hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-10 15:31:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,777 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Farebrother
6b8080a5b3 Update concept tests for header writes 2024-06-24 17:27:02 +01:00
Joe Farebrother
d11f58f768 Add cookie header write concept from experimental. 2024-06-24 17:26:56 +01:00
Joe Farebrother
b71ba7c30f Move Header Write derrived concepts to Concepts 2024-06-24 17:26:51 +01:00
Paolo Tranquilli
d2a00fa773 Merge pull request #16822 from github/redsun82/nodejs-mirror 
Bazel: add `nodejs` mirror
 2024-06-24 17:59:08 +02:00
Chris Smowton
351b908f62 Adjust and tolerate variability in test expectations 2024-06-24 16:38:18 +01:00
Paolo Tranquilli
0669186713 Bazel: remove unneeded upstream rules_nodejs patch 2024-06-24 17:09:40 +02:00
Paolo Tranquilli
a02cf07833 Bazel: add nodejs mirror 
This patches `rules_nodejs` with the contents of
https://github.com/bazelbuild/rules_nodejs/pull/3763
in order to allow specifying a mirror for nodejs, as nodejs.org has
hit us with intermittent downtimes.
 2024-06-24 16:59:25 +02:00
Mathias Vorreiter Pedersen
5b1b60cc92 Merge pull request #16797 from MathiasVP/yml-for-allocation-and-deallocation 
C++: Add extensible predicates to `Allocation` and `Deallocation`
 2024-06-24 15:34:27 +01:00
github-actions[bot]
e32a587078 Release preparation for version 2.17.6 2024-06-24 14:33:10 +00:00
Anders Schack-Mulligen
25d520a7f1 Merge pull request #16785 from aschackmull/dataflow/stage3-notypes 
Dataflow: Replace stage 3 type pruning with flow-insensitive type pruning.
 2024-06-24 15:21:37 +02:00
Mathias Vorreiter Pedersen
36d59cef7e C++: Add 'bsl::free' as a deallocation function model. 2024-06-24 13:56:44 +01:00
Mathias Vorreiter Pedersen
82ed1ee671 Update cpp/ql/lib/change-notes/2024-06-20-extensible-allocation-deallocation.md 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2024-06-24 13:50:24 +01:00
Owen Mansel-Chan
d8df38c683 Make DataFlowType a singleton (remove workaround) 2024-06-24 13:43:10 +01:00
Mathias Vorreiter Pedersen
19b6d24bc2 Merge pull request #16816 from MathiasVP/fix-valuenumber-imports 
C++: Fix value numbering imports
 2024-06-24 13:37:38 +01:00
Anders Schack-Mulligen
fdf6e30888 Dataflow: Handle non-trivial type systems with stores into a top type. 2024-06-24 13:35:50 +02:00
Anders Schack-Mulligen
a26132e818 Dataflow: Replace stage 3 type pruning with flow-insensitive type pruning. 2024-06-24 13:35:50 +02:00
Anders Schack-Mulligen
3ede3af6f2 C#: Fix join-order. 2024-06-24 13:35:49 +02:00
Anders Schack-Mulligen
8c23e21073 Dataflow: Cache compatibleTypes. 2024-06-24 13:35:48 +02:00
Anders Schack-Mulligen
06a7e3f3ee Dataflow: Cache typeStrongerThan. 2024-06-24 13:35:48 +02:00
Anders Schack-Mulligen
bd99f32a4b Dataflow: Check types on ParamReturnNode. 2024-06-24 13:35:47 +02:00
Michael Nebel
24685a07c0 Java: Update model generator test expected output. 2024-06-24 13:07:42 +02:00
Michael Nebel
c687dcb094 Java: Sync files and make language specific implementation. 2024-06-24 13:07:39 +02:00
Michael Nebel
30249e4f2b Java: Add some spurious source and sink examples. 2024-06-24 13:07:34 +02:00
Michael Nebel
854674a71c C#: Update expected test output. 2024-06-24 13:07:30 +02:00
Michael Nebel
b27a9d948a C#: Exclude APIs with a manual source neutral from source model generation and allow source generation for all source kinds. 2024-06-24 13:07:14 +02:00
Michael Nebel
2657e7f56d C#: Add some source and sink modelling examples where a neutral exist. 2024-06-24 13:05:35 +02:00
Mathias Vorreiter Pedersen
00d772f980 C++: Fix value numbering imports. 2024-06-24 11:53:24 +01:00
Michael Nebel
abc7cc39d4 Merge pull request #16775 from michaelnebel/modelgen/refactorprinting 
C#/Java: Parameterized module for model printing.
 2024-06-24 12:51:07 +02:00
Alvaro Muñoz
24d69f2ee8 Bump qlpack versions 2024-06-24 12:45:35 +02:00
Alvaro Muñoz
b5dfda27fd Add cargo as poisonable step 2024-06-24 12:45:24 +02:00
Michael Nebel
9cd16fd9d6 Java: Base the model printing on the shared implementation. 2024-06-24 11:52:50 +02:00
Michael Nebel
8630583856 C#/Java: Exclude the model printing implementation form sync files. 2024-06-24 11:50:57 +02:00
Michael Nebel
b7bc540325 C#: Adjust implementation to use the shared model printer. 2024-06-24 11:50:46 +02:00
Michael Nebel
65e150b416 Add parameterized module for MaD model printing. 2024-06-24 11:48:33 +02:00
Owen Mansel-Chan
f04a85e121 Merge pull request #16753 from owen-mc/go/misc-clean-up 
Go: a few small clean ups
 2024-06-24 10:47:21 +01:00
Michael Nebel
94d12edfdb Merge pull request #16759 from michaelnebel/modelgen/sourcesinkmodelgen 
C#/Java: Introduce source and sink model generation sanitisers.
 2024-06-24 11:47:11 +02:00
Rasmus Lerchedahl Petersen
4626e134fa Python: update doc to use operations module 2024-06-24 10:56:34 +02:00
Rasmus Lerchedahl Petersen
00fbada41d Python: recognize fabric.operations 2024-06-24 10:54:59 +02:00
Rasmus Lerchedahl Petersen
21a0f8af07 Python: address reviewer comments 
- fix wording on `builtins`
- add named argument/parameter access path components
 2024-06-24 10:48:53 +02:00
yoff
d603b48884 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2024-06-24 10:29:33 +02:00
Alvaro Muñoz
6df70d1a45 Do not consider priv events if runtime data is available 2024-06-23 21:34:30 +02:00
Mathias Vorreiter Pedersen
a1743aa12e Merge pull request #16805 from MathiasVP/tc-in-temp-materialization 
C++: Fix missing `asExpr` for temporary materializations with conversions
 2024-06-23 13:38:01 +01:00
Porcupiney Hairs
a7cdf0e2fd CPP: Disabled SSL certificate verification 
Disable SSL certificate verification can expose the communication to MITM attacks.

