hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 16:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,100 Commits 1,692 Branches 160 Tags
b8c3cba4ff0fa9819982425cca1bf41dcbd0e2c0
Commit Graph

55100 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Harry Maclean
b8c3cba4ff Ruby: Consolidate unsafe deserialization queries 
Merge the experimental YAMLUnsafeDeserialization and
PlistUnsafeDeserialization queries into the generate
UnsafeDeserialization query in the default suite.

These queries look for some specific sinks that we now find in the
general query.

Also apply some small code and comment refactors.
 2023-05-27 01:20:04 +00:00
amammad
d727d573d5 v4.2 write exact version of yaml.load default loader change 2023-05-27 01:15:29 +00:00
amammad
40e24b6b94 v4.1 fix file names in qhelp 2023-05-27 01:15:29 +00:00
amammad
335441ce04 v4: make variable names camelCase, some inhancement, remove some duplicates 2023-05-27 01:15:29 +00:00
amammad
e76ed9454a v3 add global taint steps for to_ruby of YAML/Psych 2023-05-27 01:15:24 +00:00
amammad
ad7e107ff5 add the new YAML/PLIST sinks into the existing rb/unsafe-deserialization query 2023-05-27 01:14:36 +00:00
amammad
b9296d3df8 v2.1 fix file names 2023-05-27 01:14:36 +00:00
amammad
4360a56b45 v2 add plist.parse_xml as a dangerous sink and enhancements on documents 2023-05-27 01:14:36 +00:00
amammad
0521ffe175 v1.4 correct dirs uppercase issue 2023-05-27 01:14:36 +00:00
amammad
0e343e5a12 v1.3 2023-05-27 01:14:36 +00:00
amammad
d96153a05e v1.2 change to PascalCase 2023-05-27 01:14:36 +00:00
amammad
e4b8a0e06d v1.1 2023-05-27 01:14:36 +00:00
amammad
486a5ac96f v1 2023-05-27 01:14:36 +00:00
Robert Marsh
5bc844c4c6 Merge pull request #13207 from MathiasVP/use-equiv-class-in-getInstruction 
C++: Reduce memory pressure from `getInstruction`
 2023-05-26 13:13:57 -04:00
Robert Marsh
b2fb2aa0d1 Merge pull request #13045 from rdmarsh2/rdmarsh2/cpp/improve-constant-off-by-one 
C++: stitch paths and ignore cast arrays in constant off-by-one query
 2023-05-26 12:47:08 -04:00
Philip Ginsbach
ded98c5a5f Merge pull request #13304 from github/ginsbach/SmallSpecificationFixes 
two small QL specification fixes
 2023-05-26 16:18:36 +01:00
Paolo Tranquilli
ddf45b27ca Merge pull request #13300 from github/redsun82/swift-fix-autobuild-corner-case 
Swift: exclude unknown type targets ending in `Tests` or `Test` from autobuilding
 2023-05-26 16:49:01 +02:00
Philip Ginsbach
47a0d4b774 more explicit mentioning of QLL files 2023-05-26 15:03:34 +01:00
Philip Ginsbach
ba51ded516 bindingset is not really a pragma 2023-05-26 15:03:34 +01:00
Asger F
3831dc7785 Merge pull request #13288 from asgerf/rb/super-and-flow-through 
Ruby: two bug fixes
 2023-05-26 15:04:52 +02:00
Asger F
cfaa27ab5d Ruby: change note 2023-05-26 14:44:00 +02:00
Paolo Tranquilli
c5cee0d419 Swift: exclude targets ending in Tests or Test from autobuilding 2023-05-26 14:19:07 +02:00
Jami
6867e94ed5 Merge pull request #13158 from jcogs33/jcogs33/update-csharp-sink-kinds 
C#: update MaD sink kinds
 2023-05-26 08:03:21 -04:00
yoff
af1f4c30fb Merge pull request #13299 from asgerf/rb/meta-query-summarised-callable-sites 
Ruby/Python: add meta-queries for calls to summarised callables
 2023-05-26 13:27:56 +02:00
