hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-06 06:05:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
74,241 Commits 1,747 Branches 166 Tags
45301186810dc0b41b596fbda246d0ef00b41189
Commit Graph

74241 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
aegilops
4530118681 Comment out hardcoded definition of sink 2025-01-06 17:33:31 +00:00
aegilops
820fe6cd04 Formatting 2025-01-06 16:59:04 +00:00
aegilops
564df365cb Merge branch 'main' of https://github.com/github/codeql into angular-sources-sinks 2025-01-06 16:53:02 +00:00
aegilops
322c731ac3 Attempt at AttributeDefinition to generalise Angular Renderer2 support 2025-01-06 16:52:38 +00:00
aegilops
6fb201372b Update changelog note to remove new source 2025-01-06 16:51:59 +00:00
aegilops
e414b8c5be Remove @Input() decorated members as remote sources, in favour of a later Threat Model 2025-01-06 16:51:35 +00:00
aegilops
8dac00aa83 Change from getParameter() to getArgument() 2025-01-06 15:43:47 +00:00
Mathias Vorreiter Pedersen
493e75728c Merge pull request #18386 from MathiasVP/more-robust-param-name-matching 
C++: Resolve `typedef`s when matching MaD parameters
 2025-01-06 14:40:17 +00:00
Mathias Vorreiter Pedersen
99ad184f57 Update cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-01-06 13:32:11 +00:00
Mathias Vorreiter Pedersen
75a3b6b613 Update cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-01-06 13:32:04 +00:00
Mathias Vorreiter Pedersen
f3085fc865 Update cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-01-06 13:30:59 +00:00
Mathias Vorreiter Pedersen
bfd18bc3e3 Update cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-01-06 13:30:50 +00:00
Simon Friis Vindum
7248fb70c3 Merge pull request #18394 from paldepind/rust-format 
Rust: Value flow and taint flow through formatting strings
 2025-01-06 13:55:04 +01:00
Jeroen Ketema
01a7a5323b Merge pull request #18360 from github/jketema/template-parameters-3 
C++: Support arguments and instantiations of template template parameters
 2025-01-06 13:41:45 +01:00
Jeroen Ketema
0942945fa1 Update cpp/ql/lib/semmle/code/cpp/TemplateParameter.qll 
Co-authored-by: Calum Grant <42069085+calumgrant@users.noreply.github.com>
 2025-01-06 13:30:43 +01:00
Simon Friis Vindum
c55b256d47 Rust: Remove accidentally commited expected files 2025-01-06 12:01:03 +01:00
Paolo Tranquilli
2e1e46c866 Merge pull request #18352 from github/redsun82/rust-codeql-config 
Rust: extend `paths-ignore` to all `rust/ql`
 2025-01-06 11:53:33 +01:00
aegilops
aba8be2902 Changelog for Angular source/sink update 2025-01-03 17:07:35 +00:00
aegilops
7128700003 Simplified AngularInputUse class 2025-01-03 17:02:55 +00:00
aegilops
4891c1e5fe Added QLdoc and simplified QL in source class 2025-01-03 16:50:47 +00:00
aegilops
4773917876 Formatting 2025-01-03 16:43:00 +00:00
Paul Hodgkinson
a23f4ee007 Merge branch 'main' into angular-sources-sinks 2025-01-03 16:38:48 +00:00
aegilops
0f64822356 New remote source - reading from an @Input() decorated class member 2025-01-03 16:34:15 +00:00
aegilops
09e4c78b0f New XSS sink - writing to innerHTML using the Angular Renderer2 API 2025-01-03 16:33:42 +00:00
Simon Friis Vindum
5c64a8c948 Rust: Accept expected changes and fix other CI complaints 2025-01-03 16:38:11 +01:00
Jeroen Ketema
b0062fc727 Merge pull request #18387 from jketema/change-tweak 
C++: Slightly tweak change note to make it more consistent with others
 2025-01-03 15:32:56 +01:00
Michael Nebel
7a7d8e40a7 Merge pull request #18384 from michaelnebel/csharp13/escapechars 
C# 13: [TEST ONLY] Add test using the new escape char for ESCAPE.
 2025-01-03 15:09:27 +01:00
Michael Nebel
49abfdfe4a Merge pull request #18348 from michaelnebel/csharp/locktype 
C# 13: [TEST ONLY] Add test using the System.Threading.Lock type.
 2025-01-03 15:08:46 +01:00
Michael Nebel
7cdaa799fc Merge pull request #18329 from michaelnebel/csharp/params 
C# 13: params modifier on collection types.
 2025-01-03 15:07:47 +01:00
Simon Friis Vindum
cd957ba63b Rust: Add models for functions used inside format! macro 2025-01-03 14:09:23 +01:00
Simon Friis Vindum
0d19fb6040 Rust: Add taint from children of format_args to format_args 2025-01-03 14:06:47 +01:00
Simon Friis Vindum
2ef9339d00 Rust: Generate CFG node for FormatArgsArg 2025-01-03 13:58:25 +01:00
Simon Friis Vindum
42d125676e Rust: Value flow through macro calls 2025-01-03 13:47:29 +01:00
Simon Friis Vindum
f09632df58 Rust: Add data flow tests for macros and format_args 2025-01-03 13:28:19 +01:00
Mathias Vorreiter Pedersen
9672af333a C++: Cache 'interpretElement'. This reduces DIL size of 'cpp/unbounded-write' by about 8%. 2025-01-03 10:46:57 +01:00
Jeroen Ketema
8e660190a9 C++: Add dbscheme upgrade and downgrade script 2025-01-02 21:32:03 +01:00
Jeroen Ketema
795278d5ac C++: Add change note 2025-01-02 21:31:58 +01:00
Jeroen Ketema
cfb98acbf1 C++: Slightly tweak change note to make it more consistent with others 2025-01-02 21:29:04 +01:00
Jeroen Ketema
6bf08f550e C++: Update dbscheme stats file 2025-01-02 17:59:16 +01:00
Jeroen Ketema
84775b71c3 C++: Support arguments and instantiations of template template parameters 2025-01-02 17:59:06 +01:00
Mathias Vorreiter Pedersen
682dd42caa C++: Accept test changes. 2025-01-02 16:10:19 +01:00
Mathias Vorreiter Pedersen
3d3feb6354 C++: Also resolve typedefs when parsing MaD model parameter names. 2025-01-02 16:06:46 +01:00
Mathias Vorreiter Pedersen
5ccc12cea1 C++: Add a testcase that demonstrates the problem with MaD and typedefs. 2025-01-02 16:06:45 +01:00
Mathias Vorreiter Pedersen
f23e56bdca Merge pull request #18261 from MathiasVP/add-more-atl-string-models 
C++: Add more MaD models for ATL string classes
 2025-01-02 15:06:04 +00:00
Mathias Vorreiter Pedersen
cda007bae7 C++: Fix constructor model. 2025-01-02 15:39:31 +01:00
Mathias Vorreiter Pedersen
289b938b4d C++: Fix testcase. 2025-01-02 15:37:39 +01:00
Mathias Vorreiter Pedersen
d8cfa711ad C++: Fix testcase for conversion operator. 2025-01-02 15:35:21 +01:00
Mathias Vorreiter Pedersen
c1b997b2cb C++: Make the string constructors value-preserving. 2025-01-02 15:25:23 +01:00
Mathias Vorreiter Pedersen
b8e54627f4 C++: Make some of the string models taint instead of value-preserving. 2025-01-02 15:22:42 +01:00
Mathias Vorreiter Pedersen
052b6f6ec4 C++: Accept test changes. 2025-01-02 15:22:10 +01:00