hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-19 11:51:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
85,654 Commits 1,782 Branches 169 Tags
codeql-cli-2.24.1
Commit Graph

85654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eric Bickle
000c1f7ec8 Java: Flow taint through ArithExpr for ThreadResourceAbuse 
Ensure that tainted values flow through arithmetic operations when
checking for ThreadResourceAbuse vulnerabilities.

For example, multiplying 'number of seconds' by 1000 as an input
to Thread.Sleep, which accepts milliseconds, is a common scenario.
 2023-10-06 14:24:37 -07:00
amammad
13577f71d6 fix tests, add more comments 2023-10-06 22:34:31 +02:00
Robert Marsh
30a9656ebb Swift: change note for autoclosure cfg 2023-10-06 20:19:35 +00:00
Robert Marsh
cb749bd973 Swift: CFG for normal autoclosure exprs 2023-10-06 20:14:49 +00:00
amammad
5a49f6bb9b fix tests 2023-10-06 22:10:57 +02:00
Robert Marsh
661da76838 Swift: add function call autoclosure tests 2023-10-06 19:49:33 +00:00
erik-krogh
7ca0996912 add a taint-tracking tests for calls to tagged template strings 2023-10-06 21:39:42 +02:00
erik-krogh
9b6501787a add API-graph test for the new tagged template calls 2023-10-06 21:25:34 +02:00
Geoffrey White
0918e50b05 Swift: Switch pragma to inline_late. 2023-10-06 20:23:51 +01:00
erik-krogh
18e6a5491c recognize tagged templates as DataFlow::CallNode 2023-10-06 21:14:00 +02:00
amammad
f5efddc011 comments improvement 2023-10-06 21:12:59 +02:00
amammad
e45268cd4d improve and fix bugs and add Form Flow Sources test files 2023-10-06 21:01:42 +02:00
erik-krogh
951ed01d6b combine the library-tests/CallGraphs/FullTest tests into one file 2023-10-06 20:57:09 +02:00
amammad
21f477a674 revert go/vendor/ :( 2023-10-06 19:39:18 +02:00
amammad
d4b2ca5cee add vendor for tests, update test results, revert go/vendor/modules.txt :( 2023-10-06 19:34:13 +02:00
Geoffrey White
7c28528eac Swift: Change note. 2023-10-06 18:26:21 +01:00
Geoffrey White
676179620a Swift: Get sqlite3 C API results (model Data.withUnsafeBytes, Data.withUnsafeMutableBytes, permit flow out of collections at the query sink) 2023-10-06 18:26:20 +01:00
Geoffrey White
bc9d8cc40f Swift: Get another SQLite.swift result. 2023-10-06 18:26:20 +01:00
Geoffrey White
691665fca8 Swift: Add models for SQLite.swift. 2023-10-06 18:26:19 +01:00
Geoffrey White
bece2e8689 Swift: Add models for sqlite3 C API. 2023-10-06 18:26:19 +01:00
Geoffrey White
9a628d4165 Swift: Add test for sqlite3 C API. 2023-10-06 18:26:18 +01:00
Geoffrey White
8006996f46 Swift: Add test for SQLite.swift. 2023-10-06 18:26:18 +01:00
Geoffrey White
9ad1749957 Swift: Hide OpenExistentialExpr from the AST instead. 2023-10-06 17:55:29 +01:00
Maiky
ed066281b9 Add documentation string for CorsPermissiveConfiguration 2023-10-06 18:22:31 +02:00
amammad
31cae204f6 make DecompressionBombs module and extention points 2023-10-06 18:14:05 +02:00
Geoffrey White
76db1c5c8b Swift: Add the same code to the AST test as well. 2023-10-06 17:13:49 +01:00
Robert Marsh
85587413d0 Swift: fix QLDoc formatting for getSequence 2023-10-06 15:29:56 +00:00
Robert Marsh
c281db6b5b Swift: improve QLDoc for getSequence 2023-10-06 15:23:58 +00:00
Robert Marsh
ec292ca4e1 Swift: Split for-each change note into two lines 2023-10-06 15:21:55 +00:00
Ian Lynagh
d34b85cf03 Kotlin: Remove 1.4 compatibility 
We now only build with >= 1.5
 2023-10-06 15:17:32 +01:00
amammad
7d36c23d59 fix qhelp and PascalCase issues 2023-10-06 16:14:10 +02:00
Jeroen Ketema
b6132d2a0f C++: Rewrite cpp/cgi-xss to not use default taint tracking 2023-10-06 16:11:13 +02:00
amammad
5bc21a6178 delete old tests 2023-10-06 16:09:05 +02:00
amammad
7d961e1af2 do review improvements 2023-10-06 16:07:10 +02:00
Michael Nebel
dca39348ab Java: Add change note. 2023-10-06 15:09:16 +02:00
Michael Nebel
fb10af9042 Jave: Remove the local threat model from the default configuration. 2023-10-06 14:58:48 +02:00
amammad
7d73808d60 fix a test mistake, add comments for JWT extension points 2023-10-06 13:31:09 +02:00
amammad
aa127b1662 do review improvements 2023-10-06 13:22:43 +02:00
Michael B. Gale
0b13da35eb Go: Update newer-go-version-needed test 
- Use a version that is accepted by Go tooling
- Run is no longer successful with Go 1.21
 2023-10-06 11:57:47 +01:00
Michael B. Gale
01a1d814f4 Do not call EmitNewerGoVersionNeeded for v1.21+ 2023-10-06 11:57:37 +01:00
Michael B. Gale
c63f6807c4 Go: Run go version with GOTOOLCHAIN=local 2023-10-06 11:57:26 +01:00
Michael B. Gale
76781e5d75 Go: Add GoVersionInfo type 
Refactors `tryReadGoDirective` to return this instead of a pair.
This will make it easier to return multiple versions.
 2023-10-06 11:57:08 +01:00
Mathias Vorreiter Pedersen
a08356979f Merge pull request #14382 from MathiasVP/deduplicate-why 
C++: Project away `why` to prevent tuple duplication in `Buffer.qll`
codeql-cli/v2.15.0 		2023-10-06 12:52:58 +02:00
Geoffrey White
b0c7964ea6 Swift: Add the same code to the CFG test as well. 2023-10-06 10:07:52 +01:00
amammad
eef8137166 add Dice package, add global taint steps by SharedTaintStep, use getASuccessor 2023-10-06 10:58:26 +02:00
Geoffrey White
b3185e9519 Swift: Expand the test case. 2023-10-06 09:43:33 +01:00
Mathias Vorreiter Pedersen
eb3f1967a5 Merge pull request #14365 from MathiasVP/disable-flow-through-pointer-arith-for-size 
C++: Disable size-flow through pointer arithmetics in `cpp/invalid-pointer-deref`
 2023-10-06 10:14:31 +02:00
amammad
faaddd4dfe updates for FormParsers and ReadableStream modules, add separate module for Readable Streams, BusBoy RemoteFlowSources is covering more sources now!, modularize 2023-10-05 21:46:58 +02:00
Asger F
97b3ebe385 Merge pull request #14380 from asgerf/js/amd-range 
JS: Add AmdModuleDefinition::Range
 2023-10-05 21:05:28 +02:00
Mathias Vorreiter Pedersen
b231b1ccaf Merge pull request #14384 from MathiasVP/handle-instructions-in-reverse-flow 2023-10-05 20:26:38 +02:00