hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,926 Commits 1,703 Branches 162 Tags
488368ecde435bb84881c85650e5f077017d8228
Commit Graph

48926 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Marsh
488368ecde C++: private import for module params 2023-01-12 16:38:55 -05:00
Robert Marsh
23281410e3 C++: Make bounds import private to preserve API 2023-01-12 16:38:54 -05:00
Robert Marsh
6db728190e C++: autoformat 2023-01-12 16:38:36 -05:00
Robert Marsh
02f1957919 C++: make SemBound a RangeAnalysis parameter 2023-01-12 16:38:11 -05:00
Robert Marsh
71b93d125e C++: Make RangeAnalysis.qll expose the old API 2023-01-12 16:38:11 -05:00
Robert Marsh
fb1ef07e9f C++: more parameterized modules in range analysis 
This makes the modulus analysis and sign analysis into parameterized
modules which are instantiated in the main range analysis module, and
makes RangeAnalysisSpecific and RangeUtils into parameters to the main
range analysis.
Some classes also need to be moved and made into `instanceof` extensions
because they'd otherwise be extending across parameterized module
boundaries.
 2023-01-12 16:38:10 -05:00
Robert Marsh
c062d5e206 C++: move language specific predicates to LangParam 2023-01-12 16:38:10 -05:00
Robert Marsh
c10733f926 C++: fix float binding issue in range analysis 2023-01-12 16:38:09 -05:00
Robert Marsh
b8c43d7a71 C++: convert RangeAnalysis to float 2023-01-12 16:38:09 -05:00
Robert Marsh
eebada46b1 C++: rename to RagneAnalysisStage.qll 2023-01-12 16:38:08 -05:00
Robert Marsh
edbe95837f Convert RangeAnalysis to trivial parameterized mod 2023-01-12 16:38:08 -05:00
Arthur Baars
664fdc3b2a Merge pull request #11815 from aibaars/too-many-fields 
Ruby: use record_parse_error_for_node to report extractor error
 2023-01-09 15:40:19 +01:00
Erik Krogh Kristensen
5157d4df7b Merge pull request #11581 from erik-krogh/stdin 
Rb: add stdin as source for unsafe-deserialization
 2023-01-09 13:57:47 +01:00
Chris Smowton
e9bbb5d7fa Merge pull request #11730 from smowton/smowton/admin/improve-sql-unescaped-docs 
Java: improve naming and description of SqlUnescaped.ql
 2023-01-09 12:50:27 +00:00
yoff
c01ce955ba Merge pull request #11778 from yoff/shared/inline-tests 
Shared: Inline test expectations
 2023-01-09 13:21:18 +01:00
Chris Smowton
2e26fb1171 Merge pull request #11819 from smowton/smowton/admin/port-java-autobuilder-tests 
Add Java autobuilder integration tests
 2023-01-09 12:17:39 +00:00
Chris Smowton
efe23c1da7 Note that alerts should not be re-raised 2023-01-09 10:56:13 +00:00
Chris Smowton
994a46289f Add change note 2023-01-09 10:56:13 +00:00
Chris Smowton
ef27f9fe96 Replace one more mention of escaping 2023-01-09 10:56:13 +00:00
Chris Smowton
45c732a6f9 Java: improve naming and description of SqlUnescaped.ql 
Since the main thing it's objecting to is concatenation not lack of escaping (in particular it doesn't look for escaping sanitizers), rename and re-describe it accordingly.
 2023-01-09 10:56:13 +00:00
Taus
06ea249997 Merge pull request #11820 from yoff/python/fix-downgrades 
Python: fix downgrade script
 2023-01-09 11:24:41 +01:00
Mathias Vorreiter Pedersen
9be9636816 Merge pull request #11670 from atorralba/atorralba/swift/predicate-injection 
Swift: Add predicate injection query
 2023-01-09 08:54:13 +00:00
Harry Maclean
5b117084db Merge pull request #11534 from hmac/array-inclusion-barrier-guard-constant 
Ruby: Make array inclusion barrier more sensitive
 2023-01-09 20:57:09 +13:00
Jeroen Ketema
a743fbcc95 Merge pull request #11799 from jketema/case-uncomment 
C++: Uncomment cases in dbscheme
 2023-01-06 19:26:53 +01:00
Chris Smowton
831255e9c0 Merge pull request #11832 from github/mbg/fix/go-version-warnings 
Go: Handle output from `go version` more gracefully
 2023-01-06 14:05:39 +00:00
Jeroen Ketema
c1bc097355 C++: Add upgrade/downgrade scripts for dbscheme update 2023-01-06 14:26:24 +01:00
Jeroen Ketema
cdb34bb1f9 C++: Update database stats file 2023-01-06 14:26:23 +01:00
Jeroen Ketema
b9b0c8091f C++: Uncomment cases in dbscheme 
Note that the builtin types `__int{8,16,32,64}` are not uncommented,
as these are never and could have never been generated by the
extractor.
