hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 15:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,095 Commits 1,700 Branches 161 Tags
6ba1d2ef14d3b3345eb98747bbcdfdcd8998737d
Commit Graph

77 Commits

Author SHA1 Message Date
Simon Friis Vindum
b3601b1ac2 Merge pull request #18946 from paldepind/rust-regex-injection 
Rust: Add regular expression injection query
 2025-03-12 08:15:54 +01:00
Simon Friis Vindum
5c83644360 Rust: Use CWE 20 for regex injection query 2025-03-10 14:52:25 +01:00
Simon Friis Vindum
0e965f7616 Rust: Accept changes 2025-03-10 14:39:37 +01:00
Simon Friis Vindum
494f914070 Rust: Add regular expression injection query 2025-03-07 12:37:30 +01:00
Anders Schack-Mulligen
b1e53f5816 Rust: Accept consistency failure. 2025-03-07 11:11:49 +01:00
Simon Friis Vindum
476fef49da Rust: Allow SSA and some data flow for mutable borrows 2025-02-26 16:00:52 +01:00
Asger F
ff36d1916f Merge pull request #18810 from asgerf/js/test-related-locations 
Test: Add support for RelatedLocation tag and use in a JS query
 2025-02-25 16:40:41 +01:00
Asger F
cd0fd02e74 Rust: Remove 'Source' annotations from same line as Alert 
Source tags should no longer be used when on the same line as the Alert.

The ones in this file went unnoticed however because *all* of them were on the same line as an Alert, which made the test library ignore all Source tags.
 2025-02-21 14:44:48 +01:00
Geoffrey White
79525fa4ed Rust: Variant -> Field. 2025-02-17 17:33:52 +00:00
Geoffrey White
048f7dbd37 Merge branch 'main' into nth 2025-02-17 17:17:59 +00:00
Geoffrey White
c07a57bf6b Rust: Accept spurious test results (we need a barrier for numeric types of this query at some point; it's good that flow reaches it now). 2025-02-13 15:31:10 +00:00
Tom Hvitved
e9c25037d4 Rust: Use Field MaD token instead of Variant, Struct, Tuple 2025-02-13 13:32:08 +01:00
Asger F
fc1d36f867 Rust: update a Rust test case 2025-02-03 11:31:04 +01:00
Tom Hvitved
0aee2e6fb2 Rust: Implement path resolution in QL 2025-01-31 10:07:08 +01:00
Geoffrey White
919e7978cd Rust: Add PrettyPrintModels.ql to the test. I gather this stabilized the output MaD IDs. 2025-01-28 16:23:20 +00:00
Geoffrey White
f2564c351f Rust: Changes to other tests - mostly MaD IDs :(. 2025-01-28 09:22:30 +00:00
Geoffrey White
494d8f2da0 Rust: Update MaD IDs for an unrelated test. :( 2025-01-27 22:22:41 +00:00
Geoffrey White
9d6a13cec2 Rust: Accept improved results for rust/sql-injection. Note that the lost annotations are only sources, not results, and I suspect will return when we have sufficient flow in these cases. 2025-01-27 22:22:38 +00:00
Geoffrey White
0a3d44c44e Rust: Re-apply suggested changes (I accidentally force-pushed them away). 2025-01-24 17:31:38 +00:00
Geoffrey White
117db8a9b2 Rust: Make the test runnable. 2025-01-24 17:22:42 +00:00
Geoffrey White
037d496a68 Rust: Fix some more tests (MaD ID changes and extraction consistency issues). 2025-01-23 19:14:28 +00:00
Geoffrey White
4214c837b8 Rust: Clean up the query message. 2025-01-23 18:03:25 +00:00
Geoffrey White
59c3ac6f80 Rust: Allow flow through reference taking (&). 2025-01-23 17:17:07 +00:00
Geoffrey White
78c58aa5f1 Rust: Allow implicit taint reads from tuple contents at sinks. 2025-01-23 17:17:05 +00:00
Geoffrey White
64444940a6 Rust: Add taint sinks for target and key-value arguments. 2025-01-23 17:17:04 +00:00
Geoffrey White
2bbf493991 Rust: Model assert_failed. 2025-01-23 17:17:03 +00:00
Geoffrey White
484331c303 Rust: Model StdoutLock, StderrLock methods and String.as_bytes. 2025-01-23 17:17:02 +00:00
Geoffrey White
1d2950c70c Rust: Add some sinks. 2025-01-23 17:17:00 +00:00
Geoffrey White
4297d05c05 Rust: Implement the query. 2025-01-23 17:16:59 +00:00
Geoffrey White
173cfd5c7b Rust: Add test cases for various std:: bits. 2025-01-23 17:16:58 +00:00
Geoffrey White
bb3be2f8af Rust: Add a test for the log crate + placeholder query. 2025-01-23 12:24:47 +00:00
Geoffrey White
edd1f257ad Rust: Attempt to fix the test on CI. 2025-01-10 14:51:15 +00:00
Geoffrey White
ae26cd6c32 Rust: Update test for changes on main. 2025-01-10 12:36:04 +00:00
Geoffrey White
babfa758a3 Rust: Add models for an alternative md5 library. 2025-01-10 11:56:27 +00:00
Geoffrey White
ae0f4f10de Rust: Add hash function sinks. 2025-01-10 11:56:26 +00:00
Geoffrey White
8f4a52001f Rust: Add query framework. 2025-01-10 11:56:24 +00:00
Geoffrey White
509c6ffb7a Rust: Add tests for weak hashing. 2025-01-10 11:56:23 +00:00
Simon Friis Vindum
049fab4c72 Rust: Remove taint steps 2024-12-18 11:22:56 +01:00
Simon Friis Vindum
c1e21974c6 Rust: Address review comments 2024-12-17 17:24:42 +01:00
Simon Friis Vindum
ee87d4c948 Merge branch 'main' into rust-data-flow-models 2024-12-17 13:12:32 +01:00
Simon Friis Vindum
402d4e11c4 Rust: Re-add inline expectations query tags 2024-12-16 16:36:30 +01:00
Tom Hvitved
5ed03e266a Rust: Fix semantic merge conflicts 2024-12-16 14:47:13 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Simon Friis Vindum
cad4f39aee Rust: Database name capitalization 2024-12-16 13:15:42 +01:00
Simon Friis Vindum
defbbb2a24 Rust: Add additional models for stdlib and sqlx 2024-12-16 11:46:57 +01:00
Geoffrey White
03f962ed86 Merge pull request #18226 from geoffw0/badcrypto 
Rust: Weak encryption algorithm query.
 2024-12-12 14:21:16 +00:00
Michael Nebel
864c34fc03 Rust: Update all test util paths to point to the new location. 2024-12-12 15:02:59 +01:00
Tom Hvitved
2f8b04b225 Rust: Models-as-data for flow summaries 2024-12-09 13:41:55 +01:00
Geoffrey White
de042ea9d7 Merge branch 'main' into badcrypto 2024-12-05 18:36:47 +00:00
Geoffrey White
6eb850c8cb Rust: Improve the model. 2024-12-05 16:49:27 +00:00