hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
72,435 Commits 1,672 Branches 157 Tags
66d6bda7166df6dd93ab44d901bd3560fde17bcc
Commit Graph

72435 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
66d6bda716 Merge pull request #18044 from asgerf/js/shared-dataflow-bump 
JS: Merge 'main' and implement 'speculativeTaintStep'
 2024-11-27 15:43:27 +01:00
Asger F
805fd0b46e JS: Refine speculative step definition 2024-11-26 15:56:56 +01:00
Asger F
8818fcc207 JS: Benign test output changes 2024-11-26 15:47:13 +01:00
Asger F
c94a01e6b6 JS: Remove reference to argsParseStep 
This was removed as part of the PR that introduced threat models.
 2024-11-26 15:36:47 +01:00
Asger F
bf62582f53 JS: Implement 'speculativeTaintStep' 
It is a mandatory part of the interface now; just providing a bare-bones implementation for rather than 'none()'
 2024-11-26 15:36:46 +01:00
Asger F
82d61e4194 Merge branch 'js/shared-dataflow-branch' into js/shared-dataflow-merge-main 2024-11-26 15:36:16 +01:00
Asger F
c2e9dca1de Merge pull request #18043 from asgerf/jss/jump-and-test-exclusion 
JS: Fix jump steps generated by IIFEs and exception flow
 2024-11-26 14:33:42 +01:00
Asger F
f073f3b791 JS: Rename file to foo.test.js 2024-11-26 13:44:00 +01:00
Asger F
65da9b41b5 JS: Add cross-file test in InsecureRandom 2024-11-26 13:43:24 +01:00
Asger F
b4bd8e701c JS: Add test for file classification change 2024-11-26 12:33:39 +01:00
Asger F
930a7b6e28 JS: Update output changes to nodes/edges/subpaths 2024-11-21 13:33:39 +01:00
Asger F
7a77432024 JS: Update lost result in insecure-download 
The VariableCapture library consumes one component of the access path limit, which means we lose this result
 2024-11-21 13:33:10 +01:00
Asger F
1ac7591faf JS: Update missed flow in capture-flow.js 
We previously caught this flow because of a heuristic in capture flow. We'll have to fix it properly later.
 2024-11-21 12:57:34 +01:00
Asger F
9dad2d62d7 JS: Update DataFlowConsistency 2024-11-21 12:54:11 +01:00
Asger F
ce00bd2cc9 JS: More docs 2024-11-21 11:06:43 +01:00
Asger F
4e62a512c5 JS: Only apply exception propagator when no other summary applies 
Previously a few Promise-related methods were special-cased, which is no longer needed.
 2024-11-21 11:01:05 +01:00
Asger F
84820adf3c Add test for exception flow out of finally() 2024-11-21 11:01:03 +01:00
Asger F
948d21ca07 JS: Propagate exceptions from summarized callables by default 2024-11-21 10:24:31 +01:00
Asger F
dcdb2e5133 JS: Fix callback check so it works without parameters 2024-11-21 10:24:29 +01:00
Asger F
b7dd455aff JS: Add test case 2024-11-21 09:21:36 +01:00
Asger F
d52bc971b8 Merge branch 'main' into js/shared-dataflow-merge-main 2024-11-20 14:05:03 +01:00
Jeroen Ketema
b4718792d1 Merge pull request #17986 from jketema/guarded-free2 
C++: Reduce number of FPs `cpp/guarded-free` and turn `if(x) { free(x) }` cases from FNs to TPs
 2024-11-20 13:58:48 +01:00
Nora Dimitrijević
6a3e34cc4c Merge pull request #17987 from d10c/d10c/bigint-ga 
BigInt GA: update docs
 2024-11-20 10:34:42 +01:00
Michael Nebel
745e52f659 Merge pull request #18033 from michaelnebel/csharp/net9-2 
C#: Update to .NET 9
 2024-11-20 09:53:58 +01:00
