hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-14 09:21:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,785 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
e9957aa4a6 Swift: make result a child in ThenStmt 2024-03-27 17:53:36 +01:00
Geoffrey White
103932fec8 C++: Resolve discussed TODO comment. 2024-03-27 16:44:50 +00:00
Geoffrey White
507ada1951 C++: Sort out the localFlow / simpleLocalFlow confusion (and the same for taint). 2024-03-27 16:05:35 +00:00
Harry Maclean
f6e2e1319b Ruby: Link to MaD docs from Ruby doc page 
Also remove an internal link from the docs.
 2024-03-27 15:30:05 +00:00
Harry Maclean
e6ba0a34f4 Revert "Ruby: remove customizing-library-models-for-ruby.rst" 
This reverts commit 5b46256fdb.
 2024-03-27 15:24:30 +00:00
Michael B. Gale
45b41bb506 Go: Mirror stdout/stderr output in InstallVersion 2024-03-27 15:18:24 +00:00
Michael B. Gale
6b1d1d427c Go: Add integration test for incorrect version format logic 2024-03-27 15:16:32 +00:00
Michael B. Gale
6ea99825be Go: Add unit test to sanity check HasGoVersion 2024-03-27 15:15:40 +00:00
Michael B. Gale
ab255d70b5 Go: Fix semver-related logic bugs 2024-03-27 15:15:20 +00:00
Ian Lynagh
fda3c92612 Java: Add a changenote for the MissingEnumInSwitch change 2024-03-27 15:12:55 +00:00
Ian Lynagh
59ae6dd5f5 Java: Add a couple of Oxford commas 2024-03-27 15:07:58 +00:00
Michael B. Gale
86bf4fbbc0 Go: Make diagnostic names static 2024-03-27 14:22:58 +00:00
Jami Cogswell
40c932a5f9 Java: move UrlForward.qll code to UrlForwardQuery.qll 2024-03-27 10:12:28 -04:00
Max Schaefer
5b07e14fb3 Merge pull request #16055 from github/max-schaefer/go-open-redirect-qhelp 
Go: Improve QHelp for `go/unvalidated-url-redirection`.
 2024-03-27 13:56:48 +00:00
Paolo Tranquilli
0243d9f2b9 Swift: accept explicit any in existential type name 2024-03-27 13:49:15 +01:00
Jami Cogswell
2391fe7d89 Java: use InlineFlowTest instead of InlineExpectationsTest 2024-03-27 08:44:17 -04:00
Paolo Tranquilli
d9c40488bb Swift: add ThenStmt to control flow 2024-03-27 13:37:24 +01:00
Paolo Tranquilli
b8e38288e3 Swift: add extraction of ThenStmt 
These are currently added implicitly by the compiler in the context of
`if`/`switch` expressions. In the future, there might be explicit
`then <expr>` statement useful for cases where one would like to add
more than one statement in the branch, to mark what value to actually
use.

See https://forums.swift.org/t/pitch-multi-statement-if-switch-do-expressions/68443
 2024-03-27 13:26:04 +01:00
Max Schaefer
32ebd4eebb Automodel: Filter unexploitable types in application mode. 
We already did this in framework mode.
 2024-03-27 12:22:24 +00:00
Arthur Baars
ba89f1b6b1 Merge pull request #15896 from github/aibaars/java-update-output 
Java: update expected output
 2024-03-27 13:19:52 +01:00
Jami Cogswell
121b24ea7c Java: remove parentheses 2024-03-27 08:16:06 -04:00
Owen Mansel-Chan
311512c768 Remove df-gen models for incidentally modelled APIs 
Manual models always take precedence over generated models, so there is
no point in keeping the generated models.

