hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-08 14:42:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,776 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kevin Stubbings
f0560458af Finished up 2024-09-27 19:24:40 +00:00
Chris Smowton
ca68aaa0de Remove test code 2024-09-27 19:07:00 +01:00
REDMOND\brodes
b73fe0ba0a Adding change log 2024-09-27 12:41:45 -04:00
REDMOND\brodes
92c8d39ba3 Updating expected file, false positives now resolved. 2024-09-27 12:39:50 -04:00
REDMOND\brodes
cc24f1ed9f Modifications to the query to address false positives. 2024-09-27 12:38:22 -04:00
REDMOND\brodes
26e58532ee Adding tests and updated expected file with false positives to correct. 2024-09-27 12:37:09 -04:00
Alvaro Muñoz
294ebe56c6 Merge branch 'master' of https://github.com/github/codeql-actions 2024-09-27 18:33:55 +02:00
Alvaro Muñoz
1a5a3044c2 Bump qlpack versions 2024-09-27 18:25:31 +02:00
Alvaro Muñoz
2e6f004bda Merge pull request #92 from github/fix/direct_cache_poison 
Improve path checks for Artifact and Cache poisoning queries
 2024-09-27 18:25:00 +02:00
Alvaro Muñoz
9d26a8da26 Improve path checks for Artifact and Cache poisoning queries 2024-09-27 18:22:35 +02:00
Owen Mansel-Chan
796db77104 Add comments noting methods from embedded interfaces are already included 2024-09-27 15:03:09 +01:00
Anders Schack-Mulligen
fb630d266e Java: Add a couple of neutrals 2024-09-27 15:24:06 +02:00
Tom Hvitved
90a8bef64c Rust: Run codegen 2024-09-27 13:39:15 +02:00
Ian Lynagh
7de1182f92 Merge pull request #17599 from igfoo/igfoo/constrs 
Kotlin: Fix the return type for lambda constructors
 2024-09-27 12:38:50 +01:00
Tom Hvitved
dc4160b24a Rust: Prune CFG for impossible true/false edges 2024-09-27 13:37:29 +02:00
Tom Hvitved
bf58bdd2bd Rust: Update CFG tests 2024-09-27 13:35:14 +02:00
Tom Hvitved
431b33a274 Rust: Implement LiteralExpr::toString() 2024-09-27 13:33:25 +02:00
Tom Hvitved
97ead6f462 Merge pull request #17560 from hvitved/codegen/remove-cached 
Codegen: Do not cache injectors/projectors in `Synth` module
 2024-09-27 13:17:02 +02:00
Alvaro Muñoz
65d09b3a4b Merge pull request #91 from github/fix/artpoison 
Improve artifact poisoning query
 2024-09-27 12:45:59 +02:00
Alvaro Muñoz
86c1d9c30f Improve artifact poisoning query 
Better check of download path
Add downloading to /tmp as a sanitizer
 2024-09-27 12:35:10 +02:00
Ian Lynagh
2a5b48930a Kotlin: Fix the return type for lambda constructors 2024-09-27 11:21:40 +01:00
Ian Lynagh
08be35fc2c Kotlin: Add a test for constructors 2024-09-27 11:21:23 +01:00
Arthur Baars
7c6239b077 Merge branch 'main' into unreachable 2024-09-27 12:15:49 +02:00
Rasmus Lerchedahl Petersen
72530a8312 Python: use synthetic node for comprehension capture argument 
We used to use the CfgNode for the comprehension itself.
In cases where that is also an argument, say
```python
",".join([x for x in l])
```
that would be an argument to two different calls causing a dataflow consistency violation.
