hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 06:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,155 Commits 1,681 Branches 158 Tags
62533501febcdbd00dfca5340661de24ca96ff2e
Commit Graph

49155 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
62533501fe C#: Update CIL attributes test case and the expected output. 2023-01-17 17:00:01 +01:00
Michael Nebel
5f57a097ab C#: CIL method attribute extraction. 2023-01-17 14:17:35 +01:00
Michael Nebel
951f6362aa Merge pull request #11825 from michaelnebel/csharp/genericmathsupport 
C# 11: Support for static virtual and static abstract interface members.
 2023-01-17 14:14:02 +01:00
Erik Krogh Kristensen
2e4f4c64fe Merge pull request #11903 from erik-krogh/revertClap 
QL: Revert "update clap to 3.0 in QL-for-QL"
 2023-01-17 13:29:04 +01:00
erik-krogh
5a4fe71529 Revert "update clap to 3.0 in QL-for-QL" 
This reverts commit d072ed969e.
 2023-01-17 12:38:30 +01:00
Erik Krogh Kristensen
50b9f5bba0 Merge pull request #11892 from erik-krogh/clap 
QL: update clap to 3.0 in QL-for-QL
 2023-01-17 12:33:18 +01:00
Mathias Vorreiter Pedersen
77a9cea737 Merge pull request #11901 from github/redsun82/swift-ql-internal 
Swift: introduce `@ql.internal` pragma for classes
 2023-01-17 10:46:56 +00:00
Paolo Tranquilli
67bd8cba32 Merge pull request #11900 from github/alexdenisov/swift-ignore-lsregister 
Swift: do not trace lsregister
 2023-01-17 11:26:22 +01:00
Chris Smowton
29425982a5 Merge pull request #11899 from ataillefer/patch-1 
Fix partial path traversal Java example
 2023-01-17 09:39:36 +00:00
Paolo Tranquilli
6106edd5e2 Swift: add INTERNAL doc marker to ql.internal classes 2023-01-17 10:30:59 +01:00
Paolo Tranquilli
b22da25e05 Swift: remove ql.internal classes from global import 2023-01-17 10:18:03 +01:00
Paolo Tranquilli
48825442c3 Swift: add ql.internal pragma in schema definitions 2023-01-17 10:10:35 +01:00
Paolo Tranquilli
cdc99b5240 Swift: simplify pragma definition 2023-01-17 10:10:02 +01:00
Alex Denisov
63b4e5ef5c Swift: do not trace lsregister 2023-01-17 09:26:31 +01:00
Erik Krogh Kristensen
51bd1ef1e1 Merge pull request #11884 from erik-krogh/qlWin 
QL/Ryby: fix qltest on Windows
 2023-01-16 21:57:01 +01:00
Antoine Taillefer
660e6d7085 Fix partial path traversal Java example 
The Java recommendation example for the "Partial path traversal vulnerability from remote" query doesn't seem right to me. Indeed, the following statement doesn't compile, since `dir.getCanonicalPath()` returns a String:
```
dir.getCanonicalPath().toPath()
```
Maybe the author wanted to state `dir.getCanonicalFile().toPath()`, which would compile, but is useless compared to `dir.getCanonicalPath()`.

Moreover, `parent.getCanonicalFile().toPath()` or `parent.getCanonicalPath()` will **not** be slash-terminated, contrary to what the description says.
From what I can see (and test), the correct fix is to concatenate `File.separator` to the parent canonical path.
