hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-14 09:21:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,785 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
a5979e209a Add change note 2024-04-01 14:03:47 +01:00
Owen Mansel-Chan
fa614df3f4 Tests fixed by model for CharBuffer.wrap(char[]) 2024-04-01 14:03:42 +01:00
Owen Mansel-Chan
2d24fe011b Accept that lots of sinks are now summaries as well 2024-04-01 14:03:36 +01:00
Owen Mansel-Chan
9067a337b0 Test fixed by model for BasicAttributes(String, Object) 2024-04-01 14:03:30 +01:00
Owen Mansel-Chan
776c9d9eb2 Accept changes to top jdk apis test 2024-04-01 14:03:23 +01:00
Owen Mansel-Chan
52e6ea30e7 Accept more capture summary models 
This line is added because `FileOutputStream`'s constructor is now modeled as propagating taint, not just as a sink.
| p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];ReturnValue;taint;df-generated |
 2024-04-01 14:03:00 +01:00
Owen Mansel-Chan
919436efbb Remove df-gen models we have deliberately modeled 
Manual models always take precedence over generated models, so there is
no point in keeping the generated models.

These manual models were deliberately written to take precedence over
the corresponding df-gen models.
 2024-04-01 13:59:36 +01:00
Alvaro Muñoz
c7b3148af6 Merge pull request #39 from GitHubSecurityLab/new_sources 
feat(sources): New sources
 2024-04-01 10:56:45 +02:00
Alvaro Muñoz
cc16318a90 Make new trilom source compliant with new sources 2024-04-01 10:56:03 +02:00
Alvaro Muñoz
ee81a87428 resolve conflicts 2024-04-01 10:54:02 +02:00
Alvaro Muñoz
9807cf87d5 resolve conflicts 2024-04-01 10:52:46 +02:00
Alvaro Muñoz
bdfd46111f Only triggered on non-pull_request events 2024-04-01 10:51:26 +02:00
Jami
d889e3cf98 Merge pull request #14854 from jcogs33/jcogs33/unsafe-url-forward-promotion 
Java: Promote Unsafe URL Forward query from experimental
 2024-03-29 16:34:06 -04:00
Geoffrey White
fa26b55452 C++: Add models-as-data models for ZMQ networking library + wiring. 2024-03-28 21:50:07 +00:00
Geoffrey White
16f9ad06ef C++: Add a test for ZMQ network library sources as well. 2024-03-28 21:50:07 +00:00
Geoffrey White
891f05c5ae C++: Add a test for simple sinks involving ZMQ networking library. 2024-03-28 21:50:07 +00:00
Geoffrey White
5618001c3f C++: More QLDoc refinement. 2024-03-28 21:50:07 +00:00
Jami
2f8c4df309 docs wording updates 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-28 16:15:05 -04:00
James Fletcher
5b1cae5fc2 Merge pull request #16076 from github/jf205-patch-1 
Make customizing-library-models-for-javascript.rst visible to search and the docs TOC
 2024-03-28 17:05:32 +00:00
Calum Grant
ef2e2e4067 Merge pull request #16071 from github/calumgrant/cpp-analysis 
Add C++ analysis in separate workflow
 2024-03-28 17:53:53 +01:00
Ian Lynagh
3acdc73f22 Kotlin 2: Accept some more location changes 2024-03-28 16:15:37 +00:00
Ian Lynagh
568fba6940 Kotlin 2: Accept some more test changes 2024-03-28 15:28:36 +00:00
Ian Lynagh
0fdc71bf57 Kotlin 2: Accept a test change 
For

    if(r != null) {
        val r2: Rectangle = r

in Kotlin 2 mode, there is no IMPLICIT_NOTNULL check in Kotlin 2 mode:

    then: BLOCK type=kotlin.Unit origin=null
      VAR name:r2 type:java.awt.Rectangle [val]
-       TYPE_OP type=java.awt.Rectangle origin=IMPLICIT_NOTNULL typeOperand=java.awt.Rectangle
-         GET_VAR 'val r: @[FlexibleNullability] java.awt.Rectangle? [val] declared in <root>.foo' type=@[FlexibleNullability] java.awt.Rectangle? origin=null
+       GET_VAR 'val r: @[FlexibleNullability] java.awt.Rectangle? [val] declared in <root>.foo' type=@[FlexibleNullability] java.awt.Rectangle? origin=null
      VAR name:height type:kotlin.Int [val]
        GET_FIELD 'FIELD IR_EXTERNAL_JAVA_DECLARATION_STUB name:height type:kotlin.Int visibility:public' type=kotlin.Int origin=null
          receiver: GET_VAR 'val r2: java.awt.Rectangle [val] declared in <root>.foo' type=java.awt.Rectangle origin=null
 2024-03-28 15:23:27 +00:00
Ian Lynagh
96723b1a8f Kotlin 2: Accept some loc changes 2024-03-28 15:11:19 +00:00
Ian Lynagh
24c4c3e068 Kotlin 2: Accept a test change 
With:

    open class Root {}
    class Subclass1: Root() {}

    fun typeTests(x: Root, y: Subclass1) {
        val y1: Subclass1 = if (x is Subclass1) { x } else { y }
    }

we now get a slightly different AST, which means we no longer need to
insert a StmtExpr:

