16:12:59 +01:00
Simon Friis Vindum
2bab29d31b Rust: Add local data flow step tests 2024-11-03 16:12:58 +01:00
Simon Friis Vindum
01141ccdc9 Rust: Integrate SSA into data flow 2024-11-03 16:12:56 +01:00
Tom Hvitved
662a824312 Merge pull request #17865 from hvitved/rust/unused-macro-expansion 2024-11-03 09:17:14 +01:00
Chris Smowton
81ff394533 Be explicit about Kotlin database type 2024-11-01 19:02:28 +00:00
Geoffrey White
24c4e87f44 Swift: Fix stray []. 2024-11-01 16:30:15 +00:00
Geoffrey White
f3ea75d27c Swift: Further modelling updates / gap filling that doesn't seem to affect tests. 2024-11-01 16:19:41 +00:00
Geoffrey White
954fbc44bf Swift: Update prefix / suffix models for Swift 6. 2024-11-01 16:19:39 +00:00
Geoffrey White
be12649838 Swift: Update joined models for Swift 6. 2024-11-01 16:19:36 +00:00
Geoffrey White
6f0f73974a Swift: Update dropFirst / dropLast / reversed models for Swift 6. 2024-11-01 16:19:34 +00:00
Chris Smowton
5d3f723df9 Kotlin extractor: use special <nulltype> for null literals 
This matches the Java extractor's treatment of these literals, and so enables dataflow type-tracking to avoid special-casing Kotlin. Natively, Kotlin would regard this as kotlin.Nothing?, the type that can only contain null (kotlin.Nothing without a ? can take nothing at all), which gets Java-ified as java.lang.Void, and this will continue to be used when a null type has to be "boxed", as in representing substituted generic constraints with no possible type.
 2024-11-01 16:14:10 +00:00
Tom Hvitved
c4adec3010 Address review comment 2024-11-01 15:28:17 +01:00
yoff
cec0544ca5 Merge pull request #17789 from aschackmull/python/resolvecall-refactor 
Python: Refactor references to NormalCall.
 2024-11-01 14:20:34 +01:00
Anders Schack-Mulligen
bae61875cd UniversalFlow: Fixup some qldoc. 2024-11-01 14:04:27 +01:00
Taus
0bb5b4b9dc Merge pull request #17875 from github/tausbn/python-improve-parser-logging-and-timing 
Python: Improve parser logging/timing/customisability
 2024-11-01 12:47:46 +01:00
Taus
2892f0ff48 Merge pull request #17873 from github/tausbn/python-fix-generator-expression-locations 
Python: Even more parser fixes
 2024-11-01 12:47:19 +01:00
Simon Friis Vindum
a36095d85b Rust: Add local data flow test with if expression 2024-11-01 11:28:10 +01:00
Rasmus Wriedt Larsen
c0ad9ba529 Merge branch 'main' into js-threat-models 2024-11-01 10:48:32 +01:00
Rasmus Wriedt Larsen
dc8e645594 JS: Convert remaining queries to use ActiveThreatModelSourceAsSource 2024-11-01 10:47:10 +01:00
Tom Hvitved
03ffaac87a Merge pull request #17880 from hvitved/ruby/symbol-string-key-indifference 
Ruby: Do not distinguish between symbols and strings in hash keys
 2024-11-01 10:43:56 +01:00
Rasmus Wriedt Larsen
19fae76a94 JS: Remove dummy comment 
Co-authored-by: Asger F <asgerf@github.com>
 2024-11-01 10:24:22 +01:00
Paolo Tranquilli
03aef50836 Merge pull request #17883 from github/redsun82/rust-analysis 
Rust: use common config for analysis
 2024-10-31 17:46:15 +01:00