hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
69,907 Commits 1,703 Branches 162 Tags
5084d0260f822aefbe2ebbf1fc9a7365e16a4a29
Commit Graph

69907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
5084d0260f Update tests.expected 
The 'arguments' node is only materialised for functions that use 'arguments
 2024-08-27 11:35:25 +02:00
Asger F
895cb872ad JS: Add taint into dynamic argument array 2024-08-27 11:35:24 +02:00
Asger F
079a622cf9 JS: Add tests showing missing taint flow 
When the spread argument itself is tained and not
inside any content, the read steps currently fail
to propagate the data.
 2024-08-27 11:35:23 +02:00
Asger F
6a083136d7 JS: Hide some nodes 2024-08-27 11:35:22 +02:00
Asger F
acdc896c04 JS: Support for dynamic args to flow summaries 2024-08-27 11:35:21 +02:00
Asger F
53a2a66dd0 Add new nodes to early stage 2024-08-27 11:35:20 +02:00
Asger F
5c7e623c47 JS: Add some tests for missing handling of dynamic args in flow summaries 2024-08-27 11:35:19 +02:00
Asger F
c04f0beb8a Update DataFlowConsistency.expected 2024-08-27 11:35:18 +02:00
Asger F
60c3d077b2 Update DataFlowImplConsistency.qll 2024-08-27 11:35:17 +02:00
Asger F
bbb1c8c374 Remove old arguments-array position 2024-08-27 11:35:16 +02:00
Asger F
ed33a6e91b JS: Add explicit model of .join() 2024-08-27 11:35:15 +02:00
Asger F
fa7ad03068 JS: Add store/load steps for the new argument arrays 2024-08-27 11:35:15 +02:00
Asger F
623dbda77d Do not pass regular positional args into the rest parameter 2024-08-27 11:35:14 +02:00
Asger F
a72f79576a JS: Add corresponding argument positions 2024-08-27 11:35:13 +02:00
Asger F
6c7d745a2b JS: Add nodes for static/dynamic argument/parameter arrays 2024-08-27 11:35:12 +02:00
Asger F
5d77c336fc Test case for spread and rest args/params 2024-08-27 11:35:11 +02:00
Asger F
4cdaccd22e JS: Add InlineFlowTest 2024-08-27 11:35:10 +02:00
Asger F
4b8ae2a4f3 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-26 12:43:16 +02:00
Asger F
4e3440aad0 Merge pull request #17275 from asgerf/cpp/taint-test-case-false-negative 
C++: Reveal false negative in test case
 2024-08-26 12:36:03 +02:00
Asger F
16c2cf24b3 C++: use inline annotation for missing flow 2024-08-26 11:53:31 +02:00
Asger F
592e2eafb6 Merge pull request #17262 from asgerf/shared/implicit-read 
Shared: restrict flow after using implicit read
 2024-08-26 11:48:50 +02:00
Paolo Tranquilli
c4c8c9ddc1 Merge pull request #17291 from github/criemen/ripunzip 
Make ripunzip installer accessible from outside this repo.
 2024-08-23 20:14:44 +02:00
Cornelius Riemenschneider
3ac8108c4a Address review. 2024-08-23 17:26:05 +02:00
Tamás Vajk
d710c1e89d Merge pull request #17287 from tamasvajk/message-count-telemetry 
C#: Add aggregated compiler and extractor message counts to extractio…
 2024-08-23 14:41:27 +02:00
Cornelius Riemenschneider
d84e745ce9 Make ripunzip installer accessible from outside this repo. 
* The relative path to misc doesn't work when running from another repo
* The buildifier dependency is not available from other repos,
  therefore we can't pull in //misc/bazel without further refactoring.

Therefore, inline the runfiles snippet here.
 2024-08-23 14:24:51 +02:00
Asger F
8df7fbf6d6 Swift: update test output 
The 'first' field is seen as a TaintInheritingContent, which means any read step for 'first' becomes a taint step too.
This type of taint step does not permit an implicit read before it, because it wasn't contributed by a configuration.
So there is no way for the taint to get out of the collection content before the taint step through '.first'.
