hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,727 Commits 1,672 Branches 157 Tags
3a80baf39c57c64bbdfa130d4af4947d0893cf7c
Commit Graph

40727 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
3a80baf39c python: concession to get the code to compile 
`isPackageUsed` now does no filtering
 2022-07-01 07:06:09 +00:00
yoff
e54ada175d python: rewrite not away 
A `LocalSourceNode` is either a `ModuleVariableNode`
or an `ExprNode`.
 2022-07-01 07:03:14 +00:00
yoff
5042c804dd python: sync files and fix many small things 
- but now we have non-monotonic recursion again...
 2022-06-23 14:57:06 +00:00
yoff
a2851baa9f python: fix import of "merge moved" file 2022-06-23 12:05:55 +00:00
yoff
1e20cca913 Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch 2022-06-23 09:14:02 +00:00
Asger F
298f4ab899 Merge pull request #9679 from asgerf/js/fix-downgrade-script 
JS: Downgrade ast_node_symbol relation
 2022-06-23 11:08:06 +02:00
yoff
140dc1a61e merge in main 2022-06-23 09:05:32 +00:00
yoff
8bf60301da python: we have hidden isParameterOf 
but now allow a clear alternative
 2022-06-23 08:57:50 +00:00
yoff
fe0c5d8ee5 python: make ArgumentNode publicly usable 
- add `getCall`
 2022-06-23 08:48:55 +00:00
yoff
b22de69ab2 python: update qldoc now predicates may be empty 2022-06-23 08:41:28 +00:00
yoff
cedf9ef538 python: make DataFlowCall "publicly usable" 
- add `getCallable`, `getArg` and `getNode`
- these are `none` for summary calls
- revert "external" uses (they had been changed to `DataFlowSourceCall`)
 2022-06-23 08:32:23 +00:00
Asger F
90c2b6e47f JS: Downgrade ast_node_symbol relation 2022-06-23 10:17:28 +02:00
Geoffrey White
20c3182437 Merge pull request #9087 from ihsinme/ihsinme-patch-88 
CPP: Add query for CWE-670: Always-Incorrect Control Flow Implementation when use SSL_shutdown
 2022-06-23 09:16:55 +01:00
Mathias Vorreiter Pedersen
5dfa5fb877 Merge pull request #9678 from jketema/ql-fixes 
C++: Two small QL fixes
 2022-06-23 08:23:54 +01:00
Erik Krogh Kristensen
08e4c8b195 Merge pull request #9634 from erik-krogh/jqueryParam 
JS: add all jquery plugin parameters as source to js/html-constructed-from-input
 2022-06-23 08:57:20 +02:00
Jeroen Ketema
b3ac7bda35 C++: Remove redundant parentheses 2022-06-23 07:25:53 +02:00
Jeroen Ketema
9cfd1a84b6 C++: Remove out-of-date comment, as we use mangled names in ResolveClass.qll 2022-06-23 07:24:04 +02:00
Robert Marsh
b609f1ea52 Merge pull request #9668 from MathiasVP/expr-nodes-for-properties 
Swift: Make sure property setters and getters also have `ExprNodes`
 2022-06-22 14:09:46 -04:00
Andrew Eisenberg
5432be7b3a Merge pull request #9667 from github/nickrolfe/js_downgrades 
JS: create downgrades pack
 2022-06-22 10:30:41 -07:00
Mathias Vorreiter Pedersen
77b8ceb976 Swift: Make sure property setters and getters also have ExprNodes. 2022-06-22 17:53:41 +01:00
Nick Rolfe
d91e8a6309 JS: create downgrades pack 2022-06-22 17:31:49 +01:00
AlexDenisov
19bc9cf301 Merge pull request #9666 from github/redsun82/swift-code-reorg 
Swift: reorganize code
 2022-06-22 18:28:08 +02:00
Paolo Tranquilli
cfde68023d Swift: fix includes jumbled by IDE 2022-06-22 18:17:40 +02:00
Paolo Tranquilli
22321aa124 Swift: reorganize code 
Visitor code has been split between header and sources to speed up
incremental build. Moreover the code was reorganized using a new `infra`
bazel package (and `visitors` got promoted to a bazel package as well).