 2023-01-16 21:14:29 +01:00
Tony Torralba
bd5619147d Merge pull request #11590 from atorralba/atorralba/swift/sensitive-info-logs 
Swift: Add Cleartext Logging query
 2023-01-16 16:22:20 +01:00
erik-krogh
713599963b add --working-dir to Ruby qltest.cmd to fix Windows 2023-01-16 15:37:35 +01:00
erik-krogh
9e153cfb0d change the Ruby-build test such that Windows fails 2023-01-16 15:37:35 +01:00
erik-krogh
587adea809 QL: add --working-dir to qltest.cmd to fix qltest 2023-01-16 15:37:14 +01:00
erik-krogh
2c1ecb507d fix windows 2023-01-16 15:36:57 +01:00
erik-krogh
1de65131fe add compilation cache to QL-for-QL tests 2023-01-16 15:36:57 +01:00
erik-krogh
0685732e3f delete ql/ specific format step now that we have an all-languages format check 2023-01-16 15:36:57 +01:00
erik-krogh
1d62751e15 test QL-for-QL on mac/win 2023-01-16 15:36:55 +01:00
Tony Torralba
0017461e2d Update swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-01-16 15:35:58 +01:00
Michael Nebel
8981d4c06b C#: Add change note. 2023-01-16 13:43:26 +01:00
Michael Nebel
2f602a629f C#: Add upgrade and downgrade scripts. 2023-01-16 13:27:37 +01:00
Erik Krogh Kristensen
8ccc384043 Merge pull request #11858 from erik-krogh/moreSpawn 
JS: track shell:true more in js/shell-command-constructed-from-input
 2023-01-16 13:24:50 +01:00
Erik Krogh Kristensen
59a8b21851 Merge pull request #10862 from erik-krogh/unsafeCodeConstruction 
Rb: Add an `unsafe-code-construction` query
 2023-01-16 13:22:58 +01:00
Michael Nebel
3552a41552 C#: Add test case for static abstract and static virtual interface members. 2023-01-16 13:07:50 +01:00
Michael Nebel
dc50b6bad3 C#: Support for operators in implements relations. 2023-01-16 13:07:50 +01:00
Michael Nebel
8c2931cbb8 C#: Operators are now allowed to be declared virtual. 2023-01-16 13:07:50 +01:00
erik-krogh
d072ed969e update clap to 3.0 in QL-for-QL 2023-01-16 12:34:56 +01:00
Tony Torralba
fdb3b65bce Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-01-16 11:57:37 +01:00
Tony Torralba
7f880a24df Merge pull request #11886 from jelaiw/jelaiw-patch-1 
Fix small typo in good/bad code sample.
 2023-01-16 09:43:23 +01:00
jelaiw
cf7189bb28 Fix small typo in good/bad code sample. 2023-01-13 19:16:11 -06:00
Mathias Vorreiter Pedersen
2dbacbc302 Merge pull request #11841 from MathiasVP/swift-add-integral-types 
Swift: Add integral type classes
 2023-01-13 17:30:57 +00:00
Mathias Vorreiter Pedersen
c5038ed281 Merge pull request #11883 from MathiasVP/fold-definitions 
C++: Fix bad join in `definitionOf`
 2023-01-13 16:28:26 +00:00
Mathias Vorreiter Pedersen
6e6f2115c0 Merge pull request #11857 from MathiasVP/speedup-missing-check-scanf 
C++: Speedup `cpp/missing-check-scanf`
 2023-01-13 16:11:16 +00:00
Michael Nebel
2d46272295 Merge pull request #11881 from michaelnebel/java/modeldiffignore 
Java: Ignore missing html artifacts in the Model Diff workflow.
 2023-01-13 14:11:19 +01:00
Michael Nebel
b36be009d4 Merge pull request #11834 from michaelnebel/csharp/operators 
C# 11: Extractor and library support for Unsigned right shift.
 2023-01-13 13:21:02 +01:00
erik-krogh
71af8ab022 simplifications inspired by review 2023-01-13 13:18:52 +01:00
Mathias Vorreiter Pedersen
2283eacc0b C++: Fix bad join in 'definitionOf'. 2023-01-13 11:42:15 +00:00
Mathias Vorreiter Pedersen
59072f9e81 C++: Improve QLDoc. 2023-01-13 11:01:23 +00:00
Mathias Vorreiter Pedersen
dd8bead21a C++: Fix spurious backticks. 2023-01-13 10:57:44 +00:00
Mathias Vorreiter Pedersen
cf9998b932 Merge pull request #5 from geoffw0/integraltypes 
Swift: Work on integral type classes
 2023-01-13 10:01:23 +00:00
Michael Nebel
600412db48 Java: Ignore missing html artifacts. 2023-01-13 08:58:53 +01:00
Michael Nebel
3b15f2359b Merge pull request #11861 from michaelnebel/java/testmodeldiff 
Java: Update the Model Difference workflow to use the `gh api`.
 2023-01-13 08:20:18 +01:00
Arthur Baars
af8cb65b2e Merge pull request #11877 from aibaars/ql-ql-cross 
QL/Ruby: include OS version in cache keys for Rust binaries
 2023-01-12 20:02:25 +01:00
Michael Nebel
fd80974210 Java: Download databases using the gh api instead of lgtm. 2023-01-12 19:30:12 +01:00