hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 07:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,382 Commits 1,700 Branches 161 Tags
baec4adbb1fd8c0550091517f9eb59cb3d94de0a
Commit Graph

74382 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
0a1d2d0bbb Java: Update all test util paths to point to the new location. 2024-12-12 13:21:25 +01:00
Michael Nebel
91cfb30513 Java: Move test utilities to the java query pack. 2024-12-12 13:21:22 +01:00
Paolo Tranquilli
173d11d544 Bazel: add a test wrapper around installation scripts 
This hack is meant to be an optimization when using install for tests,
where the install step is skipped if nothing changed. If the
installation directory is somehow messed up, `bazel run` can be used to
force install.

This is added as a `<name>-installer-as-test` target, which we can now
use in our internal pytest integration to skip the installation step if
nothing changed on the CLI + language packs side.
 2024-12-12 13:08:58 +01:00
Owen Mansel-Chan
3f7c37e1ed Treat container flow as taint flow in global taint flow 2024-12-12 11:41:32 +00:00
Geoffrey White
611d04e221 Rust: Revert stylistic change in shared file. 2024-12-12 11:30:23 +00:00
Geoffrey White
1d72b750b7 Rust: data-flow -> data flow. 2024-12-12 11:29:23 +00:00
Paolo Tranquilli
5ca89eaede Merge branch 'main' into redsun82/swift-6 2024-12-12 12:28:47 +01:00
Geoffrey White
d2cfcb4c9e Update rust/ql/lib/codeql/rust/internal/ConceptsShared.qll 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2024-12-12 11:28:04 +00:00
Owen Mansel-Chan
e13c4b7550 Treat container flow as taint flow in localTaintStep 2024-12-12 10:41:23 +00:00
Simon Friis Vindum
16dcc5c278 Rust: Add variable capture consistency query 2024-12-12 11:23:22 +01:00
Simon Friis Vindum
9fe7bb3e2b Rust: Address PR comments 2024-12-12 11:19:14 +01:00
Simon Friis Vindum
2cf043cfbc Rust: Address PR comments 2024-12-12 10:19:53 +01:00
Simon Friis Vindum
59f3f1f1e9 Apply suggestions from code review 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2024-12-12 08:58:35 +01:00
Owen Mansel-Chan
8d5759dbdf Update remote repository to github/codeql 2024-12-11 21:51:19 +00:00
Geoffrey White
591db05610 Rust: Formatting. 2024-12-11 16:49:29 +00:00
Geoffrey White
ad75906672 Apply suggestions from code review 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2024-12-11 16:44:00 +00:00
Owen Mansel-Chan
066db766ef Merge pull request #18153 from owen-mc/java/resttemplate-getforobject 
Java: add SSRF sink model for the third parameter of `RestTemplate.getForObject`
 2024-12-11 16:37:35 +00:00
Jami
538dee81b6 Merge pull request #18214 from jcogs33/jcogs33/java/file-getname-path-sanitizer 
Java: add File.getName as a path injection sanitizer
 2024-12-11 10:18:02 -05:00
Simon Friis Vindum
94b037fad1 Rust: Instantiate variable capture library for data flow 2024-12-11 15:44:17 +01:00
Owen Mansel-Chan
1420bce36a Move import statement in SpringWebClient.qll 2024-12-11 14:19:24 +00:00
Simon Friis Vindum
e8357a648d Rust: Add additional data flow tests 2024-12-11 14:56:16 +01:00
Tom Hvitved
40d9460698 Data flow: Remove unused column from flowThroughOutOfCall 2024-12-11 14:35:32 +01:00
Anders Schack-Mulligen
066cfa31d2 Merge pull request #18258 from aschackmull/dataflow/simplify-apapprox3 
Dataflow: Simplify references to access paths from prior stage.
