hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-22 15:17:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
47,613 Commits 1,759 Branches 168 Tags
69b112ccbee2d9358ee42a8074a2ebb4517398af
Commit Graph

47613 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
69b112ccbe Fix expectations in data.swift 2022-11-30 17:57:31 +00:00
Karim Ali
89d47d90d6 update the expected output for CWE-079 
Now that we have support for taint through fields of String, we can now detect certain flows that we previously marked as [NOT DETECTED]. This commit updates the expected output of CWE-079 (and the in-code annotation of the accompanying test case) to reflect that update.
 2022-11-30 17:57:31 +00:00
Karim Ali
f57f26cdfd fix expected output for LocalTaint 2022-11-30 17:57:31 +00:00
Karim Ali
5cc94e0ac5 fix expected output for TaintInline 2022-11-30 17:57:31 +00:00
Karim Ali
1a1c1a4e26 fix expected output for Taint.ql 2022-11-30 17:57:31 +00:00
Karim Ali
5782bfdf0a updated expected output for LocalTaint and Tain 2022-11-30 17:57:31 +00:00
Karim Ali
b9153fb8a0 add test case for unicodeScalars 2022-11-30 17:57:31 +00:00
Karim Ali
1394ae3ac2 add test case for utf8CString 2022-11-30 17:57:30 +00:00
Karim Ali
1296dd0a57 add taint steps for fields of String 
if a String is tainted, then all its fields (including those declared in extensions) should be tainted as well
 2022-11-30 17:57:30 +00:00
Paolo Tranquilli
8d2f84ad2a Swift: add --force to codegen 2022-11-30 17:57:30 +00:00
Paolo Tranquilli
da7d93bf3d Swift: make codegen run when no registry is there 2022-11-30 17:57:30 +00:00
Paolo Tranquilli
e4b3140be8 Swift: make codegen resilient to formatting errors 
More in general, the managed renderer flow does things more sensibly
in case an exception is thrown:
* it will not remove any file
* it will drop already written files from the registry, so that codegen
  won't be skipped for those files during the next run
 2022-11-30 17:57:30 +00:00
Owen Mansel-Chan
c8c5fc7b00 Remove @codeql-go from code owners for dataflow 2022-11-30 17:57:30 +00:00
Owen Mansel-Chan
91050348db Use ArgumentPosition instead of int 
This matches what all of the other languages do.
 2022-11-30 17:57:30 +00:00
Owen Mansel-Chan
cfc5595e84 Dataflow: Sync. 2022-11-30 17:57:30 +00:00
Owen Mansel-Chan
b124fe56d9 Fix variable name (source should be sink) 2022-11-30 17:57:30 +00:00
Anders Schack-Mulligen
1ce28540fb Merge pull request #11495 from intrigus-lgtm/patch-7 
Docs: Add missing `language[monotonicAggregates]` annotation
 2022-11-30 14:58:44 +01:00
Paolo Tranquilli
b4e3554af7 Merge pull request #11370 from github/alexdenisov/swift-5.7.1 
Swift: upgrade to Swift 5.7.1
 2022-11-30 14:23:12 +01:00
intrigus-lgtm
4e7e70f981 Docs: Add missing language[monotonicAggregates] annotation 
This adds the `language[monotonicAggregates]` annotation so that the example compiles.
 2022-11-30 13:12:06 +01:00
Alex Denisov
fe0ae6bf0b Swift: add 5.7.1 migration scripts 2022-11-30 12:52:26 +01:00
Alex Denisov
ad663533c7 Swift: bump setup Swift action 2022-11-30 12:40:42 +01:00
Alex Denisov
67fb56deb8 Swift: workaround an internal crash coming from Swift 5.7.1 2022-11-30 12:40:42 +01:00
Alex Denisov
f618d53302 Swift: add new implicit conversion 2022-11-30 12:40:34 +01:00
Alex Denisov
90d471b486 Swift: upgrade to Swift 5.7.1 2022-11-30 12:40:27 +01:00
Mathias Vorreiter Pedersen
d53d275bba Merge pull request #11450 from d10c/swift/missing-enum-cases 
Swift: extract missing cases of `AccessorKind` and `AccessSemantics` enums
 2022-11-30 11:18:52 +00:00
Anders Schack-Mulligen
3d04b267ef Merge pull request #11492 from aschackmull/shared/util 
Shared: Add Util qlpack.
 2022-11-30 11:56:34 +01:00
Paolo Tranquilli
2f4cf592a7 Merge pull request #11490 from github/redsun82/cache 
CI: add workaround for nested composite actions issue
 2022-11-30 11:55:46 +01:00
Anders Schack-Mulligen
758cb8b412 Shared: Fix trailing and non-ascii whitespace. 2022-11-30 11:14:43 +01:00
Owen Mansel-Chan
ab276fc5d8 Merge pull request #11481 from owen-mc/dataflow/sync-go-libraries-2 
Sync go libraries
 2022-11-30 10:02:43 +00:00
Anders Schack-Mulligen
ba56565125 Update shared/util/codeql/util/Option.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-11-30 10:55:07 +01:00
Paolo Tranquilli
e12e86b520 Restore previous cache key 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-11-30 10:47:29 +01:00
Paolo Tranquilli
d165c4963d CI: add workaround for nested composite actions issue 
Because of https://github.com/actions/runner/issues/2009 the deeply
nested action cache was failing to save the cache in the post run phase.

