hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,895 Commits 1,671 Branches 157 Tags
4f54bb66b807ee4b22f6be28cfbb71d21b901b10
Commit Graph

4324 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
fff70da650 Merge pull request #9182 from erik-krogh/useStringComp 
use string equality instead of regexps to compare constant strings
 2022-05-19 10:42:37 +02:00
Tom Hvitved
eef5022e3d Merge pull request #9014 from michaelnebel/csharp/dataflowcallablerefactor 
C#: Dataflow callable refactoring.
 2022-05-19 09:02:38 +02:00
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Tom Hvitved
209a1e4bd8 Merge pull request #9202 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-18 10:26:55 +02:00
Anders Schack-Mulligen
1d3b3204df Merge pull request #9190 from hvitved/dataflow/summary-arg-param-no-materialize 
Data flow: Do not materialize `summaryArgParam`
 2022-05-18 09:17:57 +02:00
Tom Hvitved
23ee033a57 C#: Review fixes 2022-05-18 07:48:21 +02:00
Michael Nebel
df6d86b9aa C#: Use getUnderlyingCallable instead of asCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
6f7af11517 C#: Needs to be updated as SummaryParameterNodes are printed slightly different. 2022-05-18 07:48:21 +02:00
Michael Nebel
b41bb3fe08 C#: System.Web.HttpResponse.Write is now considered safe (known) and will this not show up as untrusted external API. 2022-05-18 07:48:21 +02:00
Michael Nebel
97c6d7884d C#: Source and Sink models are now also considered summarized callables and thus considered safe as they are known external APIs. 2022-05-18 07:48:21 +02:00
Michael Nebel
aeadad62be C#: Improve implementation. 2022-05-18 07:48:21 +02:00
Michael Nebel
26e2cad528 C#: Improve getCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
f78def5316 C#: Hide SummaryParamterNodes from path explanations. 2022-05-18 07:48:21 +02:00
Michael Nebel
220526f305 C#: Fix issues with summarized callables parameter types and other casting issues. 2022-05-18 07:48:21 +02:00
Michael Nebel
2c414b2201 C#: Add Summary parameter nodes. 2022-05-18 07:48:21 +02:00
Michael Nebel
0e3fc464a3 C#: Use SummarizedCallable external instead of the internal. 2022-05-18 07:48:20 +02:00
Michael Nebel
b578fcb069 C#: Use the external SummarizedCallable implementation. 2022-05-18 07:48:20 +02:00
Michael Nebel
4f7297715d C#: Also extract callable from FlowSummary SummarizedCallable in DataFlowCallable. 2022-05-18 07:48:20 +02:00
Michael Nebel
3fa990a984 C#: Make sure that all callables with a summary are added to the external SummarizedCallable class. 2022-05-18 07:48:20 +02:00
Michael Nebel
4810419dfd C#: Extend SummarizedCallable from FlowSummaryImpl. 2022-05-18 07:48:20 +02:00
Michael Nebel
eb022118f3 C#: Fix issue in ExternalApi. 2022-05-18 07:48:20 +02:00
Michael Nebel
68055bc022 C#: Update flow summaries test code. 2022-05-18 07:48:20 +02:00
Michael Nebel
c8a7354086 C#: Refactor to align implementation between languages. 2022-05-18 07:48:20 +02:00
Michael Nebel
0d61a2c797 C#: Add QL doc to SummarizedCallable. 2022-05-18 07:48:20 +02:00
Michael Nebel
2f2ca18898 C#: Update dependencies. 2022-05-18 07:48:20 +02:00
Michael Nebel
e70a283cfd C#: Initial refactor of SummarizedCallable and DataFlowCallable (dependencies needs to be updates). 2022-05-18 07:48:19 +02:00
github-actions[bot]
91694b4bac Add changed framework coverage reports 2022-05-18 00:15:25 +00:00
Cornelius Riemenschneider
3836d1550a Update Lua tracing configs. 2022-05-17 13:18:28 +00:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Tom Hvitved
284357d2a0 Data flow: Do not materialize summaryArgParam 2022-05-17 12:50:01 +02:00
Mathias Vorreiter Pedersen
1280d43e36 Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2 
Post-release preparation for codeql-cli-2.9.2
 2022-05-17 10:01:37 +01:00
Tom Hvitved
f2e28c311a Merge pull request #9180 from hvitved/csharp/entity-framework-sql-sinks 
C#: Add missing EntityFramework SQL sinks
 2022-05-17 09:50:49 +02:00
Tom Hvitved
15449b701f C#: Add missing EntityFramework SQL sinks 2022-05-16 20:57:40 +02:00
Nick Rolfe
c518150b49 Merge pull request #9132 from github/nickrolfe/misspelling 
QL for QL: generalise non-US spelling query
 2022-05-16 16:03:36 +01:00
Anders Schack-Mulligen
83f817ca45 Merge pull request #9134 from aschackmull/dataflow/perf-std-order 
Dataflow: Improve standard order through easier type check elimination.
 2022-05-16 10:05:17 +02:00
github-actions[bot]
b7cbd8fd75 Post-release preparation for codeql-cli-2.9.2 2022-05-12 18:21:38 +00:00
Nick Rolfe
1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Anders Schack-Mulligen
8c8440a58a Merge pull request #9101 from hvitved/dataflow/include-hidden 
Data flow: Add `Configuration::includeHiddenNodes()`
 2022-05-12 15:36:12 +02:00
Nick Rolfe
a50601c367 C#: fix typos in comments 2022-05-12 14:28:40 +01:00
Anders Schack-Mulligen
adb56dfa39 Dataflow: Improve standard order through easier type check elimination. 2022-05-12 14:31:38 +02:00
github-actions[bot]
ee9980b31c Release preparation for version 2.9.2 2022-05-12 10:17:28 +00:00
Tom Hvitved
0a7892797e Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens 
Ruby: Introduce `With(out)Element` MaD input tokens
 2022-05-12 11:49:51 +02:00
Tom Hvitved
46ab25b61e Merge pull request #9098 from aschackmull/dataflow/perf 
Dataflow: Performance fixes
 2022-05-11 20:41:48 +02:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge 
Initial Kotlin support
 2022-05-11 16:16:22 +01:00
Henry Mercer
a626078423 Merge pull request #9118 from github/henrymercer/csharp/tag-telemetry 
C#: Tag telemetry queries with `telemetry`
 2022-05-11 15:13:29 +01:00
Anders Schack-Mulligen
4884520ee1 Dataflow: Review fix. 2022-05-11 15:40:49 +02:00
Tom Hvitved
5df87d526c Sync files 2022-05-11 15:17:27 +02:00
Tom Hvitved
333780e635 Merge pull request #8898 from hvitved/dataflow/clear-expect-summary-components 
Data flow: Introduce 'with/without content' summary components
 2022-05-11 15:16:42 +02:00
Ian Lynagh
c0a755e061 Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge 
Resolving conflicts:
	java/ql/lib/semmle/code/java/Expr.qll
 2022-05-11 14:13:09 +01:00
Henry Mercer
cdd6e0e104 C#: Tag telemetry queries with telemetry 
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
 2022-05-11 13:27:49 +01:00