Arthur Baars
e0466900ad Merge pull request #12992 from Sim4n6/ruby-UBV 
[Ruby] Add Unicode Bypass Validation query, test and help file
 2023-05-26 13:00:21 +02:00
Alex Ford
baabd2d1fa Merge pull request #12832 from maikypedia/maikypedia/pg-sqli 
Ruby: Add SQL Injection Sinks
 2023-05-26 11:36:17 +01:00
Paolo Tranquilli
a6e21dac8f Merge pull request #13284 from github/redsun82/swift-remove-property-wrapper-inconsistencies 
Swift: remove some AST and CFG inconsistencies
 2023-05-26 12:22:56 +02:00
Asger F
75fd20b3b8 Python: add meta-query for calls to summarized callables 2023-05-26 11:40:58 +02:00
Jeroen Ketema
63657396c5 Merge pull request #13267 from MathiasVP/promote-overrun-write 
C++: Promote `cpp/overrun-write` out of experimental
 2023-05-26 11:34:26 +02:00
Asger F
1c7f6dc32e Ruby: add meta-query for calls to summarized callables 2023-05-26 11:34:23 +02:00
Paolo Tranquilli
192c0d5e83 Swift: simplify change note 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-05-26 08:20:58 +02:00
Esben Sparre Andreasen
081c069b3c Merge pull request #13295 from github/dependabot/cargo/ql/regex-1.8.3 
Bump regex from 1.8.2 to 1.8.3 in /ql
 2023-05-26 08:13:41 +02:00
dependabot[bot]
4ab389bf1a Bump regex from 1.8.2 to 1.8.3 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.2...1.8.3)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-26 04:02:31 +00:00
Mathias Vorreiter Pedersen
960e6521a4 Revert "C++: Whitespace commit to make qhelp show up in diff." 
This reverts commit ec192d621c.
 2023-05-25 15:21:09 -07:00
Mathias Vorreiter Pedersen
c6275bfa28 Merge pull request #13293 from MathiasVP/fix-performance-of-dtt 
C++: Fix result duplication on `DefaultTaintTracking`
 2023-05-25 15:20:02 -07:00
Mathias Vorreiter Pedersen
e7f82a3571 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-05-25 13:56:01 -07:00
Mathias Vorreiter Pedersen
384ca0c31f C++: Respond to review comments. 2023-05-25 13:50:35 -07:00
Mathias Vorreiter Pedersen
c3fdc83af6 C++: Also add an out barrier on all sinks. 2023-05-25 12:23:50 -07:00
Mathias Vorreiter Pedersen
7361ad977a Merge pull request #13291 from geoffw0/correction 
Swift: Promote some Data models to DataProtocol
 2023-05-25 11:28:42 -07:00
Mathias Vorreiter Pedersen
a7252e625e C++: Fix result duplication on 'cpp/unbounded-write' on 'kirxkirx/vast'. 2023-05-25 11:12:01 -07:00
Alex Ford
609319da20 ruby: update TaintStep.ql test output 2023-05-25 17:53:01 +01:00
Geoffrey White
3f3a5d39e5 Swift: Fix the SQL injection test. 2023-05-25 17:13:51 +01:00
Geoffrey White
98e5f0fc4f Swift: Add change note. 2023-05-25 16:04:18 +01:00
Geoffrey White
51321a218b Swift: Correct models in Data.qll. 2023-05-25 15:55:45 +01:00
Geoffrey White
5dfb07ce37 Swift: Test DataProtocol. 2023-05-25 15:51:21 +01:00
Asger F
9e8cef5e1b Ruby: fix type-tracking flow-through for new->initialize calls 2023-05-25 15:03:38 +02:00
Asger F
93678e5d36 Ruby: fix name of super calls in singleton methods 2023-05-25 15:03:34 +02:00
Paolo Tranquilli
5e66885a8e Swift: add change note 2023-05-25 14:00:04 +02:00
Paolo Tranquilli
51f1a5dcc8 Swift: remove getOpaqueExpr from OpenExistentialExpr's children 2023-05-25 13:05:21 +02:00
Paolo Tranquilli
7b76aa34bd Swift: fix CFG inconsistency on TapExpr 2023-05-25 13:05:21 +02:00