The test previously passed because an implicit read at once of the earlier sinks could follow use-use flow down to the receiver of .first,
allowing it to escape the collection content.
 2024-08-23 11:30:50 +02:00
Asger F
d27b28d371 C++: update test output 
This reveals that some tests were passing for the wrong reasons.
See https://github.com/github/codeql/pull/17275
 2024-08-23 11:29:24 +02:00
Asger F
9703f67794 Test output updates that only affect nodes/edges 2024-08-23 11:03:26 +02:00
Asger F
6bc8407bd6 Java: Update test output 2024-08-23 11:02:29 +02:00
Asger F
c3b36325b2 Shared: prevent use-use flow through implicit reads (part 1) 2024-08-23 11:02:28 +02:00
Asger F
379952febc Merge pull request #17285 from asgerf/js/shared-dataflow-bump 
JS: Resolve conflicts after merging 'main' into shared data flow branch
 2024-08-23 09:58:27 +02:00
Michael Nebel
20d9fd11ac Merge pull request #17288 from michaelnebel/shared/contentflow 
Shared: ContentFlow.
 2024-08-23 09:52:27 +02:00
Michael Nebel
19c2eb17c4 C#: Remove redundant imports. 2024-08-23 09:04:13 +02:00
Chris Smowton
67d94376e8 Merge pull request #17227 from smowton/smowton/fix/baseline-vs-nonroot-vendor-dirs 
Go / configure-baseline: account for multiple vendor directories and the `CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS` setting
 2024-08-22 15:00:51 +01:00
Michael Nebel
d935c47231 C#: Use the shared content flow implementation. 2024-08-22 15:46:01 +02:00
Michael Nebel
e6424f0f45 Shared: Make ContentDataFlow reusable. 2024-08-22 15:45:58 +02:00
Owen Mansel-Chan
18b99ffecc Merge pull request #17284 from owen-mc/go/fix-frameworks-coverage 
Go: Try to fix packages in frameworks coverage
 2024-08-22 14:43:52 +01:00
Tamas Vajk
6827bedaa7 C#: Add aggregated compiler and extractor message counts to extraction telemetry query 2024-08-22 15:14:33 +02:00
Tamás Vajk
3dce56b0b1 Merge pull request #17276 from tamasvajk/impr/change-partial-method-location 
C#: Change reporting location of partial methods
 2024-08-22 15:10:21 +02:00
Michael Nebel
4cd34531c6 Shared: Add a copy of the existing C# Content Dataflow implementation. 2024-08-22 15:07:45 +02:00
Asger F
a2dd47aeb2 JS: Update test output 
These files conflicted and have been regenerated.
 2024-08-22 14:27:15 +02:00
Asger F
423fd04545 JS: Update new xsjs-specific code to respect TEarlyStageNode 2024-08-22 13:22:35 +02:00
Asger F
c54f5858b1 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-22 13:22:05 +02:00
Owen Mansel-Chan
2edadbf423 Try to fix packages in frameworks coverage 2024-08-22 11:44:34 +01:00
Asger F
a1688f6a1a Merge pull request #17240 from knewbury01/knewbury01/fix-helmetrequiredsetting-model 
Update JS helmet model structure
 2024-08-22 11:59:28 +02:00
Asger F
81239dcd95 Java: add test case 2024-08-22 11:26:05 +02:00
Michael Nebel
bd69b96752 Merge pull request #17273 from michaelnebel/csharp/sqlinject 
C#: ASP.NET Controller is allowed to be abstract.
 2024-08-22 11:18:48 +02:00
Asger F
43f54db4db Merge pull request #17274 from asgerf/java/implicit-pending-intents-implicit-read 
Java: Reveal false negative in test
 2024-08-22 11:00:07 +02:00
Tom Hvitved
d41d7c8246 Merge pull request #17207 from hvitved/csharp/content-set 
C#: Implement `ContentSet`
 2024-08-22 10:55:11 +02:00
Tom Hvitved
a213982b48 Merge pull request #17222 from hvitved/ruby/hash-splat-param-arg-matching 
Ruby: Rework (hash) splat argument/parameter matching
 2024-08-22 10:54:52 +02:00