hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-30 17:15:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,274 Commits 1,789 Branches 169 Tags
codeql-cli-2.25.4
Commit Graph

87274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
9992ecc317 Merge branch 'codeql-cli-2.11.2' into ruby/ast-ref-table-docs 2022-11-04 17:59:35 +01:00
Calum Grant
e9e94dcb0f Merge pull request #10932 from github/nickrolfe/ruby-dataflow-docs 
Ruby: data flow docs
 2022-11-04 16:47:00 +00:00
tiferet
833041c62e Fix QLDoc style errors 2022-11-04 09:30:31 -07:00
tiferet
2aa4651534 Remove predicates not yet used from the current PR 2022-11-04 09:30:31 -07:00
tiferet
74c8bfff4f Minor changes from code review 2022-11-04 09:30:31 -07:00
tiferet
e60c016fc6 Format fixes 2022-11-04 09:30:31 -07:00
tiferet
cbf81b8839 Improve the import structure 2022-11-04 09:30:31 -07:00
tiferet
300456cd3e Enforce the abstraction over characteristics: 
Make the implementations of specific `EndpointCharacteristic`s private.
 2022-11-04 09:30:31 -07:00
tiferet
c0cc754fb5 Rename ClassificationReasons 
Change the name to EndpointCharacteristics.
 2022-11-04 09:30:30 -07:00
tiferet
a4939b91e7 Generalize the definition of a known sink: 
If the list of reasons includes positive indicators with maximal confidence for this class, it's a known sink for the class.

This negates the need for each query config to define the isKnownSink predicate individually.
 2022-11-04 09:30:29 -07:00
tiferet
08bbe596a2 Create the sink ClassificationReasons 
Write the reasons that indicate that an endpoint is a sink for each sink type.

