hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,426 Commits 1,671 Branches 157 Tags
dbartol/codeql-cli-2.20.2
Commit Graph

12747 Commits

Author SHA1 Message Date
Tom Hvitved
303b11ec36 Merge pull request #18298 from hvitved/rust/mad-source-sink 
Rust: Add support for MaD sources and sinks with access paths
 2025-01-10 11:49:51 +01:00
yoff
b263132ab2 Merge pull request #17998 from yoff/shared/locations-in-range-analysis 2025-01-09 14:05:54 +01:00
Owen Mansel-Chan
0f8f5d2793 Merge branch 'main' into post-release-prep/codeql-cli-2.20.1 2025-01-08 16:28:23 +00:00
yoff
21e7a0e828 Merge branch 'main' into shared/locations-in-range-analysis 2025-01-08 16:40:59 +01:00
Tom Hvitved
868caf948c Rename {Source,Sink}Node to {Source,Sink}Element 2025-01-08 15:21:43 +01:00
github-actions[bot]
fb20f6ca63 Post-release preparation for codeql-cli-2.20.1 2025-01-07 22:07:40 +00:00
github-actions[bot]
88b6f1e79a Release preparation for version 2.20.1 2025-01-07 20:50:36 +00:00
Dave Bartolomeo
72a53c4b23 Revert "Release preparation for version 2.20.1" 2025-01-07 13:32:23 -05:00
github-actions[bot]
fbf9f2fff8 Release preparation for version 2.20.1 2025-01-07 17:20:13 +00:00
Dave Bartolomeo
22e030584c Revert "Release preparation for version 2.20.1" 2025-01-07 12:14:27 -05:00
Chris Smowton
dd0012edcb ASCII 2025-01-06 23:28:02 +01:00
Chris Smowton
03c6529961 Spelling 2025-01-06 22:46:22 +01:00
github-actions[bot]
a121c5a5d0 Release preparation for version 2.20.1 2025-01-06 18:20:22 +00:00
Chris Smowton
d0eab598b1 Change note 2025-01-06 14:44:12 +00:00
Chris Smowton
5c2df36786 Exclude classes with a writeReplace method from serializability checks 2025-01-06 14:42:44 +00:00
Tom Hvitved
1b31c90d26 Implement FlowSummaryImpl stubs 2025-01-06 13:26:51 +01:00
Asger F
be939dca29 Merge pull request #14350 from asgerf/shared/deduplicate-path-graph 
Shared: Add DataFlow::DeduplicatePathGraph
 2024-12-18 14:04:29 +01:00
Asger F
8340841d54 Shared: Fix propagation of call bit 2024-12-17 11:16:04 +01:00
Asger F
950ae44d03 Shared: Show test failures 2024-12-17 11:15:57 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Asger F
f2968f4e14 Shared: Ensure subpath-induced edges are handled properly 
Argument-passing and flow-through edges are present in 'edges' in addition to 'subpaths', but the implementation didn't take this into account.
 2024-12-16 13:21:43 +01:00
Michael Nebel
0bfc1b6ea8 Also move the postprocessing queries to the library pack. 2024-12-12 15:03:03 +01:00
Michael Nebel
941b0abbf6 Move modules to the library packs. 2024-12-12 15:03:01 +01:00
Owen Mansel-Chan
8703e21f62 Merge pull request #17996 from owen-mc/java/lightweight-IR-layer-classes 
Java: Make separate classes for different control flow node kinds
 2024-12-12 13:36:54 +00:00
Owen Mansel-Chan
8e11789186 Restore asStmt, asExpr and asCall to Node 
It doesn't really make sense to define them in terms of dispatch.
 2024-12-12 12:30:01 +00:00
Michael Nebel
0a1d2d0bbb Java: Update all test util paths to point to the new location. 2024-12-12 13:21:25 +01:00
Michael Nebel
91cfb30513 Java: Move test utilities to the java query pack. 2024-12-12 13:21:22 +01:00
Owen Mansel-Chan
066db766ef Merge pull request #18153 from owen-mc/java/resttemplate-getforobject 
Java: add SSRF sink model for the third parameter of `RestTemplate.getForObject`
 2024-12-11 16:37:35 +00:00
Jami
538dee81b6 Merge pull request #18214 from jcogs33/jcogs33/java/file-getname-path-sanitizer 
Java: add File.getName as a path injection sanitizer
 2024-12-11 10:18:02 -05:00
Owen Mansel-Chan
1420bce36a Move import statement in SpringWebClient.qll 2024-12-11 14:19:24 +00:00
Anders Schack-Mulligen
066cfa31d2 Merge pull request #18258 from aschackmull/dataflow/simplify-apapprox3 
Dataflow: Simplify references to access paths from prior stage.
 2024-12-11 14:23:31 +01:00
Asger F
889100a243 Java: update test output with provenance 2024-12-11 13:19:47 +01:00
Asger F
afdbf2c3c6 Java: update test to account for key,val 2024-12-11 13:19:36 +01:00
Asger F
736388809d Java: MethodAccess -> MethodCall 2024-12-11 13:19:25 +01:00
Owen Mansel-Chan
aaa4361120 Rearrange member predicates in ControlFlow::Node 
Put all the ones which might need to be overrridden by subclasses
together for ease of reading.
 2024-12-11 10:34:18 +00:00
Owen Mansel-Chan
79f4f78fc2 Make separate classes for control flow node kinds 
This puts all the logic of a particular control flow node kind into one
place and makes it easier to add new kinds.
 2024-12-11 10:34:16 +00:00
Asger F
5aa1242117 Shared: use a call bit when tracking reachability to/from a discriminator 2024-12-11 11:29:14 +01:00
Asger F
0eb543e0a9 Java: add test for spurious flow from path graph deduplication 2024-12-11 11:29:13 +01:00
Cornelius Riemenschneider
f0971684e3 Merge pull request #18257 from github/criemen/bazel-8-00 
Upgrade bazel to 8.0.0.
 2024-12-11 11:14:41 +01:00
Owen Mansel-Chan
5b575113c3 Update test-kotlin2 2024-12-10 15:56:15 +00:00
Owen Mansel-Chan
4978a6eb37 Fix getasuccessor kotlin 
The change in results shows that there are now fewer control flow nodes.
We have removed precisely those with no successor or predecessor.
 2024-12-10 15:26:20 +00:00
Owen Mansel-Chan
5e0c3ab715 Fix kotlin tests 2024-12-10 15:26:19 +00:00
Owen Mansel-Chan
3f5886ef7a Accept another review suggestion 2024-12-10 15:26:17 +00:00
Owen Mansel-Chan
2da9bfb1a6 Finish renaming getCFGNode to getCfgNode 2024-12-10 15:26:16 +00:00
Owen Mansel-Chan
274281f61e Apply all suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-12-10 15:26:14 +00:00
Owen Mansel-Chan
d06dfe0ca3 Add change note 2024-12-10 15:26:13 +00:00
Owen Mansel-Chan
0f3dd6d8f1 Java: IPA the CFG 2024-12-10 15:26:11 +00:00
Anders Schack-Mulligen
da179705c3 Java: Accept expected file changes. 2024-12-10 14:52:06 +01:00
Cornelius Riemenschneider
53ca5083a9 Upgrade bazel to 8.0.0. 
Previously, we were using 8.0.0rc1.
In particular, this upgrade means we need to explicitly
import more rules, as they've been moved out of the core bazel repo.
 2024-12-10 12:05:37 +01:00
Jami Cogswell
214da9e9ad Java: add change note 2024-12-06 19:59:40 -05:00