hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-07 06:27:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,777 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Friis Vindum
23bfa8a9bc Rust: Add local data flow edge for SSA definitons 2024-11-19 12:19:47 +01:00
Owen Mansel-Chan
bc784268fd Make Logrus log injection tests more comprehensive 2024-11-19 11:18:28 +00:00
Owen Mansel-Chan
791313fbdf Add tests for logrus.FieldLogger 2024-11-19 11:18:26 +00:00
Owen Mansel-Chan
cc62db796c Add tests for Xorm first argument of varargs slice 2024-11-19 11:18:24 +00:00
Owen Mansel-Chan
5a0cd2e7d6 Add tests for squirrel.Eq 2024-11-19 11:18:22 +00:00
Owen Mansel-Chan
8cbab0c66e Model logrus.FieldLogger using models-as-data 2024-11-19 11:18:20 +00:00
Owen Mansel-Chan
d37c816bd9 Model some Xorm methods in QL 2024-11-19 11:18:17 +00:00
Owen Mansel-Chan
25cd4d4585 Model some squirrel methods in QL 
We need to put a restriction on the type of the argument.
 2024-11-19 11:18:15 +00:00
Owen Mansel-Chan
a0729fc760 Fix typo in package path 
Co-authored-by: Edward Minnix III <egregius313@github.com>
 2024-11-19 11:18:13 +00:00
Owen Mansel-Chan
35cbc162b0 Convert logging sinks to use MaD 2024-11-19 11:18:11 +00:00
Owen Mansel-Chan
85c7e8c221 Convert gocb nosql-injection sinks to MaD 2024-11-19 11:18:09 +00:00
Owen Mansel-Chan
fbaad09179 Convert mongodb nosql-injection sinks to MaD 2024-11-19 11:18:02 +00:00
Owen Mansel-Chan
b4c84be3be Convert database/sql/driver sql-injection sinks to MaD 2024-11-19 11:15:48 +00:00
Owen Mansel-Chan
e4eef6791a Convert database/sql sql-injection sinks to MaD 2024-11-19 11:15:42 +00:00
Owen Mansel-Chan
4cca6cff59 Convert Beego orm sql-injection sinks to MaD 2024-11-19 11:13:32 +00:00
Owen Mansel-Chan
2282a8184b Convert Bun sql-injection sinks to MaD 2024-11-19 11:13:30 +00:00
Owen Mansel-Chan
1c305aa8f3 Convert Xorm sql-injection sinks to MaD 2024-11-19 11:13:28 +00:00
Owen Mansel-Chan
1ab50fc62c Convert Gorm sql-injection sinks to MaD 2024-11-19 11:13:26 +00:00
Owen Mansel-Chan
fb050e8b43 Convert sqlx sql-injection sinks to MaD 2024-11-19 11:13:23 +00:00
Owen Mansel-Chan
d9d3e74e8c Convert gogf/gf sql-injection sinks to MaD 2024-11-19 11:13:17 +00:00
Owen Mansel-Chan
1315a1e9ae Upgrade and convert gorqlite sql-injection sinks to MaD 2024-11-19 11:13:13 +00:00
Owen Mansel-Chan
924467bebe Convert squirrel sql-injection sinks to MaD (non-existent methods removed) 
Various non-existent methods were modeled, and I couldn't find any
evidence that they used to exist. They aren't in the stubs or tests. I
have removed them.
 2024-11-19 11:13:10 +00:00
Geoffrey White
c7c6924fda Rust: Implement query, source/sink/barrier classes and concepts. All of this is framework, nothing is concretely modelled yet. 2024-11-19 11:09:43 +00:00
Geoffrey White
6a7fb06086 Rust: Add .qhelp and examples. 2024-11-19 11:09:42 +00:00
Simon Friis Vindum
bacc37d886 Rust: Add additional tests for intraprocedural data flow 2024-11-19 12:07:26 +01:00
Geoffrey White
2df565c84f Rust: Add options.yml and sqlx 'query cache' (result of 'sqlx prepare') so that the query test can function. 2024-11-19 10:56:37 +00:00
Geoffrey White
28d0ad94d5 Rust: Add placeholder SQL injection query, linked in test. 2024-11-19 10:56:36 +00:00
Geoffrey White
3673c7c813 Rust: Add SQL injection test cases (complete and functioning). 2024-11-19 10:56:35 +00:00
Michael Nebel
45458ed72b Merge pull request #17845 from michaelnebel/csharp/net8runtimehigherorder 
C#: Add generated higher order models for .NET8 Runtime.
