hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,937 Commits 1,703 Branches 162 Tags
9d6098af15775bb2308f8cf66450eea21462d818
Commit Graph

49937 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
9d6098af15 Merge pull request #12004 from jketema/single-use 
C++: Map operand nodes that are only used once onto the related instruction node
 2023-02-09 17:18:39 +01:00
Jeroen Ketema
e4c211df2d C++: Address review comments 2023-02-09 11:58:41 +01:00
Mathias Vorreiter Pedersen
946e301ed6 Merge pull request #12079 from rdmarsh2/rdmarsh2/use-use-taint-test-reads 
C++: allow read steps at the sink in IR taint test
 2023-02-08 15:08:00 +00:00
Mathias Vorreiter Pedersen
825628675e C++: Only allow implicit reads of fields that exist on the sink node's type. 2023-02-08 13:08:22 +00:00
Jeroen Ketema
20ce4cdf91 C++: Map operand nodes that are only used once onto the related instruction node 2023-02-07 14:17:54 +01:00
Jeroen Ketema
d108185ec7 Merge pull request #12102 from jketema/fix-typos 
C++: Fix some typos in the use-use dataflow code
 2023-02-06 16:50:48 +01:00
Mathias Vorreiter Pedersen
9e96d6182d Merge pull request #12096 from MathiasVP/recognize-more-iterators 
C++: Teach iterator flow about `std::back_inserter`
 2023-02-06 11:08:21 +00:00
Jeroen Ketema
30952f6a24 C++: Fix some typos in the use-use dataflow code 2023-02-06 11:56:59 +01:00
Mathias Vorreiter Pedersen
316eecc064 C++: Accept test changes. 2023-02-06 09:09:00 +00:00
Mathias Vorreiter Pedersen
559c799309 C++: Also recognize iterators obtained via a function that doesn't receive the container as a qualiifer. 2023-02-03 21:43:21 +00:00
Mathias Vorreiter Pedersen
77250af444 Merge pull request #12050 from MathiasVP/flow-out-of-iterators-3 2023-02-03 18:43:37 +00:00
Mathias Vorreiter Pedersen
431738175d Merge pull request #11171 from MathiasVP/global-flow 2023-02-03 18:42:46 +00:00
Mathias Vorreiter Pedersen
09a7573163 C++: Add comments to the new FP. 2023-02-03 17:09:19 +00:00
Mathias Vorreiter Pedersen
ae774a6b95 C++: Add a test with an indirect source. 2023-02-03 16:59:54 +00:00
Robert Marsh
ad8e82ac65 C++: allow read steps at the sink in IR taint test 2023-02-03 11:38:49 -05:00
Mathias Vorreiter Pedersen
0a6f914bfc C++: Make the documentation on 'isSink' less ambiguous. 2023-02-03 14:09:01 +00:00
Mathias Vorreiter Pedersen
0aed890b15 C++: Undo QLDoc change. 2023-02-03 14:02:55 +00:00
Mathias Vorreiter Pedersen
b53963a791 C++: QLDoc. 2023-02-02 11:49:31 +00:00
Mathias Vorreiter Pedersen
968fff29ac Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into flow-out-of-iterators-3 2023-02-02 09:12:02 +00:00
Mathias Vorreiter Pedersen
eb31160ae0 C++: Accept test changes. 2023-02-01 13:42:03 +00:00
Mathias Vorreiter Pedersen
702b10ff96 Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into global-flow 2023-02-01 13:37:10 +00:00
Mathias Vorreiter Pedersen
0e1dcc8062 C++: Accept test changes. These all appear to be good changes. 2023-02-01 13:25:37 +00:00
Mathias Vorreiter Pedersen
136b5d189c C++: Small cleanup by making 'GlobalUse' extend 'UseImpl'. 2023-02-01 13:24:40 +00:00
Jeroen Ketema
ce8a84abb3 Merge pull request #12043 from jketema/subpaths 
C++: Fix missing subpaths when displaying dataflow paths
 2023-02-01 09:17:16 +01:00
Mathias Vorreiter Pedersen
88338bdfcf C++: Flow out of functions that write to iterators. 2023-01-31 15:11:47 +00:00
Mathias Vorreiter Pedersen
41ea71c31c Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-31 14:12:23 +00:00
Mathias Vorreiter Pedersen
a2248e6ca6 Merge pull request #12030 from MathiasVP/iterator-public-models 
C++: Make iterator classes public
 2023-01-31 14:11:52 +00:00
Mathias Vorreiter Pedersen
0d38ff8e8c Merge pull request #11920 from gsingh93/bit-shift-range 
C++: Improve left shift and right shift range analysis accuracy
 2023-01-31 14:01:41 +00:00
Erik Krogh Kristensen
8bc9ce749f Merge pull request #12038 from github/dependabot/cargo/ql/tracing-subscriber-0.3.16 
Bump tracing-subscriber from 0.3.15 to 0.3.16 in /ql
 2023-01-31 14:35:35 +01:00
dependabot[bot]
56a0b1d2d8 Merge pull request #12024 from github/dependabot/cargo/ruby/clap-3.0.14 2023-01-31 13:30:21 +00:00
dependabot[bot]
597c71011e Bump tracing-subscriber from 0.3.15 to 0.3.16 in /ql 
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.15 to 0.3.16.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.15...tracing-subscriber-0.3.16)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 13:09:13 +00:00
Erik Krogh Kristensen
683761098d Merge pull request #12041 from github/dependabot/cargo/ql/flate2-1.0.25 
Bump flate2 from 1.0.24 to 1.0.25 in /ql
 2023-01-31 14:07:09 +01:00
Mathias Vorreiter Pedersen
fcc4c91739 C++: More responding to comments. 2023-01-31 13:01:00 +00:00
dependabot[bot]
7f22c4c474 Bump clap from 3.0.12 to 3.0.14 in /ruby 
Bumps [clap](https://github.com/clap-rs/clap) from 3.0.12 to 3.0.14.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.0.12...v3.0.14)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 12:49:34 +00:00
dependabot[bot]
8410e46067 Bump flate2 from 1.0.24 to 1.0.25 in /ql 
Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.0.24 to 1.0.25.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases)
- [Commits](https://github.com/rust-lang/flate2-rs/compare/1.0.24...1.0.25)

