hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
59,734 Commits 1,741 Branches 165 Tags
466ffdf8f500577fc3ce36d71e32188462e4462a
Commit Graph

59734 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
c492b5f2dd Swift: Model sinks. 2023-10-07 23:19:09 +01:00
Geoffrey White
8bf6fd67d1 Swift: Add a test for GRDB hardcoded key sinks. 2023-10-07 23:07:32 +01:00
erik-krogh
4bc4e0845d delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses 2023-10-07 21:48:49 +02:00
erik-krogh
d261cec3cd add change-note 2023-10-07 15:41:08 +02:00
Marcono1234
f3e5045259 Java: Add predicate MemberRefExpr::getReceiverExpr 2023-10-07 14:53:07 +02:00
erik-krogh
56e9eda2b9 fix performance by caching getArgument 2023-10-07 13:06:45 +02:00
Marcono1234
2c0dcd3a2d Java: Adjust ClassInstanceExpr type argument predicates docs 
The type arguments which these predicates have as result are for the
type of the created instance.

Previously the documentation said "provided to the constructor", which
is misleading / incorrect. Type arguments provided to the constructor
are specified directly after the `new` keyword:
```
class C {
    <T> C() {
    }
}

new <String> C();
```

And those are not part of the results of these predicates.
 2023-10-07 03:43:58 +02:00
erik-krogh
7ca0996912 add a taint-tracking tests for calls to tagged template strings 2023-10-06 21:39:42 +02:00
erik-krogh
9b6501787a add API-graph test for the new tagged template calls 2023-10-06 21:25:34 +02:00
Geoffrey White
0918e50b05 Swift: Switch pragma to inline_late. 2023-10-06 20:23:51 +01:00
erik-krogh
18e6a5491c recognize tagged templates as DataFlow::CallNode 2023-10-06 21:14:00 +02:00
erik-krogh
951ed01d6b combine the library-tests/CallGraphs/FullTest tests into one file 2023-10-06 20:57:09 +02:00
Robert Marsh
85587413d0 Swift: fix QLDoc formatting for getSequence 2023-10-06 15:29:56 +00:00
Robert Marsh
c281db6b5b Swift: improve QLDoc for getSequence 2023-10-06 15:23:58 +00:00
Robert Marsh
ec292ca4e1 Swift: Split for-each change note into two lines 2023-10-06 15:21:55 +00:00
amammad
7d36c23d59 fix qhelp and PascalCase issues 2023-10-06 16:14:10 +02:00
Jeroen Ketema
b6132d2a0f C++: Rewrite cpp/cgi-xss to not use default taint tracking 2023-10-06 16:11:13 +02:00
Michael Nebel
dca39348ab Java: Add change note. 2023-10-06 15:09:16 +02:00
Michael Nebel
fb10af9042 Jave: Remove the local threat model from the default configuration. 2023-10-06 14:58:48 +02:00
amammad
7d73808d60 fix a test mistake, add comments for JWT extension points 2023-10-06 13:31:09 +02:00
amammad
aa127b1662 do review improvements 2023-10-06 13:22:43 +02:00
Michael B. Gale
0b13da35eb Go: Update newer-go-version-needed test 
- Use a version that is accepted by Go tooling
- Run is no longer successful with Go 1.21
 2023-10-06 11:57:47 +01:00
Michael B. Gale
01a1d814f4 Do not call EmitNewerGoVersionNeeded for v1.21+ 2023-10-06 11:57:37 +01:00
Michael B. Gale
c63f6807c4 Go: Run go version with GOTOOLCHAIN=local 2023-10-06 11:57:26 +01:00
Michael B. Gale
76781e5d75 Go: Add GoVersionInfo type 
Refactors `tryReadGoDirective` to return this instead of a pair.
This will make it easier to return multiple versions.