 2024-09-27 12:15:03 +02:00
Anders Schack-Mulligen
2d76752ca0 Java: Add model for CharArrayWriter.toString(). 2024-09-27 11:28:20 +02:00
Alvaro Muñoz
26f829eff4 Bump qlpack versions 2024-09-27 10:29:47 +02:00
Alvaro Muñoz
27752c7590 Merge pull request #90 from github/regexp_actions 
Add new sources and summary steps
 2024-09-27 10:29:06 +02:00
Alvaro Muñoz
010ad359d7 Add new sources and summary steps 2024-09-27 10:28:44 +02:00
Rasmus Lerchedahl Petersen
294092b671 Python: use comprehension function argument 
For a comprehension `[x for x in l]
- `l` is now a legal argument (in DataFlowPublic)
- `l` is the argument of the comprehension function (in DataFlowDispatch)
- the parameter of the comprehension function is being read rather than `l` (in IterableUnpacking)
Thus the read that used to cross callable boundaries is now split into a arg-param edge and a read from that param.
 2024-09-27 09:44:39 +02:00
Michael Nebel
0b39c5b982 C#/Java: Update model generator expected output. 2024-09-27 09:22:29 +02:00
Michael Nebel
80497f551e Shared: Only make unlifted models in case the API itself is relevant. 2024-09-27 09:22:25 +02:00
Michael Nebel
3d1a403655 C#: Add example of content based summary on private method. 2024-09-27 09:22:20 +02:00
Michael Nebel
ccadfa134e Shared: Update the model generator script to allow execution of the mixed model generator queries. 2024-09-27 09:22:15 +02:00
Michael Nebel
8310faa2e9 C#/Java: Add a query that uses both content based and non-content based model generation. 2024-09-27 09:22:11 +02:00
Owen Mansel-Chan
fdff209938 Merge pull request #17505 from owen-mc/go/inheritance-tests 
Go: Add tests for model inheritance and fix bug in promoted methods
 2024-09-26 16:42:25 +01:00
Calum Grant
8e85f24c95 Merge pull request #17553 from github/calumgrant/bmn/wrong-number-of-format-arguments 
C++: Remove FPs in cpp/wrong-number-format-arguments due to BMN
 2024-09-26 15:01:23 +01:00
Calum Grant
8967989c7b C++: Rename change-note 2024-09-26 13:39:46 +01:00
Tom Hvitved
7c473c38c0 Merge pull request #17585 from hvitved/shared/cfg-scope-no-first-consistency 
Shared: Add CFG consistency check for scopes with missing entry points
 2024-09-26 14:05:08 +02:00
Calum Grant
dcb75f490f Update cpp/ql/src/change-notes/2024-09-26-wrong-number-format-arguments 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2024-09-26 13:05:06 +01:00
Calum Grant
8045440d00 Update cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2024-09-26 13:04:52 +01:00
Rasmus Wriedt Larsen
7c32efc218 Merge pull request #17203 from RasmusWL/threat-models 
Python: Add support for threat models
 2024-09-26 13:15:46 +02:00
Rasmus Wriedt Larsen
381ea93ec3 Merge pull request #17424 from RasmusWL/active-threat-model-source 
Go/Java/C#: Rename `ThreatModelFlowSource` to `ActiveThreatModelSource`
 2024-09-26 13:08:17 +02:00
Michael Nebel
a128383760 C#/Java: Add some dfc-generated test cases. 2024-09-26 13:01:01 +02:00
Michael Nebel
2a5dc204fb Shared: Add dfc as a valid model origin. 2024-09-26 13:00:57 +02:00
Michael Nebel
9a923d62ad C#/Java: Updated expected test output. 2024-09-26 13:00:52 +02:00
Michael Nebel
e70297a7bc Shared: Content based models is now printed with dfc-generated provenance. 2024-09-26 13:00:39 +02:00
Arthur Baars
d7fb7ab551 Merge pull request #17592 from github/aibaars/cargo-fmt 
Rust: run cargo fmt
 2024-09-26 12:57:15 +02:00
Michael Nebel
53c20ccaeb Shared: Some model generator re-factoring. 2024-09-26 12:55:01 +02:00
Michael Nebel
0cd4ccb790 C#/Java: Update model generator expected test output. 2024-09-26 12:49:18 +02:00
Michael Nebel
b041829569 Shared: steps in synthetic path chains should just mention the same synthetic fields. 2024-09-26 12:49:07 +02:00