hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 01:10:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
45,718 Commits 1,754 Branches 167 Tags
23b07e55899525c7aa27cafe699bd3166190bed8
Commit Graph

45718 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
23b07e5589 Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-gettypeimpl-in-ir-dataflow 2022-10-25 12:52:33 +02:00
Mathias Vorreiter Pedersen
b85d3bc829 Merge branch 'main' into replace-ast-with-ir-use-usedataflow 2022-10-25 12:51:30 +02:00
Chris Smowton
c4ba644dfd Merge pull request #10952 from smowton/smowton/fix/java-interface-redeclares-tostring 
Kotlin: extract interface redeclarations of `Object` methods
 2022-10-25 11:29:10 +01:00
Mathias Vorreiter Pedersen
a4d434ee05 C++: Fix 'getType' for indirect dataflow nodes in IR dataflow. 2022-10-25 12:24:11 +02:00
Philip Ginsbach
b9f1cc5c6f Merge pull request #10929 from github/ginsbach/TypeSignatureDocumentation 
documentation for type signature members
 2022-10-24 20:41:25 +01:00
Chris Smowton
d171decad7 Accept test changes 
All of java.util.{Collection,List,Map} redeclare `boolean equals(Object)` in order to add documentation, as a side-effect creating a real symbol that can be used as a dispatch target.
 2022-10-24 19:49:29 +01:00
Chris Smowton
843f847960 Merge pull request #10921 from smowton/smowton/fix/ignore-enhanced-nullability 
Kotlin: ignore enhanced nullability when extracting primitive types
 2022-10-24 19:43:04 +01:00
Paolo Tranquilli
89ca7e26fe Merge pull request #10955 from github/redsun82/swift-fix-missing-bodies 
Swift: fix missing extraction of function bodies in SPM builds
 2022-10-24 20:00:02 +02:00
Erik Krogh Kristensen
ef5132b0ae Merge pull request #10883 from erik-krogh/codeSink 
RB: don't flag code-injection for dynamic loading where an attacker only controls a substring
 2022-10-24 18:59:36 +02:00
Paolo Tranquilli
d419749eb2 Swift: fix missing extraction of function bodies in SPM builds 
For some reason `-experimental-skip-non-inlinable-function-bodies-without-types`
is passed to the frontend, which will skip extraction of most bodies.

By suppressing that option the problem goes away.
 2022-10-24 17:11:13 +02:00
Paolo Tranquilli
6651c9447e Swift: failing test for extracting function bodies 2022-10-24 17:10:38 +02:00
Tony Torralba
2148e8be4d Merge pull request #10892 from atorralba/atorralba/swift/customurlschemes 
Swift: Add a new Custom URL Scheme source
 2022-10-24 15:33:27 +02:00
Tony Torralba
30f5fb6d83 Update expectations after merge 2022-10-24 14:24:13 +02:00
Erik Krogh Kristensen
5ff98cd80e Merge pull request #10888 from erik-krogh/glob 
Ruby: add model for Dir.glob and other Dir methods
 2022-10-24 14:17:37 +02:00
Asger F
bcfe4ece6f Merge pull request #10918 from asgerf/rb/constant-compound-assignment 
Ruby: handle compound constant-assignment
 2022-10-24 14:07:28 +02:00
Asger F
cac2e2e2e4 Merge pull request #10928 from asgerf/rb/assumed-global-const 
Ruby: assume some global constants are defined
 2022-10-24 14:06:34 +02:00
Chris Smowton
c6f4742f29 Kotlin: extract interface redeclarations of Object methods 
Due to a probable compiler bug (?) the redeclaration looks like a fake symbol, leading to Java dispatching against a declaration that Kotlin doesn't believe exists.