These APIs happened to have been modelled between model generation and
merging this PR.
 2024-03-27 12:15:08 +00:00
Owen Mansel-Chan
f03a56f7e0 Run generation script 
The command line was:
python3 /Users/owen-mc/workspace/codeql-home/codeql/java/ql/src/utils/modelgenerator/GenerateFlowModel.py /Users/owen-mc/db/java/openjdk17 --with-summaries --with-neutrals
 2024-03-27 12:15:00 +00:00
Jami Cogswell
35fbc95cc7 Java: remove redundant line 2024-03-27 08:09:40 -04:00
Mathias Vorreiter Pedersen
7bb2b57394 Merge pull request #15964 from rdmarsh2/rdmarsh2/cpp/temp-destructors-extended 
C++: IR translation for destruction of temporaries with extended lifetimes
 2024-03-27 11:58:48 +00:00
Calum Grant
03bf804a68 Add C++ analysis in separate workflow 2024-03-27 11:44:58 +00:00
Mathias Vorreiter Pedersen
8711232a38 Merge pull request #16069 from jketema/var-templ 
C++: Add `VariableTemplateInstantiation` class
 2024-03-27 11:31:35 +00:00
Paolo Tranquilli
2382f76317 Swift: ignore experimental ThenStmt 2024-03-27 12:23:37 +01:00
Paolo Tranquilli
f9d10cec08 Swift: fix DeclTranslator.cpp compile errors 2024-03-27 12:21:28 +01:00
Ian Lynagh
6cd94cf253 Merge pull request #16059 from igfoo/igfoo/exprs 
Kotlin 2: Accept more location changes
 2024-03-27 11:17:07 +00:00
Jeroen Ketema
050682c477 C++: Update expected test results 2024-03-27 12:03:37 +01:00
Paolo Tranquilli
8e9b4336da Merge branch 'main' into alexdenisov/swift-5.10 2024-03-27 11:35:14 +01:00
Jeroen Ketema
27c6e2421c C++: Add VariableTemplateInstantiation class 
This adds some uniformity, as we already had `FunctionTemplateInstantiation` and
`ClassTemplateInstantiation` classes.
 2024-03-27 11:35:13 +01:00
Tony Torralba
b617667b0e Merge pull request #16062 from atorralba/atorralba/java/more-neutrals 
Java: Add more neutrals and improve `java.net.URL` models
 2024-03-27 10:41:38 +01:00
Geoffrey White
30c9ec1926 C++: Adjust following discussion. 2024-03-27 09:23:48 +00:00
Tony Torralba
7a0446740b Update java/ql/lib/ext/java.net.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-27 09:09:48 +01:00
Henry Mercer
568442d5f8 QL: Run diagnostics and summary metrics in code scanning 
Add diagnostics and summary metric queries to the code scanning suite.
 2024-03-26 18:11:50 +00:00
Arthur Baars
497325455a Java: update expected output 2024-03-26 18:40:22 +01:00
Geoffrey White
b4a6f75ad7 C++: Divide CODEOWNERS responsibilities. 2024-03-26 17:35:07 +00:00
Mathias Vorreiter Pedersen
3e9602854a Merge pull request #16063 from MathiasVP/taint-inheriting-content-for-cpp 
C++: Add `TaintInheritingContent`
 2024-03-26 17:28:52 +00:00
Mathias Vorreiter Pedersen
3bfaab9182 C++: Remove debugging conjunct. 2024-03-26 17:01:06 +00:00
Mathias Vorreiter Pedersen
6a8c592900 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/FlowSteps.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2024-03-26 16:59:18 +00:00
Mathias Vorreiter Pedersen
d610d721a4 C++: Add file QLDoc. 2024-03-26 16:47:39 +00:00
Mathias Vorreiter Pedersen
e3744c435a C++: Add change note. 2024-03-26 16:44:16 +00:00
Mathias Vorreiter Pedersen
ec3d041c8d C++: Accept test changes. 2024-03-26 16:40:18 +00:00
Mathias Vorreiter Pedersen
bd2ecd3346 C++: Add test. 2024-03-26 16:38:28 +00:00
Mathias Vorreiter Pedersen
2075716df7 C++: Add 'TaintInheritingContent'. 2024-03-26 16:37:22 +00:00
Tony Torralba
d786ea90a4 Java: Add more neutrals 
Adds more neutral models to help the model generator ignore certain callables.

Also improves the precision of certain URL models by using synthetic fields so that the parts of a URL are tainted separately.
 2024-03-26 17:31:11 +01:00
Rasmus Wriedt Larsen
df463e51c1 JS: Extractor: Fix experimental flag value for NodeJSDetectorTests 2024-03-26 17:02:47 +01:00
Rasmus Wriedt Larsen
60944a9bcb JS: Accept new trap files 
As I see it, these all seem to have invalid code initially anyway, but
this is definitely something a JS expert should review :)
 2024-03-26 17:01:57 +01:00