hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nora Dimitrijević
19b373aa90 [DIFF-INFORMED] Go: SensitiveConditionBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql#L33
 2025-07-17 11:46:44 +02:00
Nora Dimitrijević
d6ef585110 [DIFF-INFORMED] Go: RequestForgery, SafeUrlFlow 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-918/RequestForgery.ql#L21
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql#L24
 2025-07-17 11:46:42 +02:00
Nora Dimitrijević
8c8625d912 [DIFF-INFORMED] Go: ReflectedXss 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-079/ReflectedXss.ql#L23
 2025-07-17 11:46:40 +02:00
Nora Dimitrijević
4b473622bc [DIFF-INFORMED] Go: InsecureRandomness 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-338/InsecureRandomness.ql#L19
 2025-07-17 11:46:39 +02:00
Nora Dimitrijević
ce7eb9b16a [DIFF-INFORMED] Go: IncorrectIntegerConversion 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql#L23
 2025-07-17 11:46:37 +02:00
Nora Dimitrijević
f228818b1f [DIFF-INFORMED] Go: HardcodedCredentials 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-798/HardcodedCredentials.ql#L62
 2025-07-17 11:46:35 +02:00
Nora Dimitrijević
109f6ddc2d [DIFF-INFORMED] Go: ExternalAPIs 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql#L18
 2025-07-17 11:46:33 +02:00
Nora Dimitrijević
89f760460b [DIFF-INFORMED] Go: CommandInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-078/CommandInjection.ql#L28
 2025-07-17 11:46:30 +02:00
Nora Dimitrijević
e0d16a863b [DIFF-INFORMED] Go: AllocationSizeOverflow 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql#L24
 2025-07-17 11:46:29 +02:00
Geoffrey White
944fd2aa11 Rust: Add explicit types in some (not all) of the test cases. 2025-07-17 10:45:40 +01:00
Anders Schack-Mulligen
448cc82ef9 Kotlin: Accept more test changes. 2025-07-17 11:21:27 +02:00
Anders Schack-Mulligen
54775e0958 Java: Adjust Paths.qll 2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen
e7a6259bd7 Java: Accept test changes. 2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen
fbe79e8a52 Java: Add AnnotatedExitNodes to the CFG. 2025-07-17 11:21:26 +02:00
Joe Farebrother
680e31dc48 Modernize raise-not-implemented 2025-07-17 10:02:00 +01:00
Owen Mansel-Chan
53e1939b60 Merge pull request #20053 from owen-mc/go/fix-dataflowconsistency 
Go: Fix compilation of DataFlowImplConsistency.qll
 2025-07-17 09:22:12 +01:00
Michael Nebel
01738c2e42 Merge pull request #19940 from michaelnebel/csharp/fixmodels 
C#: Improve some existing manual models.
