hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 14:34:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
54,904 Commits 1,741 Branches 165 Tags
aeb6293757b1eba2e9121815f4840ae44081bfbc
Commit Graph

54904 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
aeb6293757 C++: Rewrite flow test common to use inline expectation test module 
This also rewrites all uses of flow test common to use `DataFlow::ConfigSig`.

Note that the removed deprecated aliases are 14 months old by now and, hence,
can be safely removed.
 2023-05-23 16:34:41 +02:00
Jeroen Ketema
ee36d32ef0 Merge pull request #12789 from jketema/inline 
Turn inline expectation test into a parameterized module
 2023-05-23 14:58:48 +02:00
Tony Torralba
6f012d51c0 Merge pull request #13091 from atorralba/atorralba/java/inputstreamwrapper-transitive 
Java: Make inputStreamWrapper consider supertypes transitively
 2023-05-23 13:28:17 +02:00
Michael Nebel
8cef798a6f Merge pull request #13202 from michaelnebel/csharp/systemdatetimedefaults 
C#: System.DateTime defaults.
 2023-05-23 13:11:20 +02:00
Jeroen Ketema
3efc78ed49 Add default for hasOptionalResult 2023-05-23 12:32:11 +02:00
Jeroen Ketema
adbf66a365 C++: Rewrite inline expectation test to demonstrate MergeTests 2023-05-23 12:29:06 +02:00
Jeroen Ketema
04beeef777 Add convenience module that merges two inline expectation tests 2023-05-23 12:29:06 +02:00
Jeroen Ketema
9228e0deed C++: Rewrite local flow test to use TestSig 2023-05-23 12:29:06 +02:00
Jeroen Ketema
b96bfea590 Turn inline expectation test into a parameterized module 2023-05-23 12:29:06 +02:00
Rasmus Wriedt Larsen
5c77edecf7 Merge pull request #12991 from Sim4n6/python-UBV 
[Python] Add Unicode Bypass Validation query tests and help
 2023-05-23 12:21:55 +02:00
Tony Torralba
0ff90df497 Merge pull request #13245 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-05-23 09:38:01 +02:00
Erik Krogh Kristensen
50cb5ea184 Merge pull request #13164 from erik-krogh/polyQhelp 
ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
 2023-05-23 09:25:15 +02:00
Erik Krogh Kristensen
e658177c31 Merge pull request #12975 from tyage/support-sub-modules 
JS: Support sub modules
 2023-05-23 09:24:43 +02:00
Erik Krogh Kristensen
4540ac88ad Merge pull request #13247 from github/dependabot/cargo/ql/regex-1.8.2 
Bump regex from 1.8.1 to 1.8.2 in /ql
 2023-05-23 08:19:18 +02:00
dependabot[bot]
3a39e8badf Bump regex from 1.8.1 to 1.8.2 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.1...1.8.2)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-23 04:14:09 +00:00
github-actions[bot]
abcece88f5 Add changed framework coverage reports 2023-05-23 00:16:20 +00:00
Erik Krogh Kristensen
653cd86c13 update qldoc 2023-05-22 20:48:21 +02:00
Jeroen Ketema
a319fc0044 Merge pull request #13234 from jketema/std-inline 
C++: Include inline namespaces in `StdNamespace`
 2023-05-22 19:56:15 +02:00
Tom Hvitved
97b0012a5e Merge pull request #13233 from hvitved/ruby/type-tracking-summary-ret-node 
Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking
 2023-05-22 16:05:18 +02:00
Jeroen Ketema
f31ab3a7e7 C++: Add change note 2023-05-22 16:00:12 +02:00
Mathias Vorreiter Pedersen
e3a5805916 Merge pull request #13237 from jketema/pointer-deref-fp 
C++: Add `cpp/invalid-pointer-deref` false positives
 2023-05-22 14:27:14 +01:00
Philip Ginsbach
cff4317cb1 Merge pull request #13236 from github/ginsbach/IdentifierSpecification 
repair and update the Identifier section of the QL specification
