hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 15:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,692 Commits 1,684 Branches 159 Tags
9b6e610e243a39770d2a77e9b60276d64e2c30da
Commit Graph

34692 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Rolfe
9b6e610e24 Merge remote-tracking branch 'origin/main' into nickrolfe/incomplete_sanitization 2022-04-20 12:05:22 +01:00
Nick Rolfe
3d109a4051 Merge pull request #8777 from github/nickrolfe/post_update_node 
Ruby: make PostUpdateNode public
 2022-04-20 12:04:37 +01:00
Asger F
e60475618d Merge pull request #8728 from asgerf/ql/library-coverage 
QL: Add facilities for data flow
 2022-04-20 11:40:18 +02:00
Nick Rolfe
f1b8af1db9 Ruby: rename PostUpdateNode::Range to PostUpdateNodeImpl 2022-04-20 10:35:40 +01:00
Anders Schack-Mulligen
cb898ae03f Merge pull request #8701 from aschackmull/doc/any-none 
Doc: Add any() and none() to the language reference.
 2022-04-20 10:49:42 +02:00
yoff
0c7130602a Merge pull request #8731 from RasmusWL/delete-old-readme 
Python: Delete old dataflow readme
 2022-04-20 10:36:12 +02:00
yoff
a66153d73e Merge pull request #8733 from RasmusWL/split-dataflow-private 
Python: Split `DataFlowPrivate`
 2022-04-20 10:21:05 +02:00
Erik Krogh Kristensen
10130eef6d Merge pull request #8678 from erik-krogh/fileSource 
JS: Add files as a source for `js/xss-through-dom`
 2022-04-20 09:18:38 +02:00
Felicity Chapman
b10e7300ae Update docs/codeql/ql-language-reference/formulas.rst 2022-04-19 17:29:31 +01:00
Nick Rolfe
c02670aca2 Ruby: make PostUpdateNode public 2022-04-19 17:12:51 +01:00
Felicity Chapman
d663102ffb Update docs/codeql/ql-language-reference/formulas.rst 2022-04-19 16:57:05 +01:00
Felicity Chapman
6fbe227cbc Try to fix Sphinx warning in formulas.rst 2022-04-19 16:36:42 +01:00
Stephan Brandauer
2fb3147b7b Merge pull request #8430 from kaeluka/js/CVE-2022-24718 
JS: Add taint step for handlebars model
 2022-04-19 15:57:58 +01:00
Michael Nebel
91324d40b5 Merge pull request #8659 from michaelnebel/csharp/capturemodelsmetadata 
C#: Add kind tag to Capture model queries.
 2022-04-19 16:39:03 +02:00
Nick Rolfe
08f6fbbe10 Ruby: make comment about backslash escaping clearer 2022-04-19 14:05:17 +01:00
Nick Rolfe
76c6a521fd Ruby: add clarifying comment 2022-04-19 13:10:57 +01:00
Anders Schack-Mulligen
82463c9290 Merge pull request #8774 from MathiasVP/nomagic-revPartialPathStep 
Add `nomagic` to `revPartialPathStep`
 2022-04-19 14:02:04 +02:00
Nick Rolfe
76587c4144 Ruby: fix capitalisation of String in qhelp 2022-04-19 11:42:31 +01:00
Nick Rolfe
468c718da0 Ruby: simplify predicate 2022-04-19 11:32:26 +01:00
Nick Rolfe
ac805f0cdc Ruby: simplify predicate by using DataFlow::CallNode 2022-04-19 11:27:33 +01:00
Nick Rolfe
ca4dc0583d Ruby: fix comment typos 2022-04-19 11:15:34 +01:00
Nick Rolfe
14de91ce94 Ruby: make StringSubstitutionCal extend DataFlow::CallNode 2022-04-19 10:52:14 +01:00
Mathias Vorreiter Pedersen
a7c0113bc7 Merge pull request #8741 from geoffw0/autogen 
C++: Fix issue with extremely long comments in AutogeneratedFile.qll
 2022-04-19 10:45:16 +01:00
Geoffrey White
0aa1945f30 C++: Comments. 2022-04-19 10:04:15 +01:00
Mathias Vorreiter Pedersen
91b413d59f Dataflow: Sync identical files. 2022-04-19 09:57:21 +01:00
Mathias Vorreiter Pedersen
d5722ffa61 C++: Add 'nomagic' to 'revPartialPathStep'. 2022-04-19 09:56:41 +01:00
Chuan-kai Lin
b433f08cef Merge pull request #8770 from cklin/csharp-downgrades-remove-version 
C#: remove version from downgrades pack
 2022-04-18 09:41:21 -07:00
Chuan-kai Lin
8e850ee564 C#: remove version from downgrades pack 2022-04-18 08:46:05 -07:00
Geoffrey White
8a32c17c56 C++: Fix the issue. 2022-04-14 17:03:28 +01:00
Jean Helie
d094bbc06d Merge pull request #8546 from github/jhelie/enforce-unknown-incompatibiliy-with-notasink 
ML: add defensive check to ensure Unknown endpoints cannot also be NotASink
 2022-04-14 11:21:18 +02:00
Harry Maclean
c3f1fba985 Merge pull request #8598 from hmac/hmac/insecure-dep-resolution 
Ruby: Add rb/insecure-dependency query
 2022-04-14 02:09:44 +02:00
Nick Rolfe
a1a7d2c088 Ruby: add changenote for rb/incomplete-sanitization 2022-04-13 17:32:38 +01:00
Nick Rolfe
fdca896614 Ruby: improve handling of [g]sub! 
rb/incomplete-sanitization has a few cases where we find flow from one
one string substitution call to another, e.g.