 2025-07-17 07:58:14 +02:00
Kevin Stubbings
f86152d3bd Add sanitizer changes and fix test 2025-07-16 21:27:33 +00:00
Jeroen Ketema
eabe651edf Merge pull request #20069 from jketema/spaceship-ir 
C++: Support the spaceship operator in the IR
 2025-07-16 21:45:39 +02:00
Jeroen Ketema
29a6af4efd C++: Fix instruction class name 2025-07-16 18:11:17 +02:00
Jeroen Ketema
f319381f27 C++: Support the spaceship operator in the IR 2025-07-16 17:53:55 +02:00
Geoffrey White
62b7d84638 Rust: Add Sqlx as MaD sinks instead. 2025-07-16 16:36:42 +01:00
Geoffrey White
87deab861f Rust: Remove Sqlx.qll. 2025-07-16 16:23:50 +01:00
Geoffrey White
6f5e4ef5b9 Merge branch 'main' into sqlx 2025-07-16 15:59:42 +01:00
Jeroen Ketema
9b8302f983 Merge pull request #20068 from jketema/spaceship-test 
C++: Add test that shows that IR generation for `<=>` is broken
 2025-07-16 16:50:25 +02:00
Owen Mansel-Chan
805e31fdb9 Update test expectations 2025-07-16 15:25:45 +01:00
Jeroen Ketema
807ab986f4 C++: Update more exoected test results 2025-07-16 16:19:40 +02:00
Mathias Vorreiter Pedersen
a9fb49a2c3 Merge pull request #20066 from MathiasVP/dont-summarize-function-pointer-calls 
C++: Don't wrap calls through function pointers in `FunctionWithWrappers`
 2025-07-16 14:57:14 +01:00
Jeroen Ketema
2709bf0615 C++: Add test that shows that IR generation for <=> is broken 2025-07-16 15:54:18 +02:00
Owen Mansel-Chan
7d4a70cc1d Add change notes 2025-07-16 14:44:24 +01:00
Owen Mansel-Chan
ad60aff860 Update which sink kinds are shared between languages 2025-07-16 14:42:12 +01:00
Owen Mansel-Chan
fdd1e3fefe Use MaD models for unsafe deserialization sinks when possible 
Many of the unsafe deserialization sinks have to stay defined in QL
because they have custom logic that cannot be expressed in MaD models.
 2025-07-16 14:42:07 +01:00
Mathias Vorreiter Pedersen
8b953e4f22 C++: No need for 'resolveCall' anymore. 2025-07-16 14:28:04 +01:00
Mathias Vorreiter Pedersen
df4b338c5d C++: Add change notes. 2025-07-16 14:11:09 +01:00
Jeroen Ketema
1990438376 JS: Fix import 
The import should not have been private, because we want users to still be
able to import this file and have access to the crypto algorithms.
 2025-07-16 14:41:50 +02:00
Jeroen Ketema
24bea738c9 Shared: Add missing QLDoc and change note 2025-07-16 14:37:43 +02:00
Simon Friis Vindum
7f8829ad8e Rust: Add additional inline expectation 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2025-07-16 14:00:27 +02:00
Mathias Vorreiter Pedersen
ca913b452c C++: Don't summarize calls through function pointers in FunctionWithWrappers. 2025-07-16 11:51:46 +01:00
Jeroen Ketema
200d46f5c7 Merge pull request #20060 from jketema/typeid-fix 
C++: Fix typeid IR translation
 2025-07-16 12:40:03 +02:00
Simon Friis Vindum
bbd7ed57ce Rust: Add inline expectation 2025-07-16 12:32:35 +02:00
Michael Nebel
e9fdca7d39 C#: Address review comments. 2025-07-16 11:12:25 +02:00
Chris Smowton
d6a3b2e91f Merge pull request #20065 from smowton/smowton/fix/web.config 
C#: Make web.config match case insensitive (with change note)
 2025-07-16 09:52:34 +01:00
Michael Nebel
c5357ff556 Merge pull request #20008 from Hug0Vincent/csharp 
feat: add getASupertype() predicate in ValueOrRefType.
 2025-07-16 10:39:57 +02:00
Chris Smowton
a537c0091e change note 2025-07-16 09:06:38 +01:00
Simon Friis Vindum
a508089df8 Rust: Improvements to tuple type inference based on PR feedback 2025-07-16 09:38:29 +02:00
Geoffrey White
d264fb5865 Merge pull request #20042 from geoffw0/sinknoise 
Rust: Make rust/summary/query-sinks less noisy
 2025-07-16 08:36:16 +01:00
Michael Nebel
70bf61dc57 C#: Convert Deserialization tests to use inline expectations. 2025-07-16 08:41:58 +02:00
Michael Nebel
8f8b0428ab C#: Add change-note. 2025-07-16 08:41:56 +02:00
Michael Nebel
eba901f610 C#: Update flow summaries expected output. 2025-07-16 08:41:55 +02:00
Michael Nebel
95763dd225 C#: Add some models for SerializationInto and SerializationInfoEnumerator. 2025-07-16 08:41:53 +02:00