hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
65,188 Commits 1,697 Branches 161 Tags
be245dd4b296ccfae51155cbfec791b1bca00a60
Commit Graph

65188 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
cb1c68260e Shared: QLDoc for ContentApprox and getContentApprox. 2024-03-01 17:36:53 +00:00
Geoffrey White
c663809cc7 Update shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-03-01 17:06:48 +00:00
Geoffrey White
0e24ed14da Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-03-01 17:04:34 +00:00
Chris Smowton
0bb6a64e81 Java: extractor information: tolerate fractional percentages 2024-03-01 16:49:29 +00:00
Owen Mansel-Chan
0a8dfbafe4 Accept suggestion to put models under the right heading 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-03-01 16:05:28 +00:00
Ian Lynagh
fd82a06b93 Merge pull request #15777 from igfoo/igfoo/label-kot 
CI: Kotlin: Label Kotlin test changes as "Kotlin"
 2024-03-01 15:38:01 +00:00
Joe Farebrother
5a1c0f60e6 Fix qldoc typo 2024-03-01 15:12:16 +00:00
Peter Stöckli
4adc373dfe Ruby: more test cases for code injection via method 2024-03-01 16:01:07 +01:00
Joe Farebrother
4b1626c83a Add change note 2024-03-01 14:59:24 +00:00
Peter Stöckli
3418ec8a81 Ruby: Update method code injection sinks change note 
Co-authored-by: Harry Maclean <hmac@github.com>
 2024-03-01 15:54:58 +01:00
Michael B. Gale
bda8a804ec Go: Add go.work file 2024-03-01 14:50:00 +00:00
Joe Farebrother
65b30c1dff Add tests and qldoc 2024-03-01 14:46:55 +00:00
Rasmus Wriedt Larsen
d99a763ef7 Python: add change-note 2024-03-01 15:24:33 +01:00
Joe Farebrother
a08b292099 Add models for Typhoeus::Request 2024-03-01 14:23:24 +00:00
Owen Mansel-Chan
5399d88d15 Accept test change: slight change in gen vs man modelgen stats 2024-03-01 14:22:00 +00:00
Rasmus Wriedt Larsen
eeda4355f1 Python: Fix missing DictionaryElementContent 2024-03-01 15:21:13 +01:00
Peter Stöckli
e43c368222 Ruby: change note for methode code injection sinks 2024-03-01 15:20:32 +01:00
Rasmus Wriedt Larsen
30b7fadbb8 Python: Add test 2024-03-01 15:19:56 +01:00
Owen Mansel-Chan
6e63df9e32 Accept test change: toString method no longer generated 2024-03-01 14:16:14 +00:00
Owen Mansel-Chan
0e1c45e84b Accept test change: some more APIs have manual models now 2024-03-01 14:08:42 +00:00
Owen Mansel-Chan
df64e0bc5f Add neutral summary models for java.security.MessageDigest#digest 2024-03-01 14:08:31 +00:00
Owen Mansel-Chan
f89fedcbaf Add some neutral models for java.util 2024-03-01 14:07:45 +00:00
Peter Stöckli
a693c6d9b4 Ruby: sinks for code injection via calls to method 2024-03-01 14:42:22 +01:00
Michael Nebel
a97510a2fc Merge pull request #15419 from github/egregius313/csharp/dataflow/threat-modeling/refactor-to-threatmodelflowsource 
C#: Refactor C# queries to use `ThreatModelFlowSource` instead of `RemoteFlowSource`
 2024-03-01 14:40:40 +01:00
Tom Hvitved
15d1105d8d Merge pull request #15779 from hvitved/csharp/build-mode-none 
C#: Add `build_modes: none` to `codeql-extractor.yml`
 2024-03-01 14:34:08 +01:00
Rasmus Wriedt Larsen
7c60562132 Python: Ignore IterableSequenceNode inconsistencies 2024-03-01 14:22:18 +01:00
Rasmus Wriedt Larsen
7e3e5db3db Python: Add example of consistency failure 2024-03-01 14:21:16 +01:00
Rasmus Wriedt Larsen
bcd5c08ebd Python: Ignore match-related inconsistencies 2024-03-01 14:15:32 +01:00
Rasmus Wriedt Larsen
5d212514c6 Python: Add example of consistency failure 2024-03-01 14:07:08 +01:00
Mathias Vorreiter Pedersen
9133a13fc7 Merge pull request #15628 from microsoft/cpp-non-constant-format-as-path-query 
Cpp non constant format as path query
 2024-03-01 13:05:44 +00:00
Rasmus Wriedt Larsen
1658a1cb80 Python: Ignore SynthDictSplatArgumentNode failures 2024-03-01 14:00:06 +01:00
Rasmus Wriedt Larsen
bff95c4c1b Python: Add example of consistency failure 2024-03-01 13:58:33 +01:00
Tom Hvitved
6d9f3d4a3e C#: Add build_modes: none to codeql-extractor.yml 2024-03-01 13:54:57 +01:00
Owen Mansel-Chan
10f6329b3e Add manual neutral models for java.util.stream 
See comment in java/ql/src/Metrics/Summaries/TopJdkApis.qll

