hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 23:33:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,353 Commits 1,684 Branches 159 Tags
76508d17c6487eed6bbbd5674e7a3255e62f9af3
Commit Graph

55353 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jami Cogswell
76508d17c6 Go/Swift: validate source/sink kinds 2023-06-05 12:18:33 -04:00
Jami Cogswell
254e447923 JS/Python/Ruby: update getInvalidModelKind 2023-06-05 12:18:33 -04:00
Jami Cogswell
615f2a573b Java/C#/Go/Swift: remove commented-out code 2023-06-05 12:18:33 -04:00
Jami Cogswell
9f42ae3f29 Shared: remove cpp note 2023-06-05 12:18:33 -04:00
Jami Cogswell
7317c29eea Shared: update kind information 2023-06-05 12:18:33 -04:00
Jami Cogswell
79f61cc645 Java/C#/Go/Swift: use 'SharedModelValidation' file 2023-06-05 12:18:33 -04:00
Jami Cogswell
0ab1848b70 JS/Python/Ruby: use 'SharedModelValidation' file 2023-06-05 12:18:33 -04:00
Jami Cogswell
ddb5d92ef8 Shared: add source, summary, and neutral shared valid kinds 2023-06-05 12:18:33 -04:00
Jami Cogswell
869f820fcf Shared: add 'SharedModelValidation' file as experiment 2023-06-05 12:18:33 -04:00
Jami Cogswell
e24e3a6115 JS/Python/Ruby: add getInvalidModelKind as experiment 2023-06-05 12:18:33 -04:00
Jeroen Ketema
93215ba7e1 Merge pull request #13355 from jketema/ptr-deref-forward 
C++: Ensure that the sink instruction occurs last in `cpp/invalid-pointer-deref`
 2023-06-05 15:56:50 +02:00
Jeroen Ketema
7f7b048f50 C++: Update expected test results 2023-06-05 15:00:11 +02:00
Paolo Tranquilli
dc26dc81a9 Merge pull request #13370 from github/redsun82/swift-fix-cmake 
Swift: fix cmake generation
 2023-06-05 14:52:40 +02:00
Mathias Vorreiter Pedersen
52fb00cac3 Merge pull request #12036 from nmouha/patch-1 
CPP: Add query for CVE-2022-37454: Integer addition may overflow inside if statement
 2023-06-05 12:13:27 +01:00
Jeroen Ketema
11182e4ee4 C++: Move location where getASuccessor is used to avoid join order problems 2023-06-05 12:36:25 +02:00
Paolo Tranquilli
be9d32a6c1 Bazel/CMake: make include not use cmake include 
...but rather just pass along targets. This is required to fix CMake
generation in the internal repository.
 2023-06-05 11:43:48 +02:00
Michael B. Gale
06d48dca67 Merge pull request #13211 from github/mbg/identify-environment-stubs 
Shared: Add stubs for `identify-environment` scripts
 2023-06-05 10:29:06 +01:00
Paolo Tranquilli
400176f677 Swift: fix cmake generation 
The bazel -> cmake generator is currently not capable of handling
separate included generated cmake files making use of common C/C++
dependencies.

To work around this limitation, a single generated cmake is now in
place. Long-term, we should either:
* make the cmake generator handle common dependencies gracefully, or
* make the cmake generation aspect travel up `pkg_` rules `srcs`
  attributes
so to avoid having to list the targets to be generated in the top-level
`BUILD` file.

