hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 04:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,793 Commits 1,686 Branches 158 Tags
b817bd43caf3c35f4a9bb1cb52a311c9bb00a7de
Commit Graph

41793 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
b817bd43ca Merge pull request #10005 from michaelnebel/csharp/constructorsummaries 
C#: Constructor summaries
 2022-08-11 09:16:05 +02:00
Tom Hvitved
e106edc04e Merge pull request #9989 from hvitved/csharp/lua-tracer-improvements2 
C#: Handle `dotnet exec csc.dll` and the likes in the Lua tracer
 2022-08-11 08:55:46 +02:00
Chris Smowton
cc8e9806c4 Merge pull request #10009 from smowton/smowton/java17-options 
Java: Adapt tests as required by JDK17 extractor upgrade
 2022-08-10 18:46:06 +01:00
Chris Smowton
341241cf43 Use SrcFloatingPointLiteral 2022-08-10 17:28:14 +01:00
Mathias Vorreiter Pedersen
56fddd75bb Merge pull request #10000 from geoffw0/defaulttaint 
Swift: Taint flow improvements
 2022-08-10 16:30:09 +01:00
Geoffrey White
6ffe5fcaed Swift: Comment some other cases. 2022-08-10 15:46:32 +01:00
Geoffrey White
537caf85f2 Swift: Fix cartesian product. 2022-08-10 15:46:30 +01:00
Geoffrey White
e09e64ee85 Swift: Restrict taint flow through + to strings. 2022-08-10 15:46:28 +01:00
Geoffrey White
f3499e98a4 Swift: Move try, ! to dataflow. 2022-08-10 15:13:04 +01:00
Nora Dimitrijević
cce39fb2ce Merge pull request #9998 from d10c/use-strcpyfunction-in-bad-strncpy-size 
Use StrcpyFunction in `cpp/bad-strncpy-size`

This PR:

