hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-12 18:29:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
48,053 Commits 1,756 Branches 167 Tags
aabbafd2bf5ee3bc03362f89ef32271c9700efdb
Commit Graph

48053 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
321a2f5a73 Merge pull request #11550 from atorralba/atorralba/kotlin/adapt-path-sanitizer 
Kotlin: Adapt PathSanitizer
 2022-12-07 12:08:00 +01:00
Owen Mansel-Chan
2ed8d5d798 Merge pull request #11288 from pwntester/new_sudo_like_argument 
Golang: add `rsync` as a program capable of arbitrary shell command execution
 2022-12-07 10:20:49 +00:00
Tony Torralba
6dcc0cc188 Further simplification 2022-12-07 10:50:23 +01:00
Tony Torralba
ccd465d669 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-12-07 10:38:33 +01:00
Tony Torralba
2f622ad72c Refactor by introducing helper predicates 2022-12-07 10:31:54 +01:00
Tony Torralba
85b2642a5e Extraction discrepancy fixed in kotlinc 1.7.21 2022-12-07 09:57:31 +01:00
Tom Hvitved
51f11f19cc Merge pull request #11576 from ethanwilloner/main 
csharp: URI should be Uri in Owin.qll library.
 2022-12-07 09:34:51 +01:00
Alvaro Muñoz
49eedde58a Merge branch 'main' into new_sudo_like_argument 2022-12-07 09:31:17 +01:00
Asger F
afe7872838 Merge pull request #11565 from asgerf/js/rephined-variable-in-access-path 
JS: handle rephined variable in access path
 2022-12-07 09:26:38 +01:00
Michael Nebel
c1c0432c00 Merge pull request #11144 from michaelnebel/csharp/qualifiedname 
C#: Deprecate hasQualifiedName/1 and prepare for deprecating getQualifiedName/0.
 2022-12-07 09:16:38 +01:00
Tiferet Gazit
1a9dd48a88 Merge pull request #11551 from github/tiferet/endpoint-characteristics-test 
ATM: Test for contradictory endpoint characteristics
 2022-12-06 18:36:41 -08:00
retanoj
8ee418405b consider blankspace / comma /dot field 2022-12-07 10:06:39 +08:00
tiferet
cf29cde2e8 Apply suggestions from code review 2022-12-06 18:05:04 -08:00
Chris Smowton
522a549d61 Improve debug logging when the external decl extractor handles an IrFile 2022-12-06 20:39:14 +00:00
Chris Smowton
d2e7797485 Rename to writeStubTrapFile 2022-12-06 20:39:03 +00:00
Ed Minnix
1c81f8d8d5 Apply suggestion from docs review 2022-12-06 15:32:54 -05:00
Chris Smowton
00f323c8bd Fix: extract directly exposed fields with static modifier 2022-12-06 20:32:10 +00:00
Chris Smowton
5d43c431c0 Merge pull request #11504 from owen-mc/fix-small-error 
Fix `mayHaveSideEffects` for `ReturnStmt`
 2022-12-06 20:15:07 +00:00
Chris Smowton
c68ac460c9 Accept test changes: again this is a raw class extracted just for its signature. 2022-12-06 18:38:33 +00:00
Chris Smowton
d37a10e4f1 Accept test changes: methods no longer appearing to be final 
This is actually a bug, which we should follow up on subsequently.
 2022-12-06 18:38:31 +00:00
Chris Smowton
59eb81b50a Accept test changes: a raw class getting extracted solely for use in a signature 
We could revert this by allowing useType to avoid triggering class-instance extraction when used just for its signature result
 2022-12-06 18:35:04 +00:00
Chris Smowton
f5579d59f8 Accept test changes: classes no longer getting multiple locations 2022-12-06 18:35:04 +00:00
Chris Smowton
9f722a7e12 Disable java_and_kotlin inconsistency test; accept changes 
This was testing that a signature inconsistency occurs, but this now manifests as a db inconsistency which can't be used as a test expectation because specific tuple numbers are liable to change with the environment.
 2022-12-06 18:35:04 +00:00
Chris Smowton
f2fded6486 Accept jvmstatic-annotation changes 
These occur because the Companion field is odd, being extracted from source but not having an associated FieldDeclaration, leading to PrintAst enumerating the node differently depending on whether it has a source-file location or not but in either case choosing not to show it.