For the moment we just avoid the nesting with a copy-pasted action
snippet.
 2022-11-30 10:47:29 +01:00
Paolo Tranquilli
22eb619235 Merge pull request #11467 from erik-krogh/test-ci 
CI: fix moving the compilation cache
 2022-11-30 10:47:07 +01:00
Anders Schack-Mulligen
71f5c8aa88 Shared: Add Util qlpack. 2022-11-30 10:43:33 +01:00
erik-krogh
045e6ef148 remove unused environment variable 2022-11-30 09:59:20 +01:00
erik-krogh
3d0c9c4642 Merge branch 'main' into test-ci 2022-11-30 09:47:08 +01:00
Tony Torralba
594b7efb84 Merge pull request #11485 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-11-30 09:16:05 +01:00
Paolo Tranquilli
da5730706d Merge pull request #11483 from github/redsun82/cache 
Swift: tentative fix for the bazel cache
 2022-11-30 08:25:39 +01:00
Tiferet Gazit
e2e3667698 Merge pull request #11323 from github/tiferet/simplify-configs 
ATM: Simplify query configurations
 2022-11-29 17:39:11 -08:00
github-actions[bot]
13f4a0e284 Add changed framework coverage reports 2022-11-30 00:18:26 +00:00
tiferet
c5184d37e7 Suggestion from code review: 
Name the query configuration e.g. `NosqlInjectionATMConfig` rather than `Configuration`.
 2022-11-29 15:46:05 -08:00
Harry Maclean
375403fb9d Merge pull request #11114 from hmac/case-barrier-guard-3 
Ruby: Add case string comparison barrier guard
 2022-11-30 11:21:07 +13:00
tiferet
6f807e9d43 Doc suggestion from code review 2022-11-29 13:20:47 -08:00
tiferet
75cd7a9ebc Remove code duplication in query .ql files: 
Define the query for finding ATM alerts in the base class `AtmConfig`, and call it from each query's .ql file.
 2022-11-29 13:20:47 -08:00
tiferet
a710b723d1 Move the definition of isSink to the base class: 
Holds if `sink` is a known taint sink or an "effective" sink.
 2022-11-29 13:20:47 -08:00
tiferet
cd24ec88d6 Move the definition of isSource to the base class: 
A long as we're not boosting sources, `isSource` is identical to `isKnownSource`.
 2022-11-29 13:20:47 -08:00
tiferet
50291c7b7c AtmConfig inherits from TaintTracking::Configuration. 
That way the specific configs which inherit from `AtmConfig` also inherit from `TaintTracking::Configuration`.

This removes the need for two separate config classes for each query.
 2022-11-29 13:20:47 -08:00
tiferet
05a943c9b5 Delete StandardEndpointFilters. 
All remaining functionality in `StandardEndpointFilters` is only being used in `EndpointCharacteristics`, so it can be moved there as a small set of helper predicates.
 2022-11-29 13:20:47 -08:00
tiferet
5402f047bf Delete CoreKnowledge. 
All remaining functionality in `CoreKnowledge` is only being used in `EndpointCharacteristics`, so it can be moved there as a small set of helper predicates.
 2022-11-29 13:20:47 -08:00
Tiferet Gazit
2241252202 Merge pull request #11321 from github/tiferet/complexity-reduction 
ATM: Remove redundant code
 2022-11-29 13:17:55 -08:00