hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 05:24:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
57,097 Commits 1,740 Branches 165 Tags
bc3e78f034189f2a4733d39ecf0a9c4a4ef38e2c
Commit Graph

57097 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephan Brandauer
bc3e78f034 Java: add automodel framework mode test case for newly supported interface-method parameter extraction 2023-08-01 09:18:58 +02:00
Stephan Brandauer
058236877e Java: Drive-by: fix oversight in #13823 
In PR #13823, we had rewritten the endpoints that are being considered for framework mode. We used to use `DataFlow::ParameterNode` as endpoints.
However, `ParameterNode`s do not exist for the implicit `this` parameter; they also do not exist for bodiless interface-methods.

In PR #13823, we forgot to model that `this` only exists for non-static methods and to only consider parameters that we have source code for.
 2023-08-01 09:18:58 +02:00
Stephan Brandauer
5ad984f22f Java: update text expectations after merging #13823 2023-08-01 09:18:58 +02:00
Stephan Brandauer
da87d82d08 Java: fix a comment 2023-08-01 09:18:58 +02:00
Stephan Brandauer
be629b27ed Java: Automodel package private test case 2023-08-01 09:18:57 +02:00
Stephan Brandauer
f5c4155d63 Java: Automodel tests: update after merging #13818 2023-08-01 09:18:57 +02:00
Stephan Brandauer
44b8ec642e Java: merge framework mode tests into one 2023-08-01 09:18:57 +02:00
Stephan Brandauer
8cc367c45e Java: merge application mode tests into one 2023-08-01 09:18:57 +02:00
Stephan Brandauer
37b6b46dbf Java: update extraction query tests after merging PR #13747 2023-08-01 09:18:57 +02:00
Stephan Brandauer
50603102d1 Java: tests for automodel application mode, test that local calls are not candidates 2023-08-01 09:18:57 +02:00
Stephan Brandauer
457604e37e Java: tests for automodel framework mode negative example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
938a7a788f Java: tests for automodel application mode negative example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
abed936556 Java: tests for automodel framework mode positive example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
1bc222ec40 Java: tests for automodel application mode positive example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
2e89a11949 Java: tests for automodel application mode candidate extraction 2023-08-01 09:18:56 +02:00
Stephan Brandauer
18fe587e75 Java: tests for automodel framework mode candidate extraction 2023-08-01 09:18:56 +02:00
Owen Mansel-Chan
5a5e921ee7 Merge pull request #13846 from owen-mc/go/better-baselines 
Go: Add language-specific baseline configuration
 2023-08-01 07:14:43 +01:00
Owen Mansel-Chan
a8c64443e8 Merge pull request #13645 from porcupineyhairs/goTiming 
Go : Improvements to Timing Attacks query
 2023-08-01 07:10:42 +01:00
Felicity Chapman
df1e8e263b Merge pull request #13854 from github/11185-add-note 
CodeQL library update to use modular API interface - Add note and include in articles
 2023-07-31 17:22:17 +01:00
Owen Mansel-Chan
d98079d72c Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-07-31 16:49:11 +01:00
Owen Mansel-Chan
216911dad9 Merge branch 'main' into goTiming 2023-07-31 16:15:10 +01:00
Owen Mansel-Chan
3d495bdd43 Add new files to CODEQL_TOOLS in Makefile 2023-07-31 16:12:52 +01:00
Owen Mansel-Chan
47a536c85d Always output valid JSON containing paths-ignore 2023-07-31 16:09:47 +01:00
Felicity Chapman
46f80dc5ca Put back a missing colon to fix the link 2023-07-31 15:56:24 +01:00
Felicity Chapman
9a334d3300 Add shortened link to changelog 2023-07-31 14:13:52 +01:00
Geoffrey White
1c64fb16f1 Merge pull request #13756 from geoffw0/sources2 
Swift: CustomUrlSchemes test enhancements and minor model improvement
 2023-07-31 12:53:03 +01:00
Felicity Chapman
a0c0da78e9 Merge branch 'main' into 11185-add-note 2023-07-31 11:54:00 +01:00
Geoffrey White
c4b782407b Merge pull request #13853 from geoffw0/commandinject 
Swift: Autoformat experimental query.
