codeql

mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00

Author	SHA1	Message	Date
Napalys Klicius	7ee0a7b398	Update javascript/ql/lib/semmle/javascript/Collections.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-11-21 14:02:42 +01:00
Napalys Klicius	edb9b47111	Merge pull request #18047 from Napalys/napalys/ES2023-string-protytpe-toWellFormed JS: Added taint-step String.prototype.toWellFormed ES2023 feature	2024-11-21 14:01:21 +01:00
Tom Hvitved	65be8a8aed	CI: Set `--ram` in `compile-queries.yml`	2024-11-21 13:44:31 +01:00
Asger F	930a7b6e28	JS: Update output changes to nodes/edges/subpaths	2024-11-21 13:33:39 +01:00
Asger F	7a77432024	JS: Update lost result in insecure-download The VariableCapture library consumes one component of the access path limit, which means we lose this result	2024-11-21 13:33:10 +01:00
Owen Mansel-Chan	c80a45f2a3	Merge pull request #18051 from github/workflow/coverage/update Update CSV framework coverage reports	2024-11-21 12:19:43 +00:00
Asger F	1ac7591faf	JS: Update missed flow in capture-flow.js We previously caught this flow because of a heuristic in capture flow. We'll have to fix it properly later.	2024-11-21 12:57:34 +01:00
Paolo Tranquilli	c2b426df76	Rust: accept test changes	2024-11-21 12:54:13 +01:00
Asger F	9dad2d62d7	JS: Update DataFlowConsistency	2024-11-21 12:54:11 +01:00
Paolo Tranquilli	6a6154913b	Merge branch 'main' into redsun82/rust-str	2024-11-21 11:50:38 +01:00
Paolo Tranquilli	36d8a6d05f	Rust: add class printouts to `AstConsistency.ql`	2024-11-21 11:42:00 +01:00
Tom Hvitved	295626d53b	Merge pull request #17918 from hvitved/rust/cfg-codegen Rust: Add (auto-generated) CFG node wrapper classes	2024-11-21 11:20:51 +01:00
Paolo Tranquilli	d8b453fc0d	Rust: add consistency query printing AST classes of nodes with wrong `toString`	2024-11-21 11:14:59 +01:00
Paolo Tranquilli	5012332bb2	Rust: fix `Path.toString` and address some review comments	2024-11-21 11:13:06 +01:00
Asger F	ce00bd2cc9	JS: More docs	2024-11-21 11:06:43 +01:00
Asger F	4e62a512c5	JS: Only apply exception propagator when no other summary applies Previously a few Promise-related methods were special-cased, which is no longer needed.	2024-11-21 11:01:05 +01:00
Asger F	84820adf3c	Add test for exception flow out of finally()	2024-11-21 11:01:03 +01:00
Tom Hvitved	86a7c486f9	Rust: "control-flow" -> "control flow"	2024-11-21 10:42:11 +01:00
Tom Hvitved	be7aca9780	Address review comments	2024-11-21 10:32:06 +01:00
Asger F	948d21ca07	JS: Propagate exceptions from summarized callables by default	2024-11-21 10:24:31 +01:00
Asger F	dcdb2e5133	JS: Fix callback check so it works without parameters	2024-11-21 10:24:29 +01:00
Tom Hvitved	e6887f982e	Rust: Use nodes from `CfgNodes.qll` in `DataFlowImpl.qll`	2024-11-21 10:21:13 +01:00
Tom Hvitved	ca18005e44	Rust: Add some manual classes to `CfgNodes.qll`	2024-11-21 10:21:12 +01:00
Tom Hvitved	c8736e8a3d	Rust: Auto-generate `CfgNodes.qll`	2024-11-21 10:21:11 +01:00
Tom Hvitved	1c2fdc29a3	Rust: Add more local data flow tests	2024-11-21 10:21:09 +01:00
