hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
68,772 Commits 1,741 Branches 165 Tags
9662950405865591d31ec8badcc305ac94669c16
Commit Graph

68772 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
am0o0
9662950405 add comments for FPs 2024-07-30 13:24:46 +02:00
am0o0
4dc1a10f71 update tests for zip4j, add aditional flow steps for zip4j, remove BombTypeInputStream class since we don't need it anymore, add a predicate which was for testing porpose and was junk 2024-07-29 18:10:04 +02:00
am0o0
c8749ff82e Merge branch 'amammad-java-bombs' of https://github.com/am0o0/codeql into amammad-java-bombs 2024-07-28 12:15:23 +02:00
am0o0
209fa1a10a update tests 2024-07-28 12:15:07 +02:00
am0o0
0593eaad52 we don't need ConstructorCall for ZipFile anymore since we have a more accurate sink for this 2024-07-28 12:12:07 +02:00
am0o0
cc752113af we don't need TypeInputStreamConstructorArgumentSink anymore 2024-07-28 12:09:52 +02:00
am0o0
7689db7d42 change apache commons sink 2024-07-28 12:09:33 +02:00
am0o0
1b97804f45 update tests 2024-07-28 11:45:48 +02:00
Owen Mansel-Chan
9a66e66d66 Merge branch 'main' into amammad-java-bombs 2024-07-18 21:28:23 +01:00
am0o0
7bb7d83b26 remove duplicate sinks 
replace some RefType with DecompressionBomb::BombTypeInputStream
 2024-07-18 20:55:59 +02:00
am0o0
aef0a03ab6 remove favorites.json 2024-07-18 20:46:40 +02:00
Michael B. Gale
9a729144e8 Merge pull request #17016 from github/mbg/go/log-output-for-go-version 
Go: Output stdout/stderr for `go version` if something goes wrong
 2024-07-18 16:50:09 +01:00
Michael B. Gale
3a9ff64780 Go: Output stdout/stderr for go version if something goes wrong 2024-07-18 15:37:59 +01:00
Cornelius Riemenschneider
8fa575d79b Merge pull request #17010 from github/criemen/disable-remote-cache-zipmerge 
pkg.bzl: Disable remote caching of zipmerge steps.
 2024-07-18 16:18:37 +02:00
Chris Smowton
c1853e04f5 Merge pull request #17013 from smowton/smowton/admin/maven-enforcer-test 
Java: Add test for autobuild with maven-enforcer
 2024-07-18 12:51:06 +01:00
Owen Mansel-Chan
a717c30c02 Merge pull request #16958 from github/max-schaefer-patch-1 
Java: Tag `java/non-https-url` with CWE-345 ("Insufficient Verification of Data Authenticity")
 2024-07-18 12:29:56 +01:00
Chris Smowton
1abe0d0f6d Add test for autobuild with maven-enforcer 2024-07-18 11:16:46 +01:00
Owen Mansel-Chan
e6c1ff573a Merge branch 'main' into max-schaefer-patch-1 2024-07-18 10:39:42 +01:00
Cornelius Riemenschneider
afb6e412f0 pkg.bzl: Disable remote caching of zipmerge steps. 2024-07-18 08:52:04 +02:00
Owen Mansel-Chan
a9bf17ef49 Merge pull request #17000 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-07-18 06:48:28 +01:00
github-actions[bot]
ca42eac589 Add changed framework coverage reports 2024-07-18 00:17:53 +00:00
Owen Mansel-Chan
433137ada6 Merge pull request #16960 from owen-mc/go/mad-sources-fasthttp 
Go: Convert fasthttp sources to MaD
 2024-07-17 21:31:49 +01:00
Geoffrey White
98319be3a7 Merge pull request #16985 from geoffw0/madprov 
C++: Support MaD alert provenance
 2024-07-17 16:25:49 +01:00
Mathias Vorreiter Pedersen
45ba0c3319 Merge pull request #16907 from MathiasVP/phi-escape-5 
C++: Add a new `MemoryLocation` to represent sets of `Allocation`s
 2024-07-17 15:44:04 +01:00
Mathias Vorreiter Pedersen
8a3a3fa263 C++: Sync identical files. 2024-07-17 14:39:08 +01:00
Mathias Vorreiter Pedersen
d5ccb2e396 C++: Add a large QLDoc with example to 'getInstructionSuccessor'. 2024-07-17 14:39:02 +01:00
Michael B. Gale
784a07353e Merge pull request #16916 from github/dependabot/go_modules/go/extractor/extractor-dependencies-5727fbca95 
Bump the extractor-dependencies group across 1 directory with 2 updates
 2024-07-17 13:40:16 +01:00
dependabot[bot]
3641dfebff Bump the extractor-dependencies group across 1 directory with 2 updates 
Bumps the extractor-dependencies group with 2 updates in the /go/extractor directory: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.15.0 to 0.19.0
- [Commits](https://github.com/golang/mod/compare/v0.15.0...v0.19.0)

Updates `golang.org/x/tools` from 0.18.0 to 0.23.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.18.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-17 11:46:01 +00:00
Paolo Tranquilli
bf69c76829 Merge pull request #16987 from github/redsun82/go 
Go/Bazel: use gazelle `go_deps` instead of a vendor directory
 2024-07-17 13:44:23 +02:00
Owen Mansel-Chan
d109b1e20d Accept model numbering changes in tests 2024-07-17 12:37:23 +01:00
Owen Mansel-Chan
6b52cd4957 Do not use "request" threat model kind 
It is not supported yet.
