hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-12 22:14:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,681 Branches 158 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
7483075b7e Python: Fixup modeling of os.open 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
d245db54a1 Python: Model file threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
66f389a4b6 Python: Model stdin thread-model 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
e1801f3a29 Python: Proper threat-model handling for argparse 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
56c85ffe54 Python: Fixup threat-models for os.environ.get() 
Since using `.DictionaryElementAny` doesn't actually do a store on the
source, (so we can later follow any dict read-steps).

I added the ensure_tainted steps to highlight that the result of the
WHOLE expression ends up "tainted", and that we don't just mark
`os.environ` as the source without further flow.
 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
b9239d7101 Python: Add basic support for environment/commandargs threat-models 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
528f08fb83 Python: Make queries use ActiveThreatModelSource 2024-09-10 14:32:35 +02:00
Jeroen Ketema
5f4fee0780 C++: Address review comments 2024-09-10 14:23:10 +02:00
Arthur Baars
a5d1d9e167 Make implementation more complete 
Use Unimplemented to mark AstNodes  that need implementing
 2024-09-10 14:13:05 +02:00
Alvaro Muñoz
321e5504bc Bump qlpack versions 2024-09-10 13:59:04 +02:00
Alvaro Muñoz
25a210734b Update tests 2024-09-10 13:58:36 +02:00
Alvaro Muñoz
ef41db3ce5 Extract simple reference expression from ORed disjuncts 2024-09-10 13:58:24 +02:00
Asger F
0ddb1c87f5 JS: Test update indicating a problem with .split() 2024-09-10 13:14:37 +02:00
Asger F
e0ca1b0482 JS: Benign test updates 2024-09-10 13:07:24 +02:00
Jeroen Ketema
500a2a0738 C++: Fix IR inconsistency due to throwing __except block 
The fix consists of three parts:
* Ensure that an `Unwind` instruction is generated for functions that contain
  a Microsoft `__try` statement, or a function that must throw.
* Do not manually introduce `Unwind` instructions for `__except` blocks, but
  depend on the `Unwind` that we now insert in the function.
* Add missing `getExceptionSuccessorInstruction` predicate to
  `TranslatedMicrosoftTryExceptHandler`
 2024-09-10 12:41:43 +02:00
Arthur Baars
2ae725784c Don't use _ to ignore things so rustc will show warnings for all the gaps in the implementation 2024-09-10 12:26:56 +02:00
Arthur Baars
b2451c6667 Improve schema 2024-09-10 12:26:54 +02:00
Arthur Baars
46bfefc99a Address comments 2024-09-10 12:26:53 +02:00
Paolo Tranquilli
ef06b555c1 Rust: accept test changes 2024-09-10 11:29:54 +02:00
Jeroen Ketema
90f7b30997 Merge pull request #17418 from jketema/throw-inconsistent 
C++: Add IR inconsistency test
 2024-09-10 11:07:16 +02:00
Paolo Tranquilli
437b671035 Merge branch 'rust-experiment' into aibaars/rust-experiment 
Also fixed conflicts and applied linting (can be done via
`rust/lint.py` or `pre-commit` configuration).
 2024-09-10 10:24:49 +02:00
Paolo Tranquilli
38c25f96e5 Rust: add linting pre-commit hook 2024-09-10 10:22:45 +02:00
Paolo Tranquilli
37afad2f70 Merge pull request #17410 from github/redsun82/rust-ci 
Rust: set up `codeql` CI
 2024-09-10 10:04:24 +02:00
Alvaro Muñoz
a9a297ab78 Update tests 2024-09-10 09:52:21 +02:00
Alvaro Muñoz
147da50cb9 Use Taint Tracking to track PR refs to checkout's ref argument 2024-09-10 09:52:09 +02:00
Alvaro Muñoz
bd0c762781 Refactor: Do not use PRHeadCheckoutStep on any dependency of TaintTracking 
Problem is that there are StoreSteps that depend on PRHeadCheckout so
there is a non-monotic recursion error since PRHeadCheckout depends on
TaintTracking module, but this module depends on PRHeadCheckout
 2024-09-10 09:51:32 +02:00
Alvaro Muñoz
42b487b348 Match callers and callees when root is not the repo root 
When running codeql test run, the root of the database is not the root
of the original repo (the directory containing .github and .git)
therefore calls to reusable workflows are not correctly matched.
