hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

3202 Commits

Author SHA1 Message Date
Jeroen Ketema
977f15f8a4 Merge pull request #12649 from jketema/unit 
Replace all definitions of `Unit` by `import codeql.util.Unit`
 2023-03-27 08:49:50 +02:00
Anders Schack-Mulligen
85511ba19d Dataflow: Sync 2023-03-24 12:42:06 +01:00
Jeroen Ketema
a87a9438c7 Replace all definitions of Unit by import codeql.util.Unit 2023-03-24 10:39:34 +01:00
Anders Schack-Mulligen
9d88f01c82 Merge pull request #12645 from aschackmull/dataflow/renaming 
Dataflow: Rename Make to Global and hasFlow to flow
 2023-03-24 08:48:31 +01:00
Anders Schack-Mulligen
d440bc2d0c Dataflow: Sync. 2023-03-23 13:40:23 +01:00
Anders Schack-Mulligen
1c1aa7ecdd Dataflow: Add change notes. 2023-03-23 13:17:36 +01:00
Anders Schack-Mulligen
2761aa73ca Dataflow: Sync. 2023-03-23 13:06:19 +01:00
Kasper Svendsen
ce6be1f636 Dataflow: Instantiate stage 1 access paths with proper unit type 2023-03-23 08:32:16 +01:00
Anders Schack-Mulligen
0d6dd7d25a DataFlow: Sync. 2023-03-21 14:27:25 +01:00
Asger F
6d665da4dc Merge pull request #12570 from github/post-release-prep/codeql-cli-2.12.5 
Post-release preparation for codeql-cli-2.12.5
 2023-03-21 13:06:25 +01:00
Anders Schack-Mulligen
3876e4335f Merge pull request #12420 from kaspersv/kaspersv/dataflow-remove-alias-preds 
Dataflow: Remove revFlowAlias and revFlowApAlias predicates
 2023-03-20 16:30:15 +01:00
Kasper Svendsen
1d2f1b6ae6 Address comments 2023-03-20 13:34:14 +01:00
Kasper Svendsen
e0e3a1d621 Dataflow: remove revFlowApAlias trick 2023-03-20 13:04:13 +01:00
Michael Nebel
37484a415f Sync files. 2023-03-20 09:38:40 +01:00
Kasper Svendsen
9630feb5e4 Dataflow: Remove revFlowAlias trick 2023-03-20 09:04:35 +01:00
github-actions[bot]
981e171525 Post-release preparation for codeql-cli-2.12.5 2023-03-17 13:27:00 +00:00
Chris Smowton
0cadf4d94a Merge pull request #12558 from smowton/smowton/fix/flow-to-external-api-write-only-methods 
Go: exclude `net/http.Header.Set` and `.Del` from `go/untrusted-data-to-external-api`
 2023-03-17 11:52:48 +00:00
Chris Smowton
3e9924fcd2 Add change note 2023-03-16 15:35:00 +00:00
Chris Smowton
647bd44666 Go: exclude net/http.Header.Set and .Del from go/untrusted-data-to-external-api 
These functions (and doubtless many others) are write-only with respect to their receiver argument, so it doesn't really make sense to flag externally-controlled data flowing there.
 2023-03-16 15:31:35 +00:00
Michael Nebel
3fea9e4d0b Sync files. 2023-03-16 14:12:29 +01:00
github-actions[bot]
fe4d27e8cc Release preparation for version 2.12.5 2023-03-16 12:58:50 +00:00
Tom Hvitved
bdd56f1b6e Data flow: Sync files 2023-03-14 10:01:56 +01:00
Tony Torralba
705691b096 Merge pull request #12446 from github/java/update-mad-decls-after-triage-2023-03-08T14-51-59 
Java: Update MaD Declarations after Triage
 2023-03-13 14:07:59 +01:00
Anders Schack-Mulligen
0c95ab2cdc Merge pull request #12474 from hvitved/dataflow/call-back-post-update 
Data flow: Synthesize post-update nodes for callback arguments inside summarized callables
 2023-03-13 13:21:52 +01:00
Anders Schack-Mulligen
f53a05bf13 Merge pull request #12475 from aschackmull/dataflow/mergepathgraph 
Dataflow: Add MergePathGraph module.
 2023-03-13 11:26:24 +01:00
Anders Schack-Mulligen