 2023-07-31 11:30:20 +01:00
Felicity Chapman
4d05b742d6 Merge branch 'main' into 11185-add-note 2023-07-31 10:58:03 +01:00
Felicity Chapman
32da3c3730 Add main note and include in articles 2023-07-31 10:50:47 +01:00
Geoffrey White
f921076fca Swift: Autoformat. 2023-07-31 10:25:25 +01:00
Tony Torralba
5488abc512 Merge pull request #13850 from atorralba/atorralba/java/unimportant-generated-models 
Java: Remove superfluous generated models
 2023-07-31 11:25:03 +02:00
Tony Torralba
41f1315da9 Merge pull request #13772 from atorralba/atorralba/java/inputstream-wrapper-read-step 
Java: Add taint steps for InputStream wrappers
 2023-07-31 11:12:43 +02:00
Geoffrey White
e534afe634 Merge pull request #13726 from maikypedia/maikypedia/swift-command-injection 
Swift: Add Command Injection query (CWE-078)
 2023-07-31 10:06:22 +01:00
Geoffrey White
12f2539d1d Swift: Use flowTo. 2023-07-31 10:03:25 +01:00
Mathias Vorreiter Pedersen
2562f8a297 Merge pull request #13844 from jketema/forgotten-paren 
C++: Add forgotten parentheses in ternary IR test
 2023-07-31 10:03:06 +02:00
Tony Torralba
3bd4d34a47 Java: Remove superfluous generated models 2023-07-31 09:48:03 +02:00
Porcupiney Hairs
74e5c15eaa Go : Improvements to Timing Attacks query 2023-07-31 06:30:47 +05:30
Owen Mansel-Chan
b5518047fa Go: Add language-specific baseline configuration 2023-07-30 21:52:33 +01:00
Mathias Vorreiter Pedersen
4656130dab Merge pull request #13843 from MathiasVP/revert-13792 2023-07-30 01:18:00 +02:00
Jeroen Ketema
0bc75ea9b7 C++: Add forgotten parentheses in ternary IR test 
Without the parentheses, the expressions are parsed as `a ? x : (y = val)`.
 2023-07-29 18:44:28 +02:00
Mathias Vorreiter Pedersen
fd1949092c C++: Accept test changes. 2023-07-29 11:29:06 +02:00
Mathias Vorreiter Pedersen
ce9a14b692 Revert "Merge pull request #13792 from MathiasVP/swap-argument-order-in-invalid-ptr-deref" 
This reverts commit 1fa6511482, reversing
changes made to 4676ca5a4a.
 2023-07-29 11:26:41 +02:00
Stephan Brandauer
40eab180cc Merge pull request #13823 from github/kaeluka/support-argument-this-in-frameworkmode-metadata-extraction 
Java: Support Argument[this] and parameters of bodiless interface methods in framework mode metadata extraction
 2023-07-28 17:38:39 +02:00
Tony Torralba
08cba7dc5f Merge pull request #13713 from pwntester/java/struts2_source_taint_inheriting 
[Java] Implement field taint inheritance for Struts2 unmarshalled objects
 2023-07-28 16:46:27 +02:00
Owen Mansel-Chan
a020189895 Merge pull request #13822 from owen-mc/dataflow/mergepathgraph3-signature-fix 
Dataflow: MergePathGraph3 signature fix
 2023-07-28 15:15:43 +01:00
Shati Patel
a98ae8941c Merge pull request #13832 from github/shati-patel/docs-indentation 
Docs: Fix indentation in tutorial examples
 2023-07-28 14:07:16 +01:00
Tony Torralba
2dff0ce5b4 Merge pull request #13712 from pwntester/java/new_struts2_models 
[Java] New models for Struts2 framework
 2023-07-28 14:31:25 +02:00
Stephan Brandauer
8bf960bd44 Java: fix QL-for-QL alert 2023-07-28 14:28:47 +02:00
Stephan Brandauer
021eedfdf1 Java: format 2023-07-28 14:26:34 +02:00