 2024-12-11 14:23:31 +01:00
Owen Mansel-Chan
4f8645b4dd Merge pull request #18235 from owen-mc/go/varargs-out-param 
Go: Improve data flow out of variadic parameter
 2024-12-11 13:18:29 +00:00
Tom Hvitved
fc70024f52 C#: Remove false-positive reflection calls in dataflow 2024-12-11 14:15:58 +01:00
Tom Hvitved
22aaf74184 Merge pull request #18231 from hvitved/rust/models-as-data-summaries 
Rust: Models-as-data for flow summaries
 2024-12-11 13:37:09 +01:00
Asger F
889100a243 Java: update test output with provenance 2024-12-11 13:19:47 +01:00
Asger F
afdbf2c3c6 Java: update test to account for key,val 2024-12-11 13:19:36 +01:00
Asger F
736388809d Java: MethodAccess -> MethodCall 2024-12-11 13:19:25 +01:00
Ian Lynagh
34aefb4bc5 Merge pull request #18268 from igfoo/igfoo/kot-tests-ignore 
Kotlin: git-ignore .testproj directories in tests
 2024-12-11 12:08:44 +00:00
Ian Lynagh
699734611e Kotlin: git-ignore .testproj directories in tests 2024-12-11 12:00:23 +00:00
Michael Nebel
f7ad150636 C#: Update global.json for cshtml_standalone_flowsteps. 2024-12-11 12:57:42 +01:00
Owen Mansel-Chan
ec5d655d7f Look up remote name instead of using origin 2024-12-11 11:02:45 +00:00
Asger F
f9c0ba3826 Ruby: use DeduplicatePathGraph in CodeInjection query 2024-12-11 11:48:15 +01:00
Asger F
815581dc11 JS: Update to account for key,val pairs on edges 2024-12-11 11:48:13 +01:00
Owen Mansel-Chan
aaa4361120 Rearrange member predicates in ControlFlow::Node 
Put all the ones which might need to be overrridden by subclasses
together for ease of reading.
 2024-12-11 10:34:18 +00:00
Owen Mansel-Chan
79f4f78fc2 Make separate classes for control flow node kinds 
This puts all the logic of a particular control flow node kind into one
place and makes it easier to add new kinds.
 2024-12-11 10:34:16 +00:00
Asger F
5aa1242117 Shared: use a call bit when tracking reachability to/from a discriminator 2024-12-11 11:29:14 +01:00
Asger F
0eb543e0a9 Java: add test for spurious flow from path graph deduplication 2024-12-11 11:29:13 +01:00
Asger F
8efdc2df7b Shared: change note 2024-12-11 11:29:11 +01:00
Asger F
cba7b98f7a Shared: Add DataFlow::DeduplicatePathGraph 2024-12-11 11:29:10 +01:00
Anders Schack-Mulligen
cac131df37 Dataflow: Rename a couple of predicates. 2024-12-11 11:22:42 +01:00
Anders Schack-Mulligen
d6a4080baf Dataflow: Address review comment. 2024-12-11 11:18:57 +01:00
Cornelius Riemenschneider
f0971684e3 Merge pull request #18257 from github/criemen/bazel-8-00 
Upgrade bazel to 8.0.0.
 2024-12-11 11:14:41 +01:00
Paolo Tranquilli
a36d226d0c Merge pull request #18247 from github/redsun82/executable-scripts 
Make scripts executable
 2024-12-11 10:42:57 +01:00
Tom Hvitved
baf186fed7 Address review comments 2024-12-11 10:28:32 +01:00
Owen Mansel-Chan
ba9d21ec98 Merge pull request #17970 from owen-mc/java/lightweight-IR-layer 
Java: IPA the CFG (second try)
 2024-12-10 23:57:52 +00:00
Mathias Vorreiter Pedersen
0acef590b1 C++: Add more MaD models. 2024-12-10 18:29:48 +00:00
Mathias Vorreiter Pedersen
64464b39c6 C++: Add tests for a few string-related classes. 2024-12-10 18:28:12 +00:00
Mathias Vorreiter Pedersen
c5bb907fe0 C++: Also handle varargs in MaD parsing. 2024-12-10 18:25:56 +00:00