 2024-11-19 11:52:34 +01:00
Alvaro Muñoz
afb7967a0c Delete .actual test files 2024-11-19 11:31:59 +01:00
Alvaro Muñoz
3ce3cf43be refactor common code to identify untrusted checkouts 2024-11-19 11:31:35 +01:00
Simon Friis Vindum
b3668f8183 Merge pull request #17971 from paldepind/rust-df-patterns 
Rust: Include patterns as data flow nodes
 2024-11-19 11:12:12 +01:00
Simon Friis Vindum
2307df41ed Merge pull request #18010 from paldepind/rust-df-viable-callable 
Rust: Include method calls in DataFlowCall and implement simple call target resolution
 2024-11-19 11:10:34 +01:00
Michael Nebel
e3990b7d04 C#: Add change-note. 2024-11-19 10:56:19 +01:00
Stephan Brandauer
4208f031e3 Java: drop automodel queries 2024-11-19 10:40:22 +01:00
Stephan Brandauer
aea7c3fc81 Java: drop automodel change note 2024-11-19 10:40:17 +01:00
Paolo Tranquilli
e8677b46d5 Bazel: rename shortcut to install 2024-11-19 10:34:40 +01:00
Tom Hvitved
bb8d0b4881 Rust: Handle early returns in async blocks in CFG 2024-11-19 10:33:25 +01:00
Tom Hvitved
b6103e1ef4 Rust: Add CFG test for early return in async block 
Also made the test comply with `cargo check`.
 2024-11-19 10:32:43 +01:00
Paolo Tranquilli
40b8406d62 Bazel: use installer shortcut in docs and workflows 2024-11-19 10:32:21 +01:00
Michael Nebel
263a4a9fcb C#: Allow other characters between build-stdput and the expected message. 2024-11-19 10:26:07 +01:00
Michael Nebel
f89e80f402 C#: Update integration tests expected output. 2024-11-19 10:26:06 +01:00
Michael Nebel
05a19adc8f C#: Update global.json files. 2024-11-19 10:26:04 +01:00
Michael Nebel
d8313fc7b4 C#: Update .NET version in project files. 2024-11-19 10:26:02 +01:00
Michael Nebel
6b9d9a2c94 C#: Update stub generator script. 2024-11-19 10:26:00 +01:00
Michael Nebel
57e0e2dba1 C#: Update workflow files and scripts. 2024-11-19 10:25:58 +01:00
Michael Nebel
201a5e9faa C#: Update the extractor to target .NET 9. 2024-11-19 10:25:52 +01:00
Paolo Tranquilli
6e33f979c7 Bazel: add an installer shortcut to codeql_pack 
This makes the first `codeql_pack` in a package add an `installer` target
aliasing the `<name>-installer` one. This makes it so that one can for
example do `bazel run //rust:installer` instead of the stuttering
`bazel run //rust:rust-installer`. If a bazel package defines multiple
`codeql_pack` targets, the first one only will get the `installer` alias.
 2024-11-19 10:25:31 +01:00
Tom Hvitved
ef9f3835e5 Merge pull request #18007 from hvitved/rust/cfg/and-let 
Rust: Improve CFG for `let` expressions
 2024-11-19 10:23:32 +01:00
Calum Grant
2bfd7326d9 Merge pull request #18004 from github/revert-17948-revert-17694-multiple-entry-point 
Revert "Revert "C++: Do not generate IR for functions with multiple entry points""
 2024-11-19 09:20:24 +00:00