Tom Hvitved	fab29361cb	Rust: Add more CFG tests	2024-11-21 10:21:06 +01:00
Tom Hvitved	6dc599c200	Merge pull request #17876 from hvitved/dataflow/param-flow-call-ctx Data flow: Track call contexts in `parameterValueFlow`	2024-11-21 10:20:27 +01:00
Asger F	b7dd455aff	JS: Add test case	2024-11-21 09:21:36 +01:00
Michael Nebel	932ced4ace	Merge pull request #18052 from ewillonermsft/javascriptserializer-deserializ-stubs Add Deserialize() and Deserialize<T> to System.Web.Serialization stubs	2024-11-21 09:09:12 +01:00
Simon Friis Vindum	8c74478ef4	Merge pull request #18041 from paldepind/rust-cfg-self Rust: Include `self` parameters in the CFG	2024-11-21 08:53:52 +01:00
Napalys Klicius	82ca369dce	Merge pull request #18005 from Napalys/napalys/ES2022-find-functions JS: Added support for Array.prototype.[findLastIndex, findLast] ES2022 feature	2024-11-21 08:01:19 +01:00
ewillonermsft	d6ceb89324	Add Deserialize() and Deserialize<T> to System.Web.Serialization stub.s	2024-11-20 21:01:20 -08:00
github-actions[bot]	f25c16245c	Add changed framework coverage reports	2024-11-21 00:21:44 +00:00
Geoffrey White	d828941b7c	Rust: Address review comments.	2024-11-20 22:39:27 +00:00
$REDMOND\brodes$ REDMOND\brodes	007dd83799	Updating ir test expected files.	2024-11-20 14:40:58 -05:00
$REDMOND\brodes$ REDMOND\brodes	4078d79f2a	Adds SEH exception edge types, disjoint from normal C++ edges. Does not apply the edges yet, just stipulates the types.	2024-11-20 14:37:32 -05:00
Ben Rodes	6aa74123af	Merge branch 'main' into brodes/seh_flow_phase1_throwing_models	2024-11-20 12:48:54 -05:00
Napalys	43eda58f83	Added change notes	2024-11-20 17:44:36 +01:00
Napalys	afc2d3e6d2	JS: Add: String.protytpe.toWellFormed to StringManipulationTaintStep	2024-11-20 17:42:25 +01:00
Napalys	09f73d8d6f	JS: Add: test cases for toWellFormed	2024-11-20 17:36:43 +01:00
Paolo Tranquilli	d609c1b7e6	Rust: fix `OrPat.toString`	2024-11-20 17:00:13 +01:00
Paolo Tranquilli	fd45e11f4b	Rust: accept test changes	2024-11-20 16:49:20 +01:00
Paolo Tranquilli	b4af5a61d1	Rust: more advanced `toString`	2024-11-20 16:21:23 +01:00
Tom Hvitved	596cfcfb42	Merge pull request #18042 from hvitved/shared/dense-rank-refactor Util: Refactor `DenseRank` implementation	2024-11-20 15:57:09 +01:00
Owen Mansel-Chan	9aede5f433	Merge pull request #17494 from owen-mc/go/reinstate-mad-with-fixes Go: reinstate models-as-data sink conversions with fixes	2024-11-20 14:50:47 +00:00
Alvaro Muñoz	9a137db12b	Bump qlpack versions	2024-11-20 15:36:20 +01:00
Alvaro Muñoz	082b4c3ca2	Add poisonable step for pip install .	2024-11-20 15:35:49 +01:00
Owen Mansel-Chan	69ad69c38a	Move change note out of C# folder	2024-11-20 14:21:28 +00:00
Ben Rodes	69df07ed12	Update cpp/ql/lib/change-notes/2024-11-18-throwing-functions.md Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2024-11-20 09:06:44 -05:00
Napalys	64c45debdb	JS: removed unnecessary getALocalSource from ArrayCallBackDataFlowStep	2024-11-20 14:57:00 +01:00

... 103 104 105 106 107 ...

78658 Commits