hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 05:00:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,708 Commits 1,679 Branches 158 Tags
231e9ef098a0a7d46c78450d9986cb110f7008bf
Commit Graph

59708 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
231e9ef098 C++: Accept PrintAST value category changes after frontend update 2023-10-19 10:45:13 +02:00
Jeroen Ketema
a6dae91215 C++: Accept IR test changes after value category updates 2023-10-19 10:45:12 +02:00
Jeroen Ketema
3202bcce70 C++: Handle ternary operators whose value category is a prvalue with a load 2023-10-19 10:45:12 +02:00
Jeroen Ketema
c60cb136bb C++: Do not generate loads for ParenthesisExprs 2023-10-19 10:45:12 +02:00
Jeroen Ketema
4339e18ed6 C++: Update IR generation for changes in frontend 2023-10-19 10:45:12 +02:00
Chris Smowton
3145c53a19 Accept test changes for JDK21 2023-10-16 22:00:41 +01:00
Chris Smowton
bd77f572f1 Compile collections test for Java 11 2023-10-16 21:54:09 +01:00
Chris Smowton
7fbba3a659 Java: adapt stub to ExecutorService change in JDK19 2023-10-13 20:30:28 +01:00
Chris Smowton
8f985e0045 Java: restrict test to source classes 2023-10-13 20:30:28 +01:00
Chris Smowton
0510b0c825 Java: restrict test to source methods 
Otherwise it finds standard library methods that depend on stdlib internals as to what happens to get extracted. In particular the extractor bump to JDK21 led to MethodHandles being in scope and a new method being found; seems better to avoid considering the standard library at all.
 2023-10-13 20:30:28 +01:00
Jeroen Ketema
d56a9f0781 Merge pull request #14424 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-13 17:57:04 +02:00
Mathias Vorreiter Pedersen
fb0016e4f6 Merge pull request #14485 from geoffw0/logging 
Swift: Add more sinks to `swift/cleartext-logging`
 2023-10-13 16:09:19 +01:00
Mathias Vorreiter Pedersen
9a2ac65f53 Merge pull request #14394 from geoffw0/sqlpathinject3 
Swift: Add sinks for sqlite3 and SQLite.swift to swift/hardcoded-key
 2023-10-13 16:07:09 +01:00
Jeroen Ketema
61676277e8 C++: Fix barrier in cpp/cgi-xss 2023-10-13 14:05:47 +02:00
Harry Maclean
1297acf5b1 Merge pull request #14216 from hmac/hmac-graphql-enum 
Ruby: Restrict GraphQL remote flow sources
 2023-10-13 11:31:50 +01:00
Tony Torralba
5e921784fb Merge pull request #14399 from ebickle/fix/thread-resource-arithmetic 
Java: Flow taint through arithmetic expressions for java/thread-resource-abuse experimental query
 2023-10-13 10:06:33 +02:00
Erik Krogh Kristensen
b1ad61e27d Merge pull request #14481 from erik-krogh/proper-codepoints 
ReDoS: use the new codePointAt and codePointCount methods instead of regex hacks
 2023-10-13 09:35:55 +02:00
Felicity Chapman
2ddcd1d9cc Merge pull request #14489 from github/felicitymay-typo-fix 
Fix typo in link
 2023-10-12 21:45:30 +01:00
Felicity Chapman
8f70b55158 Fix typo in link 2023-10-12 20:53:44 +01:00
Ian Lynagh
2edc70da79 Merge pull request #14390 from igfoo/igfoo/compr 
Kotlin: Improve support for TRAP compression options
 2023-10-12 20:22:10 +01:00
Geoffrey White
fe57cd0784 Merge pull request #14488 from geoffw0/strlentest 
Swift: Additional test cases for `swift\string-length-conflation`
 2023-10-12 19:39:43 +01:00
AlexDenisov
6ab2de10e3 Merge pull request #14437 from github/alexdenisov/ignore-unavailable-declarations 
Swift: skip declarations marked as unavailable
 2023-10-12 20:08:18 +02:00
Ian Lynagh
ed9502fd0b Kotlin: Enhance the TRAP compression test 2023-10-12 18:13:07 +01:00
Ian Lynagh
adb47399c7 Kotlin: Improve support for TRAP compression options 
While you could control compression with
    CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION
before, most TRAP files used gzip regardless for compatibility with the
Java extractor. Now Java understands the option too we can use it for
shared TRAP files.
