hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,672 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

78658 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
e89f37df1a Rust: Update expected test results 2024-12-03 19:18:52 +01:00
Jeroen Ketema
99cbeb7eb6 Go: Update expected test results 2024-12-03 19:18:50 +01:00
Jeroen Ketema
67052bf9e5 Swift: Update expected test results 2024-12-03 19:18:48 +01:00
Jeroen Ketema
ca40b60e62 Ruby: update expected test results 2024-12-03 19:18:46 +01:00
Jeroen Ketema
8271ad60c1 Remove deprecated InlineExpectationsTest class-based API 2024-12-03 19:18:37 +01:00
Mathias Vorreiter Pedersen
593e2233f8 C++: Update test changes after 0c8245f727. 2024-12-03 17:55:59 +00:00
Mathias Vorreiter Pedersen
0c8245f727 Update cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2024-12-03 17:53:01 +00:00
Mathias Vorreiter Pedersen
2c58279137 C++: Add QLDoc to 'isClassConstructedFrom' and 'isFunctionConstructedFrom'. 2024-12-03 17:52:29 +00:00
Mathias Vorreiter Pedersen
da7bfb9297 C#: Add change note. 2024-12-03 17:38:26 +00:00
Mathias Vorreiter Pedersen
4a2c02543c C#: Accept test changes. 2024-12-03 17:34:57 +00:00
Mathias Vorreiter Pedersen
041df780c1 C#: Add field-flow through dynamic members. 2024-12-03 17:34:55 +00:00
Mathias Vorreiter Pedersen
d22ef44f44 C#: Add tests with missing flow through dynamic members. 2024-12-03 17:27:59 +00:00
Calum Grant
99efff2217 C++: Fix a FP in cpp/wrong-number-format-arguments caused by extraction error 2024-12-03 16:40:02 +00:00
Calum Grant
08859be07b C++: Test case for cpp/wrong-number-format-arguments 2024-12-03 16:33:40 +00:00
REDMOND\brodes
e6641e7630 Code and comment simplifications 2024-12-03 11:06:08 -05:00
Simon Friis Vindum
70c60868a6 Rust: Model ? as reading from Option and Result 2024-12-03 17:01:34 +01:00
Michael Nebel
395bdd0cec C#: Address more review comments. 2024-12-03 16:58:30 +01:00
Michael Nebel
6928f7d443 C#: Address review comment. 2024-12-03 16:36:16 +01:00
Michael Nebel
309202ef89 C#: Update the MessagePack nuget dependency. 2024-12-03 16:24:05 +01:00
Paolo Tranquilli
8a1136ddcb Merge branch 'main' into redsun82/rust-less-canonical-paths 2024-12-03 16:23:22 +01:00
Simon Friis Vindum
b50834aee8 Rust: Add data flow tests for question mark operator 2024-12-03 16:21:26 +01:00
Paolo Tranquilli
277c9f4087 Rust: add back getAttr to ArrayExpr 2024-12-03 16:12:56 +01:00
Anders Schack-Mulligen
8ea973f838 C++: Update use of deleted api. 2024-12-03 15:20:07 +01:00
Paolo Tranquilli
c113503b41 Rust: fix doc typo 2024-12-03 15:18:17 +01:00
Paolo Tranquilli
353f1cafe6 Rust: distinguish [a, b] from [a; b] 
This splits the `ArrayExpr` class into `ArrayListExpr` and `ArrayRepeatExpr`.
This uses the `synth.from_class` machinery to integrate seamlessly into the
generated code, by hiding the extracted `ArrayExpr` behind an internal class
and replacing it with a hierarchy of those two classes under a new
`ArrayExpr` class.
 2024-12-03 15:09:20 +01:00
Anders Schack-Mulligen
c654a05998 Dataflow: Remove identical-files entries for deleted api. 2024-12-03 14:52:30 +01:00
Anders Schack-Mulligen
371a11e6da C++: Delete deprecated data flow api. 2024-12-03 14:52:14 +01:00
Anders Schack-Mulligen
0d9e578857 C#: Delete deprecated data flow api. 2024-12-03 14:42:34 +01:00
Anders Schack-Mulligen
fbff4b6e21 Go: Delete deprecated data flow api. 2024-12-03 14:42:14 +01:00
Anders Schack-Mulligen
acc260cc3c Python: Delete deprecated data flow api. 2024-12-03 14:41:49 +01:00
Anders Schack-Mulligen
20f06abe6f Ruby: Delete deprecated data flow api. 2024-12-03 14:41:14 +01:00
Anders Schack-Mulligen
f07f2b0f4a Swift: Delete deprecated data flow api. 2024-12-03 14:40:43 +01:00
Asger F
3f0d0e3a05 JS: Deprecate DataFlow::BarrierGuardNode 2024-12-03 14:30:50 +01:00
Asger F
b3461989b1 JS: Remove use of SanitizerGuardNode in experimental SSRF query 
Makes a quick effort attempt to restore the original behaviour, though
it is not exactly the same due to lack of recursion.
 2024-12-03 14:30:36 +01:00
Asger F
0d79c7141c JS: Update two more uses of SanitizerGuardNode 2024-12-03 14:30:35 +01:00
Asger F
62c17d3f4e JS: Update SanitizerGuardNode use in BasicTaintTracking test 2024-12-03 14:30:34 +01:00
Asger F
f620191da4 JS: Deprecate SanitizerGuardNode 2024-12-03 14:30:33 +01:00
Asger F
2ae7386775 JS: Also apply new BarrierGuardLegacy pattern in Xss.qll 2024-12-03 14:30:32 +01:00
Asger F
2ef652da2c JS: Add more deprecation annotations in tests 2024-12-03 14:30:31 +01:00
Asger F
21494fbdff JS: Refactor BarrierGuardLegacy pattern to not depend on SanitizerGuardNode 
Previously our barrier guard classes were direct descendents of SanitizerGuardNode which made it hard to deprecate that class.