 2024-07-17 12:12:00 +01:00
Owen Mansel-Chan
cfdd48711b Convert Fasthttp::RequestHeader::RemoteFlowSource to MaD 2024-07-17 12:11:59 +01:00
Owen Mansel-Chan
abeca3d9f9 Convert Fasthttp::RequestCtx::RemoteFlowSource to MaD 2024-07-17 12:11:58 +01:00
Owen Mansel-Chan
729069e3d9 Convert Fasthttp::Request::RemoteFlowSource to MaD 2024-07-17 12:11:57 +01:00
Owen Mansel-Chan
c3169d258f Convert Fasthttp::Args::RemoteFlowSource to MaD 2024-07-17 12:11:57 +01:00
Owen Mansel-Chan
5a00b5ec96 Convert Fasthttp::URI::RemoteFlowSource to MaD 2024-07-17 12:11:56 +01:00
Owen Mansel-Chan
f33927457f Adapt test to work better for MaD 
In MaD, `Argument[n]` corresponds to the post-update node of the
argument, which in the old version of the test will be the definition of
`dstReader` for the tests for `ReadBody`, `ReadLimitBody`,
`ContinueReadBodyStream`, `ContinueReadBody`.
 2024-07-17 12:11:55 +01:00
Owen Mansel-Chan
a8a4a201bd Merge pull request #16992 from owen-mc/go/mad/use-package-grouping 
Go: use package grouping in existing models-as-data models
 2024-07-17 12:08:26 +01:00
Mathias Vorreiter Pedersen
dc32806f3f Merge pull request #16988 from MathiasVP/unsigned-difference-compares-eq-zero-fp-fixes 
C++: Fix FPs in `cpp/unsigned-difference-expression-compared-zero`
 2024-07-17 11:39:17 +01:00
Owen Mansel-Chan
238c6ccb2e Merge pull request #17003 from owen-mc/go/update-library-coverage-frameworks 
Go: Add frameworks to frameworks.csv
 2024-07-17 11:26:11 +01:00
Owen Mansel-Chan
f67026f2ad Accept model numbering changes in tests 2024-07-17 11:02:28 +01:00
Owen Mansel-Chan
4c3220ea9d Use package grouping in models for gocb 2024-07-17 10:36:38 +01:00
Owen Mansel-Chan
4b2075bfb1 Split models for separate protobuf packages into separate files 2024-07-17 10:36:37 +01:00
Owen Mansel-Chan
aa0749e4ba Use package grouping for go-jose/jwt models 2024-07-17 10:36:37 +01:00
Owen Mansel-Chan
8a5a9418c7 Add frameworks to frameworks.csv 2024-07-17 10:20:44 +01:00
Owen Mansel-Chan
e6c7e1a0bc Merge pull request #16990 from owen-mc/go/change-string-prefix-check 
Go: Change string prefix check
 2024-07-17 09:57:45 +01:00
Owen Mansel-Chan
12fe998a4e Merge pull request #16986 from owen-mc/go/mad-sources-revel-nethttp 
Go: Convert Revel and net/http sources to MaD
 2024-07-16 22:13:50 +01:00
Jami
39f0288e09 Merge pull request #16964 from jcogs33/jcogs33/add-toByteArray-summaries 
Java: add `IOUtils.toByteArray` summaries
 2024-07-16 17:03:30 -04:00
Owen Mansel-Chan
e2356d9820 Merge pull request #16914 from owen-mc/java/android-app-detection 
Java: Improve Android app detection
 2024-07-16 21:52:43 +01:00
Owen Mansel-Chan
fc6b17ad64 Test: accept model numbers changing 2024-07-16 21:36:12 +01:00