hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 05:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,079 Commits 1,697 Branches 161 Tags
4a691b778bb5c16bc2d4dfcb3ba4f840608628cc
Commit Graph

77079 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Napalys
4a691b778b Added escape as UriEncodingSanitizer 2025-03-14 14:53:21 +01:00
Napalys
37e02e4261 Added escape as StringManipulationTaintStep. 2025-03-14 14:49:45 +01:00
Napalys
4c77ee2f4f Added change note. 2025-03-14 14:27:14 +01:00
Napalys
dc262236f4 Enhance taint tracking by including escape and unescape in TaintedPath customizations. 2025-03-14 11:43:22 +01:00
Napalys
c4b717b86c Added test case for escape. 2025-03-14 11:40:23 +01:00
Michael Nebel
a3ef137a8e Merge pull request #19014 from michaelnebel/csharp/ccr-useless-gethashcode-all 
C#: Add `cs/useless-gethashcode-call` to the CCR suite.
 2025-03-14 08:45:31 +01:00
Michael Nebel
563ffb8c27 Merge pull request #19010 from michaelnebel/csharp/useless-gethashcode-call 
C#: Increase precision of `cs/useless-gethashcode-call`.
 2025-03-14 08:44:38 +01:00
Jeroen Ketema
de2fb037d0 Merge pull request #18980 from LeStarch/jpl-c-basic-integral-types-fix 
Fixing BasicIntTypes to allow C Standard Integers and 'bool'
 2025-03-14 08:06:55 +01:00
M Starch
7b5d604607 Updating tests to allow new typedefs 2025-03-13 15:04:37 -07:00
Óscar San José
fba7bcd127 Merge pull request #19021 from github/oscarsj-patch-2 
Add paths to codeql-config.yml to avoid codeql analysis errors
 2025-03-13 20:26:14 +01:00
M Starch
7f4905987e Addressing review comments 
Reduced the category to minorAnalysis.  Handled bools via a instanceof with BoolType.  Formatted the query correctly.
 2025-03-13 11:12:35 -07:00
Óscar San José
66a496fa82 Add paths to codeql-config.yml to avoid codeql analysis errors 2025-03-13 18:27:25 +01:00
Paolo Tranquilli
45db4ae7c6 Merge pull request #19018 from github/redsun82/rust-ql-test-log-fix 
Rust: fix `qltest.sh` for some versions of macOS
 2025-03-13 18:07:50 +01:00
Mathias Vorreiter Pedersen
d23c8fd662 Merge pull request #19001 from MathiasVP/add-uncertain-api-for-dataflow 
C++: Refine `Node.asDefinition`
 2025-03-13 09:35:53 -07:00
Mathias Vorreiter Pedersen
6f4e9ed136 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 16:00:36 +00:00
Mathias Vorreiter Pedersen
0e5fa1b5eb Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 16:00:23 +00:00
Mathias Vorreiter Pedersen
470321e8b6 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 16:00:15 +00:00
Mathias Vorreiter Pedersen
9cde2bb94d Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 15:59:57 +00:00
Mathias Vorreiter Pedersen
68b414d169 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 15:59:48 +00:00
Napalys Klicius
28d1152250 Merge pull request #19009 from Napalys/js/unescape 
JS: Add support for `unescape`
 2025-03-13 16:59:01 +01:00
Paolo Tranquilli
8cc39af190 Rust: fix qltest.sh for some versions of macOS 
Turns out some version of macOS do not support the way `mktemp` was
being used. In any case it wasn't really necessary, see
https://github.com/github/codeql/pull/18918#discussion_r1979444850
(which I forgot to follow up on at the time after approval).
 2025-03-13 16:54:27 +01:00
Taus
3d643c02be Merge pull request #18921 from github/tausbn/python-fix-unused-global-variable-in-forward-annotation-fp 
Python: Add support for forward references in unused var query
 2025-03-13 16:37:25 +01:00
Michael Nebel
e2699586db C#: Add cs/useless-gethashcode-call to the CCR suite. 2025-03-13 15:42:28 +01:00
Mathias Vorreiter Pedersen
0fe77154e1 C++: Add library change note. 2025-03-13 14:29:34 +00:00
Michael Nebel
4681f28f92 Merge pull request #19005 from michaelnebel/csharp/local-not-disposed 
C#: Revisit `cs/local-not-disposed` tests.
