hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

33347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
f103d45340 Merge branch 'main' into atorralba/android-implicit-pending-intents 2022-01-18 10:50:49 +01:00
Mathias Vorreiter Pedersen
e1598aba5e C++: Fix spelling. 2022-01-18 09:44:36 +00:00
Tony Torralba
3ff7710a18 Improve ExplicitIntent's QLDoc 2022-01-18 10:43:52 +01:00
Tony Torralba
fe2755c4a0 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-18 10:41:19 +01:00
Benjamin Muskalla
365a8d9bbd Fix flow for fluent appendable api 2022-01-18 10:41:00 +01:00
Benjamin Muskalla
8e6a15640f Model basic channel APIs 2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen
fff3b5c5b4 Dataflow: Add qldoc. 2022-01-18 10:39:55 +01:00
Anders Schack-Mulligen
9479301485 Ruby: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
5cfa3c7927 C++: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
7b98ca9b0a C#: Adjust qltest expected output. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
aa9912a699 Java: Fix expected output 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
71e39353ca Dataflow: Sync. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
b22c4e3c56 Dataflow: Bugfix: include subpaths ending at a sink. 2022-01-18 10:34:14 +01:00
Chris Smowton
f7d3892320 Update test expectations 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
dfa79f6119 Dataflow: Sync. 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
46736a137c Dataflow: Don't include subpaths that can't reach a sink. 2022-01-18 10:30:09 +01:00
Chris Smowton
2c37885f6e Sync dataflow 2022-01-18 10:30:09 +01:00
Chris Smowton
7c9b44b4cb Don't include arg -> param edges in PathGraph::edges whose arg is not reachable 
This avoids lots of missing-node warnings from `codeql bqrs interpret` as it discards the nodes that occur in the `edges` relation but not `nodes`. The problem arises because subpaths introduced two variants of `reach`, one of which is more restrictive than simply `reach(succ) and succ = pred.getASuccessor()`, so it no longer suffices to just check that the successor is reachable.
 2022-01-18 10:30:09 +01:00
Michael Nebel
de3d62b3f4 C#: Update stats file for the new relations (they are unfortunately empty). 2022-01-18 09:33:40 +01:00
Michael Nebel
bf21026771 C#: Add downgrade scripts for the line span pragma. 2022-01-18 09:32:14 +01:00
Michael Nebel
8fd116fbd7 C#: Add upgrade scripts for the new tables requires for the line span pragma. 2022-01-18 09:32:14 +01:00
Michael Nebel
ac47c96f48 C#: Add Line span pragma test case. 2022-01-18 09:32:14 +01:00
Michael Nebel
8b048ca17e C#: Add line span pragma example. 2022-01-18 09:32:14 +01:00
Michael Nebel
93255dfe13 C#: Add QL library support for the Line span directive. 2022-01-18 09:32:14 +01:00
Michael Nebel
7e264668d8 C#: Refator directive visitor to use expression body. 2022-01-18 09:32:14 +01:00
Michael Nebel
af380f846e C#: Add support in the extractor for the LineSpanDirective. 2022-01-18 09:32:14 +01:00
Michael Nebel
195d40c04e C#: Add new class needed for LineSpanDirective and modify existing implementation to use the new types. 2022-01-18 09:32:14 +01:00
Michael Nebel
a197befb5f C#: Add shared base class for line and line span pragmas. 2022-01-18 09:32:14 +01:00
Michael Nebel
c9467d7e94 C#: Add new tables to the dbscheme line span pragma. 2022-01-18 09:32:14 +01:00
Anders Schack-Mulligen
c41ec1f8ec Merge pull request #7619 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-18 09:17:40 +01:00
github-actions[bot]
b8959f7bdb Add changed framework coverage reports 2022-01-18 00:10:52 +00:00
Alex Ford
c1a51d94a2 Ruby: add test for protect_from_forgery without exception strategy 2022-01-17 17:44:52 +00:00
Erik Krogh Kristensen
d63f4bfd94 Merge pull request #7615 from erik-krogh/super-charpred 
QL: support this.method() calls in the charpred that references non-extending supertypes
 2022-01-17 18:32:10 +01:00
Felicity Chapman
e0110bd25e FIx typo in new note 2022-01-17 17:20:00 +00:00
Henry Mercer
ffa4135cbe JS: Update alert messages for ML-powered queries 2022-01-17 17:19:49 +00:00
Erik Krogh Kristensen
a4cfb80b81 QL: update comment 2022-01-17 17:19:15 +00:00
Felicity Chapman
e7dde79d50 Add note and link to main CodeQL CLI docs 2022-01-17 17:14:58 +00:00
Erik Krogh Kristensen
85c273a413 QL: support this.method() calls in the charpred that references non-extending supertypes 2022-01-17 17:42:35 +01:00
Henry Mercer
e9128466d4 JS: Add query help for ML-powered queries 
Query help is identical to the original query, except for a new
paragraph prepended to the overview explaining that the queries are
experimental.

We add Markdown query help since only Markdown query help is embedded in
SARIF via `--sarif-add-query-help`.
 2022-01-17 16:34:50 +00:00
Henry Mercer
568d37e9b9 JS: Update definition of ATM query suite 
It's simpler to just run all the queries in the pack instead of
specifying the IDs.
 2022-01-17 16:34:50 +00:00
Geoffrey White
d475101286 C++: Fix some code duplication. 2022-01-17 16:26:22 +00:00
Owen Mansel-Chan
065043b311 Merge pull request #7588 from owen-mc/add-specific-needs-reference-predicates 
Dataflow: Add language-specific NeedsReference predicates
 2022-01-17 15:51:34 +00:00
Asger Feldthaus
79f799066a JS: Update test output 2022-01-17 16:27:57 +01:00
Michael Nebel
b927aad6ed C#: Address review comments related to record structs. 2022-01-17 16:16:18 +01:00
Michael Nebel
6c1bb4a3a9 C#: Add test case for record class and record structs. 2022-01-17 16:16:18 +01:00
Michael Nebel
746fd603d8 C#: Add flow summary test for record struct constructors. 2022-01-17 16:16:18 +01:00
Michael Nebel
9770f09839 C#: Deprecate Record and introduce RecordClass instead. Also make flow summary support for record struct constructors. 2022-01-17 16:16:18 +01:00
Michael Nebel
55cb2aa160 C#: Use modifier to decide, if a type is a record like type and implement support for record struct types. 2022-01-17 16:16:18 +01:00
Michael Nebel
dc76775d07 C#: Consider 'record' a type modifier in the extractor (it can be applied to both class and struct). 2022-01-17 16:16:18 +01:00
Michael Nebel
c17bd29640 C#: Rename C# code file and update test. 2022-01-17 16:16:18 +01:00