hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-12 22:14:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,681 Branches 158 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kevin Stubbings
326eb6946e Added 2024-08-30 18:17:38 -07:00
Kevin Stubbings
5c8c99d31f Add header support for bottle and tornado 2024-08-30 18:16:01 -07:00
Paolo Tranquilli
885e89a927 Rust: first running tests 2024-08-30 17:45:51 +02:00
Tom Hvitved
642ec38589 Merge pull request #17340 from hvitved/csharp/ssa-exclude-enums 2024-08-30 16:31:38 +02:00
Paolo Tranquilli
7e1290aa74 Rust: reuse shared rust trap library 2024-08-30 16:08:37 +02:00
Joe Farebrother
ec7ad84cd1 Update formatting 2024-08-30 13:51:33 +01:00
Joe Farebrother
5360192a58 Apply review suggestions - change = to in 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-08-30 13:25:59 +01:00
Jeroen Ketema
4945943732 C++: Support C11 _Generic expressions 2024-08-30 14:24:03 +02:00
Paolo Tranquilli
4f0fe1ce3a Rust: bazel packaging 2024-08-30 13:05:46 +02:00
Tom Hvitved
4ef4ede0b1 C#: Do not calculate field-based SSA for enums 2024-08-30 11:19:07 +02:00
Tom Hvitved
a9b5faa6ab C#: Add SSA test for enums 2024-08-30 11:19:06 +02:00
Jeroen Ketema
30335ab81e C++: Add C11 _Generic IR tests 2024-08-30 10:50:49 +02:00
Paolo Tranquilli
3da6cee6ef Merge branch 'main' into rust-experiment 2024-08-30 10:30:43 +02:00
Cornelius Riemenschneider
321820e758 Java: Rename integration test directories. 
We are no longer bound to the platform-specific directories, so simplify the test organization.
If you don't want this change, just skip merging this PR. It's purely optional.

I kept the platform-specific directories around under `kotlin`,
but you could also easily merge all these together if you find them unhelpful.
I'll leave that change to you.
 2024-08-30 10:28:25 +02:00
Paolo Tranquilli
04753b286f Rust: tweak trap_key 2024-08-30 10:12:20 +02:00
Michael Nebel
89c387cf5c Merge pull request #17326 from michaelnebel/shared/contentflowtaint 
DataFlow: Bugfix in content flow state for value preservation.
 2024-08-30 09:23:50 +02:00
Andrew Eisenberg
13705531b5 Update .github/pull_request_template.md 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2024-08-29 14:47:54 -07:00
Henry Mercer
3490067316 Merge branch 'main' into henrymercer/rc-3.15-mergeback 2024-08-29 19:48:01 +01:00
Henry Mercer
d5bccd5373 Reapply "C#: Add support for flow through side-effects on static fields" 
This reverts commit ea6092ad3f.
 2024-08-29 19:47:53 +01:00
Cornelius Riemenschneider
092ce01d93 C#: Rename integration test directories. 
We are no longer bound to the platform-specific directories, so simplify the test organization.
If you don't want this change, just skip merging this PR. It's purely optional.

This is not very invasive for C#, I'm just dropping the `only`
suffix. You could also merge all the platform-specific test dirs,
or all test dirs into the top-level directory. I'll leave that up to you.
 2024-08-29 19:06:56 +02:00
Cornelius Riemenschneider
72e2910d17 Merge pull request #17315 from github/criemen/pytest-java 
Java: Port all integration tests to pytest
 2024-08-29 18:05:52 +02:00
Paolo Tranquilli
590a146b49 Rust: some basic extraction of function names (with locations!) 2024-08-29 17:58:50 +02:00
Cornelius Riemenschneider
5ecc6f9dc8 Merge remote-tracking branch 'origin/main' into criemen/pytest-java 2024-08-29 16:43:46 +02:00
Cornelius Riemenschneider
dd7f757281 Address review. 2024-08-29 16:43:27 +02:00
Michael Nebel
ff31aa540c Address review comments. 2024-08-29 15:54:04 +02:00
Asger F
4568967a76 JS: Do not use legacy taint steps in TaintedUrlSuffix 
Tainted URL suffix steps are added as configuration-specific additional
steps, which means implicit reads may occur before any of these steps.