 2025-03-13 14:04:48 +01:00
Napalys
0df2069575 Added change note. 2025-03-13 13:47:46 +01:00
Napalys
de5c7efd63 Added test case for unescape. 2025-03-13 13:47:42 +01:00
Michael Nebel
dff66c7b28 C#: Add change-note. 2025-03-13 13:42:58 +01:00
Michael Nebel
36a524929f C#: Update tests and test expected output. 2025-03-13 13:38:13 +01:00
Michael Nebel
4b02198652 C#: Only consider calling GetHashCode on byte, sbyte, short, ushort and int as useless. 2025-03-13 13:32:22 +01:00
Michael Nebel
a6ec8b6a25 C#: Convert tests cs/useless-gethashcode-call to inline tests. 2025-03-13 13:31:20 +01:00
Taus
f30ebf1571 Merge pull request #18871 from github/tausbn/python-modernise-special-method-signature-query 
Python: Move min/maxParameter methods to `Function` class
 2025-03-13 13:03:21 +01:00
Tom Hvitved
1636abb81b Merge pull request #18985 from hvitved/rust/immediate-child 
Rust/Swift: Add `get(Immediate)Child` predicate
 2025-03-13 12:50:53 +01:00
Geoffrey White
1aa223652f Merge pull request #18977 from geoffw0/sourcesinkdoc 
Rust: Source and sink doc / tidy up
 2025-03-13 10:53:44 +00:00
Michael Nebel
b1edd9294b C#: Add some more test cases to cs/local-not-disposed. 2025-03-13 11:19:37 +01:00
Tom Hvitved
dd21dab055 Swift: Add get(Immediate)Child predicate 2025-03-13 11:13:04 +01:00
Tom Hvitved
8777bc42c7 Rust: Add get(Immediate)Child predicate 2025-03-13 11:13:01 +01:00
Michael Nebel
209b9c6114 C#: Re-factor to use inline expectation tests instead. 2025-03-13 11:11:23 +01:00
Michael Nebel
40375a0387 C#: Use stubs for the cs/local-not-disposed tests. 2025-03-13 10:47:45 +01:00
Michael Nebel
5eb9a535a4 C#: Remove disposal test for library code as we are no longer doing CIL extraction or data flow. 2025-03-13 10:45:00 +01:00
Michael Nebel
72c7024c8b Merge pull request #18999 from michaelnebel/csharp/ccr-constant-condition 
C#: Add cs/constant-condition to the CCR suite.
 2025-03-13 10:02:00 +01:00
Arthur Baars
fa79dbc89a Merge pull request #18228 from github/aibaars/crate-graph 
Rust: extract crate graph
 2025-03-13 10:00:48 +01:00
Andrew Eisenberg
e05b172c88 Merge pull request #19002 from github/aeisenberg/actions-security-and-quality 
Update actions query suites
 2025-03-12 13:43:49 -07:00
yoff
10a9b78bc5 Merge pull request #18738 from github/tausbn/python-fix-match-pruning-logic 
Python: Don't prune any `MatchLiteralPattern`s
 2025-03-12 20:01:26 +01:00
Andrew Eisenberg
02051ff7b1 Update the security experimental suite 2025-03-12 11:46:03 -07:00
Andrew Eisenberg
cd63e7cf54 Fix the actions-security-and-quality.qls suite 
It was not using the proper selectors. It is now the same as
other quality suites in other languages.
 2025-03-12 11:43:59 -07:00
Mathias Vorreiter Pedersen
aeb1acba97 C++: Use the new API in queries. 2025-03-12 17:09:05 +00:00
Mathias Vorreiter Pedersen
66e8b2d7e5 C++: Add an 'asDefinition' overload to check if a definition is certain or not. 2025-03-12 17:07:07 +00:00
Geoffrey White
0df652b297 Rust: Autoformat. 2025-03-12 16:38:00 +00:00
Geoffrey White
64b57679bf Rust: ... one more fix. 2025-03-12 16:32:53 +00:00