hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,620 Commits 1,697 Branches 161 Tags
4b2c7ef03fe2dec707b88dddb7dea46f63552ac2
Commit Graph

75620 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
4b2c7ef03f Merge pull request #18615 from MathiasVP/fix-fp-buffer-overflow 
C++: Fix FPs in `cpp/overflow-buffer`
 2025-01-29 12:12:47 +00:00
Mathias Vorreiter Pedersen
6e312140ce Merge pull request #18618 from MathiasVP/18592-follow-follow-up-up 
C++: Don't infer lambda calls when there is a static dispatch
 2025-01-29 12:04:46 +00:00
Simon Friis Vindum
e141b4ee95 Merge pull request #18612 from paldepind/shared-model-generation-row 
Shared: Generalize the number of columns in a generated MaD row
 2025-01-29 12:56:07 +01:00
Mathias Vorreiter Pedersen
48cae7e7ed C++: Accept test changes after previous commit. 2025-01-29 11:04:55 +00:00
Mathias Vorreiter Pedersen
373b38e881 Update cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-01-29 11:03:52 +00:00
Simon Friis Vindum
9d87f26145 Shared: Use strictconcat in model generator printing 2025-01-29 11:56:39 +01:00
Michael Nebel
ee5416f0b1 Merge pull request #18299 from michaelnebel/java/deprecateexperimental 
Java: Deprecate experimental queries.
 2025-01-29 10:41:25 +01:00
Simon Friis Vindum
70550950d8 Java, C#: Ensure variable is used in all disjuncts 2025-01-29 10:30:26 +01:00
Geoffrey White
a42c0f6b5b Merge pull request #18605 from geoffw0/expect 
Rust: Improve models for environment sources, expect and unwrap
 2025-01-29 09:11:30 +00:00
Asger F
f8694a34e5 Merge pull request #18397 from aegilops/angular-sources-sinks 
JavaScript CodeQL library updates: new Angular sink(s)
 2025-01-29 09:09:23 +01:00
Mathias Vorreiter Pedersen
bc50634472 Merge pull request #18616 from MathiasVP/18592-follow-up 
C++: #18592 follow-up
 2025-01-28 20:00:16 +00:00
Andrew Eisenberg
a4d9956c94 Merge pull request #18614 from github/aeisenberg/remove-pr-template 
Delete .github/pull_request_template.md
 2025-01-28 10:54:08 -08:00
Mathias Vorreiter Pedersen
be2777bc31 C++: Don't infer lambda calls when there is a static dispatch to a source or summary callable. 2025-01-28 18:51:31 +00:00
Chuan-kai Lin
36d1c5602e Merge pull request #18589 from github/cklin/merge-back-2.20.2 
Mergeback from codeql-cli-2.20.2
 2025-01-28 10:04:43 -08:00
Mathias Vorreiter Pedersen
a35ed57848 Revert "C++: Don't generate parameter nodes for bodyless parameters when there is a summary of the enclosing function." 
This reverts commit ad80b36074.
 2025-01-28 17:09:45 +00:00
Mathias Vorreiter Pedersen
ff9a4d02f0 Merge pull request #18592 from MathiasVP/fix-enclosing-callable-cpp 
C++: Don't generate dataflow nodes for functions with summaries
 2025-01-28 16:57:44 +00:00
Geoffrey White
919e7978cd Rust: Add PrettyPrintModels.ql to the test. I gather this stabilized the output MaD IDs. 2025-01-28 16:23:20 +00:00
Geoffrey White
df8a92cb62 Merge pull request #6 from hvitved/expect 
Rust: Fix data flow through callbacks passed to library functions
 2025-01-28 16:12:17 +00:00
Mathias Vorreiter Pedersen
202a5e86da C++: Add change note. 2025-01-28 16:07:09 +00:00
Mathias Vorreiter Pedersen
c9a3cf4bd0 C++: Accept test changes. 2025-01-28 15:48:11 +00:00
Mathias Vorreiter Pedersen
d6054c9a51 C++: Infer larger buffer sizes for non-static member variables. 2025-01-28 15:48:04 +00:00
Mathias Vorreiter Pedersen
1643a66183 C++: Add 'cpp/overflow-buffer' FP tests. 2025-01-28 15:44:53 +00:00
Andrew Eisenberg
4e7d364f4d Delete .github/pull_request_template.md 
The template is not useful.
