hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
62,236 Commits 1,741 Branches 165 Tags
706e9dc896635c3b7d8aebbcaffe08115da1e4e5
Commit Graph

62236 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
1417c2cdd5 Update python/ql/lib/change-notes/2023-12-18-support-variable-capture.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-12-19 10:08:59 +01:00
yoff
a60c52b8b7 Merge branch 'main' into python/captured-variables-basic 2023-12-18 23:44:46 +01:00
Rasmus Lerchedahl Petersen
8b7b58279a Python: add change-note 
I chose `category: majorAnalysis`, the description is
"An API has changed in a way that may affect the results produced
by a query that consumes the API."
The API in question here is `flowPath` which is used by all our
data flow queries.
 2023-12-18 23:42:39 +01:00
Jeroen Ketema
180e752a23 C++: Update test after extractor changes 
Also remove incorrect FP comment. clang does not support `#pragma hdrstop` in
its non-cl-emulation mode.
 2023-12-18 23:30:13 +01:00
Rasmus Lerchedahl Petersen
78c484faab Python: remove support for capturing callbacks 
This will be added in a follow-up PR instead.
 2023-12-18 23:24:57 +01:00
Rasmus Lerchedahl Petersen
6e4011d2ae Python: rename sythetic nodes 
Avoid the term "closure" as it is somewhat academic.
 2023-12-18 23:16:51 +01:00
Rasmus Lerchedahl Petersen
c0b3d98c6d Python: Add a bit more detail to comment. 2023-12-18 22:44:26 +01:00
Rasmus Lerchedahl Petersen
456209b269 Python: Move predicate closer to its use 2023-12-18 22:29:09 +01:00
Rasmus Lerchedahl Petersen
86bb884f67 Python: better comment 2023-12-18 22:26:46 +01:00
Rasmus Lerchedahl Petersen
7324177786 Python: address QL alerts 2023-12-18 22:20:28 +01:00
Rasmus Lerchedahl Petersen
25c83dc70d Python: adjust comment 2023-12-18 22:15:37 +01:00
Rasmus Lerchedahl Petersen
bf1ad23678 Python: add comments 
- on debug predicates
- on JS implementation
 2023-12-18 22:00:13 +01:00
Rasmus Lerchedahl Petersen
c88d686ce4 Python: move SynthCapturePostUpdateNode 
next to `SynthCaptureNode`
 2023-12-18 21:37:52 +01:00
yoff
f50817e92a Merge pull request #15104 from RasmusWL/fewer-meta-queries 
Python: Remove `@tags meta` from internal debug queries
 2023-12-18 21:27:33 +01:00
yoff
e0c027f13c Merge pull request #14848 from hvitved/python/shared-type-tracking 
Python: Adopt shared type tracking library
 2023-12-18 21:14:42 +01:00
Mathias Vorreiter Pedersen
41c49ae05b Merge pull request #15136 from MathiasVP/fix-joins-in-use-after-free 2023-12-18 17:18:06 +01:00
Edward Minnix III
56921a6e21 Merge pull request #14040 from egregius313/egregius313/weak-hashing-properties 
Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`
 2023-12-18 09:38:58 -05:00
Tamás Vajk
d5f47a3d75 Merge pull request #15124 from tamasvajk/feature/telemetry/extraction-information 
C#: Add telemetry query to report extractor information
 2023-12-18 15:30:35 +01:00
Tamás Vajk
c5cf0641bf Merge pull request #15131 from tamasvajk/standalone/file-name 
C#: Exclude not existing or problematic files from standalone extraction
 2023-12-18 15:30:01 +01:00
Rasmus Lerchedahl Petersen
d6544cc550 Python: remove consistency exclusion 2023-12-18 15:24:49 +01:00
Mathias Vorreiter Pedersen
d308bb40a0 Merge pull request #15132 from MathiasVP/fix-joins-in-isModifiableAtImpl 
C++: Fix joins in `isModifiableAtImpl`
 2023-12-18 15:01:36 +01:00
Mathias Vorreiter Pedersen
aafde4d18d C++: Fix joins in 'cpp/use-after-free'. 2023-12-18 14:49:09 +01:00
Tamas Vajk
f9c6d5e808 Ensure files are only enumerated once 2023-12-18 14:39:02 +01:00
Tamas Vajk
b14d26ab62 C#: Exclude not existing or problematic files from extraction 2023-12-18 14:10:56 +01:00
Tom Hvitved
a776132a10 Python: Deprecate more predicates 2023-12-18 13:05:17 +01:00
Tamas Vajk
1a8857dab8 Create problematic additional file in integration test 2023-12-18 12:32:24 +01:00
Mathias Vorreiter Pedersen
50b754b6c1 Merge pull request #15129 from MathiasVP/fix-joins-in-wrong-type-format-argument 
C++: Fix joins in `cpp/wrong-type-format-argument`
 2023-12-18 12:17:17 +01:00
Mathias Vorreiter Pedersen
f5c52ac496 C++: Fix joins in 'isModifiableAtImpl'. 2023-12-18 12:02:33 +01:00
Michael Nebel
d8fdba009a Merge pull request #15119 from michaelnebel/csharp/stubgenimprovements 
C#: Escape method names in stub generation.
