hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 18:34:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,049 Commits 1,683 Branches 158 Tags
447c11cd074ec73c7d39d4893cf5f00a3ca95851
Commit Graph

44049 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Marsh
447c11cd07 C++: move ConstantSizeArrayOffByOne.ql to CWE-193 2022-09-29 10:56:29 -04:00
Robert Marsh
e46b215c9d C++: fix metadata and result format 2022-09-29 10:53:29 -04:00
Robert Marsh
b93a2b06bf C++: prototype for off-by-one in array-typed field 2022-09-23 14:38:06 -04:00
Mathias Vorreiter Pedersen
73f279d6e7 Merge pull request #10555 from MathiasVP/testcase-for-php-cve 
C++: Fix missing bounds in range analysis
 2022-09-23 16:55:51 +01:00
Robert Marsh
c2dfbd47a3 Merge pull request #10398 from MathiasVP/further-work-on-buffer-over-queries 
C++: Further work on buffer-overflow queries
 2022-09-23 11:06:32 -04:00
Ian Lynagh
8c13738199 Merge pull request #10556 from igfoo/igfoo/memo 
Kotlin: Simplify trapFilePathForDecl
 2022-09-23 14:59:20 +01:00
Stephan Brandauer
33d30a0802 Merge pull request #10018 from github/new-atm-features-rebased 
New atm features rebased
 2022-09-23 15:29:50 +02:00
Mathias Vorreiter Pedersen
0a7be0bbb3 Merge pull request #10551 from erik-krogh/swift-followMsg 
Swift: Add full stop at the end of alert-messages
 2022-09-23 13:50:44 +01:00
Mathias Vorreiter Pedersen
639aaff9c7 C++: Add more metadata. 2022-09-23 13:47:02 +01:00
Tamás Vajk
43ec5dcc9a Merge pull request #10549 from tamasvajk/kotlin-fix-local-class-extraction 
Kotlin: Fix non-nested local class extraction
 2022-09-23 14:40:59 +02:00
Mathias Vorreiter Pedersen
ce3654c6ec C++: Make ql-for-ql happy. 2022-09-23 13:07:07 +01:00
Mathias Vorreiter Pedersen
f3212fe01c C++: Autoformat. 2022-09-23 13:00:22 +01:00
Mathias Vorreiter Pedersen
162ec2884e C++: Also fix 'OverrunWriteProductFlow.ql' 2022-09-23 12:59:27 +01:00
Ian Lynagh
70dae17d2f Kotlin: Simplify trapFilePathForDecl 2022-09-23 12:41:41 +01:00
Michael Nebel
342c8764ce Merge pull request #10433 from michaelnebel/csharp/fix-joinorder-interpretedcallable 
C#: Fix join order in InterpretedCallable characteristic predicate.
 2022-09-23 13:37:49 +02:00
Mathias Vorreiter Pedersen
8056131901 C++: Autoformat. 2022-09-23 12:26:37 +01:00
Mathias Vorreiter Pedersen
494afdde96 C++: Accept test changes. 2022-09-23 12:21:31 +01:00
Mathias Vorreiter Pedersen
ac03242cfc C++: Add an SSAVariable for pointer-arithmetic expressions in guards. 2022-09-23 12:21:31 +01:00
Michael Nebel
4963835772 Merge pull request #10540 from michaelnebel/csharp/dotnet-run-validate 
C# Integration test validations for `dotnet run`.