Michael Nebel
9a8a27750e Merge pull request #18040 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-11-20 09:51:59 +01:00
github-actions[bot]
d80aa6fa6a Add changed framework coverage reports 2024-11-20 00:21:24 +00:00
Owen Mansel-Chan
f21439a6e3 Merge pull request #18034 from owen-mc/go/mad/package-level-variables 
Go: Allow package-level variables in models-as-data models
 2024-11-19 19:49:02 +00:00
Jeroen Ketema
5a18f1ff07 Merge pull request #18038 from github/nickrolfe/typo-manger 
C++: fix typo in qhelp
 2024-11-19 19:02:31 +01:00
Nick Rolfe
a2c6278282 C++: fix typo in qhelp 2024-11-19 17:39:05 +00:00
Owen Mansel-Chan
dd87b1a9de Convert os.stdin model to MaD 2024-11-19 16:59:47 +00:00
Owen Mansel-Chan
bf824cac0a Allow package-level variables in MaD 2024-11-19 16:59:42 +00:00
yoff
d4ec8f650a Merge pull request #18030 from github/tausbn/python-fix-match-literal-pruning 
Python: Fix pruning of literals in `match` pattern
 2024-11-19 17:16:22 +01:00
Michael Nebel
3b01efaf5d C#: Update launch.json. 2024-11-19 17:08:08 +01:00
Michael Nebel
0fc46f5855 C#: Fix compiler warnings related to errors in XML comments. 2024-11-19 16:30:48 +01:00
Nora Dimitrijević
2da1d6aaa8 BigInt GA: remove mention of experimental status from .rst docs 2024-11-19 16:05:20 +01:00
Nora Dimitrijević
54e7db2294 BigInt GA: s/arbitrary-precision/arbitrary-range/g in .rst docs 2024-11-19 16:05:20 +01:00
Simon Friis Vindum
e5951516b8 Merge pull request #18026 from paldepind/rust-df-local 
Rust: Add local data flow edge for SSA nodes
 2024-11-19 15:41:25 +01:00
yoff
22287be5d1 Merge pull request #17370 from Kwstubbs/Bottle/Tornado-HeaderSupport 
Python: Bottle Framework Support
 2024-11-19 15:34:26 +01:00
Tom Hvitved
7a065746d6 Merge pull request #18024 from hvitved/rust/cfg/async-block-return 
Rust: Handle early returns in `async` blocks in CFG
 2024-11-19 15:21:34 +01:00
Taus
e2530cf14f Python: Update expected test output 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-11-19 14:10:50 +00:00
Michael Nebel
358098230c C#: Address review comment from previous PR. 2024-11-19 14:58:21 +01:00
Taus
a4ccda5fe3 Python: Fix pruning of literals in match pattern 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-11-19 13:48:13 +00:00
Simon Friis Vindum
2c9bee6208 Rust: Only add data flow edge to SSA write definitions from their underlying CFG node 2024-11-19 14:32:31 +01:00
Michael Nebel
95a8881428 Merge pull request #17999 from michaelnebel/csharp/net9 
C#: Update to .NET9.
 2024-11-19 14:28:59 +01:00
Paolo Tranquilli
2f3624b625 Merge pull request #18023 from github/redsun82/installer-shortcut 
Bazel: add an `install` shortcut and an `experimental` attribute to `codeql_pack`
 2024-11-19 14:00:52 +01:00
Simon Friis Vindum
6ae979293c Rust: Accept inconsistencies 2024-11-19 13:26:01 +01:00
Asger F
d1c9e47d23 JS: More aggressive test file classification 2024-11-19 13:23:32 +01:00
Asger F
01669908f2 JS: Block InsecureRandomness flow into test files 2024-11-19 13:23:31 +01:00
Asger F
80a5a5909e JS: Use getUnderlyingValue() a few places in VariableCapture 2024-11-19 13:23:29 +01:00
Asger F
d2daec4c66 JS: Add tests explaining why the IIFE in f2 didn't work 2024-11-19 13:23:24 +01:00