hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 03:00:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,376 Commits 1,676 Branches 157 Tags
8a7325268ab2eb7c35dbf77655e7f35c476e1c38
Commit Graph

59376 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
8a7325268a Swift: Change note. 2023-10-07 23:19:24 +01:00
Geoffrey White
c492b5f2dd Swift: Model sinks. 2023-10-07 23:19:09 +01:00
Geoffrey White
8bf6fd67d1 Swift: Add a test for GRDB hardcoded key sinks. 2023-10-07 23:07:32 +01:00
Edward Minnix III
8e653d01a8 Merge pull request #14127 from egregius313/egregius313/java/mad/localuserinput 
Java: Convert implementations of `LocalUserInput` to Models-as-Data
 2023-10-04 12:55:44 -04:00
Ed Minnix
e2a14c7616 Add note about results to change note 2023-10-04 11:08:40 -04:00
Robert Marsh
f7ca8e5b39 Merge pull request #14224 from rdmarsh2/rdmarsh2/swift/nil-coalescing-cfg 
Swift: CFG and data flow for nil coalescing operator
 2023-10-04 09:43:31 -04:00
Owen Mansel-Chan
3703c5626f Merge pull request #14364 from owen-mc/go/improve-output-of-check-formatting-in-makefile 
Go: improve output of check formatting in makefile
 2023-10-04 11:54:40 +01:00
Rasmus Wriedt Larsen
9c02b4f21c Merge pull request #14289 from microsoft/jb1/16-cryptography-models-libraries-and-queries-migration 
16 cryptography models libraries and queries migration
 2023-10-04 12:27:59 +02:00
Owen Mansel-Chan
bd2c49fcf0 Improve message 2023-10-04 11:07:19 +01:00
Owen Mansel-Chan
567052f35e Keep line breaks in list of files formatting 2023-10-04 10:23:29 +01:00
Henry Mercer
99646ba2a3 Merge pull request #14367 from github/henrymercer/rc-3.11-mergeback 
Merge `rc/3.11` into `main`
 2023-10-04 10:05:38 +01:00
Michael Nebel
ecd8561104 C#: Undo poor mans quoting fix as it conflicts with the permanent solution. 2023-10-04 09:19:55 +02:00
Ed Minnix
581d410304 Add change note 2023-10-03 22:29:00 -04:00
Ed Minnix
e122d81336 Add new source kinds for threat modeling 2023-10-03 22:29:00 -04:00
Edward Minnix III
a1d3667f1c Refactor Hudson file methods to MaD 2023-10-03 22:28:59 -04:00
Edward Minnix III
3a75c0fde7 Refactor DatabaseInput to MaD 2023-10-03 22:28:59 -04:00
Edward Minnix III
655470f3da Refactor EnvInput to MaD 2023-10-03 22:28:47 -04:00
Josh Brown
de2e8b0b12 explicit "this" qualifiers 2023-10-03 16:13:54 -07:00
Josh Brown
ad86e576a4 autoformat 2023-10-03 13:40:17 -07:00
Josh Brown
b683a3caf8 Merge branch 'main' into jb1/16-cryptography-models-libraries-and-queries-migration 2023-10-04 07:24:29 +11:00
Robert Marsh
06da5fd05c Swift: move import to make codegen happy 2023-10-03 17:23:00 +00:00
Geoffrey White
d258f69ab0 Merge pull request #14329 from geoffw0/sinks 
Swift: Update summary queries
 2023-10-03 17:39:00 +01:00
Geoffrey White
34b33e1577 Merge pull request #14328 from geoffw0/debugdesc 
Swift: Model .description, .debugDescription more generally
 2023-10-03 17:37:22 +01:00
Geoffrey White
c518f39a0c Merge pull request #14357 from geoffw0/commandinject3 
Swift: Replace two additional taint steps with implicit reads
 2023-10-03 17:34:59 +01:00
Henry Mercer
da92da2204 Bump minor versions of packs we regularly release 2023-10-03 16:31:23 +01:00
Henry Mercer
f3847b3f51 Merge branch 'main' into henrymercer/rc-3.11-mergeback 2023-10-03 16:30:23 +01:00
Robert Marsh
cdef0796e3 Swift: QLDoc for NilCoalescingExpr.qll 2023-10-03 15:00:03 +00:00
Robert Marsh
497f0aa8ab Swift: sync test files and update expectation 2023-10-03 14:57:04 +00:00
Michael Nebel
8224f172b2 Merge pull request #14257 from michaelnebel/java/threatmodelsources 
Java: Introduce a class of dataflow nodes for the threat modeling.