 2024-09-10 09:49:43 +02:00
Dave Bartolomeo
ae3f3d0c25 Merge pull request #17419 from github/dbartol/cherry-pick-ruby 
Fix upload in Ruby build
 2024-09-09 16:49:57 -04:00
Dave Bartolomeo
78281168c2 Merge pull request #17417 from github/post-release-prep/codeql-cli-2.18.4 
Post-release preparation for codeql-cli-2.18.4
 2024-09-09 16:45:30 -04:00
Chuan-kai Lin
fae180f612 C#: Fix trivial upgrade.properties errors 2024-09-09 13:33:04 -07:00
Dave Bartolomeo
5961774f84 Include hidden files when uploading Ruby pack 2024-09-09 16:22:43 -04:00
Jeroen Ketema
dfa16423c0 C++: Add IR inconsistency test 2024-09-09 21:50:42 +02:00
github-actions[bot]
97edff3f70 Post-release preparation for codeql-cli-2.18.4 2024-09-09 18:45:46 +00:00
Dave Bartolomeo
561abced2d Merge pull request #17416 from github/release-prep/2.18.4 
Release preparation for version 2.18.4
codeql-cli/v2.18.4 		2024-09-09 12:25:56 -04:00
Jeroen Ketema
6e0b5bcb63 Merge pull request #17414 from MathiasVP/add-more-try-except-testcases 
C++: Add more IR inconsistency tests
 2024-09-09 18:10:42 +02:00
github-actions[bot]
91537cdf9a Release preparation for version 2.18.4 2024-09-09 16:08:48 +00:00
Mathias Vorreiter Pedersen
353cd8cc74 C++: Add more IR inconsistency tests. 2024-09-09 16:37:55 +01:00
Arthur Baars
42b1112be6 Rust: add default Element::toString 2024-09-09 15:05:04 +02:00
Arthur Baars
20ca8801e6 Revert "Rust: PrintAstNode: tolerate elements without toString" 
This reverts commit 85e51bf0ec.
 2024-09-09 15:01:32 +02:00
Arthur Baars
61592a3256 Rust: fix locations 
In QL locations are 1-based inclusive ranges. The locations is rust are 0-based
and the end position is exclusive.

To patch things up, subtract 1 from the end offset and add 1 to all line and column numbers.
 2024-09-09 14:56:37 +02:00
Jeroen Ketema
1250e72ebb Merge pull request #17399 from jketema/simplify 
C++: Re-introduce the original version of the `many_defs_per_use` IR test
 2024-09-09 14:18:19 +02:00
Paolo Tranquilli
6f36ea9188 Merge branch 'main' into rust-experiment 
Conflicts:
  shared/tree-sitter-extractor/src/trap.rs
 2024-09-09 14:15:34 +02:00
Paolo Tranquilli
f1cd9211e7 Merge pull request #17407 from github/redsun82/rust-extractor-generalize-location-cache 
Tree-sitter: allow multiple sources per trap file
 2024-09-09 14:12:33 +02:00
Michael B. Gale
6c8780a2f9 Merge pull request #17395 from github/mbg/go/1.23-changenote 
Go: Add change note and update docs for Go 1.23
 2024-09-09 13:06:46 +01:00
Arthur Baars
86215b4f02 Rename IfLet to IfStmt 2024-09-09 13:33:17 +02:00
Arthur Baars
85e51bf0ec Rust: PrintAstNode: tolerate elements without toString 2024-09-09 13:29:49 +02:00
Arthur Baars
b40476423b Rust: schema.py add '| child' markers 2024-09-09 13:29:45 +02:00
Asger F
3d4287b7cc JS: Remove ContentSet#asArrayIndex() 
For ContentSet it is ambiguous whether asArrayIndex() should get a singleton content set, or the KnownArrayElement content set. The user will now have to choose between asSingleton().asArrayIndex() or ContentSet::arrayElementKnown.
 2024-09-09 13:28:32 +02:00
Asger F
013d226ae3 JS: Update comment 2024-09-09 13:26:27 +02:00
Asger F
55d4e7e742 JS: Use ArrayElementKnown when reading a constant array index 2024-09-09 13:26:25 +02:00