    a.sub(...).sub(...)

But this didn't find typical chained uses of the destructive variants,
e.g.

    a.sub!(...)
    a.sub!(...)

We now handle those cases by tracking flow from the post-update node for
the receiver of the first call.
 2022-04-13 17:19:25 +01:00
Jean Helie
1e39a9caae ML: update regression test output following fix to getAnUnknown predicate 2022-04-13 18:14:16 +02:00
Jean Helie
f87cd164ce ML: add defensive check to ensure Unknown endpoints cannot also be NotASink 2022-04-13 18:14:16 +02:00
Jean Helie
f2b813a6e7 ML: add regression test for effective sink that is also NotASink 2022-04-13 18:14:16 +02:00
Henry Mercer
6603f8ab94 Merge pull request #8734 from github/henrymercer/non-extending-subtypes-minor-fixes 
Docs: Fix typo and formatting in "Non-extending subtypes"
 2022-04-13 17:11:33 +01:00
Nick Rolfe
bbb8177176 Ruby: add rc/incomplete-sanitization query 2022-04-13 16:48:43 +01:00
Henry Mercer
54b3d4d0d7 Docs: Fix typo and formatting in "Non-extending subtypes" 
- Fix typo `select any(Foo f) would yield bar` -> `select any(Foo f).foo() would yield bar`
- Fix inline code formatting
- Change `foo_method` to `fooMethod` to follow QL style guide
 2022-04-13 16:12:42 +01:00
AlexDenisov
df2cc181a0 Merge pull request #8726 from redsun82/swift-prebuilt-fetching 
Swift: fetch prebuilt swift and link against it
 2022-04-13 16:58:36 +02:00
Paolo Tranquilli
aaf9e7da2f turn off universal_binaries for now 2022-04-13 16:45:23 +02:00
Paolo Tranquilli
9e3401ce59 make self repository name parametric 
In a workspace macro we must use the exact repository name, and this
can be different when importing the workspace (it is different in
semmle-code).
 2022-04-13 16:22:27 +02:00
Paolo Tranquilli
73d5691d91 update swift package 2022-04-13 16:22:27 +02:00
Paolo Tranquilli
e68172f4b0 Swift: fetch prebuilt swift and link against it 
This is known to break linux integration in sembuild.
 2022-04-13 16:22:27 +02:00
Rasmus Wriedt Larsen
a271e17f04 Python: Move dataflow call-graph to new qll file 
Seems like all other languages use a file called `DataFlowDispatch`. I
want to introduce a setup where we have (old) points-to based approach
in one file, and can develop a type-tracking based approach in another
file, so that's the reason for the naming differing slightly.

For which predicates go in which files, I have taken mostly inspiration
from C# and Ruby.
 2022-04-13 15:56:57 +02:00
Rasmus Wriedt Larsen
3d15205084 Python: Autoformat 2022-04-13 15:36:16 +02:00
Rasmus Wriedt Larsen
ded4e9250c Python: Move IterableUnpacking to own file 2022-04-13 15:36:05 +02:00
Rasmus Wriedt Larsen
c740894408 Python: Move MatchUnpacking to own file 
I had hoped that git would be able to see this as a rename, and
therefore I haven't done autoformat
 2022-04-13 15:36:05 +02:00
AlexDenisov
058ac5bcae Merge pull request #8717 from AlexDenisov/alexdenisov/swift-ql-ci 
Swift: enable QL tests on CI
 2022-04-13 14:42:27 +02:00
Jean Helie
407a8a7715 ML: fix ATM expected tests outputs 2022-04-13 14:02:12 +02:00