This PR adds a query to detect the same. This also include the tests and qhelp for the same.
 2024-06-23 14:27:04 +05:30
Owen Mansel-Chan
513ec16691 Merge pull request #16796 from owen-mc/go/fix/package-vendor 
Go: Fix bug removing "vendor/" from package paths
 2024-06-22 07:54:18 +01:00
Mathias Vorreiter Pedersen
9a2c7d34af C++: Simplify 'parseParens'. 2024-06-21 15:45:43 +01:00
Jonathan Leitschuh
472cca9221 Align Java CommandInjectionRuntimeExec.ql Severity 
Align severity with other command injection vulnerabilities:

- 4a448f445e/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql (L8)
- 4a448f445e/go/ql/src/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/javascript/ql/src/Security/CWE-078/CommandInjection.ql (L7)
 2024-06-21 10:29:27 -04:00
Jonathan Leitschuh
1728e5dfd5 Align Ruby NonConstantKernelOpen.ql Severity 
Align severity with other command injection vulnerabilities:

 - 4a448f445e/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql (L8)
- 4a448f445e/go/ql/src/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/javascript/ql/src/Security/CWE-078/CommandInjection.ql (L7)
 2024-06-21 10:27:47 -04:00
Alvaro Muñoz
4e94c4294c Merge pull request #46 from github/remove_scan_action 2024-06-21 15:26:21 +02:00
Mathias Vorreiter Pedersen
2e74ae448c C++: Accept more test changes. 2024-06-21 14:04:08 +01:00
Mathias Vorreiter Pedersen
40fb59dc0b C++: Add gnu iterator models to regain TP. 2024-06-21 14:04:07 +01:00