hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-08 00:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
69,939 Commits 1,731 Branches 164 Tags
038bc832a7cf21e02aa3ccbd4ec478688f68b3f2
Commit Graph

69939 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
038bc832a7 Go/Java/C#: Rename to ActiveThreatModelSource 
As part of adding support for threat-models to Python/JS (see
https://github.com/github/codeql/pull/17203), we ran into some trouble
with name clashes.

Naming in existing languages supporting threat-models:
- `SourceNode` (for QL only modeling)
- `ThreatModelFlowSource` (for active sources from QL or data-extensions)

However, since we use `LocalSourceNode` in Python, and `SourceNode` in
JS (for local source nodes), it seems a bit confusing to follow the same
naming convention as other languages, and we had to come up with new names.

Initially I used `ThreatModelSource` for the "QL only modeling", but
that meant that we needed a new name to represent the active sources
coming from either QL or data-extensions... for this I came up with
`ActiveThreatModelSource`, and I really liked it. To me, it's much
clearer that this class only contains the currently active threat
model sources.

So to align languages, I got approval from @michaelnebel to rename the
existing classes.
 2024-09-10 14:46:15 +02:00
Jeroen Ketema
90f7b30997 Merge pull request #17418 from jketema/throw-inconsistent 
C++: Add IR inconsistency test
 2024-09-10 11:07:16 +02:00
Jeroen Ketema
dfa16423c0 C++: Add IR inconsistency test 2024-09-09 21:50:42 +02:00
Jeroen Ketema
6e0b5bcb63 Merge pull request #17414 from MathiasVP/add-more-try-except-testcases 
C++: Add more IR inconsistency tests
 2024-09-09 18:10:42 +02:00
Mathias Vorreiter Pedersen
353cd8cc74 C++: Add more IR inconsistency tests. 2024-09-09 16:37:55 +01:00
Jeroen Ketema
1250e72ebb Merge pull request #17399 from jketema/simplify 
C++: Re-introduce the original version of the `many_defs_per_use` IR test
 2024-09-09 14:18:19 +02:00
Paolo Tranquilli
f1cd9211e7 Merge pull request #17407 from github/redsun82/rust-extractor-generalize-location-cache 
Tree-sitter: allow multiple sources per trap file
 2024-09-09 14:12:33 +02:00
Paolo Tranquilli
2c472dd5b8 Tree-sitter: fix formatting 2024-09-09 11:59:17 +02:00
Joe Farebrother
d1cca13563 Merge pull request #17314 from joefarebrother/python-x509-cert 
Python: Exclude certificate classification fo sensitive data queries
 2024-09-09 10:48:36 +01:00
Paolo Tranquilli
4454566d8d Tree-sitter: allow multiple sources per trap file 
This generalizes the location cache to allow multiple sources to be
extracted in the same trap file, by adding `file_label` to `Location`,
and therefore to location cache keys. This will be used by the Rust
extractor.
 2024-09-09 09:17:45 +02:00
Michael B. Gale
e165fc77b5 Merge pull request #17386 from github/dependabot/go_modules/go/extractor/extractor-dependencies-cf6e4563c3 
Bump golang.org/x/mod from 0.20.0 to 0.21.0 in /go/extractor in the extractor-dependencies group
 2024-09-06 18:54:36 +01:00
Jeroen Ketema
915d24c62f C++: Re-introduce the original version of the many_defs_per_use IR test 
See: 28cff2ea20
 2024-09-06 17:38:29 +02:00
Cornelius Riemenschneider
9b12df5ae4 Merge pull request #17389 from github/criemen/bzlmod-upgrades 
CI: Upgrade bazel rules.
 2024-09-06 12:02:13 +02:00
Michael Nebel
a5b462292f Merge pull request #17330 from michaelnebel/java/modelgenfieldbased 
Java/C#: Field based model generator (Experimental).
 2024-09-06 11:11:46 +02:00
Cornelius Riemenschneider
c75f55debf Merge branch 'main' into criemen/bzlmod-upgrades 2024-09-06 10:41:52 +02:00
Jeroen Ketema
b73b8682b4 Merge pull request #17371 from jketema/correct-include 
C++: Update expected test results after extractor changes
 2024-09-06 09:38:06 +02:00
dependabot[bot]
3c1e3b66ec Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/mod/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-06 03:21:50 +00:00
Jeroen Ketema
a8b8eb42c0 Merge pull request #17391 from MathiasVP/add-unexpected-loop-inconsistency 
C++: Add testcase with IR inconsistencies
 2024-09-05 21:03:57 +02:00
Mathias Vorreiter Pedersen
25d7f17efc C++: Add testcase with IR inconsistencies. 2024-09-05 19:32:53 +01:00
Jeroen Ketema
78c6c09912 Merge pull request #13560 from am0o0/amammad-cpp-bombs 
C++: Decompression Bombs
 2024-09-05 20:01:02 +02:00
Am
a226bdfbd3 Merge pull request #3 from jketema/amammad-cpp-bombs 
C++: Fix expected test results
 2024-09-05 21:31:03 +04:00
Michael Nebel
e1048cf8ea Java/C#: Address review comments. 2024-09-05 19:23:05 +02:00
Jeroen Ketema
e891c5a882 C++: Fix expected test results 2024-09-05 17:48:11 +02:00
am0o0
401bb24fde remove redundent zStreamAccess in flow steps 2024-09-05 17:09:26 +02:00
am0o0
faef6359dd add '// BAD' comment for the zstd sink 2024-09-05 17:05:21 +02:00
Jeroen Ketema
5b65f98e2c C++: Update expected test results after extractor changes 
The updated test results look more correct, as the documentation of
`#include_next` [1] that it should start looking in the next directory
in the search path. Before this update, the frontend was actually
looking in the current directory first, which is incorrect.

