hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
51,248 Commits 1,747 Branches 166 Tags
b054b9c5cd105ffbf3831efd7e33ded621692d2a
Commit Graph

51248 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
b054b9c5cd Merge pull request #12408 from jketema/merge-main 
C++: use-use dataflow merge main
 2023-03-07 13:05:30 +00:00
Jeroen Ketema
9ec479a2a0 C++: Update queries to use DataFlow::ConfigSig 2023-03-07 10:15:11 +01:00
Mathias Vorreiter Pedersen
aa09361a42 Merge pull request #12407 from MathiasVP/fix-internal-system-data-tests 2023-03-06 15:45:25 +00:00
Jeroen Ketema
47930f94e2 Merge remote-tracking branch 'upstream/main' into merge-main 2023-03-06 15:20:39 +01:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Mathias Vorreiter Pedersen
d2d91cfb29 C++: Accept test changes. 2023-03-06 11:30:40 +00:00
Mathias Vorreiter Pedersen
8836cbae5b C++: Make sure we use an indirect sink only for the sinks that receive a 
pointer to the data. Also fix a bug where we used 'asExpr' instead
of 'asIndirectExpr'.
 2023-03-06 11:22:58 +00:00
dependabot[bot]
3538cf89b9 Merge pull request #12404 from github/dependabot/cargo/ql/serde_json-1.0.94 2023-03-06 09:55:33 +00:00
Arthur Baars
d2ab40c184 Merge pull request #12208 from gregxsunday/main 
Add ZipSlip and TarSlip query to ruby
 2023-03-06 10:40:06 +01:00
dependabot[bot]
ce5e76a3a0 Bump serde_json from 1.0.93 to 1.0.94 in /ql 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.93 to 1.0.94.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.93...v1.0.94)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-06 09:32:26 +00:00
Anders Schack-Mulligen
557cb17f4d Dataflow: Minor perf fix for single config wrapper. 2023-03-06 10:24:33 +01:00
Calum Grant
b8e123dc08 Merge pull request #12402 from github/dependabot/cargo/ruby/serde_json-1.0.94 
Bump serde_json from 1.0.93 to 1.0.94 in /ruby
 2023-03-06 09:24:21 +00:00
Anders Schack-Mulligen
d4c5877484 Merge pull request #3 from MathiasVP/fix-exec-tainted 
C++: Use refactored dataflow library in `cpp/command-line-injection`
 2023-03-06 09:32:34 +01:00
dependabot[bot]
f93b304578 Bump serde_json from 1.0.93 to 1.0.94 in /ruby 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.93 to 1.0.94.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.93...v1.0.94)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-06 04:15:01 +00:00
Geoffrey White
6f120a66d0 Merge pull request #12368 from geoffw0/taintarith3 
Swift: Fill some gaps in arithmetic / bitwise operations modelling
 2023-03-03 18:20:54 +00:00
Geoffrey White
9aaf30691c Merge pull request #12307 from geoffw0/stringconflationtaint 
Swift: Update swift/string-length-conflation to taint tracking
 2023-03-03 17:27:15 +00:00
Geoffrey White
c29dcefcf2 Swift: Fix .expected file. Locations had changed after the formatting fix. 2023-03-03 17:24:07 +00:00
Geoffrey White
b2bcb2d378 Swift: Fix formatting. 2023-03-03 16:32:21 +00:00
Chris Smowton
d4e02eb846 Merge pull request #12384 from smowton/smowton/admin/java-tsp-message-cleanup 
Java TSP: test changes re: formatting improvements
 2023-03-03 16:24:35 +00:00
Jeroen Ketema
2ee8344e92 Merge pull request #12387 from jketema/qualified-deprecation 
C++: Properly deprecate `hasQualifiedName` by using the `deprecated` keyword
 2023-03-03 17:11:56 +01:00
AlexDenisov
4aeff0f8dc Merge pull request #12335 from github/alexdenisov/extract-lazy-declarations 
Swift: extract lazy declarations
 2023-03-03 16:06:20 +01:00
Jeroen Ketema
6495f1911f C++: Properly deprecate hasQualifiedName by using the deprecated keyword 2023-03-03 15:57:59 +01:00
Chris Smowton
b234bbd119 Accept test changes 2023-03-03 14:46:21 +00:00
Mathias Vorreiter Pedersen
907e6299a4 C++: Convert 'ExecTainted' to use the new refactored dataflow library. 2023-03-03 14:41:29 +00:00
Jeroen Ketema
620c69df12 C++: Add more static qualifiers in syntax zoo test 2023-03-03 15:03:31 +01:00
Kasper Svendsen