 2023-10-12 18:13:06 +01:00
Mathias Vorreiter Pedersen
3c34638438 Merge pull request #14486 from MathiasVP/simplify-overrun-write 
C++: Remove unnecessary `FlowState` from `cpp/overrun-write`
 2023-10-12 17:48:52 +01:00
Geoffrey White
9f683b8630 Swift: Remove duplicate results. 2023-10-12 17:38:58 +01:00
Geoffrey White
cf7f355fc4 Swift: Additional test cases. 2023-10-12 17:11:56 +01:00
Mathias Vorreiter Pedersen
64fa6c8bbd C++: Remove the hacky flow state since this is no longer needed after #13717. 2023-10-12 13:58:36 +01:00
Geoffrey White
5c0085880f Swift: Change note. 2023-10-12 13:24:10 +01:00
Geoffrey White
e2a8569940 Swift: Clean up indentation. 2023-10-12 13:05:20 +01:00
Geoffrey White
8f852f2e7d Swift: Turn sink models into flow summary models, where appropriate. 2023-10-12 12:57:05 +01:00
erik-krogh
fa1e8ee426 add getACodepoint to the shared Strings library, and use it in NfaUtils 2023-10-12 13:38:19 +02:00
erik-krogh
822ba2ae59 add documentation for the new string methods in ql-language-specification.rst 2023-10-12 13:38:19 +02:00
erik-krogh
116025c569 use the new codePointAt and codePointCount methods instead of regex hacks 2023-10-12 13:38:19 +02:00
Erik Krogh Kristensen
59c43c7904 Merge pull request #14410 from erik-krogh/bigger-compilation-cache 
use a bigger compilation cache in the compile-queries workflow
 2023-10-12 12:35:44 +02:00
Mathias Vorreiter Pedersen
02f73145d6 Merge pull request #14354 from geoffw0/conversions2 
Swift: Improve models for Numeric, RangeReplaceableCollection
 2023-10-12 11:13:50 +01:00
Michael B. Gale
f6570710e7 Merge pull request #14441 from github/dependabot/go_modules/go/extractor/golang.org/x/tools-0.14.0 
Bump golang.org/x/tools from 0.13.0 to 0.14.0 in /go/extractor
 2023-10-12 10:19:34 +01:00
Geoffrey White
7916bd39b4 Swift: Generalize 'write' models. 2023-10-12 09:21:33 +01:00
Geoffrey White
09974b5176 Swift: Extend sink models. 2023-10-12 09:17:04 +01:00
Owen Mansel-Chan
5fcdb9e112 Merge pull request #14442 from owen-mc/go/test-qldoc-coverage 
Fix module name
 2023-10-11 23:45:53 +01:00
Eric Bickle
ee2d8f84de Merge branch 'main' into fix/thread-resource-arithmetic 2023-10-11 13:09:57 -07:00
Eric Bickle
f018d83951 Merge branch 'fix/thread-resource-arithmetic' of https://github.com/ebickle/codeql into fix/thread-resource-arithmetic 2023-10-11 13:09:39 -07:00
Eric Bickle
4cb78ab3c7 Remove change notes 2023-10-11 13:08:56 -07:00
Geoffrey White
0e4cd7f52f Swift: Additional test cases. 2023-10-11 18:37:24 +01:00
Henry Mercer
1a370bfbbe Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0 
Post-release preparation for codeql-cli-2.15.0
 2023-10-11 17:39:04 +01:00
github-actions[bot]
ae6af17c74 Post-release preparation for codeql-cli-2.15.0 2023-10-11 14:19:20 +00:00
Tamás Vajk
a31f946d6f Merge pull request #14436 from tamasvajk/void-type-value-type 
C#: Include the `void` type in value types
 2023-10-11 16:16:06 +02:00
Asger F
7780fe9472 Merge pull request #14435 from asgerf/ruby/port-synced-queries 
JS/Ruby: desync two queries and port the Ruby version to ConfigSig-style
 2023-10-11 15:50:58 +02:00
Owen Mansel-Chan
b6bf4d04ff Fix module name 2023-10-11 14:47:46 +01:00
dependabot[bot]
442a4fe9cf Bump golang.org/x/tools from 0.13.0 to 0.14.0 in /go/extractor 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-11 13:12:49 +00:00