hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 06:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
71,783 Commits 1,740 Branches 165 Tags
7427a24ca1210a453fc2b69c9479db92ce7fd36f
Commit Graph

71783 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Napalys
7427a24ca1 Added test case for Array.prototype.toReversed, which is currently not flagged as a taint sink. 2024-11-12 12:02:37 +01:00
Napalys
3215967cbc Added toReserved test case 2024-11-12 12:02:20 +01:00
Napalys
3f0a54c2e8 Added support for Array.prototype.toSorted function 2024-11-12 12:02:04 +01:00
Napalys
def8d75cb8 Added test case for Array.prototype.toSorted, which is currently not flagged as a taint sink. 2024-11-12 12:01:51 +01:00
Simon Friis Vindum
7517ad3e4b Merge pull request #17959 from paldepind/rust-inline-flow-test 
Rust: Setup inline flow test library
 2024-11-12 10:47:08 +01:00
Jeroen Ketema
77ae26fca7 Merge pull request #17960 from jketema/guarded-free 
C++: Add tests for experimental `cpp/guarded-free` query
 2024-11-12 10:43:39 +01:00
Jeroen Ketema
79a9e9c6c0 C++: Address review comments 2024-11-12 10:13:37 +01:00
Napalys Klicius
6266dab518 Merge pull request #17951 from Napalys/napalys/reverse-support 
JS: Added support for reverse function
 2024-11-12 10:09:18 +01:00
Simon Friis Vindum
d9d3027667 Rust: Make improvements to getArgString based on PR comments 2024-11-12 09:45:33 +01:00
Jeroen Ketema
a29b958f5f C++: Address review comments 2024-11-12 09:08:36 +01:00
Tamás Vajk
ba26281b02 Merge pull request #17955 from tamasvajk/binlog/multiple 
C#: Change extractor to accept multiple `binlog` files
 2024-11-12 08:58:47 +01:00
Owen Mansel-Chan
a277bcbc3e Merge pull request #17941 from owen-mc/go/fix/missing-method-qualified-names 
Go: fix missing qualified names for some promoted methods
 2024-11-11 22:50:17 +00:00
Jeroen Ketema
a5a6445b2e C++: Add tests for experimental cpp/guarded-free query 2024-11-11 17:29:28 +01:00
Simon Friis Vindum
cd2038a8f8 Rust: Setup inline flow test library 2024-11-11 16:41:59 +01:00
Cornelius Riemenschneider
fed240a2b2 Merge pull request #17956 from github/criemen/rust-upd-deps 
Rust: Update cargo dependencies.
 2024-11-11 16:06:09 +01:00
Napalys Klicius
42f7f73ae1 Update ArrayInPlaceManipulationTaintStep documentation 2024-11-11 15:38:57 +01:00
Michael Nebel
425b1b17d1 Merge pull request #17952 from michaelnebel/java/movemodels 
Java: Move non-experimental models out of the experimental folder.
 2024-11-11 15:28:53 +01:00
Tamas Vajk
46f168823c Improve code quality 2024-11-11 14:10:13 +01:00
Tamas Vajk
fe62900a15 C#: Change extractor to accept multiple binlog files 2024-11-11 12:56:24 +01:00
Michael B. Gale
d6ef8c3f9a Merge pull request #17946 from github/dependabot/go_modules/go/extractor/extractor-dependencies-c113e28156 
Bump golang.org/x/tools from 0.26.0 to 0.27.0 in /go/extractor in the extractor-dependencies group
 2024-11-11 11:31:21 +00:00
Cornelius Riemenschneider
e8aa5db07a Rust: Update cargo dependencies. 
There was a recent round of tree-sitter-* package releases,
so the latest code is now a) released and b) available on crates.io.