fe65fb8743 Merge pull request #12360 from kaspersv/kaspersv/actioncontroller-prevent-bad-join 
ActionController: Prevent bad join
 2023-03-03 13:38:33 +01:00
Asger F
f2f972567d Merge pull request #12379 from github/revert-12217-mbg/csharp/tsp-support 
Revert "C#: Tool status page support"
 2023-03-03 13:29:13 +01:00
Erik Krogh Kristensen
d94e51aaf6 Merge pull request #12377 from erik-krogh/jHtml 
JS: add the html argument to the jQuery functions as an XSS sink
 2023-03-03 13:19:38 +01:00
Jeroen Ketema
87b1c3eaa8 Merge pull request #12381 from jketema/silence 
C++: Silence some more bogus consistency errors in syntax zoo
 2023-03-03 12:51:39 +01:00
Nick Fyson
48c30771da Merge pull request #12374 from github/codeql-ci/atm/update-model-pack/ecb17d40286d14132b481c065a43459a7f0ba9059015b7a49c909c9f9ce5fec5 
ATM: Update model pack to version 0.3.1-2023-03-01-12h42m43s.strong-turtle-1xp3dqvv.ecb17d40286d14132b481c065a43459a7f0ba9059015b7a49c909c9f9ce5fec5
 2023-03-03 11:42:57 +00:00
Mathias Vorreiter Pedersen
16e817c814 Merge pull request #12356 from MathiasVP/use-phi-reads 
C++: Include "phi reads" in `DataFlow::Node`
 2023-03-03 11:14:08 +00:00
Jeroen Ketema
4faede0e2c C++: Silence some more bogus consistency errors in syntax zoo 
These were due to several functions occurring that would have the same TRAP key.
By making the functions static or wrapping the defining class in an anonymous
namespace the TRAP keys will differ from each other.
 2023-03-03 12:07:33 +01:00
Jeroen Ketema
7f9b856a21 Merge pull request #12378 from jketema/silence 
C++: Silence a number of bogus consistency errors in syntax zoo
 2023-03-03 12:05:29 +01:00
Anders Schack-Mulligen
0addcfa7c5 Dataflow: Fix some perf issues. 2023-03-03 11:45:32 +01:00
Asger F
8f0b77d54f Revert "C#: Tool status page support" 2023-03-03 11:44:42 +01:00
Geoffrey White
7b596f4928 Merge pull request #10431 from ihsinme/ihsinme-patch-111 
CPP: Add query for CWE-369: Divide By Zero.
 2023-03-03 10:42:04 +00:00
Jeroen Ketema
f649def3f8 C++: Silence a number of bogus consistency errors in syntax zoo 
These were due to several functions occurring that would have the same TRAP
key. By making the functions static the TRAP keys will differ from each other.
 2023-03-03 11:16:19 +01:00
erik-krogh
a6c9af4182 add the html argument to the jQuery functions as an XSS sink 2023-03-03 11:09:53 +01:00
erik-krogh
94870b838f add failing test 2023-03-03 11:08:33 +01:00
Nick Fyson
5869c36366 Merge branch 'main' into codeql-ci/atm/update-model-pack/ecb17d40286d14132b481c065a43459a7f0ba9059015b7a49c909c9f9ce5fec5 2023-03-03 10:03:22 +00:00
Alex Denisov
ae7a0c517c Swift: do not allocate mangler statically 2023-03-03 10:28:08 +01:00
Alex Denisov
60c1505097 Swift: address review comments 2023-03-03 10:26:44 +01:00
Paolo Tranquilli
1a19909abf Merge pull request #12373 from github/redsun82/swift-qldoc 
Swift: turn on QLdoc check
 2023-03-03 08:26:39 +01:00
Mathias Vorreiter Pedersen
959237e8d2 C++: Fix missing type for Phi nodes. 2023-03-02 22:48:10 +00:00
Mathias Vorreiter Pedersen
2963dc1cb1 C++: Include phi read nodes in SSA. 
There's a small fix to the mapping from 'global def -> use'.

Finally, this commit also accepts a test failure related to new missing
types for phi nodes. The fix for that is in the next commit.
 2023-03-02 22:48:06 +00:00
Mathias Vorreiter Pedersen
b3f92fcf0f C++: Add FN caused by missing static local initialization in SSA. 2023-03-02 22:37:52 +00:00
Alex Denisov
ffcb382705 Swift: only consider Builting and __ObjC declarations as lazy 2023-03-02 20:00:23 +01:00
github-actions[bot]
50c90bbc5c ATM: Update model pack dependency of ML-powered model building and query packs 2023-03-02 17:31:03 +00:00
Geoffrey White
764a52354e Merge pull request #12367 from geoffw0/nsstring2 
Swift: Additional NSString taint test cases
 2023-03-02 15:56:15 +00:00
Paolo Tranquilli
162b995428 Swift: turn on QLdoc check 2023-03-02 16:16:12 +01:00