hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-24 08:07:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
60,939 Commits 1,758 Branches 168 Tags
46141fa61358d92e95bc71f40b90b78d52873c42
Commit Graph

60939 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pierre
46141fa613 Update docs/codeql/codeql-overview/codeql-changelog/index.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-11-19 23:27:37 +01:00
Felicity Chapman
d4dffd775d Add skeleton files 2023-11-16 17:44:30 +00:00
Max Schaefer
ca334021ad Merge pull request #14793 from github/max-schaefer/tainted-path-qhelp 
Java: Improve QHelp for `java/path-injection` to mention less disruptive fixes.
 2023-11-16 14:09:55 +00:00
Stephan Brandauer
69ab389d9f Merge pull request #14795 from github/kaeluka/skip-this-qualifier-ctor-candidates 
Java: Automodel Extraction: Remove Qualifier Endpoints of Constructors
 2023-11-16 14:54:19 +01:00
Mathias Vorreiter Pedersen
30f0b8ab2b Merge pull request #14808 from jketema/jketema/del-fmt-global 
C++: Delete `cpp/tainted-format-string-through-global`
 2023-11-16 13:44:21 +00:00
Tom Hvitved
75f42f4614 Merge pull request #14783 from hvitved/ruby/hash-array-literal 
Ruby: Include more nodes in `{Hash,Array}LiteralCfgNode`
 2023-11-16 13:51:35 +01:00
Henry Mercer
0c1fb8c881 Merge pull request #14811 from github/henrymercer/remove-lines-of-non-user-code-from-summary 
Remove LoC metrics from the analysis summary
 2023-11-16 12:30:55 +00:00
Rasmus Wriedt Larsen
4f9303eb02 Merge pull request #14790 from RasmusWL/clean-tests 
Python: Accept new ordering of query predicates in `.expected`
 2023-11-16 13:23:35 +01:00
Tom Hvitved
2c23dacca1 Ruby: Add more hash/array literal tests 2023-11-16 12:58:53 +01:00
Max Schaefer
a5e7ef424e Revert "Add additional example." 
This reverts commit 947b094387.
 2023-11-16 11:54:16 +00:00
Stephan Brandauer
84e58b77aa Java Automodel: remove Qualifiers of constructors from endpoints 2023-11-16 12:44:53 +01:00
Stephan Brandauer
3092640115 Java Automodel: make test case for Argument[this] sink candidates in ctors in framework mode 2023-11-16 12:42:50 +01:00
Max Schaefer
143e1680bd Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-11-16 11:42:35 +00:00
Henry Mercer
de83929a60 Remove LoC metrics from the analysis summary 2023-11-16 11:36:44 +00:00
Stephan Brandauer
d7c97d9d92 Java Automodel: remove constructor instance arguments from endpoints and update test expectations 2023-11-16 12:27:23 +01:00
Stephan Brandauer
30925da7d9 Java Automodel: tests that demonstrate that there is no sink candidate of an object being constructed in app mode 2023-11-16 12:24:41 +01:00
Stephan Brandauer
f1001374fd Merge pull request #14642 from github/kaeluka/publish-automodel-querypack-007 
Java: Publish Automodel query pack 0.0.7
 2023-11-16 11:50:32 +01:00
Rasmus Wriedt Larsen
25d3af9236 Merge branch 'main' into clean-tests 2023-11-16 11:21:01 +01:00
Jeroen Ketema
1f3f1b5ec4 Merge pull request #14809 from MathiasVP/move-change-note 
C++: Move change note
 2023-11-16 11:14:14 +01:00
Max Schaefer
947b094387 Add additional example. 2023-11-16 10:06:19 +00:00
Max Schaefer
009d58034f Address suggestions from review. 2023-11-16 10:05:54 +00:00
Mathias Vorreiter Pedersen
5c0fb2030d C++: Move change note. 2023-11-16 09:57:08 +00:00
Jeroen Ketema
2eb67549e6 C++: Tweak change note slightly 2023-11-16 10:56:47 +01:00
Jeroen Ketema
afe318edbe C++: Delete cpp/tainted-format-string-through-global 2023-11-16 10:52:05 +01:00
Rasmus Wriedt Larsen
71ef98584d Merge pull request #14791 from RasmusWL/python-3.12 
Python: Update `.expected` to support Python 3.12
 2023-11-16 10:42:48 +01:00
Tom Hvitved
6bba191407 Merge pull request #14710 from hvitved/type-tracking/prepare-ruby 
Prepare shared type tracking library for adoption by Ruby
 2023-11-16 10:34:32 +01:00
Rasmus Wriedt Larsen
df144f3a1e Merge pull request #14406 from amammad/amammad-python-FileSystemAccess 
Python: New FileSystem Access
 2023-11-16 10:25:34 +01:00
Rasmus Wriedt Larsen
a46dc55e84 Merge branch 'main' into python-3.12 2023-11-16 09:34:06 +01:00
Tamás Vajk
14268f3c63 Merge pull request #14792 from tamasvajk/standalone/assembly-attribute 
C#: Fix assembly attribute extraction in standalone mode
 2023-11-16 08:09:14 +01:00
Sam Browning
408ba517e5 Merge pull request #14776 from github/sabrowning1/queries-panel-language-selector 
Add content for the queries panel and language selector
 2023-11-15 17:30:21 -05:00
Mathias Vorreiter Pedersen
4d4ca6b948 Merge pull request #14794 from MathiasVP/catch-more-return-stack-allocated-memory 
C++: Catch more returns of stack-allocated memory
 2023-11-15 19:23:24 +00:00
Sam Browning
d443354651 Apply feedback and fix syntax 2023-11-15 11:35:33 -05:00
Tom Hvitved
57f6859ddc Shared: Update type tracking consistency checks 2023-11-15 17:08:05 +01:00
Tom Hvitved
5f087f0084 Shared: Port features from Ruby's type tracking library to the shared library 
- Cache relevant predicates.
- Expose some predicates and classes (only exposed internally).
- Make some top-level `inline_late` predicates member predicates.
- Actually eliminate type check in `flowsTo`.
- Fix bug in `getACompatibleTypeTracker`.
- Adopt the `CallGraphConstruction` module.
 2023-11-15 17:08:05 +01:00
Tom Hvitved
f66f7ce8d7 Shared: Split up TypeTracking.qll into two files 2023-11-15 17:07:27 +01:00
Jeroen Ketema
f22979f4b6 Merge pull request #14561 from jketema/rewrite-uncontrolled-process-operation 
C++: Rewrite `cpp/uncontrolled-process-operation` to not use `DefaultTaintTracking`
 2023-11-15 16:03:58 +01:00
Jeroen Ketema
46e6e72593 C++: Address review comments 2023-11-15 14:57:53 +01:00
Jeroen Ketema
92c18960c5 C++: Rewrite cpp/uncontrolled-process-operation to not use DefaultTaintTracking 2023-11-15 14:57:53 +01:00
Rasmus Wriedt Larsen
e349891cff Python: Apply suggestions from code review 2023-11-15 14:35:52 +01:00
Rasmus Wriedt Larsen
e02c32f3d4 Python: options file was not enough, split into 2/3 
I reckon this is due to the Python 3 version used by the Python 2 tests
is different from 3.12, so even with --lang=3 the tests are still using
an incompatible version :(
 2023-11-15 14:24:11 +01:00
Rasmus Wriedt Larsen
0f1dc9b2d9 Python: Add missing options file 2023-11-15 13:24:08 +01:00
Rasmus Wriedt Larsen
ae6c95ff95 Python: Fix asyncio.coroutine deprecation 
Was removed in 3.11, see https://docs.python.org/3.10/library/asyncio-task.html#asyncio.coroutine

