hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 21:33:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
39,919 Commits 1,685 Branches 159 Tags
b88fe1b2b4fcb00a209284286e2ae3a73d86fb18
Commit Graph

39919 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
b88fe1b2b4 Swift: Add test case and accept changes. 2022-05-30 17:05:06 +01:00
Mathias Vorreiter Pedersen
eed42a4e14 Swift: Make a new scope for each KeyPath expression. 2022-05-30 17:05:06 +01:00
Mathias Vorreiter Pedersen
cd1800ec7e Merge pull request #9371 from MathiasVP/extract-key-path-application 
Swift: Extract KeyPath applications
 2022-05-30 17:02:42 +01:00
Mathias Vorreiter Pedersen
9175354bbd Swift: Add test and accept changes. 2022-05-30 15:51:49 +01:00
Mathias Vorreiter Pedersen
52f0b0d8d8 Swift: Fix extraction of roots in 'KeyPathExpr'. 2022-05-30 15:46:54 +01:00
Mathias Vorreiter Pedersen
21527f66e1 Swift: Extract KeyPath applications and KeyPathDot expressions. 2022-05-30 15:46:18 +01:00
Rasmus Wriedt Larsen
b6cc438390 Merge pull request #9368 from RasmusWL/test-model-api-graphs 
Python: Port test model to API graphs
 2022-05-30 15:45:13 +02:00
Mathias Vorreiter Pedersen
7ca01443e8 Merge pull request #9342 from rdmarsh2/rdmarsh2/swift/dataflow-global-flow 
Swift: initial interprocedural data flow implementation
 2022-05-30 13:54:56 +01:00
Rasmus Wriedt Larsen
420dea0792 Python: Fix example TestCase 2022-05-30 14:48:06 +02:00
Rasmus Wriedt Larsen
08e64ea1b4 Python: Remove contrived test-case example 2022-05-30 14:45:34 +02:00
yoff
2492744a9b Merge pull request #8443 from haby0/py/CsvInjection 
Python: Add CSV injection model
 2022-05-30 14:31:28 +02:00
Rasmus Wriedt Larsen
a8b4b6a374 Python: Move test-modeling to API-graphs 
Notice that although we loose the contrived examples in `test.py`, we do
gain support for real-world test-case construction, which seems worth
the tradeoff.
 2022-05-30 14:13:06 +02:00
Rasmus Wriedt Larsen
a5dc4f430c Python: Expand test-filter tests 
With no virtual environment enabled, none of the third-party library
test case are found.
 2022-05-30 14:11:50 +02:00
Mathias Vorreiter Pedersen
ef31aec29e Swift: Autoformat. 2022-05-30 12:58:12 +01:00
Mathias Vorreiter Pedersen
425d66e454 Update swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll 2022-05-30 12:52:48 +01:00
Mathias Vorreiter Pedersen
2106d48785 Swift: Add 'Argument.getIndex()' and use it in 'DataFlowDispatch'. 2022-05-30 12:51:29 +01:00
Mathias Vorreiter Pedersen
0d8a9458c6 Merge branch 'main' into rdmarsh2/swift/dataflow-global-flow 2022-05-30 12:46:06 +01:00
yoff
cd46f31cba Merge branch 'main' into py/CsvInjection 2022-05-30 13:41:31 +02:00
Rasmus Wriedt Larsen
7a6646dcaf Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00
Michael Nebel
a0ae8b3a97 Merge pull request #9361 from michaelnebel/java/capturemodels-metadata 
Java: Update capture models meta data.