[1] https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html
 2024-09-05 15:17:43 +02:00
Owen Mansel-Chan
013ee34de7 Merge pull request #17381 from owen-mc/go/fix/qldoc/resultvariabledecl 
Go: Fix QLDoc for ResultVariableDecl
 2024-09-05 11:57:45 +01:00
Paolo Tranquilli
28a7fca7ed Merge pull request #17387 from github/redsun82/bazel 
Bazel: stub internal repo parts needed for building rust binaries
 2024-09-05 12:28:18 +02:00
Owen Mansel-Chan
9786934d9a Remove errant space at end of line 2024-09-05 11:27:20 +01:00
Cornelius Riemenschneider
f76a190ed1 CI: Upgrade bazel rules. 2024-09-05 11:40:06 +02:00
Simon Friis Vindum
5950af390d Merge pull request #17351 from paldepind/swap-member-data-flow 
C++: Make swap member functions data-flow functions
 2024-09-05 11:39:16 +02:00
Owen Mansel-Chan
5bafa8ace2 Add comment about x, y int being a single ResultVariableDecl 2024-09-05 10:27:11 +01:00
Jeroen Ketema
b6e38ff862 Merge pull request #17342 from jketema/coroutine 
C++: Fix coroutine IR inconsistencies
 2024-09-05 10:15:16 +02:00
Paolo Tranquilli
57534599c8 Merge pull request #17352 from github/redsun82/swift 
Swift: upgrade prebuilt toolchain to 5.10.1
 2024-09-05 09:17:06 +02:00
Paolo Tranquilli
7c80b33a63 Bazel: add forgotten files 2024-09-05 08:26:41 +02:00
Paolo Tranquilli
913a9263d2 Bazel: stub internal repo parts needed for building rust binaries 
This is another shot at https://github.com/github/codeql/pull/17382,
using a different and more lightweight approach.

This allows building the ruby and python (and in the future also rust)
packs from within the codeql repository. This will:
* skip defining the glibc symbols checking, which only makes sense when
  building the release from the internal repository
* stub out our `universal_binary` rule, which we only need when building
  the release.
 2024-09-05 08:16:28 +02:00
Am
05bdce1cd3 Merge pull request #2 from jketema/amammad-cpp-bombs 
C++: Fix zstd and clean up test
 2024-09-05 07:53:00 +04:00
Joe Farebrother
959715ac8e Merge pull request #16814 from porcupineyhairs/pyCors 
WIP: Python: CORS Bypass
 2024-09-05 02:43:02 +01:00
Jeroen Ketema
3aa68b34bb C++: Fix zstd and clean up test 2024-09-04 22:25:44 +02:00
Cornelius Riemenschneider
f9e956dc94 Merge pull request #17377 from github/criemen/csharp-move-jobs 
C#: Delete jobs that moved to the internal repo.
 2024-09-04 20:10:26 +02:00
Cornelius Riemenschneider
627c533e98 Fix typo. 2024-09-04 19:27:00 +02:00
Jeroen Ketema
fd9a5ee453 Update cpp/downgrades/7ff6a6e53dbcff09d1b9b758b594bc6d17366863/coroutine.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2024-09-04 18:45:33 +02:00
Andrew Eisenberg
c86b5790ff Merge pull request #17281 from github/aeisenberg/pr-template 
Add a pull request template
 2024-09-04 09:41:46 -07:00
Am
4fa462417f Merge pull request #1 from jketema/amammad-cpp-bombs 
Cleanup cpp bombs
 2024-09-04 18:06:04 +04:00
Owen Mansel-Chan
351c50afc1 Fix QLDoc for ResultVariableDecl 2024-09-04 14:02:35 +01:00
Michael B. Gale
cd8a5d7707 Merge pull request #17378 from github/mbg/go/improve-typeparamtype 
Go: Add `getParent` and `getIndex` for `TypeParamType`
 2024-09-04 13:31:51 +01:00
Erik Krogh Kristensen
8508056e72 Merge pull request #17349 from erik-krogh/del-deps-sep-2024 
All: delete outdated deprecations
 2024-09-04 14:18:31 +02:00
Jeroen Ketema
9b905d5e84 C++: Set precision to low 
There are no barriers, so the query as is will flag up any use of the
identified functions.
 2024-09-04 14:13:43 +02:00
Jeroen Ketema
238895e677 C++: Fix formatting 2024-09-04 14:10:24 +02:00
Jeroen Ketema
92c6170a76 C++: Simplify QLhelp 
One good and one bad example suffices to get the point across, and makes the
help more readable. The examples also do not have to be complete.
 2024-09-04 14:06:12 +02:00