hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 11:11:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,880 Commits 1,691 Branches 160 Tags
4380495eed2aa00a0a74d910536b9b1dcf16cb92
Commit Graph

50880 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
4380495eed Swift: Model Sequence.withContiguousSrtorageIfAvailable. 2023-03-06 20:59:17 +00:00
Geoffrey White
56b6441ef5 Merge pull request #12391 from geoffw0/ptrout 
Swift: Permit data flow out through pointer arguments
 2023-03-06 13:37:22 +00:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
dependabot[bot]
3538cf89b9 Merge pull request #12404 from github/dependabot/cargo/ql/serde_json-1.0.94 2023-03-06 09:55:33 +00:00
Arthur Baars
d2ab40c184 Merge pull request #12208 from gregxsunday/main 
Add ZipSlip and TarSlip query to ruby
 2023-03-06 10:40:06 +01:00
dependabot[bot]
ce5e76a3a0 Bump serde_json from 1.0.93 to 1.0.94 in /ql 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.93 to 1.0.94.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.93...v1.0.94)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-06 09:32:26 +00:00
Anders Schack-Mulligen
557cb17f4d Dataflow: Minor perf fix for single config wrapper. 2023-03-06 10:24:33 +01:00
Calum Grant
b8e123dc08 Merge pull request #12402 from github/dependabot/cargo/ruby/serde_json-1.0.94 
Bump serde_json from 1.0.93 to 1.0.94 in /ruby
 2023-03-06 09:24:21 +00:00
Anders Schack-Mulligen
d4c5877484 Merge pull request #3 from MathiasVP/fix-exec-tainted 
C++: Use refactored dataflow library in `cpp/command-line-injection`
 2023-03-06 09:32:34 +01:00
dependabot[bot]
f93b304578 Bump serde_json from 1.0.93 to 1.0.94 in /ruby 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.93 to 1.0.94.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.93...v1.0.94)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-06 04:15:01 +00:00
Geoffrey White
6f120a66d0 Merge pull request #12368 from geoffw0/taintarith3 
Swift: Fill some gaps in arithmetic / bitwise operations modelling
 2023-03-03 18:20:54 +00:00
Geoffrey White
9aaf30691c Merge pull request #12307 from geoffw0/stringconflationtaint 
Swift: Update swift/string-length-conflation to taint tracking
 2023-03-03 17:27:15 +00:00
Geoffrey White
c29dcefcf2 Swift: Fix .expected file. Locations had changed after the formatting fix. 2023-03-03 17:24:07 +00:00
Geoffrey White
395bf675fe Swift: Make the test work on Linux. 2023-03-03 17:14:57 +00:00
Geoffrey White
2d889304bb Swift: Some cases in the SqlInjection test are fixed by this. 2023-03-03 16:49:13 +00:00
Geoffrey White
b2bcb2d378 Swift: Fix formatting. 2023-03-03 16:32:21 +00:00
Chris Smowton
d4e02eb846 Merge pull request #12384 from smowton/smowton/admin/java-tsp-message-cleanup 
Java TSP: test changes re: formatting improvements
 2023-03-03 16:24:35 +00:00
Geoffrey White
6e3040987a Swift: Autoformat. 2023-03-03 16:24:28 +00:00
Geoffrey White
234f17b578 Swift: Use PointerType in data flow's 'modifiable' predicate. 2023-03-03 16:23:49 +00:00
Geoffrey White
3249cee1c9 Swift: Add an overall PointerType. 2023-03-03 16:23:46 +00:00
Geoffrey White
589e0af20a Swift: Test for pointer types. 2023-03-03 16:23:29 +00:00
Geoffrey White
9423c21d46 Swift: Add simple model for pointer types. 2023-03-03 16:23:27 +00:00
Jeroen Ketema
2ee8344e92 Merge pull request #12387 from jketema/qualified-deprecation 
C++: Properly deprecate `hasQualifiedName` by using the `deprecated` keyword
 2023-03-03 17:11:56 +01:00