 2022-05-30 13:22:09 +02:00
Asger F
5f42866de3 Merge pull request #9318 from asgerf/js/type-confusion-parmaeter-tampering-barrier 
JS: Fix FP in js/type-confusion-through-parameter-tampering
 2022-05-30 12:52:37 +02:00
Erik Krogh Kristensen
adb40f9360 Merge pull request #9289 from erik-krogh/es2022 
JS: Support the remaining of the finished ES2022 proposals
 2022-05-30 12:27:19 +02:00
Erik Krogh Kristensen
ab28b0a690 Merge pull request #9348 from erik-krogh/polyRegSyntax 
JS: use syntactically correct JS in poly-redos example
 2022-05-30 12:26:04 +02:00
Erik Krogh Kristensen
e557d8839b have the Instance token just be an alias for ReturnValue 2022-05-30 12:21:42 +02:00
Erik Krogh Kristensen
c7a8008897 Merge pull request #9235 from kaeluka/extractor-update-typescript-4_7 
JS: Update the extractor to use TypeScript 4.7
 2022-05-30 12:02:06 +02:00
Chris Smowton
2f436c800b Merge pull request #9357 from smowton/smowton/fix/extension-properties-backing-fields 
Kotlin: Disambiguate the names and trap labels of backing fields of extension properties
 2022-05-30 09:55:02 +01:00
Asger F
cc42f2f824 Merge pull request #8606 from asgerf/js/api-graph-api 
JS/Python/Ruby: Document how API graphs should be interpreted
 2022-05-30 10:49:14 +02:00
Michael Nebel
815dff338d Java: Update capture models meta data. 2022-05-30 09:44:39 +02:00
Michael Nebel
7d171f86ea Merge pull request #9335 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-29 13:33:10 +02:00
github-actions[bot]
31c91a6faa Add changed framework coverage reports 2022-05-29 00:16:56 +00:00
Chris Smowton
6ea87cd718 Accept test changes 2022-05-27 22:05:57 +01:00
Chris Smowton
9ea139566d Disambiguate the names and trap labels of backing fields of extension properties 2022-05-27 16:27:48 +01:00
Chris Smowton
6eb2935469 Merge pull request #9220 from smowton/smowton/fix/promoted-companion-object-fields 
Associate certain companion object fields with the parent class
 2022-05-27 16:19:10 +01:00
Erik Krogh Kristensen
62fd3fd90f add test that we detect the used type variable in an infer type 2022-05-27 14:15:27 +00:00
Asger F
7e76e9a23b Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier 2022-05-27 15:55:42 +02:00
Asger F
468a4df215 Update javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-27 15:55:25 +02:00
Mathias Vorreiter Pedersen
2dcd7e16b1 Merge pull request #9353 from MathiasVP/swift-extract-throwing-and-async 
Swift: Extract `isThrowing` and `isAsync`
 2022-05-27 12:14:02 +01:00
Chris Smowton
a204c742d8 Associate certain companion object fields with the parent class 
Specifically `const`, `lateinit` and `@JvmField` properties get a static field which belongs to the containing class not the companion object, such that Java can address them via the containing class name rather than have to navigate a companion object pointer.
 2022-05-27 11:52:39 +01:00
Mathias Vorreiter Pedersen
6815e731d2 Swift: Add test and accept output 2022-05-27 11:48:20 +01:00
Mathias Vorreiter Pedersen
45bbd24355 Swift: Extract whether a function type is throwing or async. 2022-05-27 11:48:01 +01:00
Alex Ford
5d4473bb2a Merge pull request #8845 from alexrford/ruby/rbi-lib 
Ruby: Add partial support for working with RBI (Ruby Interface) files
 2022-05-27 11:43:44 +01:00
Henry Mercer
da02bcc4c6 Merge pull request #9352 from github/revert-9314-aeisenberg/manifest 
Revert "Convert `.codeqlmanifest.json` file to `codeql-workspace.yml`"
 2022-05-27 11:40:25 +01:00
Tom Bolton
5830db786e Merge pull request #9285 from github/codeql-ci/js-atm-new-release 
JS: Bump version numbers of ML-powered packs after 0.3.0 release
 2022-05-27 11:39:45 +01:00
Henry Mercer
4091ba758d Revert "Convert .codeqlmanifest.json file to codeql-workspace.yml" 2022-05-27 11:29:48 +01:00
Alex Ford
919555d168 Merge pull request #9341 from alexrford/ruby/activerecordinstance-public 
Ruby: Make `ActiveRecordInstance` public and fix some misidentifications
 2022-05-27 11:21:58 +01:00
Chris Smowton
55513e0dbb Merge pull request #9350 from smowton/smowton/admin/mention-gradle-daemon 
Docs: Note that Gradle builds should use `--no-daemon`
 2022-05-27 10:37:33 +01:00
Mathias Vorreiter Pedersen
a63378308d Merge pull request #9340 from geoffw0/nocheckbeforeunsafeputuser 
C++: Improve cpp/linux-kernel-no-check-before-unsafe-put-user
 2022-05-27 10:17:46 +01:00
Chris Smowton
0925cf5c22 Docs: Note that Gradle builds should use --no-daemon 2022-05-27 10:06:35 +01:00
Arthur Baars
e3ef258b0e Merge pull request #9287 from aibaars/instance-variable-flow-2 
Ruby: flow through getters/setters
 2022-05-27 10:49:20 +02:00
Mathias Vorreiter Pedersen
4383aef1d2 Merge pull request #9328 from MathiasVP/swift-to-string 
Swift: Improve `toString` implementations for Ast classes
 2022-05-27 09:34:34 +01:00