 2025-01-28 07:40:56 -08:00
Simon Friis Vindum
13e0829d19 Shared: Generalize the number of columns in a generated MaD row 2025-01-28 15:36:09 +01:00
Mathias Vorreiter Pedersen
38b66e5a8e C++: Fix a few type errors. 2025-01-28 14:08:12 +00:00
Mathias Vorreiter Pedersen
d40322f9eb C++: (Bugfix 3) Don't conflate summarized callables and source callables in 'nodeGetEnclosingCallable'. 2025-01-28 13:59:19 +00:00
Mathias Vorreiter Pedersen
06bc8add9d C++: (Bugfix 2) Don't remap isParameterOf. 2025-01-28 13:59:17 +00:00
Mathias Vorreiter Pedersen
662e74924b C++: (Bugfix 1) There should be a callable representing the source code even if there is a summarized version. 2025-01-28 13:59:16 +00:00
Mathias Vorreiter Pedersen
01d7ab93e2 C++: Add consistency check to the MaD folder. 2025-01-28 13:59:14 +00:00
Tom Hvitved
8b82eaa633 Rust: Fix data flow through callbacks passed to library functions 2025-01-28 13:44:27 +01:00
Erik Krogh Kristensen
f0755bfb5d Merge pull request #18601 from erik-krogh/del-deps-jan-2025 
All: delete outdated deprecations
 2025-01-28 13:31:41 +01:00
Geoffrey White
f2564c351f Rust: Changes to other tests - mostly MaD IDs :(. 2025-01-28 09:22:30 +00:00
Geoffrey White
6337f5a08b Merge pull request #18586 from geoffw0/floatguards 
C++: Test and (perhaps) fix an issue with guards on floating point comparisons.
 2025-01-28 09:05:13 +00:00
Asger F
16634e6dc9 Merge pull request #18540 from JarLob/bash 
Actions: Improve bash support
 2025-01-28 09:49:58 +01:00
Geoffrey White
dfd1865b96 Rust: Add some basic flow models. 2025-01-28 08:47:15 +00:00
Geoffrey White
9d42be8305 Rust: Alphabetize lang-core.model.yml. 2025-01-28 08:47:14 +00:00
Geoffrey White
c04d619a3c Rust: Add a couple of extra data flow test cases. 2025-01-28 08:47:13 +00:00
Geoffrey White
185a23b3c6 Rust: Allow implicit flow out of content at the test sinks, so that we see our results. 2025-01-28 08:43:06 +00:00
Geoffrey White
a1980d4d08 Rust: Make sources more accurate (Option / Result contents). 2025-01-28 08:43:05 +00:00
Geoffrey White
78d0c5c529 Merge pull request #18602 from geoffw0/reqwest2 
Rust: Additional models for Reqwest
 2025-01-28 08:40:38 +00:00
erik-krogh
c7fc164680 java: remove the 2 from SafeTransformerFactoryFlow, not that the previous naming conflict has been deleted 2025-01-28 09:13:59 +01:00
Geoffrey White
fd9fb10bb9 Rust: Accept changes from fixing the ]. 2025-01-27 22:50:09 +00:00
Geoffrey White
494d8f2da0 Rust: Update MaD IDs for an unrelated test. :( 2025-01-27 22:22:41 +00:00
Geoffrey White
9d6a13cec2 Rust: Accept improved results for rust/sql-injection. Note that the lost annotations are only sources, not results, and I suspect will return when we have sufficient flow in these cases. 2025-01-27 22:22:38 +00:00
erik-krogh
a1afa20d4b add change-notes 2025-01-27 22:43:13 +01:00
erik-krogh
d46a2d4e80 ruby: delete the remainders of the old deprecated typetracking library 2025-01-27 22:38:07 +01:00
erik-krogh
90b403b40b py: delete the remainder of the deprecated TypeTracker libary 2025-01-27 22:17:18 +01:00
erik-krogh
e1b14cb0be ruby: delete now dead Ruby method 2025-01-27 22:17:13 +01:00
erik-krogh
0056e923ea js: revert the JS deprecations. The old dataflow library is not that old yet 2025-01-27 22:17:07 +01:00
erik-krogh
7b1b366d98 ruby: update ruby tests after deleting deprecated test predicates 2025-01-27 22:17:00 +01:00