Therefore, move away from the (super slow on CI) git dependencies to released crates instead.
This also includes a run of `cargo update`, so there's a bunch of more changes to the lockfile.
 2024-11-11 12:13:14 +01:00
Simon Friis Vindum
ad6bd88f0a Merge pull request #17954 from paldepind/rust-data-flow-fix-inconsistencies 
Rust: Fix data flow fix inconsistencies
 2024-11-11 11:56:10 +01:00
Chris Smowton
89a2f0dc00 Merge pull request #17890 from smowton/smowton/fix/kotlin-use-nulltype 
Kotlin extractor: use special <nulltype> for null literals
 2024-11-11 10:54:21 +00:00
Simon Friis Vindum
aebce746df Rust: Create data flow nodes for parameters in the CFG 
Before data flow nodes where created for all parameters in the AST. But
some AST parameters does not lead to any data flow (for instance
parameters in function pointer types).
 2024-11-11 11:46:10 +01:00
Simon Friis Vindum
6a3d417836 Rust: Implement enclosing callable for additional classes 2024-11-11 11:11:29 +01:00
Napalys
ae57c12b15 Added change notes 2024-11-11 10:38:14 +01:00
Michael Nebel
404ca27aec Java: Move non-experimental models out of the experimental folder. 2024-11-11 10:08:45 +01:00
Simon Friis Vindum
bf07aa1cbd Merge pull request #17947 from paldepind/rust-ssa-node-printing 
Rust: Mark SSA data flow nodes in output and hide them in paths
 2024-11-11 09:55:26 +01:00
Simon Friis Vindum
55796badaf Rust: Mark SSA data flow nodes in output and hide them in paths 2024-11-11 08:48:48 +01:00
Simon Friis Vindum
e3662fa97f Merge pull request #17923 from geoffw0/unreachable4 
Rust: More tests for rust/deadcode
 2024-11-11 08:45:47 +01:00
Napalys
81bc7cd19f Refactored SortTaintStep to ArrayInPlaceManipulationTaintStep to support both sort and reverse functions. Fixed newly added test case. from 8026a99db7 2024-11-11 08:32:03 +01:00
Napalys
1c298f0231 Added test case for Array.prototype.reverse, which is currently not flagged as a potential sink. 2024-11-11 08:32:02 +01:00
Napalys
f1c6dc1d9b Moved SortTaintStep to more appropriate home TaintTracking->Arrays 2024-11-11 08:32:01 +01:00
dependabot[bot]
916184964b Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.26.0 to 0.27.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-11 03:24:36 +00:00
Owen Mansel-Chan
0b24235de4 Update test results 2024-11-09 07:56:44 +00:00
Owen Mansel-Chan
9afdee4697 Accept changed test results and improve test 2024-11-09 07:55:02 +00:00
Florin Coada
f3c7352727 Merge pull request #17935 from github/changedocs/2.19.3 
Changedocs for 2.19.3
 2024-11-08 17:58:54 +00:00
Geoffrey White
727a7d4957 Merge branch 'main' into unreachable4 2024-11-08 17:39:15 +00:00
Paolo Tranquilli
5490975a27 Merge pull request #17943 from github/redsun82/rust-accept-inconsistencies 
Rust: accept some inconsitencies for now
 2024-11-08 18:17:30 +01:00
Paolo Tranquilli
9684df8535 Rust: accept some inconsitencies for now 
The modified result is just a change due to a semantic conflict after introducing some
`toString` implementations.

The new inconsistency should be looked at more in detail.
 2024-11-08 18:05:19 +01:00
Owen Mansel-Chan
c8f41206be Add a change note 2024-11-08 14:23:55 +00:00
Geoffrey White
c7112ef278 Rust: Accept consistency check changes. 2024-11-08 14:22:04 +00:00
Owen Mansel-Chan
38ee2d418a Fix bug by extracting more pointer types 2024-11-08 13:57:36 +00:00
Owen Mansel-Chan
5094cb851b Add test showing bug (SEmbedP.PMethod not showing) 2024-11-08 13:57:34 +00:00
Anders Schack-Mulligen
a311294080 Merge pull request #17932 from aschackmull/java/kotlin-notnull-typeflow 
Kotlin: Support NotNullExpr in TypeFlow.
 2024-11-08 13:48:15 +01:00
Michael B. Gale
71e4646489 Merge pull request #17934 from github/dependabot/go_modules/go/extractor/extractor-dependencies-ede2484c43 
Bump golang.org/x/mod from 0.21.0 to 0.22.0 in /go/extractor in the extractor-dependencies group
 2024-11-08 12:43:38 +00:00
Paolo Tranquilli
9cea631399 Merge pull request #17931 from github/redsun82/rust-target-dir 
Rust: allow to specify the target directory
 2024-11-08 13:34:03 +01:00
Paolo Tranquilli
26839f5e15 Merge pull request #17882 from github/redsun82/rust-resolve 
Rust: extract some resolved paths
 2024-11-08 13:33:41 +01:00
Geoffrey White
3805d0f958 Merge branch 'main' into unreachable4 2024-11-08 11:46:34 +00:00
Geoffrey White
0610c265e2 Merge pull request #17913 from geoffw0/unusedvar8 
Rust: Fix rust/unused-variable FPs
 2024-11-08 11:41:45 +00:00