- Uses the [StrcpyFunction](https://github.com/github/codeql/blob/main/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll#L14) class in the [StrncpyFlippedArgs](https://github.com/github/codeql/blob/main/cpp/ql/src/Likely%20Bugs/Memory%20Management/StrncpyFlippedArgs.ql) query instead of an ad-hoc predicate for finding strcpy-like functions.
- Tests this by adding one previously unsupported strcpy-like function (`wcsxfrm_l`) to StrncpyFlippedArgs's test.cpp.
 2022-08-10 15:11:20 +02:00
Tamás Vajk
b2c22dacc2 Merge pull request #9769 from tamasvajk/fix/ctor-field-flow 
C#: Fix dataflow for default constructors
 2022-08-10 15:06:25 +02:00
Anders Schack-Mulligen
cbd6d24b9c Merge pull request #9963 from intrigus-lgtm/java/model-set-properties 
Model `java.util.Properties.setProperty`
 2022-08-10 14:51:00 +02:00
Michael Nebel
736ae4f7d6 C#: Update FlowSummaries expected output. 2022-08-10 14:23:54 +02:00
Michael Nebel
5659db73d3 C#: Update alle manually written summaries for constructors to use Argument[Qualifier] instead of ReturnValue. 2022-08-10 14:17:16 +02:00
Nora Dimitrijević
60f4049388 Re-autoformat StrncpyFlippedArgs.ql 2022-08-10 14:14:42 +02:00
Nora Dimitrijević
05f4f98aa0 Add change note 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
8e60a4a478 Update StrncpyFlippedArgs.expected 
Add output lines for the newly implemented test case, test.cpp/test9().
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
df419003ad Use Strcpy.qll in StrncpyFlippedArgs.ql 
As a result, the query gets access to more types of strncpy-like
functions, as demonstrated by test.cpp, which now "fails" (i.e. works) for the new test
cases instroduced
in the previous commit.
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
554aea1bb8 New strcpy-variant in StrncpyFlippedArgs test 
Added wcsxfrm_l, which is not currently caught by the query,
meaning that in this case a successful
test implies missing functionality.
 2022-08-10 13:42:21 +02:00
Chris Smowton
8c32758ae5 Merge pull request #9829 from smowton/smowton/fix/kotlin-underscore-parameter-names 
Kotlin: Don't extract a name for a '_' parameter
 2022-08-10 12:28:26 +01:00
Tom Hvitved
2bb9e4859f C#: Handle dotnet exec csc.dll and the likes in the Lua tracer 2022-08-10 12:52:18 +02:00
Rasmus Wriedt Larsen
40d25cb34c Merge pull request #9849 from tausbn/python-fix-bad-essa-getInput-join 
Python: Fix bad join in ESSA `getInput`
 2022-08-10 11:45:23 +02:00
Michael Nebel
7fc95fb49b Merge pull request #9988 from michaelnebel/csharp/updatestubs 
C#: Update .NET Core and ASP.NET Core Stubs.
 2022-08-10 11:02:35 +02:00
Rasmus Wriedt Larsen
b541103b7f Merge pull request #9846 from tausbn/python-fix-bad-syntactic_call_count-join 
Python: Fix bad join in `syntactic_call_count`
 2022-08-10 10:09:51 +02:00
Michael Nebel
0aa64b3a8f Merge pull request #10001 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-08-10 10:09:19 +02:00
Tom Hvitved
19043bdf38 Merge pull request #9976 from hvitved/ruby/hash-literal-summary-simplification 
Ruby: Simplify flow summaries for hash literals
 2022-08-10 08:57:33 +02:00
Erik Krogh Kristensen
d008975ff4 Merge pull request #9825 from erik-krogh/repeatedWord 
QL: add ql/repeated-word query
 2022-08-10 07:25:26 +02:00
github-actions[bot]
cb19ae2638 Add changed framework coverage reports 2022-08-10 00:16:31 +00:00
Harry Maclean
30ff18aec8 Merge pull request #9919 from hmac/hmac/ar-associations 
Ruby: ActiveRecord associations
 2022-08-10 11:13:39 +12:00
Esben Sparre Andreasen
0c6f28014c Merge pull request #9821 from erik-krogh/jsQlFix 
JS: fix some QL-for-QL warnings in JS
 2022-08-09 22:06:29 +02:00
Erik Krogh Kristensen
559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00
Geoffrey White
6f696ccc3c Swift: Effect of merging with main to get the AnyTryExpr fix. 2022-08-09 19:02:59 +01:00
Geoffrey White
efcc696e6e Merge branch 'main' into defaulttaint 2022-08-09 18:59:36 +01:00
Geoffrey White
f2fead7ec7 Merge pull request #9995 from MathiasVP/swift-cfg-for-anytry 
Swift: CFG for `any!`
 2022-08-09 18:00:28 +01:00
Geoffrey White
36f410b9f7 Swift: Move taint logic from isAdditionalTaintStep to defaultAdditionalTaintStep. 2022-08-09 17:42:28 +01:00
Geoffrey White
242dc80907 Swift: Add taint test of try. 2022-08-09 17:42:25 +01:00
Geoffrey White
3bda9af97a Swift: Add taint test of Data. 2022-08-09 17:42:24 +01:00
Geoffrey White
42c3e29a29 Swift: Add taint test of URL. 2022-08-09 17:42:23 +01:00
Geoffrey White
068ec8ea20 Swift: More tests of taint flow through Strings. 2022-08-09 16:43:07 +01:00
Geoffrey White
0141609703 Swift: Rename test. 2022-08-09 16:41:26 +01:00
Tony Torralba
7f5fe85e2e Merge pull request #9975 from atorralba/atorralba/asynctask-improvs 
Java: Improve AsyncTask data flow support
 2022-08-09 17:10:09 +02:00
Mathias Vorreiter Pedersen
5ee11c3d7b Swift: Accept test changes. 2022-08-09 15:12:42 +01:00
Mathias Vorreiter Pedersen
06fecf3869 Swift: Include 'any!' in the the CFG tree for 'any' expressions. 2022-08-09 15:12:31 +01:00
Michael Nebel
eb19090746 C#: Remove unused hand written stubs. 2022-08-09 15:23:43 +02:00
Michael Nebel
cdd1172cee C#: Use generated stubs in the RequireSSLAspNetCore like tests and update test results with new line numbers. 2022-08-09 15:18:34 +02:00
Michael Nebel
a23be5ca3b C#: Manually re-order the values in the CookieSecurePolicy enum. 2022-08-09 15:17:14 +02:00
Michael Nebel
98f8bed037 C#: Update CookieWithoutHttpOnlyAspNetCore tests to use generated stubs and update line numbers in test output. 2022-08-09 14:54:19 +02:00
Michael Nebel
77a321ee9a C#: Manually re-order the values in the HttpOnlyPolicy enum. 2022-08-09 14:52:54 +02:00
Michael Nebel
d6880f059d C#: Use generated stubs for CookieHttpOnlyFalseAspNetCore testcases and update test output with new line numbers. 2022-08-09 14:32:19 +02:00
Tom Hvitved
28c8d9b885 Ruby: Add two more hash flow tests 2022-08-09 14:17:07 +02:00