 2023-05-22 14:26:46 +01:00
Jeroen Ketema
ec265c6bb2 Merge pull request #13229 from MathiasVP/add-fp-testcase 
C++: Add FP testcase for `cpp/overrun-write`
 2023-05-22 15:26:13 +02:00
Tony Torralba
183915410d Add change note 2023-05-22 15:01:25 +02:00
Paolo Tranquilli
f56ffbc25e Merge pull request #13232 from github/redsun82/swift-hidden-ast 
Swift: fix hidden AST getters
 2023-05-22 14:47:11 +02:00
Jeroen Ketema
3f289b1c99 C++: Add cpp/invalid-pointer-deref false positives 2023-05-22 14:34:59 +02:00
Michael Nebel
2c37cb7ac5 C#: Add more default parameter test-cases. 2023-05-22 14:24:46 +02:00
Sim4n6
e300816b72 Merge branch 'python-UBV' of https://github.com/sim4n6/codeql-pun into python-UBV 2023-05-22 13:18:40 +01:00
Michael Nebel
6cb2ce5a38 C#: Update tests to exclude autogenerated parameterizables in attributes as these appears to give OS dependent results. 2023-05-22 14:16:37 +02:00
Michael Nebel
5a57d47b6c C#: Add more testcases, a new test, update the compiled test code and updated expected results. 2023-05-22 14:16:37 +02:00
Michael Nebel
2ca543e217 C#: Synthetic DateTime object creation for DateTime defaults via attributes. 2023-05-22 14:16:37 +02:00
Philip Ginsbach
35114d5ac4 introduce parameterName rule 2023-05-22 11:48:13 +01:00
Philip Ginsbach
42e81015d0 mention signatureExpr in section on use of identifier rules 2023-05-22 11:48:13 +01:00
Philip Ginsbach
d98fcdd6aa do not use upperId directly in type signature rules 2023-05-22 11:48:13 +01:00
Philip Ginsbach
b707815370 do not use simpleId directly in module expression rules 2023-05-22 11:48:06 +01:00
Philip Ginsbach
7ace4cd43e add rule for module signature names (differing from module names) 2023-05-22 11:44:59 +01:00
Tom Hvitved
20efe81f10 Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-22 12:43:05 +02:00
Philip Ginsbach
d4ab1c9643 such identifiers do not actually exist in QL 2023-05-22 11:22:47 +01:00
Rasmus Wriedt Larsen
c1b90c8f05 Python: Apply suggested change 2023-05-22 11:58:32 +02:00
Rasmus Wriedt Larsen
a057365b7e Python: Accept .expected changes 2023-05-22 11:54:50 +02:00
Erik Krogh Kristensen
3647b9cfeb Merge pull request #13196 from erik-krogh/indirectCommand 
JS: require arguments to be shell interpreted to be flagged by indirect-command-injection
 2023-05-22 11:53:57 +02:00
Rasmus Wriedt Larsen
44d806507d Merge branch 'main' into python-UBV 2023-05-22 11:53:56 +02:00
Jeroen Ketema
f46183d0ba C++: Include inline namespaces in StdNamespace 2023-05-22 11:41:49 +02:00
Tom Hvitved
33be52f0b7 Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking 2023-05-22 11:01:08 +02:00
Paolo Tranquilli
20893bdef5 Swift: accept test changes after hidden AST fix 2023-05-22 10:14:29 +02:00
Tony Torralba
05c30e8fac Merge pull request #13230 from atorralba/atorralba/java/groove-template-engine-sink 
Java: Add TemplateEngine.createTemplate as a Groovy injection sink
 2023-05-22 10:04:29 +02:00
Paolo Tranquilli
de03bdc235 Swift: fix hidden AST getters 
For consistency with the C/C++ QL library, getters of AST elements
within the hidden AST should not themselves skip other hidden AST
elements.
 2023-05-22 09:57:48 +02:00
Tom Hvitved
224a2c3d91 Merge pull request #13231 from hvitved/ruby/type-tracker-missing-callback-flow-out 
Ruby: Allow for flow through callbacks to summarized methods in type tracking
 2023-05-22 09:38:59 +02:00
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
erik-krogh
10bf17c33e Merge branch 'main' into polyQhelp 2023-05-21 22:17:06 +02:00