hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-18 03:11:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,778 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
d056706af5 Merge pull request #14725 from RasmusWL/re-modeling 
Python: Add taint-flow modeling for `re` module
 2023-11-23 11:35:36 +01:00
Erik Krogh Kristensen
ef8d38e9e0 Merge pull request #14885 from erik-krogh/update-changenotes 
JS: update the JS change notes to mention security severity instead of just severity
 2023-11-23 11:17:53 +01:00
Maiky
413c11171e Move to /experimental 2023-11-23 11:00:47 +01:00
Rasmus Wriedt Larsen
3d46129bbf Python: Remove intermediary steps from taint-test 
These were leftovers from old way of propagating taint
 2023-11-23 10:40:25 +01:00
erik-krogh
dd1e71ace9 update the JS change notes to mention security severity instead of just severity 2023-11-23 10:28:22 +01:00
Paolo Tranquilli
ff529c34b4 Codegen: use re.escape 2023-11-23 09:37:44 +01:00
Yunus AYDIN
ca56b0157d Merge branch 'github:main' into main 2023-11-22 22:56:23 +03:00
Maiky
d661f7f482 Add Flow Labels 2023-11-22 19:50:16 +01:00
Jeroen Ketema
257fe1ad6b Merge pull request #14801 from jketema/rewrite-tainted-format-string 
C++: Rewrite `cpp/tainted-format-string` away from `DefaultTaintTracking`
 2023-11-22 17:55:36 +01:00
Owen Mansel-Chan
a130c0f6b3 Merge branch 'main' into main 2023-11-22 16:50:41 +00:00
Owen Mansel-Chan
dd8fb29a65 Improve QLDocs of CallNode and MethodCallNode 
When a function is assigned to a variable and called through that
variable then we can't always tell it was a method.
 2023-11-22 16:32:10 +00:00
Pierre
98ddbe0d83 Merge pull request #14880 from github/geoffw0-patch-2 2023-11-22 17:31:44 +01:00
Geoffrey White
bcf76b1ac0 Update change note 0.3.3.md 
Update original change note in line with the change here: https://github.com/github/codeql/pull/14876#discussion_r1402142306
 2023-11-22 16:20:05 +00:00
Jeroen Ketema
1fbe23228e C++: Update test to reflect updated test results 2023-11-22 16:49:13 +01:00
Jeroen Ketema
bb1945f899 C++: Rewrite cpp/tainted-format-string away from DefaultTaintTracking 2023-11-22 16:49:13 +01:00
Mathias Vorreiter Pedersen
640e2f56d5 C++: Accept test changes. 2023-11-22 15:43:24 +00:00
Mathias Vorreiter Pedersen
306440ce6e C++: Convert 'cpp/user-controlled-null-termination-tainted' away from 'DefaultTaintTracking'. 2023-11-22 15:43:24 +00:00
Arthur Baars
29c950035d Merge pull request #14877 from github/post-release-prep/codeql-cli-2.15.3 
Post-release preparation for codeql-cli-2.15.3
 2023-11-22 16:39:09 +01:00
Geoffrey White
012dc59bf3 Swift: Change note. 2023-11-22 15:24:19 +00:00
Geoffrey White
5723a75f3c Swift: Add heuristic model for init(contentsOfFile) and similar. 2023-11-22 15:24:19 +00:00
Pierre
60ebe3b179 Merge pull request #14876 from github/changedocs/2.15.3 
Add combined changelogs for 2.15.3 and backfill historic versions
 2023-11-22 16:22:56 +01:00
Ian Lynagh
1f2d9dc95c Merge pull request #14862 from igfoo/igfoo/test-kotlin1 
Kotlin: Move tests from test/kotlin to test-kotlin1
 2023-11-22 14:45:13 +00:00
github-actions[bot]
0783758bd1 Post-release preparation for codeql-cli-2.15.3 2023-11-22 14:20:26 +00:00
Pierre
9b9a78851d Add combined changelogs for 2.15.3 and backfill historic versions 2023-11-22 15:05:17 +01:00
Rasmus Wriedt Larsen
4a98ed903e Python: Fix consistency for bound-methods used in list-comp 2023-11-22 14:07:40 +01:00
Tom Hvitved
979bcf4ef3 Merge pull request #14868 from hvitved/ssa/locations 
SSA: Add locations to ease debugging
 2023-11-22 13:26:41 +01:00
Geoffrey White
94cb09e539 Swift: Add test cases. 2023-11-22 11:39:27 +00:00
Ian Lynagh
3dee16c50c Merge pull request #14860 from igfoo/igfoo/isFake 
Kotlin 2: isFake is currently broken, so assume not fake for now
 2023-11-22 11:07:04 +00:00
Rasmus Wriedt Larsen
67b1414177 Python: Highlight even more cases for multipleArgumentCallExclude 2023-11-22 11:25:23 +01:00
Harry Maclean
288fbfd2ec Ruby: Add test for missing block flow 2023-11-22 09:59:55 +00:00
Paolo Tranquilli
369431125e Codegen: insert doc explaining _patch_class_qldoc 2023-11-22 10:26:04 +01:00
Paolo Tranquilli
f5633be837 Codegen: rename has_doc to has_qldoc 2023-11-22 10:19:36 +01:00
Paolo Tranquilli
418118fc89 Codegen: use more robust regex to patch qldocs 2023-11-22 10:11:05 +01:00
amammad
2097a001b9 apply code review suggestions, fix qldoc, add experimental additional taint steps that can improve performance 2023-11-22 10:01:51 +01:00
Rasmus Wriedt Larsen
30891ca4aa Merge pull request #14861 from yoff/python/demonstrate-def-use-explosion 
Python: test demonstrating the need for phi nodes
 2023-11-22 09:57:10 +01:00
yoff
4785048076 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-11-22 09:29:07 +01:00
amammad
97eb7b7b72 update example to include more logical vulnerable pattern, add documentations for ql classes 2023-11-22 09:27:55 +01:00
Tamás Vajk
ace633cb1d Merge pull request #14855 from tamasvajk/standalone/logMessageSink 
C#: Tolerate missing call targets in LogMessageSink
 2023-11-22 08:37:53 +01:00
Tom Hvitved
1a6886cf99 SSA: Add locations to ease debugging 2023-11-22 08:37:02 +01:00
amammad
5cc4206e00 add a temporary Query file to demonstrate unsuccessful usage of two DataFlow configs 2023-11-22 08:30:59 +01:00
amammad
eb552b7c93 add failingPositiveTests to inlinetests 2023-11-22 08:00:38 +01:00
Kevin Stubbings
8277c602ac depstubber 2023-11-21 14:31:52 -08:00
Kevin Stubbings
d7e2fbc11d Finish 2023-11-21 14:27:17 -08:00
Owen Mansel-Chan
b147bacd48 Merge branch 'main' into amammad-go-fastHttp 2023-11-21 21:36:11 +00:00
amammad
fabde6e0ff fix tests and remove tarfile tar.Reader as sink 2023-11-21 20:54:38 +01:00
amammad
75e01d3648 Thanks to @owen-mc that provided a good solution of that I couldn't solve that myself 2023-11-21 20:15:27 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
amammad
999ec7053e fix Query class docstring 2023-11-21 18:56:05 +01:00
Mathias Vorreiter Pedersen
a80dbc5200 C++: Accept test changes. 2023-11-21 17:50:11 +00:00
Mathias Vorreiter Pedersen
976adc3c7c C++: Fixup queries to keep the old results. 2023-11-21 17:50:08 +00:00