 2022-09-23 13:10:06 +02:00
Mathias Vorreiter Pedersen
6d06234048 C++: Add testcase demonstrating missing result for 'cpp/invalid-pointer-deref' query. 2022-09-23 11:41:16 +01:00
erik-krogh
1fe76ecc0a update expected output 2022-09-23 12:27:06 +02:00
erik-krogh
6c3ed6cd0e update alert-messages to follow the style-guide 2022-09-23 12:23:40 +02:00
Rasmus Wriedt Larsen
71da217b82 Merge pull request #10535 from RasmusWL/flask-jsonify 
Python: Model `flask.jsonify`
 2022-09-23 12:18:27 +02:00
Asger F
11ba0f0bbe Merge pull request #10253 from asgerf/js/type-defs-squashed 
JS: Add generated typings to SQL models
 2022-09-23 11:34:01 +02:00
Tamas Vajk
d6e31af985 Kotlin: Fix non-nested local class extraction 2022-09-23 11:23:21 +02:00
Tamas Vajk
b4eb4ec837 Kotlin: Add test case for top level local class extraction 2022-09-23 11:19:09 +02:00
Michael Nebel
1b25d23531 C#: Align comments and actual test case. 2022-09-23 11:05:29 +02:00
Tom Hvitved
8b424d181a Merge pull request #10505 from hvitved/dataflow/viable-impl-in-ctx-consistency 
Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`
 2022-09-23 10:38:48 +02:00
Stephan Brandauer
1bb781ad94 Merge branch 'main' into new-atm-features-rebased 2022-09-23 09:55:29 +02:00
Asger F
d1e19a313b JS: Update test case to clarify choice of sinks 2022-09-23 09:18:15 +02:00
Dave Bartolomeo
cee0e8e137 Merge pull request #10532 from github/henrymercer/3.7-mergeback 
Final mergeback from `rc/3.7`
 2022-09-22 13:42:59 -04:00
Michael Nebel
faf33efeb8 C#: Improve join ordering further for InterpretedCallable. 2022-09-22 19:10:14 +02:00
Michael Nebel
d4f1fc7900 C#: Add some integration tests for 'dotnet run' and do some minor validation of the output. 2022-09-22 18:42:50 +02:00
Michael Nebel
c978798308 C#: Update test program to print a default message to standard out. 2022-09-22 18:41:46 +02:00
Mathias Vorreiter Pedersen
c4afb3a2b5 Merge branch 'main' into further-work-on-buffer-over-queries 2022-09-22 16:35:52 +01:00
Andrew Eisenberg
b58653eadc Merge pull request #10458 from github/aeisenberg/qlpack-properties 
Update qlpack properties descriptions
 2022-09-22 07:54:17 -07:00
Mathias Vorreiter Pedersen
7272ca79fd Merge pull request #10529 from erik-krogh/even-more-alerts 
QL: A few more improvements to `ql/alert-message-style-violation`
 2022-09-22 15:16:30 +01:00
Asger F
718649d505 Merge pull request #10490 from asgerf/js/remove-old-docs 
JS: Remove old Portal-based flow summary implementation
 2022-09-22 16:01:30 +02:00
Tom Hvitved
914c711940 C#: Fix broken viableImplInCallContext implementation 2022-09-22 15:01:40 +02:00
Tom Hvitved
f4b82cb2e8 Python: Update expected test output 2022-09-22 15:01:40 +02:00
Tom Hvitved
7a694d5da5 C++: Update expected test output 2022-09-22 15:01:40 +02:00
Tom Hvitved
ad6b870f94 Data flow: Sync files 2022-09-22 15:01:33 +02:00
Rasmus Wriedt Larsen
d3f811cab3 Python: Accept any arg to flask.jsonify 
Thanks @tausbn 👍
 2022-09-22 14:59:06 +02:00
Erik Krogh Kristensen
2fe6d1f562 Merge pull request #10470 from erik-krogh/flowParse 
JS: Try to parse files without using our parser extensions before enabling the extensions
 2022-09-22 14:58:43 +02:00
Alex Ford
140458b7cc Merge pull request #9932 from alexrford/ruby/rbi-typegraph-fixes 
Ruby: RBI library changes to support models-as-data model generation
 2022-09-22 13:55:33 +01:00
Rasmus Wriedt Larsen
8174120916 Python: Model flask.jsonify 2022-09-22 14:43:39 +02:00
erik-krogh
609ed709e2 use GVN to find detect when the alert-location is used as a link 2022-09-22 14:42:08 +02:00
erik-krogh
afdd7b0994 don't compute GVN for string constants of length more than 50, as this results in a infinite loop 😕 2022-09-22 14:41:21 +02:00
Rasmus Wriedt Larsen
078d3d0062 Python: Add stacktrace exposure example 2022-09-22 14:27:49 +02:00
Erik Krogh Kristensen
6e6880bbe4 Merge pull request #10486 from erik-krogh/java-unqueryable 
Java: Delete some unused code
 2022-09-22 14:21:39 +02:00