Other things fixed:
* removed some warning spam about redefined `BAZEL_CURRENT_REPOSITORY`
* fixed the final link step, that was failing because `libswiftCore.so`
  was not being linked.
 2023-06-05 11:12:11 +02:00
Michael B. Gale
5d89b0739b Swift: Remove .cmd script 2023-06-05 09:12:21 +01:00
Jami
64830809a6 Merge pull request #13228 from jcogs33/jcogs33/deprecated-sink-error-message 
Java: add error message for outdated sink kinds in `getInvalidModelKind`
 2023-06-02 13:44:18 -04:00
Alex Ford
c95cf5ad6f Merge pull request #13062 from maikypedia/maikypedia/sqli-sink 
Ruby: Add MySQL as SQL Injection Sink
 2023-06-02 17:06:35 +01:00
Jeroen Ketema
8ac1d56a7f C++: Fix join order in cpp/invalid-pointer-deref 2023-06-02 16:37:35 +02:00
Erik Krogh Kristensen
219ec9d05d Merge pull request #13127 from erik-krogh/polReDoS 
ReDoS: revert new superlinear algorithm.
 2023-06-02 16:10:24 +02:00
Jeroen Ketema
ac4933a9cc C++: Ensure that the sink instruction occurs last in cpp/invalid-pointer-deref 
This avoids some counter-intuitive paths where we would seemingly jump back
to an earlier instruction, which might actually have been in bounds.
 2023-06-02 12:36:34 +02:00
Jeroen Ketema
5f64354a70 Merge pull request #13353 from jketema/expecation 
Fix typo in spelling of expectation
 2023-06-02 12:29:49 +02:00
Mathias Vorreiter Pedersen
05e5ebe4f4 Merge pull request #13331 from aibaars/use-shortest-distances-to-count-indirections 
C++: Use the shortestDistances HOP to count indirections (rebased copy of #13323)
 2023-06-02 11:22:59 +01:00
Mathias Vorreiter Pedersen
0adff53afd Merge pull request #13190 from geoffw0/sharedsensitive 
Swift: Adopt the shared sensitive data library
 2023-06-02 10:36:22 +01:00
Tony Torralba
41bd1ae54e Merge pull request #13351 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-06-02 11:19:04 +02:00
Mathias Vorreiter Pedersen
cc8aac5435 C++: Use the 'shortestDistances' HOP to count indirections instead of manual recursion. This avoids cyclic problems when we have invalid types. 2023-06-02 11:17:08 +02:00
Michael Nebel
3a3f9a2655 Merge pull request #13298 from michaelnebel/csharp/paramdefaultimplicitconversion 
C#: Extract default parameter values.
 2023-06-02 10:52:24 +02:00
Erik Krogh Kristensen
d7c3ac4830 Merge pull request #13349 from erik-krogh/stopRecLaterAccess 
JS: stop recursive fromRhs related to getLaterBaseAccess
 2023-06-02 10:39:14 +02:00
Jeroen Ketema
7b17b92aca Fix typo in spelling of expectation 2023-06-02 10:36:11 +02:00
github-actions[bot]
ef7e9a674c Add changed framework coverage reports 2023-06-02 00:16:55 +00:00
erik-krogh
1b44b59842 add stress test 2023-06-01 23:20:23 +02:00
erik-krogh
8eed1a95f6 stop recursive fromRhs related to getLaterBaseAccess 2023-06-01 23:16:52 +02:00
Jami
84a7b3ca52 Merge pull request #13157 from jcogs33/jcogs33/update-javascript-sink-kinds 
JS: update MaD sink kinds
 2023-06-01 15:04:19 -04:00
Jami
1a82e21fdb Merge pull request #13136 from jcogs33/jcogs33/revamp-java-source-kinds 
Java: change `android-widget` MaD source kind to `remote`
 2023-06-01 14:18:02 -04:00
Jami
3886ebffa9 Merge branch 'main' into jcogs33/update-javascript-sink-kinds 2023-06-01 14:09:10 -04:00
Jami Cogswell
b8cedfa817 Java: switch 'deprecated' to 'outdated' 2023-06-01 13:30:27 -04:00
Jami Cogswell
d10857fbdb Java: fix typo blank qldoc 2023-06-01 12:57:06 -04:00
Jami Cogswell
0355b78f13 Java: add deprecation deletion comment 2023-06-01 12:57:06 -04:00
Jami Cogswell
b3d218a503 Java: condense 'replacementKind' code 2023-06-01 12:57:06 -04:00
Jami Cogswell
06c83ee14d Java: add error message for deprecated sink kinds to 'getInvalidModelKind' 2023-06-01 12:57:05 -04:00
Jami
617107de35 Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds 
Java: revamp MaD sink kinds
 2023-06-01 12:48:30 -04:00
Jami Cogswell
de15013715 Java: remove RemoteFlowSources module 2023-06-01 12:25:26 -04:00
Jami Cogswell
5700a6eea4 Java: remove DefaultAndroidWidgetSources class 2023-06-01 12:25:26 -04:00
Jami Cogswell
119b446dbc Java: add change note 2023-06-01 12:25:26 -04:00
Jami Cogswell
d035a29b4d Java: update source kind documentation 2023-06-01 12:25:26 -04:00
Jami Cogswell
6722892828 Java: switch 'android-widget' source kind to 'remote' 2023-06-01 12:25:25 -04:00
Alex Ford
6fa9e13a2e Ruby: update TaintStep output 2023-06-01 16:27:20 +01:00