c380ecbbbc Data flow: Add change notes. 2023-03-13 11:09:13 +01:00
Anders Schack-Mulligen
1e64748ffe Dataflow: Autoformat. 2023-03-10 15:12:19 +01:00
Anders Schack-Mulligen
289f921171 Dataflow: Sync. 2023-03-10 14:56:54 +01:00
Anders Schack-Mulligen
00f0879ff5 Dataflow: Sync. 2023-03-10 14:56:54 +01:00
Owen Mansel-Chan
674799af8c Implement diagnostic for relative package paths 2023-03-10 12:20:44 +00:00
Owen Mansel-Chan
d6712b2111 Add test for unexpected directory layout error 2023-03-10 12:20:43 +00:00
Tom Hvitved
32a699e34a Data flow: Sync files 2023-03-10 12:43:21 +01:00
Tony Torralba
8aa80882ea Sync files 2023-03-10 12:35:13 +01:00
Anders Schack-Mulligen
159d8e978c Dataflow: one more autoformat post rebase 2023-03-10 10:04:35 +01:00
Anders Schack-Mulligen
08c658e66b Go: Autoformat 2023-03-10 09:41:20 +01:00
Owen Mansel-Chan
250a0a71e1 Merge pull request #12466 from owen-mc/update-go-diagnostics 
The source name of a diagnostic should not change
 2023-03-09 15:51:32 +00:00
Mathias Vorreiter Pedersen
59402eb754 Merge pull request #12462 from MathiasVP/disable-std-order-in-fwd-flow-stage-1 
DataFlow: Disable standard order in `Stage1::fwdFlow`
 2023-03-09 15:30:05 +00:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Owen Mansel-Chan
f87b307ddb The source name of a diagnostic should not change 2023-03-09 14:00:52 +00:00
Mathias Vorreiter Pedersen
1f77f77153 DataFlow: Sync identical files. 2023-03-09 10:41:15 +00:00
Owen Mansel-Chan
55003300fe Merge pull request #12341 from owen-mc/go-tools-status 
Go: tools status page support
 2023-03-09 09:59:01 +00:00
Chris Smowton
db5bd98781 Return on failure to create file 2023-03-08 22:48:57 +00:00
Owen Mansel-Chan
820de5d36f Remove fatal/panic exits from diagnostic code 2023-03-08 22:00:34 +00:00
Owen Mansel-Chan
9fc119cc55 Rearrange diagnostic error message 
The context should come in the middle and the call to action should come
last.
 2023-03-08 17:09:52 +00:00
Owen Mansel-Chan
63d3b3ff2a Fix diagnostic-limit-reached visibility and location 2023-03-08 16:34:29 +00:00
Owen Mansel-Chan
0d6f17ec90 Do not use field internal, which is deprecated 2023-03-08 16:34:01 +00:00
Owen Mansel-Chan
17c550bc88 Address review comments 2023-03-08 15:51:45 +00:00
Chris Smowton
a63a4c29e2 Go: fix incorrect-integer-conversion sanitizer 
This was amended as part of https://github.com/github/codeql/pull/12186, but the conversion was inadequate because the new implementation didn't work when a sink (type conversion) led directly to a non-`localTaintStep` step, such as a store step or an interprocedural step. Here I move the sink back one step to the argument of the type
conversion and sanitize the result of the conversion instead, to ensure there is always a unique local successor to a sink.

This should eliminate unexpected extra results that resulted from https://github.com/github/codeql/pull/12186. Independently there are also *lost* results that stem from needing a higher `fieldFlowBranchLimit` that are not addressed in this PR, but raising that limit is a performance risk and so I will address this separately.
 2023-03-08 09:48:35 +00:00
Owen Mansel-Chan
07098bf8bf Minor refactor in diagnostics.go 2023-03-07 16:38:53 +00:00
Owen Mansel-Chan
2edccec693 Do not link to GitHub AE version of documentation 2023-03-07 16:38:53 +00:00