Now our barrier guards are not descending from any shared class. Instead they are contributed to SanitizerGuardNode via a private helper class we can remove in the future.
 2024-12-03 14:30:29 +01:00
Asger F
a574ff1669 JS: Remove use of MakeLegacyBarrierGuard in experimental SSRF 2024-12-03 14:30:28 +01:00
Asger F
08d25c122d JS: Deprecate more uses of ConsistencyConfiguration 2024-12-03 14:30:27 +01:00
Asger F
75ab4856b8 Remove unsupported features from PoI 2024-12-03 14:30:25 +01:00
Asger F
e6680dec8f JS: Avoid use of LabeledSanitizerGuardNode in TaintedObject 
Drive-by bugfix: Rename sanitizes -> blocksExpr.
This fixes a bug that caused the sanitizer guard not to work in df2.

The test output reflects the fact that the barrier guard works now.
 2024-12-03 14:30:24 +01:00
Asger F
0ce1fe767d JS: Deprecate ConsistencyChecking to avoid deprecation warnings 2024-12-03 14:30:23 +01:00
Asger F
04a3a6707f JS: Update a reference to AdditionalSanitizerGuardNode 
Unlike most other references to this class, we're not subclassing it here, we're
just trying to reuse some standard barrier guards but with a different flow state.
 2024-12-03 14:30:22 +01:00
Asger F
834d35bc42 JS: Port experimental DecompressionBombs to ConfigSig 2024-12-03 14:30:21 +01:00
Asger F
871bc3b84a JS: Port experimental CorsPermissiveConfiguration to ConfigSig 
The tests show a new (source, sink) pair for an already-flagged sink.

Not sure why it was not flagged originally since the data flow path seems valid, given the steps provided by our models.
 2024-12-03 14:30:20 +01:00
Asger F
f5a6485ef2 JS: Port experimental decodeJwtWithoutVerificationLocalSource 2024-12-03 14:30:19 +01:00
Asger F
72e522631d JS: Port experimental jwtDecodeWithoutVerification to ConfigSig 2024-12-03 14:30:18 +01:00