codeql

mirror of https://github.com/github/codeql.git synced 2026-06-22 13:21:10 +02:00

Author	SHA1	Message	Date
Geoffrey White	0660f98a33	Swift: Change note.	2023-07-19 10:37:34 +01:00
Geoffrey White	420008aed7	Swift: Minor corrections / clarifications.	2023-07-19 10:36:01 +01:00
Tony Torralba	2dbbcc2413	Java: Avoid low-confidence dispatch to InputStream methods Also adds a neutral model for `InputStream.read`, which offers a high-confidence alternative for this method.	2023-07-19 11:30:53 +02:00
Mathias Vorreiter Pedersen	2f48cde2e5	Update cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2023-07-19 10:28:05 +01:00
Mathias Vorreiter Pedersen	9a8fb0b93a	Update cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2023-07-19 10:27:55 +01:00
Owen Mansel-Chan	de8794e9ba	Make MethodCallNode char pred more accurate When a function is assigned to a variable and called through that variable then we previously didn't realise it was a function. With this change we try use local flow to determine if the function being called is a method.	2023-07-19 10:24:27 +01:00
James Fletcher	8a46ff344a	Merge pull request #13768 from github/update-presentations Remove mentions of LGTM from CodeQL training presentations	2023-07-19 09:54:02 +01:00
James Fletcher	a54b96cb8d	Merge branch 'main' into update-presentations	2023-07-19 09:35:52 +01:00
james	70076fd3f0	remove lgtm from presentations	2023-07-19 09:33:13 +01:00
Geoffrey White	a58dbf26b5	Merge pull request #13759 from geoffw0/parsemode2 Swift: Refactor regex library	2023-07-19 08:36:28 +01:00
Geoffrey White	cf7311f3f1	Swift: Expand parse mode support to include NSRegularExpression options.	2023-07-19 08:34:30 +01:00
Geoffrey White	cd1e73bd65	Swift: Add some more test cases.	2023-07-19 08:34:29 +01:00
Geoffrey White	dc5f964ce0	Swift: Modify the test stubs to test flow models more robustly.	2023-07-19 08:34:29 +01:00
Geoffrey White	84f592b8a1	Swift: Add another test case.	2023-07-19 08:34:29 +01:00
Geoffrey White	f8b8c67813	Swift: Clean up and autoformat.	2023-07-19 08:34:27 +01:00
Geoffrey White	3c1f755580	Swift: Support other parse modes.	2023-07-19 08:33:48 +01:00
Geoffrey White	8273fa1a8c	Swift: Track parse modes (prototype version).	2023-07-19 08:33:43 +01:00
Anders Schack-Mulligen	afc46576f0	Docs: Review fix.	2023-07-19 09:14:33 +02:00
Owen Mansel-Chan	9b0d7f3515	Merge pull request #13739 from owen-mc/go/extractor-use-origin Use Origin() in Go extractor	2023-07-18 21:37:46 +01:00
Robert Marsh	093c6905dd	Swift: only read ArrayContent from subscript keypaths	2023-07-18 19:42:54 +00:00
Jeroen Ketema	b72d89295a	Merge pull request #13762 from jketema/fun-qual C++: Handle `FunctionAccess`es with qualifiers	2023-07-18 21:17:30 +02:00
Mathias Vorreiter Pedersen	3e1b4d97fe	C++: Add QLDoc.	2023-07-18 18:15:25 +01:00
Mathias Vorreiter Pedersen	576f021c25	C++: Fix Code Scanning errors.	2023-07-18 18:15:25 +01:00
Mathias Vorreiter Pedersen	4762e883fc	C++: Add inline expectations tests for the invalid-pointer-to-dereference stage of the query.	2023-07-18 18:15:24 +01:00
Mathias Vorreiter Pedersen	a735d18a1b	C++: Add inline expectations tests for the allocation-to-invalid-pointer stage of the query.	2023-07-18 18:15:24 +01:00