   * Note: the following top JDK APIs are not modeled with MaD:
   * `java.util.stream.Collectors#joining(CharSequence)`: cannot be modeled completely without a model for `java.util.stream.Stream#collect(Collector)` as well
   * `java.util.stream.Collectors#toMap(Function,Function)`: specialized collectors flow
   * `java.util.stream.Stream#collect(Collector)`: handled separately on a case-by-case basis as it is too complex for MaD
 2024-03-01 12:32:04 +00:00
Owen Mansel-Chan
f907fd21ad Add manual neutral models for java.text.Format and java.text.MessageFormat 
See comment in java/ql/src/Metrics/Summaries/TopJdkApis.qll

   * Note: the following top JDK APIs are not modeled with MaD:
   * `java.text.Format#format(Object)`: similar issue as `Object.toString`; depends on the object being passed as the argument
   * `java.text.MessageFormat#format(String,Object[])`: similar issue as `Object.toString`; depends on the object being passed as the argument
 2024-03-01 12:31:59 +00:00
Owen Mansel-Chan
0e95f41900 Add manual neutral models for java.lang 
See comment in java/ql/src/Metrics/Summaries/TopJdkApis.qll

   * Note: the following top JDK APIs are not modeled with MaD:
   * `java.lang.System#getProperty(String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
   * `java.lang.System#setProperty(String,String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
 2024-03-01 12:31:49 +00:00
Michael Nebel
ac4ad0cbc0 C#: Add test where build should not be interpreted as a SDK sub command. 2024-03-01 13:24:04 +01:00
Michael Nebel
24572848f3 C#: Move helper function to other repo to allow sharing. 2024-03-01 13:24:04 +01:00
Michael Nebel
07fc84de8c C#: Don't inject compiler flags when dotnet is used to execute an application. 2024-03-01 13:24:04 +01:00
Tom Hvitved
cb128da5aa Merge pull request #15762 from hvitved/csharp/fetch-dotnet-dependency-fetching 
C#: Fetch .NET in dependency manager instead of autobuilder
 2024-03-01 13:19:20 +01:00
Owen Mansel-Chan
bb97df1d71 do not generate models for lambda flow methods 2024-03-01 12:11:40 +00:00
Tom Hvitved
20ff7def73 Address review comment 2024-03-01 12:54:47 +01:00
Ian Lynagh
86b4f27d12 CI: Kotlin: Label Kotlin test changes as "Kotlin" 2024-03-01 11:26:56 +00:00
Geoffrey White
1fece75f15 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-03-01 11:10:26 +00:00
Mathias Vorreiter Pedersen
a7547d516a Merge branch 'main' into cpp-non-constant-format-as-path-query 2024-03-01 11:08:58 +00:00
Florin Coada
1719fd8acb Merge pull request #15769 from github/coadaflorin/changelog-2.16.3-updates 
Match changelog updates with public unified changelog
 2024-03-01 10:57:02 +00:00
Joe Farebrother
0f1106b2f6 Merge pull request #15753 from joefarebrother/ruby-i18n-translation 
Ruby: Model Rails translation methods
 2024-03-01 10:35:12 +00:00
Owen Mansel-Chan
bbf3fa7506 do not generate models for toString 2024-03-01 09:59:27 +00:00
Joe Farebrother
abdae2c437 Apply reveiw suggestion - update change note 
Co-authored-by: Harry Maclean <hmac@github.com>
 2024-03-01 09:57:28 +00:00
Joe Farebrother
bf2174ffce Add change note 2024-03-01 09:57:28 +00:00