---
updated-dependencies:
- dependency-name: flate2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 12:48:10 +00:00
Erik Krogh Kristensen
481dab700c Merge pull request #12037 from github/dependabot/cargo/ql/num_cpus-1.14.0 
Bump num_cpus from 1.13.1 to 1.14.0 in /ql
 2023-01-31 13:45:43 +01:00
yoff
7ae389bb28 Merge pull request #12026 from erik-krogh/nodePty 
JS: add code-injection sink for node-pty
 2023-01-31 13:27:32 +01:00
Michael Nebel
86e9bf2f81 Merge pull request #11996 from michaelnebel/csharp/refstructreffield 
C# 11: Extractor support for `ref` fields in `ref struct`.
 2023-01-31 13:08:57 +01:00
dependabot[bot]
423bab54d3 Bump num_cpus from 1.13.1 to 1.14.0 in /ql 
Bumps [num_cpus](https://github.com/seanmonstar/num_cpus) from 1.13.1 to 1.14.0.
- [Release notes](https://github.com/seanmonstar/num_cpus/releases)
- [Changelog](https://github.com/seanmonstar/num_cpus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/num_cpus/compare/v1.13.1...v1.14.0)

---
updated-dependencies:
- dependency-name: num_cpus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 12:05:11 +00:00
Erik Krogh Kristensen
38bcb2b727 Merge pull request #12039 from github/dependabot/cargo/ql/serde-1.0.152 
Bump serde from 1.0.140 to 1.0.152 in /ql
 2023-01-31 13:03:03 +01:00
dependabot[bot]
198b97ca8d Bump serde from 1.0.140 to 1.0.152 in /ql 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.140 to 1.0.152.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.140...v1.0.152)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 11:48:44 +00:00
Erik Krogh Kristensen
f2526d1784 Merge pull request #12040 from github/dependabot/cargo/ql/tree-sitter-0.20.9 
Bump tree-sitter from 0.20.8 to 0.20.9 in /ql
 2023-01-31 12:46:43 +01:00
Gulshan Singh
1a109cab4d Remove unicode characters 2023-01-31 03:38:03 -08:00
dependabot[bot]
807b715320 Bump tree-sitter from 0.20.8 to 0.20.9 in /ql 
Bumps [tree-sitter](https://github.com/tree-sitter/tree-sitter) from 0.20.8 to 0.20.9.
- [Release notes](https://github.com/tree-sitter/tree-sitter/releases)
- [Commits](https://github.com/tree-sitter/tree-sitter/commits)

---
updated-dependencies:
- dependency-name: tree-sitter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 11:27:40 +00:00
Erik Krogh Kristensen
34ca12e5d2 Merge pull request #12042 from erik-krogh/qlTools 
QL: update codeql-action in QL-for-QL
 2023-01-31 12:24:37 +01:00
Mathias Vorreiter Pedersen
1a27a069ac Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-31 11:15:42 +00:00
erik-krogh
94cec17505 bump codeql-action 2023-01-31 12:09:21 +01:00
erik-krogh
4436ec070e ensure the test is run when the workflow is updated 2023-01-31 12:09:21 +01:00
Geoffrey White
ee442e4d4b Merge pull request #11979 from geoffw0/modern1 
Swift: Modernize injection queries
 2023-01-31 10:54:35 +00:00
erik-krogh
0cefa98490 add missing word to the change-note 2023-01-31 11:53:17 +01:00