hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-14 19:44:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
55,399 Commits 1,736 Branches 164 Tags
afb1129f2790447bd5eec24e2bf24025ddfeca17
Commit Graph

55399 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
afb1129f27 C++: Ensure that postfix crement operations are handled properly in dataflow SSA. 2023-06-08 12:50:05 +01:00
Mathias Vorreiter Pedersen
57ae1e9ff7 C++: Add a testcase that started to fail in #13326. 2023-06-08 12:49:08 +01:00
Paolo Tranquilli
357542a160 Merge pull request #13258 from github/redsun82/swift-synth-properties 
Codegen: allow `synth` properties of non-`synth` classes
 2023-06-07 10:31:06 +02:00
Geoffrey White
aa8878ba86 Merge pull request #13356 from geoffw0/qualname 
Swift: Add FieldDecl.getQualifiedName
 2023-06-07 09:08:16 +01:00
Tony Torralba
b5bbe63144 Merge pull request #13389 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-06-07 09:48:44 +02:00
Paolo Tranquilli
700e3d5e53 Codegen: rename ipa to synth 2023-06-07 09:12:39 +02:00
github-actions[bot]
a14e7fa694 Add changed framework coverage reports 2023-06-07 00:16:58 +00:00
Stephan Brandauer
b31131d33a Merge pull request #13344 from github/java/update-mad-decls-after-triage-2023-06-01T12-58-13 
Java: Update MaD Declarations after Triage
 2023-06-06 17:08:50 +02:00
Nora Dimitrijević
2529312d1d Codegen: fix test.qlgen failure 2023-06-06 15:58:19 +02:00
Nora Dimitrijević
928da77d10 Merge branch 'main' into redsun82/swift-synth-properties 2023-06-06 15:34:02 +02:00
Tony Torralba
49c6ea27a0 Merge pull request #13379 from atorralba/atorralba/kotlin/use-with-flow 
Kotlin: Add flow through kotlin.io.use and kotlin.with
 2023-06-06 13:44:14 +02:00
Taus
f4fd908f7f Java: Comment out sinks for which no query exists 2023-06-06 13:01:59 +02:00
Ian Lynagh
f690d150b0 Merge pull request #13373 from igfoo/igfoo/kotlin-loc 
Java/Kotlin: Split lines of code by language
 2023-06-06 11:49:18 +01:00
Taus
c4bfb21f0f Merge pull request #13371 from github/nickrolfe/python-location-tostring 
Python: avoid selecting `getLocation()`
 2023-06-06 12:05:51 +02:00
Erik Krogh Kristensen
0e6693bdea Merge pull request #12874 from erik-krogh/ts51 
JS: Add support for TS 5.1
 2023-06-06 11:51:51 +02:00
Rasmus Wriedt Larsen
a1f20f84d4 Merge pull request #13359 from jorgectf/jorgectf/unsafe-deserialization-name-convention 
Python: Make `py/unsafe-deserialization` `@name` consistent with other languages
 2023-06-06 11:28:41 +02:00
Tony Torralba
1d8ca88aca Add change note 2023-06-06 11:25:07 +02:00
Tony Torralba
72af634575 Kotlin: Add flow through use and with 2023-06-06 11:22:16 +02:00
Nick Rolfe
6c5c338e6b Merge pull request #13348 from github/nickrolfe/java-location-tostring 
Java: avoid call to `Location.toString()`
 2023-06-06 09:55:42 +01:00
Nick Rolfe
3d0ecbed39 Merge pull request #13361 from github/nickrolfe/csharp-location-tostring 
C#: avoid calls to `Location::toString()`
 2023-06-06 09:55:09 +01:00
Erik Krogh Kristensen
b78cd48954 Merge pull request #13329 from erik-krogh/sqlhelp 
JS: improve the sql-injection help page
 2023-06-06 08:44:44 +02:00
Erik Krogh Kristensen
29bbf58a29 Merge pull request #13377 from github/dependabot/cargo/ql/regex-1.8.4 
Bump regex from 1.8.3 to 1.8.4 in /ql
 2023-06-06 07:57:04 +02:00
dependabot[bot]
d38bca1e8c Bump regex from 1.8.3 to 1.8.4 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.3...1.8.4)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-06 04:02:46 +00:00
Jeroen Ketema
272ced6ea5 Merge pull request #13374 from jketema/ptr-deref-min 
C++: Remove `cpp/invalid-pointer-deref` results duplicating ones with smaller `k`
 2023-06-05 19:31:24 +02:00
erik-krogh
3cb2ec4e87 fix nits from doc review 2023-06-05 19:06:07 +02:00
Taus
7ad860fc98 Java: Update MaD declarations after triage 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2023-06-05 18:00:40 +02:00
Ian Lynagh
e49b278d61 Java/Kotlin: Add a changenote for the lines-of-code changes. 2023-06-05 16:33:12 +01:00
Jeroen Ketema
93215ba7e1 Merge pull request #13355 from jketema/ptr-deref-forward 
C++: Ensure that the sink instruction occurs last in `cpp/invalid-pointer-deref`
 2023-06-05 15:56:50 +02:00
Jeroen Ketema
86df424fca C++: Fix query formatting 2023-06-05 15:10:54 +02:00
Jeroen Ketema
4a27028768 C++: Remove cpp/invalid-pointer-deref results duplicating ones with smaller k 2023-06-05 15:03:58 +02:00
Jeroen Ketema
90f0209095 C++: Add cpp/invalid-pointer-deref test case with almost duplicated results 2023-06-05 15:03:57 +02:00
Jeroen Ketema
7f7b048f50 C++: Update expected test results 2023-06-05 15:00:11 +02:00
Ian Lynagh
a4a7ad8f99 Java/Kotlin: Split lines of code by language 
We were giving the sum of all lines for both languages, but labelling it
as "Total lines of Java code in the database", which was confusing.