 2022-10-24 12:45:07 +01:00
Paolo Tranquilli
22adf21dd3 Merge pull request #10912 from jketema/templ-func-prototype 
C++: Update test result after extractor changes
 2022-10-24 13:44:02 +02:00
Tamás Vajk
1d2087b92a Merge pull request #10949 from tamasvajk/kotlin-underscore-var 
Kotlin: exclude Kotlin files from `java/underscore-identifier`
 2022-10-24 13:32:49 +02:00
Asger F
0ffb0f6d4d Ruby: constant lookup is unaffected by blocks 2022-10-24 13:07:21 +02:00
Chris Smowton
86e99c497d Merge pull request #10930 from smowton/smowton/fix/external-property-overloads 
Kotlin: give external extension properties with matching name and file distinct trap filenames
 2022-10-24 11:32:37 +01:00
erik-krogh
07d90b34df use instanceof in DirPathAccess 2022-10-24 12:05:26 +02:00
Erik Krogh Kristensen
669b0c35fe fix qldoc 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-10-24 12:05:26 +02:00
erik-krogh
85cd7f9121 add model for Dir.glob and other Dir methods 2022-10-24 12:05:26 +02:00
Tony Torralba
f523fbc9d0 Merge branch 'main' into atorralba/swift/customurlschemes 2022-10-24 11:41:50 +02:00
Tony Torralba
3973e1ce04 Update swift/ql/test/library-tests/dataflow/dataflow/FlowConfig.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-10-24 11:37:51 +02:00
Chris Smowton
88c4a2f6e2 Merge pull request #10936 from smowton/smowton/fix/internal-constructor-called-from-java 
Kotlin: make internal constructors' trap labels consistent with the Java extractor
 2022-10-24 09:37:00 +01:00
Paolo Tranquilli
90d4861b70 Merge pull request #10875 from github/redsun82/swift-codegen-doc 
Swift: add infrastructure for documenting generated code
 2022-10-24 10:14:57 +02:00
Tony Torralba
80f7d58fae Add missing tests for not-quite-working flow steps 2022-10-24 09:37:22 +02:00
Paolo Tranquilli
fd226c51c1 Merge pull request #10924 from github/redsun82/swift-fix-qltest-failure-reporting 
Swift: add qltest tests and fix its failure reporting
 2022-10-24 09:34:12 +02:00
Paolo Tranquilli
15e5faf5b6 Merge branch 'main' into templ-func-prototype 2022-10-24 09:19:46 +02:00
Tamas Vajk
d585839b7e Kotlin: exclude Kotlin files from java/underscore-identifier 2022-10-24 09:05:28 +02:00
Tamas Vajk
0192ae8331 Kotlin: Add test case for variables named underscore 2022-10-24 09:04:54 +02:00
Arthur Baars
b3855b089a Ruby: some more tests 2022-10-22 14:15:29 +02:00
Arthur Baars
ccaa12998d Ruby: desugar compound constant-assignments 2022-10-22 01:11:35 +02:00
Nick Rolfe
e5663574fe Merge pull request #10935 from github/nickrolfe/taint-step 2022-10-21 19:28:23 +01:00
Chris Smowton
00800017fd Kotlin: make internal constructors' trap labels consistent with the Java extractor 
Previously we accidentally named these something like <init>$main, which is a name-mangling the Kotlin compiler applies to internal methods but not to constructors, which look to Java just like regular public constructors.
 2022-10-21 16:48:37 +01:00
Nick Rolfe
9fb436e22b Ruby: add change note for localTaintStep fix 2022-10-21 16:33:29 +01:00
Nick Rolfe
269c27757d Ruby: include value-preserving flow in localTaintStep 2022-10-21 16:17:11 +01:00
Nick Rolfe
5319216c18 Ruby: add test of TaintTracking::localFlowStep 2022-10-21 16:04:04 +01:00
Jean Helie
88c6453fa6 Merge pull request #10934 from github/jhelie/add-hello-world-workflow-atm-queries 
ATM: add hello world version of workflow checking queries run
 2022-10-21 16:58:44 +02:00
Jean Helie
c0593c945b ATM: add hello world version of workflow checking queries run 2022-10-21 16:37:43 +02:00
Paolo Tranquilli
6bd09b1858 Merge branch 'main' into redsun82/swift-codegen-doc 2022-10-21 15:31:52 +02:00
Chris Smowton
42d6968c20 Kotlin: give external extension properties with matching name and file distinct trap filenames 2022-10-21 14:28:53 +01:00
Paolo Tranquilli
408968a417 Swift: fix swift compilation in QL tests 2022-10-21 15:20:38 +02:00
Asger F
84ae17dcbb Ruby: ensure Object is a transitive superclass 2022-10-21 15:18:59 +02:00
Philip Ginsbach
0dc7123ded documentation for type signature members 2022-10-21 13:42:12 +01:00
Chris Smowton
5e28e5a170 Merge pull request #10909 from smowton/smowton/fix/kotlin-varargs-dataflow 
Kotlin: Fix varargs dataflow, and varargs default handling
 2022-10-21 13:32:34 +01:00
Paolo Tranquilli
bd62f2be0e Merge branch 'main' into redsun82/swift-fix-qltest-failure-reporting 2022-10-21 14:07:19 +02:00
Paolo Tranquilli
04f6debb88 Swift: fix bazel packaging 2022-10-21 13:42:24 +02:00