     BRANCH
       if: TYPE_OP type=kotlin.Boolean origin=INSTANCEOF typeOperand=<root>.Subclass1
         GET_VAR 'x: <root>.Root declared in <root>.typeTests' type=<root>.Root origin=null
-      then: TYPE_OP type=<root>.Subclass1 origin=IMPLICIT_CAST typeOperand=<root>.Subclass1
-        BLOCK type=<root>.Root origin=null
+      then: BLOCK type=<root>.Subclass1 origin=null
+        TYPE_OP type=<root>.Subclass1 origin=IMPLICIT_CAST typeOperand=<root>.Subclass1
           GET_VAR 'x: <root>.Root declared in <root>.typeTests' type=<root>.Root origin=null
 2024-03-28 15:07:30 +00:00
Michael B. Gale
73f71d8ace Merge pull request #15979 from github/mbg/go/deal-with-incorrect-versions 2024-03-28 14:16:14 +00:00
Michael B. Gale
f6c22d466f Update toolchain_test.go 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-28 13:32:02 +00:00
Sid Shankar
aeacfb82c1 Merge pull request #16073 from hmac/ruby-re-add-mad-docs 
Ruby: Re-add MaD docs
 2024-03-28 09:18:04 -04:00
Paolo Tranquilli
2fa2a5a53c Merge pull request #15984 from github/alexdenisov/swift-5.10 
Swift: upgrade to 5.10
 2024-03-28 13:58:39 +01:00
Geoffrey White
03d0d984e3 C++: Remove duplicate TDataFlowCallable's and fix three places where we assumed a source callable (two of them would have caused lost results). 2024-03-28 11:39:43 +00:00
Michael B. Gale
977ac71b26 Update toolchain_test.go 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-28 11:15:30 +00:00
Ian Lynagh
5dcd635403 Merge pull request #15961 from igfoo/igfoo/MissingEnumInSwitch 
Java: Limit the amount of results that MissingEnumInSwitch produces per switch
 2024-03-28 11:13:45 +00:00
Paolo Tranquilli
a34bb2608d Swift: fix ql format 2024-03-28 11:57:33 +01:00
Paolo Tranquilli
ece0d1f477 Swift: add upgrade/downgrade scripts 2024-03-28 11:54:18 +01:00
Paolo Tranquilli
bfce01cef6 Swift: add change note for Swift 5.10 upgrade 2024-03-28 11:38:39 +01:00
James Fletcher
d57e8efaf2 Update codeql-for-javascript.rst 2024-03-28 10:28:37 +00:00
Geoffrey White
a55f07ac68 C++: QLDoc FlowSummaryNode. 2024-03-28 10:17:39 +00:00
Jeroen Ketema
3d8ac1441a Merge pull request #16074 from jketema/reuse-val-cat 
C++: Add value category column to the expr_reuse relation
 2024-03-28 10:14:32 +01:00
dependabot[bot]
07f9614dc2 Bump chrono from 0.4.35 to 0.4.37 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.35 to 0.4.37.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.35...v0.4.37)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-28 03:07:21 +00:00
Jami Cogswell
e90f55a05f Java: move change note to lib 2024-03-27 20:56:19 -04:00
Jami Cogswell
e58e5fb825 Java: add change note 2024-03-27 20:51:13 -04:00
Jami Cogswell
b35f318910 Java: update models 2024-03-27 20:39:34 -04:00
Jeroen Ketema
9eb51a9b9e C++: Add value category column to the expr_reuse relation 2024-03-27 22:49:40 +01:00
Jeroen Ketema
9e47909208 Merge pull request #16065 from geoffw0/codeowners 
C++: Divide CODEOWNERS responsibilities.
 2024-03-27 22:22:15 +01:00
Harry Maclean
3690f294da Ruby: add MaD doc to TOC tree 2024-03-27 21:02:25 +00:00
Ian Lynagh
b6a1266ade Java: Accept test changes for MissingEnumInSwitch Oxford commas 2024-03-27 18:48:22 +00:00
Harry Maclean
ce0edcc265 Ruby: Make MaD doc visible to search 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2024-03-27 17:29:18 +00:00
James Fletcher
04edd6ec69 Update docs/codeql/codeql-language-guides/codeql-for-javascript.rst 2024-03-27 17:08:47 +00:00
James Fletcher
121fed63a0 Update codeql-for-javascript.rst 2024-03-27 17:06:31 +00:00
James Fletcher
fbc0f57280 Update customizing-library-models-for-javascript.rst 2024-03-27 16:58:11 +00:00