hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-26 07:07:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,274 Commits 1,789 Branches 169 Tags
codeql-cli-2.25.4
Commit Graph

87274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sim4n6
8ef2aa00e7 Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-27 16:07:39 +01:00
Rasmus Wriedt Larsen
cef933f813 Python: Add comment explaining SINK3_F(kwargs["c"]) test 
Co-authored-by: yoff <yoff@github.com>
 2023-01-27 15:48:59 +01:00
Geoffrey White
6c0b50c696 Merge pull request #11980 from geoffw0/modern2 
Swift: Structure modernized queries more consistently
 2023-01-27 14:33:43 +00:00
Geoffrey White
794ba428a7 Merge pull request #11942 from geoffw0/rncrypt4 
Swift: add RNCryptor sinks to swift/static-initialization-vector
 2023-01-27 14:33:06 +00:00
Rasmus Wriedt Larsen
c099dbd04c Python: Expand notes around bound methods self argument passing 2023-01-27 15:27:45 +01:00
Sim4n6
207ed3da9c Constrain the object & the call 2023-01-27 15:07:20 +01:00
Mathias Vorreiter Pedersen
587b4fee9d C++: Add missing condition to 'isChiBeforeIteratorUse'. 2023-01-27 14:04:01 +00:00
James Fletcher
812306cb52 Merge pull request #12006 from felickz/patch-2 
Add link to codeql metadata article for problem.severity
 2023-01-27 13:59:06 +00:00
Mathias Vorreiter Pedersen
e48c93a3b5 Merge pull request #12003 from MathiasVP/positive-formulated-sanitizer-nonconst-format 
C++: Positively phrased sanitizer in `cpp/non-constant-format`
 2023-01-27 13:58:04 +00:00
alexet
1b0952c512 Use Java 11 for some integration tests 2023-01-27 13:51:44 +00:00
Chad Bentz
4fee536e6d table spacing 2023-01-27 08:19:43 -05:00
Sim4n6
18d8bbc9a4 Updated the expected results accordingly 2023-01-27 14:05:25 +01:00
Chad Bentz
3ef4d3118c Add link to codeql metadata article for problem.severity 2023-01-27 08:01:07 -05:00
Sim4n6
e41042418a Update the import relative to the dataflow config 2023-01-27 13:46:57 +01:00
Sim4n6
5f0bf1053a Update the dataflow test query and the expected results 2023-01-27 13:42:57 +01:00
Sim4n6
bca053f855 Move the config query to the parent directory 2023-01-27 13:42:14 +01:00
Mathias Vorreiter Pedersen
2b47e150c6 C++: Accept test changes. 2023-01-27 11:44:17 +00:00
Mathias Vorreiter Pedersen
ec7b406cc9 C++: Generate flow out of parameters whose enclosing function is missing a return statement. 2023-01-27 11:44:04 +00:00
Rasmus Wriedt Larsen
02b3a1b515 Python: At most one **kwargs ParameterNode per callable 
Similar to the Ruby changes from
https://github.com/github/codeql/pull/11461

