hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-30 11:01:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
41,829 Commits 1,763 Branches 168 Tags
4ce01be8461a8d9c033d8b8b24fa5fdc39d6ddcb
Commit Graph

41829 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephan Brandauer
4ce01be846 add assignedToPropName feature to let the model improve number of false positives for XSS query 2022-08-11 09:34:24 +02:00
Stephan Brandauer
37c7c430bd fix bug in InputArgumentIndex feature 2022-08-11 09:34:23 +02:00
Stephan Brandauer
3f17544235 performance fixes 2022-08-11 09:34:23 +02:00
Stephan Brandauer
4e1cb75610 use ? for unknown parameternames 2022-08-11 09:34:23 +02:00
Stephan Brandauer
f395cee944 add documentations and rename a feature 2022-08-11 09:34:23 +02:00
Stephan Brandauer
88799b2692 add functionInterfacesInFile and surroundingFunctionParameters features 2022-08-11 09:34:22 +02:00
Stephan Brandauer
f801a393f1 documentation for calleeImports ATM feature 2022-08-11 09:34:22 +02:00
Stephan Brandauer
508358c8ba documentation for new feature 2022-08-11 09:34:22 +02:00
Stephan Brandauer
5196c49ed4 ATM: new feature to list all imports in an endpoint's file 2022-08-11 09:34:22 +02:00
Esben Sparre Andreasen
83d5b52a3d use proper import instead of inlining 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
f6d3703561 remove Input_ArgumentIndexAndAccessPathFromCallee 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
d5dbdb122f add docstring examples 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
6048f8fbf1 address review comments 2022-08-11 09:34:21 +02:00
Esben Sparre Andreasen
a511489e90 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
295a3f51e1 fix semantic merge conflict 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
769236fc7f rename new features 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
278fef93f2 add more features 2022-08-11 09:34:20 +02:00
Esben Sparre Andreasen
d52082f41b improve feature documentation 2022-08-11 09:34:19 +02:00
Esben Sparre Andreasen
44340a8ce4 improve feature tests with more cases 2022-08-11 09:34:19 +02:00
Esben Sparre Andreasen
827c55c612 improve access path strings 2022-08-11 09:34:19 +02:00
Esben Sparre Andreasen
6f28d39213 support import in getSimpleAccessPath 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
4f420c72d9 support await in getSimpleAccessPath 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
3c01011b51 avoid using new feautes by default 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
1b32b53205 add CompareFeatures.ql 2022-08-11 09:34:18 +02:00
Esben Sparre Andreasen
65eba5c01e add generic tests for features 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
5e6b17672d Document EndpointFeatures.qll 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
2e65873488 add ParameterAccessPathSimpleFromArgumentTraversal 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
51ac3c270a improve getSimpleAccessPath 2022-08-11 09:34:17 +02:00
Esben Sparre Andreasen
88172e1347 refactor calleeAccessPath feature to class 2022-08-11 09:34:16 +02:00
Stephan Brandauer
826267ca9b refactor getACallBasedTokenFeature to class-use 2022-08-11 09:34:16 +02:00
Esben Sparre Andreasen
a6f5487298 Add CalleeAccessPathSimpleFromArgumentTraversal 2022-08-11 09:34:16 +02:00
Esben Sparre Andreasen
386672d4e0 refactor EndpointFeatures.ql to use classes 2022-08-11 09:34:15 +02:00
Anders Schack-Mulligen
87461fece4 Merge pull request #10006 from aschackmull/java/sensitive-log-dedup 
Java: Remove SensitiveLoggingQuery results that flow through a source.
 2022-08-11 09:26:33 +02:00
Anders Schack-Mulligen
ced083be61 Merge pull request #10015 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-08-11 09:20:12 +02:00
Michael Nebel
b817bd43ca Merge pull request #10005 from michaelnebel/csharp/constructorsummaries 
C#: Constructor summaries
 2022-08-11 09:16:05 +02:00
Tom Hvitved
e106edc04e Merge pull request #9989 from hvitved/csharp/lua-tracer-improvements2 
C#: Handle `dotnet exec csc.dll` and the likes in the Lua tracer
 2022-08-11 08:55:46 +02:00
github-actions[bot]
33ce9552cb Add changed framework coverage reports 2022-08-11 00:17:52 +00:00
Chris Smowton
cc8e9806c4 Merge pull request #10009 from smowton/smowton/java17-options 
Java: Adapt tests as required by JDK17 extractor upgrade
 2022-08-10 18:46:06 +01:00
Chris Smowton
341241cf43 Use SrcFloatingPointLiteral 2022-08-10 17:28:14 +01:00
Mathias Vorreiter Pedersen
56fddd75bb Merge pull request #10000 from geoffw0/defaulttaint 
Swift: Taint flow improvements
 2022-08-10 16:30:09 +01:00
Geoffrey White
6ffe5fcaed Swift: Comment some other cases. 2022-08-10 15:46:32 +01:00
Geoffrey White
537caf85f2 Swift: Fix cartesian product. 2022-08-10 15:46:30 +01:00
Geoffrey White
e09e64ee85 Swift: Restrict taint flow through + to strings. 2022-08-10 15:46:28 +01:00
Geoffrey White
f3499e98a4 Swift: Move try, ! to dataflow. 2022-08-10 15:13:04 +01:00
Nora Dimitrijević
cce39fb2ce Merge pull request #9998 from d10c/use-strcpyfunction-in-bad-strncpy-size 
Use StrcpyFunction in `cpp/bad-strncpy-size`

This PR:

- Uses the [StrcpyFunction](https://github.com/github/codeql/blob/main/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll#L14) class in the [StrncpyFlippedArgs](https://github.com/github/codeql/blob/main/cpp/ql/src/Likely%20Bugs/Memory%20Management/StrncpyFlippedArgs.ql) query instead of an ad-hoc predicate for finding strcpy-like functions.
- Tests this by adding one previously unsupported strcpy-like function (`wcsxfrm_l`) to StrncpyFlippedArgs's test.cpp.
 2022-08-10 15:11:20 +02:00
Tamás Vajk
b2c22dacc2 Merge pull request #9769 from tamasvajk/fix/ctor-field-flow 
C#: Fix dataflow for default constructors
 2022-08-10 15:06:25 +02:00
Anders Schack-Mulligen
cbd6d24b9c Merge pull request #9963 from intrigus-lgtm/java/model-set-properties 
Model `java.util.Properties.setProperty`
 2022-08-10 14:51:00 +02:00
Anders Schack-Mulligen
ecc15a1f95 Java: Remove SensitiveLoggingQuery results that flow through a source. 2022-08-10 14:28:07 +02:00
Michael Nebel
736ae4f7d6 C#: Update FlowSummaries expected output. 2022-08-10 14:23:54 +02:00
Michael Nebel
5659db73d3 C#: Update alle manually written summaries for constructors to use Argument[Qualifier] instead of ReturnValue. 2022-08-10 14:17:16 +02:00