Mathias Vorreiter Pedersen	5099de5b3d	C++: Split the query into 4 files.	2023-07-18 18:15:18 +01:00
Mathias Vorreiter Pedersen	5a15c19e4b	QL: Accept test changes.	2023-07-18 18:04:46 +01:00
Mathias Vorreiter Pedersen	3b3f374223	QL: Fix FP in 'ql/missing-noinline'.	2023-07-18 17:55:44 +01:00
Geoffrey White	5dea539f3f	Swift: Fix QL-for-QL suggestion.	2023-07-18 16:51:12 +01:00
Arthur Baars	99d8ae720f	Swift: improve print-cfg query	2023-07-18 16:49:58 +02:00
Jeroen Ketema	aad094bdd0	C++: Handle `FunctionAccess`es with qualifiers Also fix the IR generation for these and add more IR tests involving value categories.	2023-07-18 16:35:39 +02:00
Robert Marsh	bcc45658b3	Swift: Change note for ArrayContent	2023-07-18 14:12:53 +00:00
Robert Marsh	1fac08ef6c	Swift: add qldoc for ArrayContent and Array models	2023-07-18 14:08:33 +00:00
Robert Marsh	dfa5e18988	Swift: autoformat	2023-07-18 14:01:30 +00:00
Mathias Vorreiter Pedersen	a038b389c3	C++: More cleanup.	2023-07-18 14:03:04 +01:00
Mathias Vorreiter Pedersen	d41d2bc29e	Merge pull request #13699 from MathiasVP/final-config-to-invalid-pointer-deref C++: Handle call-contexts mismatches in `cpp/invalid-pointer-deref`	2023-07-18 13:08:21 +01:00
Geoffrey White	efea11fd0f	Swift: getFullName.	2023-07-18 12:53:45 +01:00
Alex Ford	e803e98ee4	Merge pull request #13585 from alexrford/rb/rack-env-query-string Ruby: add rack `env['QUERY_STRING']` as a remote flow input	2023-07-18 12:44:07 +01:00
yoff	a1aa16f901	Merge pull request #13745 from GeekMasher/py-mad-xss Python - Add Models as Data support for Reflected XSS Query	2023-07-18 13:39:17 +02:00
Paul Hodgkinson	c7084b6d8e	Merge branch 'main' into java/experimental/command-injection	2023-07-18 11:38:44 +01:00
Geoffrey White	1deacf40ca	Merge pull request #13660 from geoffw0/regexinjection Swift: Query for regular expression injection	2023-07-18 10:25:30 +01:00
Geoffrey White	96dece3c88	Swift: ReDoS query result changes.	2023-07-18 10:11:22 +01:00
Jeroen Ketema	5d8b203112	Merge pull request #13758 from jketema/val-cat-tests C++: Add more IR tests	2023-07-18 11:02:27 +02:00
Geoffrey White	86c6960e2a	Swift: Add RegexUseFlow and modify the role of StringLiteralUseFlow.	2023-07-18 09:49:47 +01:00
Geoffrey White	c76d85df1b	Swift: Create a model for RegexCreation.	2023-07-18 09:49:47 +01:00
Geoffrey White	734a00d616	Swift: Rename so that different data flows will be clear.	2023-07-18 09:49:47 +01:00
Geoffrey White	f243e854ae	Swift: Move regex dataflow code into a RegexTracking library (similar to the layout in Ruby and Python).	2023-07-18 09:49:36 +01:00
Anders Schack-Mulligen	e72366194b	Merge pull request #13754 from aschackmull/java/remotesource-inbarrier Java: Exclude source-to-source flow in 5 queries.	2023-07-18 10:33:44 +02:00
Geoffrey White	b5a8a8d431	Merge pull request #13715 from geoffw0/parsemode Swift: Recognize regular expression parse mode flags	2023-07-18 09:09:56 +01:00
Jeroen Ketema	e2de94b233	C++: Add more IR tests These show the value categories for more static member calls, and show that a load occurs when a `volatile` variable is being used in an empty context.	2023-07-18 08:40:54 +02:00

... 587 588 589 590 591 ...

86439 Commits