 2023-10-06 11:57:08 +01:00
Mathias Vorreiter Pedersen
eb3f1967a5 Merge pull request #14365 from MathiasVP/disable-flow-through-pointer-arith-for-size 
C++: Disable size-flow through pointer arithmetics in `cpp/invalid-pointer-deref`
 2023-10-06 10:14:31 +02:00
Asger F
97b3ebe385 Merge pull request #14380 from asgerf/js/amd-range 
JS: Add AmdModuleDefinition::Range
 2023-10-05 21:05:28 +02:00
Mathias Vorreiter Pedersen
b231b1ccaf Merge pull request #14384 from MathiasVP/handle-instructions-in-reverse-flow 2023-10-05 20:26:38 +02:00
Robert Marsh
bbec4082c0 Merge pull request #14312 from geoffw0/sqlpathinject2 
Swift: Add sinks for sqlite3 and SQLite.swift to swift/cleartext-storage-database
 2023-10-05 14:08:55 -04:00
Geoffrey White
66637e8c03 Swift: Autoformat. 2023-10-05 18:53:30 +01:00
Geoffrey White
81d4ec1e98 pragma node 2023-10-05 18:30:50 +01:00
Alex Eyers-Taylor
c79ec8c37a CPP: Improve performance of IR debugging 2023-10-05 17:35:52 +01:00
Geoffrey White
fdcc6b482d Swift: Simplify allowImplicitRead slightly. 2023-10-05 16:42:43 +01:00
Geoffrey White
7ddece1560 Swift: Update .expected after merge. 2023-10-05 16:20:56 +01:00
Geoffrey White
6bea7f89a8 Merge branch 'main' into sqlpathinject2 2023-10-05 16:15:37 +01:00
Cornelius Riemenschneider
d3a1dbc0c7 Merge pull request #14381 from github/criemen/add-bazel-dbschemes 
Add skeleton bazel files for accessing the dbschemes.
 2023-10-05 16:53:45 +02:00
Mathias Vorreiter Pedersen
20900dafc0 C++: Handle reverse flow when 'nodeTo' is an instruction. 2023-10-05 16:28:57 +02:00
Michael Nebel
96f93cefba UNDO AGAIN: Add local threat models. 2023-10-05 16:16:00 +02:00
Ian Lynagh
e124a70380 Merge pull request #14378 from igfoo/igfoo/compr 
Kotlin: Some compression simplification
 2023-10-05 13:16:00 +01:00
Ian Lynagh
0cf309b64e Merge pull request #14369 from igfoo/igfoo/remove_unused 
Kotlin: Remove some unused code
 2023-10-05 13:15:20 +01:00
Owen Mansel-Chan
602bb4083c Merge pull request #13949 from owen-mc/go/change-flowstate-for-incorrect-integer-conversion 
Go: Improve incorrect integer conversion
 2023-10-05 09:59:36 +01:00
Mathias Vorreiter Pedersen
333e607536 Merge pull request #14376 from MathiasVP/unique-in-hasIRRepresentationOfIndirectInstruction 2023-10-05 10:22:54 +02:00
Chris Smowton
399fab0c6c Merge pull request #14322 from smowton/smowton/admin/add-buildless-diagnostic-expectations 
Add Java buildless diagnostic expectations
 2023-10-05 09:02:02 +01:00
Cornelius Riemenschneider
96edc1d349 Add skeleton bazel files for accessing the dbschemes. 2023-10-05 09:00:38 +02:00
Asger F
315272839d JS: Change note 2023-10-05 08:13:43 +02:00
Robert Marsh
a402bfcfb0 Swift: update for-in change note 2023-10-04 20:05:11 +00:00
Robert Marsh
5dd7c14d36 Swift: add getSequence back to ForEachStmt 2023-10-04 20:05:00 +00:00
Asger F
162c477236 JS: Add AmdModuleDefinition::Range 2023-10-04 20:38:37 +02:00
Mathias Vorreiter Pedersen
e38f65981e C++: Accept test changes. 2023-10-04 20:12:42 +02:00
Ian Lynagh
4d3863461e Kotlin: Determine our compression method later 
This way, we already have a logger at the point that we want to log a
warning.
 2023-10-04 18:32:12 +01:00