I couldn't make the __awwait__ actually give the result to the agen function...

I also tried looking into
https://docs.python.org/3/library/types.html#types.coroutine, but also
failed to make that work.

Without the Future, such as doing `yield SOURCE` inside `__await__` it
complains `RuntimeError: Task got bad yield: 'source'`
 2023-11-15 13:24:08 +01:00
Mathias Vorreiter Pedersen
bae7e10e46 C++: Also add MSVC-related 'alloca'-like functions. 2023-11-15 12:07:17 +00:00
Mathias Vorreiter Pedersen
ec63099c54 C++: Add change note. 2023-11-15 11:57:09 +00:00
Mathias Vorreiter Pedersen
2b8b5cf1b8 C++: Accept test changes. 2023-11-15 11:52:14 +00:00
Mathias Vorreiter Pedersen
6730f57d5c C++: Also flag up 'alloca' and friends. 2023-11-15 11:51:57 +00:00
Mathias Vorreiter Pedersen
118d50236f C++: Add failing tests. 2023-11-15 11:48:37 +00:00
Max Schaefer
a46a7fadb2 Java: Improve QHelp for java/path-injection to mention less disruptive fixes. 2023-11-15 11:25:13 +00:00
Tamas Vajk
7a001f4905 C#: Fix assembly attribute extraction in standalone mode 2023-11-15 12:21:03 +01:00
Owen Mansel-Chan
803ed20962 Merge pull request #14778 from owen-mc/go/improve-value-flow-through-arrays 
Go: improve value flow through arrays
 2023-11-15 11:13:15 +00:00