hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-06 14:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
61,399 Commits 1,746 Branches 166 Tags
79b77ae805885f9bac1abe655ac52ebb2bd32b22
Commit Graph

61399 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
79b77ae805 Add AST test for switch with null case 2023-11-30 11:23:58 +00:00
Chris Smowton
05caffc189 Update printast expectation 2023-11-30 11:23:58 +00:00
Chris Smowton
30c5885966 Fix constant cases relating to enum types 2023-11-30 11:23:58 +00:00
Chris Smowton
b21aaa75bc Type-flow: treat pattern-switch on an array index similar to instanceof 2023-11-30 11:23:58 +00:00
Chris Smowton
7dd4030f51 Pattern cases: support type-flow 2023-11-30 11:23:58 +00:00
Chris Smowton
a06ac42512 PrintAst: report pattern-cases similar to pattern-instanceof 2023-11-30 11:23:58 +00:00
Chris Smowton
b6622d2f5b usesType: support pattern cases 2023-11-30 11:23:58 +00:00
Chris Smowton
0f434e7f08 Add test for dataflow vs. pattern-switch 2023-11-30 11:23:58 +00:00
Chris Smowton
6c990c2cf6 Add pattern-case support and generally debug switch CFGs 
These were reasonably broken beforehand, due to not taking switch rules into account in enough places, and confusing the expression/statement switch rule distinction with the distinction between switch statements and expressions.

(For example, `switch(x) { 1 -> System.out.println("Hello world") ... }` is a statement, but has a rule expression).
 2023-11-30 11:23:58 +00:00
Chris Smowton
f4b45fa511 Support switch cases with binding patterns 2023-11-30 11:23:58 +00:00
Chris Smowton
fefc02d650 Merge pull request #14950 from smowton/smowton/admin/empty-argfile-test 
Java: Add test for empty argfile
 2023-11-29 14:05:39 +00:00
Taus
754deda03e Merge pull request #14946 from github/RasmusWL/list-python-3.12 
Docs: List Python 3.12 as supported
 2023-11-29 15:05:11 +01:00
Chris Smowton
e110db58f8 Add test for empty argfile 2023-11-29 12:51:22 +00:00
Rasmus Wriedt Larsen
76a6fb563d Docs: List Python 3.12 as supported 
Support was added in https://github.com/github/codeql/pull/14636
 2023-11-29 11:22:27 +01:00
Mathias Vorreiter Pedersen
1f9e2c71ce Merge pull request #14928 from MathiasVP/surprising-lifetimes-c_str 
C++: Add a new query for calling `c_str` on temporary objects
 2023-11-29 10:15:11 +00:00
Erik Krogh Kristensen
399872b719 Merge pull request #14943 from rafaelurben/patch-1 
JS: Add django template urls as "save urls"
 2023-11-29 11:10:16 +01:00
Mathias Vorreiter Pedersen
351caaccfe C++: Add GOOD and BAD comments to qhelp examples. 2023-11-29 09:44:54 +00:00
Mathias Vorreiter Pedersen
8afd9288cb Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-11-29 09:36:29 +00:00
Rafael
1a05c2e704 Added Django test 2023-11-29 08:26:49 +01:00
Rafael
0a74a3a765 Update javascript/ql/src/change-notes/2023-11-28-django-urls.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-11-29 08:23:02 +01:00
Rafael
0b0c9e3e48 Create 2023-11-28-django-urls.md 2023-11-28 22:29:53 +01:00
Rafael
286e3951bf Detect Django template URLs 
Django URLs are currently not detected, but flask and nunjucks URL are. (See https://github.com/github/codeql/issues/12267)
 2023-11-28 22:22:07 +01:00
Felicity Chapman
298c6b5295 Merge pull request #14942 from github/codeql-cli-2.15.3 
Mergeback post release changes from the `codeql-cli-2.15.3` branch to `main`
 2023-11-28 20:41:43 +00:00
Jeroen Ketema
483f4c3ce9 Merge pull request #14921 from jketema/kr-style-function-parameters 
C++: Expose whether a function was prototyped or not
 2023-11-28 17:43:22 +01:00
Robert Marsh
4df25f4f7f Merge pull request #14797 from geoffw0/sqlsinks 
Swift: Heuristic sinks for swift/sql-injection
 2023-11-28 11:18:10 -05:00
Tom Hvitved
e79ad3b738 Merge pull request #14937 from hvitved/csharp/stubvisitor-recursion-guard 
C#: Prevent infinite recursion in `EqualsModuloTupleElementNames`
 2023-11-28 16:25:52 +01:00
Jeroen Ketema
28ac46a73f C++: Add change note 2023-11-28 14:57:02 +01:00
Mathias Vorreiter Pedersen
2b36ba33f0 C++: Add support for 'data' in the query. 2023-11-28 12:57:59 +00:00
Michael B. Gale
e349611f86 Merge pull request #14932 from github/dependabot/go_modules/go/extractor/extractor-dependencies-29c4186f99 
Bump the extractor-dependencies group in /go/extractor with 1 update
 2023-11-28 12:57:24 +00:00
Mathias Vorreiter Pedersen
7b8d164692 C++: Add more good test cases. 2023-11-28 11:58:33 +00:00
Mathias Vorreiter Pedersen
62c432f3c7 C++: Tabs -> Spaces. 2023-11-28 11:52:17 +00:00
Tom Hvitved
fea2bf9217 C#: Prevent infinite recursion in EqualsModuloTupleElementNames 2023-11-28 11:45:09 +01:00
Rasmus Wriedt Larsen
c12053287e Merge pull request #14936 from RasmusWL/star-args-kwargs-missing-flow 
Python: Highlight missing post-update flow for `*args` and `**kwargs`
 2023-11-28 11:34:51 +01:00
Rasmus Wriedt Larsen
3c82653b63 Python: Highlight missing post-update flow for *args and **kwargs 2023-11-28 10:59:48 +01:00
Jeroen Ketema
7dec819151 C++: Expose whether a function was prototyped or not 2023-11-28 10:24:43 +01:00
Mathias Vorreiter Pedersen
ff4c63f696 C++: Add change note. 2023-11-28 09:16:49 +00:00
Mathias Vorreiter Pedersen
e10caa68f6 C++: Add tests. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
e94cde9b4b C++: Move the use-after-free tests to subdirectory. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
71ad7696c3 C++: Add qhelp. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
204acbacc5 C++: Add a new query for detecting calls to 'c_str' on temporary objects. 2023-11-28 09:06:24 +00:00
dependabot[bot]
d2cad03e28 Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).

- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-28 03:58:15 +00:00
Mathias Vorreiter Pedersen
22a91d18b8 C++: Make the sequence container classes public. 2023-11-27 21:32:49 +00:00
Michael Nebel
f05c86239f Merge pull request #14878 from michaelnebel/csharp/pindotnetinintegrationtests 
C#: Pin integration tests to a specific .NET version.
 2023-11-27 13:22:02 +01:00
Ian Lynagh
7560573b89 Merge pull request #14906 from igfoo/igfoo/locs 
Kotlin 2: Accept some location changes in test-kotlin2/library-tests/stmts
 2023-11-27 11:42:47 +00:00
Mathias Vorreiter Pedersen
70e0b33ce6 Merge pull request #14807 from geoffw0/formatsinks 
Swift: More sinks for swift/uncontrolled-format-string
 2023-11-27 11:10:04 +00:00
Michael Nebel
d1c4e772f0 C#: Pin integration tests to a specific .NET version. 2023-11-27 10:51:04 +01:00
Stephan Brandauer
68a7734e08 Merge pull request #14849 from github/kaeluka/automodel-extraction-skip-primitive-types-candidates 
Java Automodel extraction: remove primitives in framework mode
 2023-11-27 09:52:48 +01:00
AlexDenisov
59ee3e16b4 Merge pull request #14800 from github/alexdenisov/more-extractions 
Swift: final 5.8/5.9 extractions
 2023-11-27 08:41:37 +01:00
Mathias Vorreiter Pedersen
865cbab242 Merge pull request #14911 from MathiasVP/remove-duplication-workaround-in-sources 2023-11-24 20:00:57 +00:00
Geoffrey White
dfdc502525 Merge pull request #14908 from geoffw0/setmodels 
Swift: Flow models for Set
 2023-11-24 19:16:16 +00:00