hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 18:28:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,989 Commits 1,723 Branches 164 Tags
060cd9fada10dfee2541453fb2a42d93b1d01441
Commit Graph

50989 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
060cd9fada Bump serde from 1.0.152 to 1.0.154 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.152 to 1.0.154.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.152...v1.0.154)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-09 04:06:43 +00:00
Chris Smowton
cacae957b5 Merge pull request #12441 from smowton/smowton/fix/golang-incorrect-integer-conversion-sanitizer 
Go: fix incorrect-integer-conversion sanitizer
 2023-03-08 18:19:46 +00:00
Michael B. Gale
ce937e78c0 Merge pull request #12383 from github/mbg/csharp/fix/diag-filename 
C#: Append process id to diagnostics filename
 2023-03-08 14:04:29 +00:00
Arthur Baars
22c6c53993 Merge pull request #12434 from aibaars/diagnostics-links 
Ruby: add some links to diagnostic messages
 2023-03-08 14:41:46 +01:00
Michael Nebel
29ee1bda50 Merge pull request #12369 from michaelnebel/csharp/unsafestubs 
C#: .NET 7 Runtime and ASP.NET 7 stubs.
 2023-03-08 13:54:23 +01:00
Michael Nebel
6adc04eca0 Merge pull request #12370 from michaelnebel/csharp/unsafemember 
C#: Improve the `unsafe` predicate on Modifiable.
 2023-03-08 13:47:59 +01:00
Michael B. Gale
71d0a2378b Append process id to diagnostics filename 2023-03-08 12:15:46 +00:00
Arthur Baars
2d6f3ed6c2 Address comments 2023-03-08 13:10:03 +01:00
yoff
a45a0ee50d Merge pull request #12425 from RasmusWL/arg-passing-problem 
Python: Add test of keyword argument with same name as positional-only parameter
 2023-03-08 12:01:26 +01:00
Chris Smowton
a63a4c29e2 Go: fix incorrect-integer-conversion sanitizer 
This was amended as part of https://github.com/github/codeql/pull/12186, but the conversion was inadequate because the new implementation didn't work when a sink (type conversion) led directly to a non-`localTaintStep` step, such as a store step or an interprocedural step. Here I move the sink back one step to the argument of the type
conversion and sanitize the result of the conversion instead, to ensure there is always a unique local successor to a sink.

This should eliminate unexpected extra results that resulted from https://github.com/github/codeql/pull/12186. Independently there are also *lost* results that stem from needing a higher `fieldFlowBranchLimit` that are not addressed in this PR, but raising that limit is a performance risk and so I will address this separately.
 2023-03-08 09:48:35 +00:00
Michael Nebel
0714310661 C#: Add some more test examples. 2023-03-08 10:14:49 +01:00
Michael Nebel
7ce5c0d55d C#: Add change note. 2023-03-08 10:02:28 +01:00
Michael Nebel
c88f52c63e C#: Add stubs test case. 2023-03-08 10:02:27 +01:00
Michael Nebel
b6d97b07bf C#: Also print the unsafe keyword for eg. classes when creating stubs. 2023-03-08 10:02:27 +01:00
Michael Nebel
67e7b8fc23 C#: If a type (or any child of a type) is a pointer like type then it is unsafe. 2023-03-08 10:02:27 +01:00
Paolo Tranquilli
a4c0a0353f Merge pull request #12426 from github/redsun82/cpp-file-permissions-example 
C++: fix example code for `FilePermissions.qll`
 2023-03-07 19:55:46 +01:00
AlexDenisov
6a985a3df9 Merge pull request #12392 from github/alexdenisov/mangle-builtin-types 
Swift: mangle builtin types
 2023-03-07 18:22:13 +01:00
Arthur Baars
858aa9ae63 Ruby: add some links to diagnostic messages 2023-03-07 17:55:13 +01:00
Alex Denisov
1283bcb860 Swift: mangle builtin types 2023-03-07 17:45:08 +01:00
AlexDenisov
d469b9711d Merge pull request #12388 from github/alexdenisov/introduce-type-mangling 
Swift: introduce type mangling
 2023-03-07 17:44:30 +01:00
Geoffrey White
72d6f56df1 Merge pull request #12413 from geoffw0/ptrout2 
Swift: Permit data flow from all generic arguments
 2023-03-07 16:27:12 +00:00
Paolo Tranquilli
c4fd39ec3f C++: fix example code for FilePermissions.qll 2023-03-07 13:50:20 +01:00
Arthur Baars
78a802359e Remove references to 'ruby' in generic extractor code 2023-03-07 13:38:48 +01:00
Paolo Tranquilli
bdad847584 Merge pull request #12422 from github/redsun82/cpp-scanf-fp 
C++: add false positives to `MissingCheckScanf` test
 2023-03-07 13:29:22 +01:00
Rasmus Wriedt Larsen
dda29e99b2 Python: Add test of keyword argument with same name as positional-only parameter 
This is a bit of an edge case, but allowed. Since we currently don't
provide information on positional only arguments, we can't do much to
solve it right now.