AlexDenisov
4aeff0f8dc Merge pull request #12335 from github/alexdenisov/extract-lazy-declarations 
Swift: extract lazy declarations
 2023-03-03 16:06:20 +01:00
Geoffrey White
9f86bcb1b8 Swift: Proof of concept fix. 2023-03-03 15:04:47 +00:00
Geoffrey White
15227d3c09 Swift: Add tests where a user-defined (non-modelled) function taints the pointee of a pointer argument. 2023-03-03 15:00:22 +00:00
Jeroen Ketema
6495f1911f C++: Properly deprecate hasQualifiedName by using the deprecated keyword 2023-03-03 15:57:59 +01:00
Chris Smowton
b234bbd119 Accept test changes 2023-03-03 14:46:21 +00:00
Mathias Vorreiter Pedersen
907e6299a4 C++: Convert 'ExecTainted' to use the new refactored dataflow library. 2023-03-03 14:41:29 +00:00
Kasper Svendsen
fe65fb8743 Merge pull request #12360 from kaspersv/kaspersv/actioncontroller-prevent-bad-join 
ActionController: Prevent bad join
 2023-03-03 13:38:33 +01:00
Asger F
f2f972567d Merge pull request #12379 from github/revert-12217-mbg/csharp/tsp-support 
Revert "C#: Tool status page support"
 2023-03-03 13:29:13 +01:00
Erik Krogh Kristensen
d94e51aaf6 Merge pull request #12377 from erik-krogh/jHtml 
JS: add the html argument to the jQuery functions as an XSS sink
 2023-03-03 13:19:38 +01:00
Nick Fyson
48c30771da Merge pull request #12374 from github/codeql-ci/atm/update-model-pack/ecb17d40286d14132b481c065a43459a7f0ba9059015b7a49c909c9f9ce5fec5 
ATM: Update model pack to version 0.3.1-2023-03-01-12h42m43s.strong-turtle-1xp3dqvv.ecb17d40286d14132b481c065a43459a7f0ba9059015b7a49c909c9f9ce5fec5
 2023-03-03 11:42:57 +00:00
Anders Schack-Mulligen
0addcfa7c5 Dataflow: Fix some perf issues. 2023-03-03 11:45:32 +01:00
Asger F
8f0b77d54f Revert "C#: Tool status page support" 2023-03-03 11:44:42 +01:00
Geoffrey White
7b596f4928 Merge pull request #10431 from ihsinme/ihsinme-patch-111 
CPP: Add query for CWE-369: Divide By Zero.
 2023-03-03 10:42:04 +00:00
erik-krogh
a6c9af4182 add the html argument to the jQuery functions as an XSS sink 2023-03-03 11:09:53 +01:00
erik-krogh
94870b838f add failing test 2023-03-03 11:08:33 +01:00
Nick Fyson
5869c36366 Merge branch 'main' into codeql-ci/atm/update-model-pack/ecb17d40286d14132b481c065a43459a7f0ba9059015b7a49c909c9f9ce5fec5 2023-03-03 10:03:22 +00:00
Alex Denisov
ae7a0c517c Swift: do not allocate mangler statically 2023-03-03 10:28:08 +01:00
Alex Denisov
60c1505097 Swift: address review comments 2023-03-03 10:26:44 +01:00
Paolo Tranquilli
1a19909abf Merge pull request #12373 from github/redsun82/swift-qldoc 
Swift: turn on QLdoc check
 2023-03-03 08:26:39 +01:00
Alex Denisov
ffcb382705 Swift: only consider Builting and __ObjC declarations as lazy 2023-03-02 20:00:23 +01:00
github-actions[bot]
50c90bbc5c ATM: Update model pack dependency of ML-powered model building and query packs 2023-03-02 17:31:03 +00:00
Geoffrey White
764a52354e Merge pull request #12367 from geoffw0/nsstring2 
Swift: Additional NSString taint test cases
 2023-03-02 15:56:15 +00:00
Paolo Tranquilli
162b995428 Swift: turn on QLdoc check 2023-03-02 16:16:12 +01:00
Anders Schack-Mulligen
b34f99f716 Dataflow: Add change notes. 2023-03-02 16:01:29 +01:00
Anders Schack-Mulligen
a498ab241b Go: Fix query. 2023-03-02 13:53:37 +01:00
Mathias Vorreiter Pedersen
a1a2d7c469 Merge pull request #12355 from geoffw0/splittest 
Swift: Split the taint flow test.
 2023-03-02 12:53:07 +00:00
Geoffrey White
27ec36298f Swift: Understand binary pointwise operations. 2023-03-02 12:42:34 +00:00