 2022-06-22 18:11:58 +02:00
Paolo Tranquilli
7c958dfbb9 Merge pull request #9639 from github/redsun82/swift-extraction 
Swift: some expression extractions
 2022-06-22 17:19:20 +02:00
Paolo Tranquilli
e25f22da26 Merge main into redsun82/swift-extraction 2022-06-22 16:54:52 +02:00
Chris Smowton
46e6203493 Merge pull request #9626 from smowton/smowton/fix/dont-emit-synthetic-parameter-names 
Kotlin: don't emit synthetic parameter names
 2022-06-22 15:30:54 +01:00
Paolo Tranquilli
1fc2bc4938 Swift: really fix tests 2022-06-22 16:15:02 +02:00
Jeroen Ketema
f9e09da604 Merge pull request #9643 from jketema/namespace-variable-test 
C++: Add variable in namespace test
 2022-06-22 15:58:26 +02:00
Mathias Vorreiter Pedersen
43bfa2af55 Merge pull request #9635 from MathiasVP/swift-add-remote-flow-sources 
Swift: Add `RemoteFlowSource`
 2022-06-22 14:41:19 +01:00
Mathias Vorreiter Pedersen
a293fd1f3e Merge pull request #9638 from geoffw0/stringlengthconflation 
Swift: String length conflation tests (for CVE-2022-23625)
 2022-06-22 14:39:34 +01:00
Chris Smowton
00b4070866 Merge pull request #9659 from smowton/smowton/admin/invert-java-log-injection-query 
Java: Report log-injection at the source rather than the sink
 2022-06-22 14:27:50 +01:00
Mathias Vorreiter Pedersen
07c4308a32 Merge branch 'main' into swift-add-remote-flow-sources 2022-06-22 14:27:44 +01:00
Robert Marsh
d13d4c6cd1 Merge pull request #9623 from MathiasVP/swift-interpretElement0 
Swift: Interpret MaD strings
 2022-06-22 09:27:13 -04:00
Geoffrey White
e07df0d0c8 Swift: make setters private in test. 2022-06-22 14:13:30 +01:00
Mathias Vorreiter Pedersen
1febe87356 Merge pull request #9644 from jketema/class-entry-fix 
C++: Ensure we can round trip between (forward) class declarations
 2022-06-22 14:12:11 +01:00
Chris Smowton
44cf260762 Merge pull request #9571 from smowton/smowton/fix/array-variance-lowering 
Kotlin: Implement array type variance lowering
 2022-06-22 13:38:21 +01:00
Chris Smowton
1f9f6d7c33 Java: Report log-injection at the source rather than the sink 
This should remove the problem of excessive grouping of different alerts that share a sink location, often due to wrapper functions that form the ultimate sink of all logging calls in a given codebase.
 2022-06-22 13:05:20 +01:00
Tony Torralba
cc354caa1f Merge pull request #9319 from atorralba/atorralba/add-editable-valueof-step 
Kotlin: Add taint step for String.valueOf(Editable)
 2022-06-22 13:50:30 +02:00
Geoffrey White
f9e1e630f7 Swift: more accurate NSObject / NSString hierarchy in test. 2022-06-22 12:36:40 +01:00
Tamás Vajk
c0e115700d Merge pull request #9647 from tamasvajk/kotlin-when-branch-encl-stmt 
Kotlin: Fix enclosing statement of `when` branches
 2022-06-22 13:18:56 +02:00
Jeroen Ketema
b1dd8da587 C++: Fix query formatting 2022-06-22 12:59:49 +02:00
Ian Lynagh
c7a6b1e9a7 Merge pull request #9640 from igfoo/igfoo/vis 
Kotlin/Java: Add the beginnings of a "visibility" consistency query
 2022-06-22 11:34:15 +01:00
Paolo Tranquilli
3ed783df7f Swift: fix tests 2022-06-22 12:14:47 +02:00
Paolo Tranquilli
aea4910be4 Merge pull request #9620 from github/redsun82/swift-codespace 
Swift: add devcontainer setup
 2022-06-22 11:52:08 +02:00
Paolo Tranquilli
ee5c30ebda Merge main into redsun82/swift-extraction 2022-06-22 11:11:20 +02:00
Paolo Tranquilli
e0784e0680 Swift: fix update-codeql 
Also require sudo at the start of the script if updating.
 2022-06-22 11:05:30 +02:00
Paolo Tranquilli
4377fb0552 Swift: auto-install codeql on codespace 2022-06-22 10:51:30 +02:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Michael Nebel
24ba5cc06e Merge pull request #9025 from michaelnebel/csharp/generatedrefactor 
C#: Provenance column in Models as Data CSV format.
 2022-06-22 10:34:31 +02:00