hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,768 Commits 1,741 Branches 165 Tags
650d57083bb456fd1e01ca307f987f0eab3871eb
Commit Graph

34768 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
6166f0601c Merge pull request #8727 from redsun82/bazel_workspace_rename 
Bazel: rename workspace to codeql
 2022-04-13 10:51:10 +02:00
Alex Denisov
60c6241382 Swift: run QL tests on macOS 2022-04-13 10:35:15 +02:00
Asger Feldthaus
a5ad4c8263 QL: Update printAst output 
Annotations are not longer their own children/parent.
 2022-04-13 10:29:21 +02:00
Erik Krogh Kristensen
41bdd8f4da minor fixes 2022-04-13 10:11:07 +02:00
Erik Krogh Kristensen
b13e7c055b move the sanitizer-guard to the Query.qll file 2022-04-13 09:58:33 +02:00
Erik Krogh Kristensen
96e4633dfe remove more code that did nothing 2022-04-13 09:57:32 +02:00
Erik Krogh Kristensen
a9595af01e update expected output 2022-04-13 09:43:21 +02:00
Erik Krogh Kristensen
d35604ed82 remove the length sanitizer from loop-bound-injection - it did nothing 2022-04-13 09:43:21 +02:00
Erik Krogh Kristensen
dd28157d0a add test of a length check 2022-04-13 09:43:21 +02:00
Erik Krogh Kristensen
8e47a9b242 add sanitizer step for .length in js/resource-exhaustion 2022-04-13 09:30:09 +02:00
Stephan Brandauer
fb66ccff39 handlebars taint step: conservatively assume unknown templates have no flow to helpers 2022-04-13 09:27:59 +02:00
Asger Feldthaus
c1827cfd30 QL: Add test for getAStringValue 2022-04-13 08:45:25 +02:00
Asger Feldthaus
4c72c31a5a QL: Add InlineExpectationsTest 2022-04-13 08:45:25 +02:00
Asger Feldthaus
b0801c9b2f QL: Add some missing qldoc 2022-04-13 08:45:25 +02:00
Asger Feldthaus
8188e2876c QL: Autoformat 2022-04-13 08:45:25 +02:00
Asger Feldthaus
6632b7da1c QL: Add FrameworkCoverage query 2022-04-13 08:45:25 +02:00
Alex Denisov
b8c1f1a6e1 Swift: run QL tests on Linux 2022-04-13 07:44:19 +02:00
Paolo Tranquilli
141ba2e039 Bazel: rename workspace to codeql 2022-04-12 17:37:29 +02:00
Paolo Tranquilli
03ebf8b049 Merge pull request #8700 from redsun82/swift-skeleton 
Swift: first skeleton extractor
dsp-testing/codeql-swift-artifacts 		2022-04-12 17:14:42 +02:00
Paolo Tranquilli
8ef28787b6 Swift: do not fail pack creation if dir does not exist 2022-04-12 17:05:26 +02:00
Erik Krogh Kristensen
a2d2626c9c add security severity 2022-04-12 16:34:00 +02:00
Erik Krogh Kristensen
d64df30724 reintroduce the reverted qhelp 2022-04-12 16:33:06 +02:00
Erik Krogh Kristensen
ebf9ba7250 remove the type-overloaded new Buffer() as a sink 2022-04-12 16:29:58 +02:00
Erik Krogh Kristensen
e2b7f7d05d reintroduce the number sinks 2022-04-12 16:26:10 +02:00
Erik Krogh Kristensen
029459cc35 reorganize CWE-770 tests 2022-04-12 16:15:40 +02:00
Paolo Tranquilli
6440242268 Swift+Bazel: apply review comments 2022-04-12 16:03:20 +02:00
Erik Krogh Kristensen
688b2b6898 use the Query.qll pattern 2022-04-12 15:52:52 +02:00
Erik Krogh Kristensen
8fb54c3f32 move js/resource-exhaustion out of experimental 2022-04-12 15:51:36 +02:00
Asger Feldthaus
4b74fa628c QL: Add global flow and type-tracking 2022-04-12 15:25:09 +02:00
Asger Feldthaus
0ffb558e48 QL: Support local flow via unification 2022-04-12 15:25:06 +02:00
Asger Feldthaus
49d5b662ff QL: Add Node.getEnclosingPredicate 2022-04-12 15:25:03 +02:00
Asger Feldthaus
2b8454001a QL: Add scoped variable nodes 2022-04-12 15:24:59 +02:00
Asger Feldthaus
2d640e7e95 QL: Add basic data flow nodes 2022-04-12 15:24:55 +02:00
Asger Feldthaus
c9b9751894 QL: Add NodeNumbering library 2022-04-12 15:24:52 +02:00
Asger Feldthaus
60a22b71b4 QL: Remove redundant union part 2022-04-12 15:24:48 +02:00
Asger Feldthaus
f02912bdf5 QL: Add VarDef.getAnAccess 2022-04-12 15:24:45 +02:00
Asger Feldthaus
85403cd4de QL: Fix up parent-child relation in tree 2022-04-12 15:24:42 +02:00
Paolo Tranquilli
f2f99611bd .gitignore CLion project files 2022-04-12 12:41:00 +02:00
Paolo Tranquilli
a205b465ba Bazel: reorganization 
* fixed 5.0.0 as bazel version
* made dependencies better loadable
* moved `//swift/install` to `//swift:create-extractor-pack` (following
  the clearer ruby naming)
* renamed `extractor_pack` to `extractor-pack` for consistency with Ruby
 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
13b2442fed Bazel: code reorganization 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
664d5ba0a9 Swift: moved install to a separate package 
When importing the workspace from semmle-code, we do not need nor want
to instantiate `@util`, so that must be in a separate bazel package.
 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
95dbf2d666 Swift: first skeleton extractor 
This adds a first dummy extractor for swift.

Running `bazel run //swift:install` will create an `extractor_pack`
directory in `swift`. From that moment providing `--search-path=swift`
will pick up the extractor.
 2022-04-12 12:40:59 +02:00
CodeQL CI
a43f3a21a8 Merge pull request #8550 from erik-krogh/classJoin 
Approved by asgerf
 2022-04-12 09:23:58 +01:00
Geoffrey White
cb211f8844 Merge pull request #8599 from 4B5F5F4B/main 
C++: refactor some code, and add access_ok cases
 2022-04-11 15:57:27 +01:00
Mathias Vorreiter Pedersen
e86b6b182f C++: Remove TC from 'Element.getRootCause'. 2022-04-11 15:27:10 +01:00
Bas van Schaik
c3912b2f29 Update README to clarify license explanation 2022-04-11 14:30:56 +01:00
CodeQL CI
9c8dee2a4d Merge pull request #8687 from asgerf/js/missing-flow-fixes 
Approved by erik-krogh
 2022-04-11 14:08:15 +01:00
Bas van Schaik
422255b859 Update CODEOWNERS for documentation and license 
To make sure the right people are pinged when a change like #5893 is made
 2022-04-11 12:33:23 +01:00
Taus
626770aaab Merge pull request #8004 from ahmed-farid-dev/ZipSlip 
Add query to detect ZipSlip
 2022-04-08 23:55:02 +02:00
Jeroen Ketema
4cfe04567f Merge pull request #8702 from jketema/command-line-sanitizer 
C++: Use `isSanitizerOut(DataFlow::Node node)` in `cpp/command-line-injection`
 2022-04-08 23:42:35 +02:00