 2022-12-06 18:35:04 +00:00
Chris Smowton
5e023bf619 Remove no-longer-applicable diagnostic matches 
These resulted from the Java compiler exploring NotNull and other Kotlin-emitted annotations, which it no longer does because it finds a .class trap file already present and truncates its class-graph walk
 2022-12-06 18:35:04 +00:00
Chris Smowton
82f3c2f6d5 Mark the Companion field as static 2022-12-06 18:35:04 +00:00
Chris Smowton
d9dc8e38f9 Fix binary names for classes declared from source 
Only top-level non-class declarations need the IrFile's expected class name inserting
 2022-12-06 18:35:04 +00:00
Chris Smowton
910a1f872d Adjust opt-in required to use string-manipulation functions in Kotlin <= 1.5 2022-12-06 18:35:04 +00:00
Chris Smowton
540a2a623e Don't create stub trap files for anonymous or local classes, or unexpected kinds of top-level declaration 2022-12-06 18:35:04 +00:00
Chris Smowton
08e3431107 Also stub class files relating to file classes and top-level declarations 2022-12-06 18:35:04 +00:00
Chris Smowton
748637c2d8 Tidy and use version 0 for classes extracted from source 2022-12-06 18:35:03 +00:00
Chris Smowton
e34d72aee9 Kotlin: stub trap .class files when extracting a class from Kotlin source 2022-12-06 18:35:03 +00:00
Ethan Willoner
64f58061b7 Rename 2022-12-05-owin-uri-fix.md. to 2022-12-05-owin-uri-fix.md 2022-12-06 09:13:28 -08:00
Ethan Willoner
574d6d6119 Fix comment. 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2022-12-06 09:10:22 -08:00
Jeroen Ketema
b5147bbfb0 C++: Deprecate DefaultTaintTracking and TaintTrackingImpl 2022-12-06 17:45:16 +01:00
Owen Mansel-Chan
4789431d6e Add change note 2022-12-06 16:25:50 +00:00
Owen Mansel-Chan
d588ee375b Fix mayHaveSideEffects for ReturnStmt 
The previous code only worked when the return statement
only has one returned expression.
 2022-12-06 15:07:45 +00:00
Mathias Vorreiter Pedersen
2c500142c7 Merge pull request #11435 from jketema/rewrite-tainted-path 
C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`
 2022-12-06 14:54:57 +00:00
retanoj
b0c86d8e51 change string match to regex match 2022-12-06 21:50:09 +08:00
Michael Nebel
8e4190d84a Merge pull request #11516 from michaelnebel/java/externalflowcleanup 
Java: Cleanup imports of `ExternalFlow`
 2022-12-06 14:26:39 +01:00
Anders Schack-Mulligen
b579e2e7ed Merge pull request #11493 from aschackmull/java/scc-equivrel 
Java: Replace ad-hoc SCC reduction with union-find.
 2022-12-06 14:02:46 +01:00
Michael Nebel
27efb0d843 C#: Rename -> for . 2022-12-06 13:53:50 +01:00
Erik Krogh Kristensen
be168901d6 Merge pull request #11085 from dbartol/dbartol/ql-for-ql-latest 
Use latest released bundle for QL-for-QL
 2022-12-06 12:43:53 +01:00
retanoj
2bbd37f9ab change code snippet to or condition 2022-12-06 19:27:29 +08:00
Michael Nebel
29ccac8e93 C#: Address review comments. 2022-12-06 12:05:48 +01:00
Mathias Vorreiter Pedersen
3eea3b2f45 Merge pull request #11446 from atorralba/atorralba/swift/path-injection 
Swift: Add path injection query
 2022-12-06 11:03:26 +00:00
Michael Nebel
6b35098fb7 C#: Replace more uses of getQualifiedName/0. 2022-12-06 11:59:13 +01:00
Michael Nebel
0a3295ef3f C#: Address review comments. 2022-12-06 11:59:13 +01:00
Michael Nebel
ae4f4d6df4 C#: Add change note about deprecation of hasQualifiedName/1. 2022-12-06 11:59:13 +01:00
Michael Nebel
f7a1a4a9b7 C#: Add some missing this qualifiers. 2022-12-06 11:59:13 +01:00