Also fix import error.
 2022-11-04 09:30:29 -07:00
erik-krogh
d7f1491f41 fix non-attached annotations for newtype branches 2022-11-04 17:19:42 +01:00
Dave Bartolomeo
649c3af98a Merge pull request #11127 from github/henrymercer/fix-atm-pr-checks 
ATM: Fix CodeQL pack workspace references
 2022-11-04 12:19:42 -04:00
Alex Ford
53e83ff048 Ruby: AST ref docs - add futher reading section 2022-11-04 16:01:31 +00:00
Alex Ford
13aad99194 Ruby: AST ref docs - add Calls section intro 2022-11-04 16:01:31 +00:00
Alex Ford
a77fc96067 Ruby: AST ref docs - note about desugaring and synthesized AstNodes 2022-11-04 16:01:31 +00:00
Alex Ford
530b29ccdf Ruby: AST ref docs - note AssignExpr 2022-11-04 16:01:31 +00:00
Alex Ford
9cf3284371 Ruby: AST ref docs - add a missing space 2022-11-04 16:01:31 +00:00
Mathias Vorreiter Pedersen
bd549e527c Merge pull request #11128 from jketema/dont-use-old 
C++: Do not use the old dataflow library in `additional-flow-to-parameter`
 2022-11-04 15:59:52 +00:00
Arthur Baars
5aee96d907 Merge branch 'codeql-cli-2.11.2' into ruby/ast-ref-table-docs 2022-11-04 16:39:29 +01:00
Arthur Baars
a11de9b145 Merge branch 'codeql-cli-2.11.2' into nickrolfe/ruby-dataflow-docs 2022-11-04 16:38:19 +01:00
Arthur Baars
20bebba1ff Merge pull request #10957 from aibaars/doc-api-graph 
Ruby: document API graphs
 2022-11-04 16:36:38 +01:00
Arthur Baars
58c0e65542 Merge pull request #11129 from aibaars/improve-weak-crypto 
Ruby: Improve weak crypto query
 2022-11-04 16:31:55 +01:00
alexet
c07db098a7 QLSpec: Adress comments from review 2022-11-04 15:27:21 +00:00
Arthur Baars
610bbeee97 Update docs/codeql/codeql-language-guides/using-api-graphs-in-ruby.rst 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-11-04 16:21:57 +01:00
Chris Smowton
8fd4041511 Kotlin: always populate the files table 
Previously individual top-level file declarations relied on their corresponding file-class to declare their `File` instance, but this can be scuppered by a Java extractor replacing that file-class and identifying a different file location.
 2022-11-04 15:00:27 +00:00
Arthur Baars
98f4c29913 Ruby: weak crypto: do not report weak hash algorithms 
Weak hash algorithms such as MD5 and SHA1 are often
used in non security sensitive contexts and reporting
all uses is far too noisy.
 2022-11-04 15:58:50 +01:00
Erik Krogh Kristensen
418d632738 Merge pull request #11123 from erik-krogh/stableCI-followup-2 
fix typo in compile-queries workflow
 2022-11-04 15:48:27 +01:00
Jeroen Ketema
fc2013334f C++: Do not use the old dataflow library in additional-flow-to-parameter 
Either both queries here should use the old library or neither should. The
expectation is that the expected results between the queries differ depending
on the additional flow step in one of them.
 2022-11-04 15:46:36 +01:00
AlexDenisov
c7da814bca Merge pull request #11122 from github/alexdenisov/make-macos-sed-happy 
Swift: make sed on macos happy
 2022-11-04 15:45:06 +01:00
Paolo Tranquilli
0370d1a1ba Merge pull request #11008 from github/redsun82/swift-macos-integration-tests 
Swift: rework workflows
 2022-11-04 15:44:42 +01:00
Alex Ford
d218572c72 Ruby: Apply review suggestions for AST reference guide 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-11-04 14:42:33 +00:00
Tom Hvitved
05bf86acb6 Merge pull request #11126 from hvitved/cpp/position-overrides 
C++: Let `(Indirect|Direct)Position` be sub classes of `Position`
 2022-11-04 15:35:27 +01:00
AlexDenisov
0260ecfbdb Merge branch 'main' into alexdenisov/make-macos-sed-happy 2022-11-04 15:17:08 +01:00
Henry Mercer
0b9588bf9e ATM: Add test pack to workspace 2022-11-04 14:07:14 +00:00
Henry Mercer
3e863a539a ATM: Fix CodeQL pack workspace references 
This fixes the
[ATM PR checks](https://github.com/github/codeql/actions/runs/3392995797/jobs/5639827326)
breaking on main as a result of
https://github.com/github/codeql/pull/11004.
 2022-11-04 14:03:34 +00:00
Tom Hvitved
95835b8297 C++: Let (Indirect|Direct)Position be sub classes of Position 2022-11-04 14:31:18 +01:00
erik-krogh
def9b5e2ce fix typo in compile-queries workflow 2022-11-04 13:58:29 +01:00
Erik Krogh Kristensen
265838aa2c Merge pull request #11117 from erik-krogh/stableCI-followup 
fix merge-base compilation when running directly on main
 2022-11-04 13:56:41 +01:00
Arthur Baars
fadc278485 Merge branch 'codeql-cli-2.11.2' into nickrolfe/ruby-dataflow-docs 2022-11-04 13:05:26 +01:00
AlexDenisov
476bbfbdb7 Update qltest.sh 2022-11-04 13:04:24 +01:00
Henry Mercer
cbbff0c401 ATM: Rename workflow 
Rename to take into account us now checking the results of the query
suite too.
 2022-11-04 11:51:35 +00:00
Henry Mercer
87f7b65052 ATM: Check the results of the queries too 2022-11-04 11:51:35 +00:00
Erik Krogh Kristensen
91b33f72b5 update name and comment to reflect that it also runs on rc branches 2022-11-04 12:50:18 +01:00
Anders Schack-Mulligen
a1dba82360 Dataflow: Sync. 2022-11-04 12:41:55 +01:00
Anders Schack-Mulligen
828d187198 Dataflow: Fix a couple of join-orders. 2022-11-04 12:41:55 +01:00
Tamás Vajk
545dd8b8d8 Merge pull request #11106 from tamasvajk/kotlin-binop-ext 
Kotlin: Extract extension binary operators
 2022-11-04 12:41:06 +01:00
Chris Smowton
ca04779dfc Kotlin: fix extraction of Java nested wildcards; wildcards in return types 
This fixes two mistakes: return-type extraction not imposing a wildcard where a Java prototype explicitly uses one, and nested wildcard detection quietly failing due to not looking through a `JavaWildcardType` correctly.

I add a variant of the `kotlin_java_lowering_wildcards` test where Java prototypes are only seen from Kotlin, to be sure extraction is working as expected.
 2022-11-04 11:39:26 +00:00
Henry Mercer
fe27e09a07 ATM: Add codeowners entry for new workflow 2022-11-04 10:57:00 +00:00
Henry Mercer
05dd161d76 ATM: Use database analyze to check results interpretation too 2022-11-04 10:54:08 +00:00