 2023-10-03 16:10:49 +02:00
Tamás Vajk
df988e46da Merge pull request #14351 from tamasvajk/csharp/standalone-compilation 
C#: Extract compilation DB entity in standalone mode
 2023-10-03 14:21:21 +02:00
Owen Mansel-Chan
5433636d49 Fix formatting errors in files included in qhelp 2023-10-03 12:48:03 +01:00
Owen Mansel-Chan
2a52455619 Improve output of check-formatting in Makefile 
The list of files that would change when reformatted is now printed.
Also, parsing errors now make the check fail.
 2023-10-03 12:48:01 +01:00
Ian Lynagh
c365f459fd Merge pull request #14355 from igfoo/igfoo/lang-vers 
Kotlin: Specify language version when compiling for old compilers
 2023-10-03 11:33:23 +01:00
Mathias Vorreiter Pedersen
dbe3bd0c50 Merge pull request #14360 from MathiasVP/promote-use-after-free-and-double-free 
C++: Promote `cpp/double-free` and `cpp/use-after-free` to Code Scanning
 2023-10-03 11:52:23 +02:00
Michael Nebel
fcbd301de8 Java: Address review comments. 2023-10-03 10:36:45 +02:00
Mathias Vorreiter Pedersen
b6ed9ccfda C++: Add change notes. 2023-10-03 09:33:40 +02:00
Mathias Vorreiter Pedersen
7084dc1a88 C++: Promote 'cpp/use-after-free' and 'cpp/double-free' to Code Scanning. 2023-10-03 09:22:47 +02:00
Mathias Vorreiter Pedersen
5632dd5e46 Merge pull request #14275 from alexet/fix-use-after-free-fp 
CPP: Fix some use after free FPs.
 2023-10-03 09:16:42 +02:00
Michael Nebel
5b949b19f7 Java: Cleanup threat model taxanomy to align with the EDR. 2023-10-03 09:16:39 +02:00
Michael Nebel
5c700afa27 Java: Add some threat model dataflow tests. 2023-10-03 09:16:39 +02:00
Michael Nebel
537965c0e8 Java: Add some testfiles. 2023-10-03 09:16:39 +02:00
Michael Nebel
2055d5492c Java: Let RemoteFlowSource and LocalUserInput extends SourceNode and fine grain the LocalUserInput threat models. 2023-10-03 09:16:38 +02:00
Michael Nebel
9a112dde66 Java: Introduce a class of dataflow nodes for the threat modeling. 2023-10-03 09:16:38 +02:00
Geoffrey White
bbd3c66d5a Swift: Update for CollectionContent. 2023-10-02 20:32:24 +01:00
Geoffrey White
81b358a711 Swift: Replace a similar additional taint step in another query. 2023-10-02 20:19:40 +01:00
Geoffrey White
27bdee8058 Swift: Replace additional taint step with implict read. 
Now that we have array content, this is a more principled approach than having a special case data step.
 2023-10-02 20:19:30 +01:00
Robert Marsh
ca722dc74c Swift: add NilCoalescingTest node to CFG 
Fixes an issue where a nil-coalescing operation used in a boolean
context would result in no control flow out of the default operand of
the nil-coalescing operator.
 2023-10-02 18:07:11 +00:00
Ian Lynagh
513a39f0b4 Kotlin: Specify language versino when compiling for old compilers 
Otherwise builds with Kotlin 2 won't work with older compilers.
 2023-10-02 18:14:01 +01:00
Ian Lynagh
f3c5c01ec5 Kotlin: Drop support for 1.4.32 
We never claimed to support anything < 1.5.0, and compiling with
-language-version 1.4 fails as it's not meant to support sealed classes.

If we build 1.4.32 with -language-version 1.5 using a 2.0 compiler,
then the resulting plugin also fails.
 2023-10-02 17:29:10 +01:00
Tom Hvitved
2684a22484 Merge pull request #14255 from hvitved/dataflow/perf-improvements 
Data flow: Performance improvements
 2023-10-02 16:37:24 +02:00