These steps accidentally included the legacy taint steps which include
a step from 'arguments' to all positional parameters. Combined with the
implicit read, arguments could escape their array index and flow to
any parameter while in the tainted-url flow state.
 2024-08-29 13:48:30 +02:00
Asger F
65a36b0b3b JS: Add regression test for argument position confusion 2024-08-29 13:42:28 +02:00
Michael Nebel
0df0d8a51f Merge pull request #17236 from michaelnebel/java/viablecallableheuristic 
Java: Make more finegrained dataflow dispatch viable callable heuristic.
 2024-08-29 10:46:30 +02:00
Joe Farebrother
5494389c4b Update changenote 
Co-authored-by: Sid Shankar <sidshank@github.com>
 2024-08-29 09:44:23 +01:00
Simon Friis Vindum
e7f059ae55 C++: Tweak the bounded barrier 2024-08-29 10:32:31 +02:00
Michael Nebel
53b2471c9d Java: Update expected test output. 2024-08-29 09:03:46 +02:00
Cornelius Riemenschneider
047a655dec Merge pull request #17324 from github/criemen/move-swift-int-tests 
Swift: Move all integration tests.
 2024-08-28 21:27:26 +02:00
Simon Friis Vindum
edeefe5bb6 Merge pull request #17298 from paldepind/model-functions-that-dont-throw 
C++: Add basic modeling of functions that don't throw
 2024-08-28 19:50:31 +02:00
Tom Hvitved
49a4f3a82f Data flow: Reduce non-linear recursion in fwdFlow0 2024-08-28 17:29:23 +02:00
Paolo Tranquilli
f40901f391 Rust: archiving + skeleton def translator 2024-08-28 17:15:49 +02:00
Michael Nebel
fa5d6f12be Java: Update logging test expected output. 2024-08-28 16:16:16 +02:00
Michael Nebel
bd5529cefa Java: Update the Byte- and CharBuffer models and add models for set- and getParameters on LogRecord. 2024-08-28 16:15:09 +02:00
Michael Nebel
395656a1cf Java: Extend the logging test with a test case for parameters. 2024-08-28 16:13:32 +02:00
Cornelius Riemenschneider
123c375d84 Merge pull request #17322 from github/criemen/move-js-int-tests 
JS: Move all integration tests.
 2024-08-28 16:04:39 +02:00
Jeroen Ketema
40fe39c288 Merge pull request #17311 from jketema/builtins 
C++: Add support for more clang builtins
 2024-08-28 16:00:08 +02:00
Simon Friis Vindum
d1fecd869b C++: Make StringCchPrintf not extend NonThrowingFunction 2024-08-28 15:40:14 +02:00
Cornelius Riemenschneider
966c3a62dd Merge pull request #17309 from github/criemen/bazel-prerelease 
Bazel: switch to a 7.4.0 prerelease.
 2024-08-28 15:28:06 +02:00
Jeroen Ketema
2b571cf450 C++: Address review comments 2024-08-28 15:11:42 +02:00
Michael Nebel
e8595e28e9 Update java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-08-28 15:04:38 +02:00
Anders Schack-Mulligen
dd49fc932d Merge pull request #17325 from aschackmull/dataflow/state-in-summary 
Dataflow: Include FlowState in SummaryCtx.
 2024-08-28 15:03:18 +02:00
Cornelius Riemenschneider
ab56e63f96 Merge branch 'main' into criemen/pytest-java 2024-08-28 14:47:49 +02:00
Michael Nebel
6d346dbedd DataFlow: Bugfix in flow state for value preservation. 2024-08-28 14:40:04 +02:00
Anders Schack-Mulligen
6a9bd0de1d Dataflow: Include FlowState in SummaryCtx. 2024-08-28 14:13:28 +02:00
Jeroen Ketema
026969b6e9 C++: Add change note 2024-08-28 13:08:44 +02:00
Jeroen Ketema
9e861ce717 C++: Add support for more clang builtins 2024-08-28 13:08:42 +02:00