 2023-03-07 13:28:48 +01:00
Michael B. Gale
7627a53c49 Merge pull request #12371 from github/mbg/csharp/increase-diagnostic-visibility 
C#: Make diagnostics visible everywhere
 2023-03-07 12:13:09 +00:00
Michael B. Gale
974fdd305e Merge pull request #12372 from github/mbg/csharp/check-integration-test-diagnostics 
C#: Add diagnostic checks to all remaining integration tests
 2023-03-07 12:11:47 +00:00
Michael B. Gale
b75f138507 Merge pull request #12385 from github/mbg/csharp/readd-tsp-support 
C#: Add support for the tool status page
 2023-03-07 12:10:52 +00:00
Paolo Tranquilli
429518bcea C++: add further FP to test 2023-03-07 12:03:34 +01:00
Paolo Tranquilli
311cf4e7fd C++: add false positives to MissingCheckScanf test 
See https://github.com/github/codeql/issues/12412 for the initial
report.
 2023-03-07 11:56:05 +01:00
Michael Nebel
40d31120d9 Merge pull request #12264 from michaelnebel/csharp/nugetnet7 
C#: Stub generator improvements.
 2023-03-07 11:30:57 +01:00
Jeroen Ketema
3a4c0a2aae Merge pull request #12389 from jketema/more-deprecated 
C++: Add `deprecated` to predicates that are deprecated according to the QLDoc
 2023-03-07 11:21:43 +01:00
Michael Nebel
af12affc36 C#: Re-generate stubs to update comments. 2023-03-07 10:35:13 +01:00
Michael Nebel
676c352819 C#: Update expected test output. 2023-03-07 10:19:26 +01:00
Michael Nebel
e85b2ebd20 C#: Replace stub member comment with file level comment. 2023-03-07 10:19:26 +01:00
Michael Nebel
c8f7304d9b C#: Address review comments. 2023-03-07 10:19:25 +01:00
Michael Nebel
e797b5c226 C#: Narrow the set of declarations where we make explicit interface implementations. 2023-03-07 10:19:25 +01:00
Michael Nebel
d8acc7cd17 C#: Stub generator support for explicit interface implementations of explicit conversion operators including test cases. 2023-03-07 10:19:25 +01:00
Michael Nebel
59349ed7c7 C#: Add test cases for static and virtual operators in interfaces and overlapping interface declarations. 2023-03-07 10:19:25 +01:00
Michael Nebel
50570dc3ee C#: Only add explicit interface implementation to the generated stub if it is unique. 2023-03-07 10:19:25 +01:00
Michael Nebel
5ba59fc9a8 C#: Stub generator support for operators in interfaces and interface implementations. 2023-03-07 10:19:25 +01:00
Michael Nebel
b68e78d908 C#: Stub generator support for static virtual and static abstract interface members. 2023-03-07 10:19:25 +01:00
Michael Nebel
aa4b98bbd5 C#: The stub generator should just format whitespaces. 2023-03-07 10:19:25 +01:00
Tom Hvitved
9b02eb729f Merge pull request #12419 from hvitved/ruby/stored-xss-config-rewrite 
Ruby: Rewrite Stored XSS query to use new data flow interface
 2023-03-07 09:46:08 +01:00
Jeroen Ketema
c9bccd9b43 C++: Fix more tests that used deprecated function 2023-03-07 09:01:13 +01:00
Tom Hvitved
b6a709df50 Ruby: Rewrite Stored XSS query to use new data flow interface 2023-03-07 07:23:27 +01:00
Geoffrey White
2ed140c696 Swift: Update the pointertypes test. 2023-03-06 17:14:14 +00:00
Mathias Vorreiter Pedersen
ff53e53e8c Merge pull request #12236 from MathiasVP/language-specific-field-flow-branch-limit-term 
Dataflow: Add a language specific term to `join` and `branch`
 2023-03-06 16:59:09 +00:00
Geoffrey White
4d327dbf4f Swift: The PointerType class isn't used any d any more. 2023-03-06 16:36:41 +00:00
Geoffrey White
61340c4b20 Swift: Permit data flow from generic arguments, rather than just pointers. 2023-03-06 16:34:12 +00:00