I feel the change to `DataFlowFunciton.getParameter` where we use
`not exists(func.getArgByName(_))` is not very great, but I was not allowed
to use `not exists(this.getParameter(any(ParameterPosition _).isKeyword(_)))`
because of negative recursion.
 2023-01-27 11:14:42 +01:00
Mathias Vorreiter Pedersen
e8db563e98 C++: Reformulate the sanitizer in 'NonConstantFormat.ql'. It should no longer incorrectly sanitize indirect nodes for which there is no result for 'asIndirectExpr'. 2023-01-27 10:04:48 +00:00
Robert Marsh
6a91e85981 C++: fix UseImpl after merge conflict 2023-01-26 16:01:37 -05:00
Sim4n6
998f1bf215 Some reformatting 2023-01-26 18:54:36 +01:00
Robert Marsh
3648f26cca Merge remote-tracking branch 'origin/mathiasvp/replace-ast-with-ir-use-usedataflow' into global-flow 
Resolved trivial conflicts.
 2023-01-26 11:58:53 -05:00
Ian Lynagh
75562e7fb5 Kotlin: Remove legacy trap-locking support 2023-01-26 16:58:51 +00:00
Mathias Vorreiter Pedersen
ee62f2a223 C++: Fix global variable exclusion in DTT. 2023-01-26 16:49:58 +00:00
Mathias Vorreiter Pedersen
8c224429b3 C++: Better 'getType' for global variable nodes. 2023-01-26 16:49:49 +00:00
Nora
5993b60980 Update copy 2023-01-26 17:37:15 +01:00
Sim4n6
1a211485a4 Restrain the source and add two steps. 2023-01-26 17:07:59 +01:00
Michael B. Gale
f192191e8c Merge pull request #11997 from github/smowton/fix/deperrors-conditional 
Go: Fix DepErrors test
 2023-01-26 14:52:27 +00:00
Sim4n6
51b11de44a Add a Django Upload examples 2023-01-26 15:16:24 +01:00
Mathias Vorreiter Pedersen
bfe9ae22ad Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-26 13:03:49 +00:00
Mathias Vorreiter Pedersen
508027e0e5 Merge pull request #11998 from MathiasVP/fix-iterator-test 2023-01-26 12:35:12 +00:00
Sim4n6
54cc4d6498 Opt for any source from RemoteFlowSource. 2023-01-26 12:51:55 +01:00
Mathias Vorreiter Pedersen
13baa5b60b C++: Add iterator typedefs to properly instantiate 'int_iterator_by_trait' and 'insert_iterator_by_trait'. 2023-01-26 11:43:33 +00:00
Chris Smowton
7921de243a Fix DepErrors test 
This was likely harmlessly causing `go get` reruns, since most (all?) real dependency errors cause `go list` to exit with a nonzero return code in any case.
 2023-01-26 11:37:41 +00:00
dependabot[bot]
295152cd32 Merge pull request #11992 from github/dependabot/cargo/ruby/serde-1.0.152 2023-01-26 10:17:56 +00:00
dependabot[bot]
bf02340a6a Merge pull request #11982 from github/dependabot/cargo/ruby/num_cpus-1.14.0 2023-01-26 10:13:09 +00:00
Sim4n6
aaa0040612 Seperate the dataflow config from the query 2023-01-26 08:53:47 +01:00
dependabot[bot]
6e69acdd7e Bump serde from 1.0.131 to 1.0.152 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.131 to 1.0.152.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.131...v1.0.152)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-26 03:08:58 +00:00
Sim4n6
9464940214 Add expected results for argparse source 2023-01-26 01:00:19 +01:00
Sim4n6
2e4cb63049 Optimize the Argparse filename as a source. 2023-01-26 01:00:01 +01:00
Sim4n6
f867c9008f Commit the expected results 2023-01-26 00:08:54 +01:00
Sim4n6
9b5b0c60b8 Handle the download of a tarball using wget pkg. 2023-01-26 00:02:20 +01:00
Sim4n6
22af6f5182 Restrict download_file() to boto3 lib 2023-01-25 23:00:00 +01:00
Harry Maclean
07a7a213b3 Merge pull request #11871 from hmac/rack 2023-01-26 08:40:30 +13:00
Sim4n6
2d38993075 Add a missing "and" 2023-01-25 19:46:13 +01:00
Sim4n6
0ed480855a Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql 
Yes, definitely

Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-25 19:44:28 +01:00
Sim4n6
10d6ebf95b Use of inline tests for dataflow queries 2023-01-25 19:28:05 +01:00
Sim4n6
b5a6f6e165 Merge pull request #1 from github/main 
Sync with the upstream
 2023-01-25 19:13:35 +01:00
Rasmus Wriedt Larsen
1fcfae2464 Merge pull request #11987 from RasmusWL/suite-lists 
Misc: Add `security-experimental` to `generate-code-scanning-query-list.py`
 2023-01-25 17:29:36 +01:00