 2023-12-18 11:35:29 +01:00
Michael Nebel
b10137c24c C#: Pick the first version number encountered. 2023-12-18 11:02:49 +01:00
Tamas Vajk
de1134ac48 C#: Add linux-only integration test 2023-12-18 10:55:11 +01:00
Mathias Vorreiter Pedersen
8ed9fbb295 Merge pull request #15123 from MathiasVP/fix-fps-in-double-free 
C++: Fix FPs in `cpp/double-free` and `cpp/use-after-free`
 2023-12-18 10:44:18 +01:00
Mathias Vorreiter Pedersen
e88c6888bc Merge pull request #15121 from MathiasVP/fix-joins-in-av-rule-145 
C++: Fix joins in `AV Rule 145`
 2023-12-18 10:42:46 +01:00
Tamas Vajk
3f843d820c Add telemetry query for known/unknown expression kinds 2023-12-18 10:02:32 +01:00
Mathias Vorreiter Pedersen
3897befbe2 C++: Fix joins in 'cpp/wrong-type-format-argument'. 2023-12-18 09:49:34 +01:00
Tony Torralba
9446249e94 Merge pull request #15012 from atorralba/atorralba/java/fix-missing-pinning-fp 
Java: Fix FPs in Missing certificate pinning
 2023-12-18 09:37:18 +01:00
Tony Torralba
0524289a73 Update java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql 2023-12-18 08:50:10 +01:00
Tom Hvitved
020a049d30 Merge pull request #15103 from hvitved/ruby/simple-pattern-flow 
Ruby: Model simple pattern matching as value steps instead of taint steps
 2023-12-18 08:49:11 +01:00
Mathias Vorreiter Pedersen
2eda5927d9 Merge pull request #15125 from geoffw0/launchoptions 
Swift: Add more test cases for application(...launchOptions...).
 2023-12-18 08:42:50 +01:00
Rasmus Lerchedahl Petersen
64655a0ea8 Python: Use enw class name 2023-12-16 01:36:46 +01:00
Rasmus Lerchedahl Petersen
b505778bc8 Python: remove non-local steps 2023-12-16 01:03:27 +01:00
Rasmus Lerchedahl Petersen
661ba1ca7b Python: move restriction into branch predicate 
Otherwise we get loads of nodes with missing locations
from the brnach nodes that are not matched.
 2023-12-16 00:33:11 +01:00
Rasmus Lerchedahl Petersen
5de1725648 Python: update class name 2023-12-15 23:50:29 +01:00
Rasmus Lerchedahl Petersen
4a1fcde649 Python: abandon synthetic node 
for `CapturingClosureArgumentNode`.

Unless we define it for every single `CallNode`, we need a more
sophisticated mutual recursion with the call graph construction.
There is built-in support for that, but we are currently not using it.
 2023-12-15 23:42:29 +01:00
Rasmus Lerchedahl Petersen
e36b079e0f Python: fix compilation error 
introduced by bad merge
 2023-12-15 21:27:22 +01:00
Rasmus Lerchedahl Petersen
416ba6a709 Python: use updated API 2023-12-15 21:26:05 +01:00
Geoffrey White
1908575386 Swift: Add more test cases for launchOptions as a source. 2023-12-15 18:11:28 +00:00
Mathias Vorreiter Pedersen
ef916f0ba0 C++: Mitigate ODR violations. 2023-12-15 17:16:04 +00:00
Ed Minnix
09a0730491 QLdoc fix 2023-12-15 11:13:09 -05:00
Ed Minnix
02581a3850 Move class for getProperty method call to Properties.qll 2023-12-15 11:09:08 -05:00