Now we give separate sums for Kotlin and Java lines.
 2023-06-05 13:57:47 +01:00
Paolo Tranquilli
dc26dc81a9 Merge pull request #13370 from github/redsun82/swift-fix-cmake 
Swift: fix cmake generation
 2023-06-05 14:52:40 +02:00
Nick Rolfe
02395867c8 Python: avoid selecting getLocation() in py/truncated-division 2023-06-05 13:42:46 +01:00
Mathias Vorreiter Pedersen
52fb00cac3 Merge pull request #12036 from nmouha/patch-1 
CPP: Add query for CVE-2022-37454: Integer addition may overflow inside if statement
 2023-06-05 12:13:27 +01:00
Jeroen Ketema
11182e4ee4 C++: Move location where getASuccessor is used to avoid join order problems 2023-06-05 12:36:25 +02:00
Nick Rolfe
c67a350e36 Python: avoid selecting getLocation() in py/unnecessary-delete 2023-06-05 11:16:13 +01:00
Paolo Tranquilli
be9d32a6c1 Bazel/CMake: make include not use cmake include 
...but rather just pass along targets. This is required to fix CMake
generation in the internal repository.
 2023-06-05 11:43:48 +02:00
Michael B. Gale
06d48dca67 Merge pull request #13211 from github/mbg/identify-environment-stubs 
Shared: Add stubs for `identify-environment` scripts
 2023-06-05 10:29:06 +01:00
Nick Rolfe
dadb5b34e6 C#: avoid call to Location::toString() in cs/expose-implementation 2023-06-05 10:19:27 +01:00
Paolo Tranquilli
400176f677 Swift: fix cmake generation 
The bazel -> cmake generator is currently not capable of handling
separate included generated cmake files making use of common C/C++
dependencies.

To work around this limitation, a single generated cmake is now in
place. Long-term, we should either:
* make the cmake generator handle common dependencies gracefully, or
* make the cmake generation aspect travel up `pkg_` rules `srcs`
  attributes
so to avoid having to list the targets to be generated in the top-level
`BUILD` file.

Other things fixed:
* removed some warning spam about redefined `BAZEL_CURRENT_REPOSITORY`
* fixed the final link step, that was failing because `libswiftCore.so`
  was not being linked.
 2023-06-05 11:12:11 +02:00
Michael B. Gale
5d89b0739b Swift: Remove .cmd script 2023-06-05 09:12:21 +01:00
Nick Rolfe
79b3a8c955 C#: avoid call to Location::toString() 2023-06-02 19:39:24 +01:00
Jami
64830809a6 Merge pull request #13228 from jcogs33/jcogs33/deprecated-sink-error-message 
Java: add error message for outdated sink kinds in `getInvalidModelKind`
 2023-06-02 13:44:18 -04:00
jorgectf
3e8c7f72b6 Add changenote 2023-06-02 18:20:55 +02:00
Alex Ford
c95cf5ad6f Merge pull request #13062 from maikypedia/maikypedia/sqli-sink 
Ruby: Add MySQL as SQL Injection Sink
 2023-06-02 17:06:35 +01:00
jorgectf
5608082f35 Update py/unsafe-deserialization name 2023-06-02 17:57:24 +02:00
Jeroen Ketema
8ac1d56a7f C++: Fix join order in cpp/invalid-pointer-deref 2023-06-02 16:37:35 +02:00
Erik Krogh Kristensen
219ec9d05d Merge pull request #13127 from erik-krogh/polReDoS 
ReDoS: revert new superlinear algorithm.
 2023-06-02 16:10:24 +02:00