 2023-01-06 14:26:23 +01:00
Geoffrey White
f3914ffe25 Merge pull request #11823 from geoffw0/heuristicalloc 
C++: Use HeuristicAllocationExpr in more queries
 2023-01-06 13:13:14 +00:00
Jami
f5e5f6dfd1 Merge pull request #11821 from jcogs33/jcogs33/fix-mad-typos 
Java: fix typos in MaD row `name` columns for `MappingSqlQuery` and `MappingSqlQueryWithParameters`
 2023-01-06 07:59:30 -05:00
Nick Rolfe
4c5f149afd Merge pull request #11831 from github/post-release-prep/codeql-cli-2.12.0 
Post-release preparation for codeql-cli-2.12.0
 2023-01-06 12:15:17 +00:00
Michael B. Gale
1ef1d63c11 Add test for parseGoVersion 2023-01-06 11:20:51 +00:00
Michael B. Gale
9af9b32722 Find the last line of output from go version 2023-01-06 11:20:39 +00:00
Geoffrey White
bb451f3911 C++: Fix result duplication. 2023-01-06 11:05:47 +00:00
github-actions[bot]
cdb8f67601 Post-release preparation for codeql-cli-2.12.0 2023-01-06 10:36:34 +00:00
Rasmus Lerchedahl Petersen
8d9e94a00f swift: fix typo 2023-01-06 11:22:49 +01:00
erik-krogh
0a1769657d add change-note 2023-01-06 09:09:09 +01:00
erik-krogh
19d2b49562 drive-by: make Base64.decode64(..) into a flowsummary that is shared with all queries 2023-01-06 09:04:37 +01:00
erik-krogh
1a27441cfb drive-by: delete code-execution sinks from unsafe-deserialization, we risked duplicate alerts 2023-01-06 09:04:36 +01:00
erik-krogh
0e6028a7f3 add stdin as source for unsafe-deserialization 2023-01-06 09:04:36 +01:00
Rasmus Lerchedahl Petersen
ad95225272 python: improve code 
according to alert and reviewer's suggestion
 2023-01-05 20:42:29 +01:00
Nick Rolfe
5317fb5b53 Merge pull request #11828 from github/release-prep/2.12.0 
Release preparation for version 2.12.0
codeql-cli/v2.12.0 		2023-01-05 18:58:30 +00:00
Nick Rolfe
a3cc93b80b correct spelling and capitalization of TCP/UDP 2023-01-05 17:43:25 +00:00
Jeroen Ketema
de37f3b7d5 Properly indent code block in change log 2023-01-05 18:38:33 +01:00
Jeroen Ketema
ed87c3a90a Update go/ql/lib/CHANGELOG.md 2023-01-05 18:03:19 +01:00
Jeroen Ketema
af2c321380 Update python/ql/src/change-notes/released/0.6.0.md 2023-01-05 18:01:28 +01:00
Jeroen Ketema
3e634c92c1 Update python/ql/src/CHANGELOG.md 2023-01-05 18:01:21 +01:00
Jeroen Ketema
170242f79c Apply suggestions from code review 2023-01-05 17:57:19 +01:00
Nick Rolfe
44213f0144 Merge pull request #11826 from github/nickrolfe/check-change-note 
CI: fail if a changenote filename doesn't have the right format
 2023-01-05 16:55:30 +00:00
Nick Rolfe
6e07076151 tweak wording in 2.12 release notes 2023-01-05 16:46:44 +00:00