hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 10:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
65,188 Commits 1,693 Branches 161 Tags
be245dd4b296ccfae51155cbfec791b1bca00a60
Commit Graph

65188 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ed Minnix
8187b00562 Change note 2024-03-10 22:20:52 -04:00
Ed Minnix
d300736c7e Remove AddLocalSource classes 2024-03-10 22:20:51 -04:00
Edward Minnix III
58f2777532 Merge pull request #15629 from egregius313/egregius313/csharp/dataflow/threat-modeling/remove-stored-query-variants 
C#: Remove `Stored` variants of queries
 2024-03-10 22:17:03 -04:00
github-actions[bot]
589a34241c Add changed framework coverage reports 2024-03-11 00:16:32 +00:00
Owen Mansel-Chan
820c14577a Merge pull request #13553 from am0o0/amammad-go-bombs 
Go: Decompression Bombs
 2024-03-10 13:48:04 +00:00
Edward Minnix III
e7852f520f Merge pull request #15605 from egregius313/egregius313/csharp/dataflow/sources/commandargs-and-environment 
C#: Add more `environment` and `commandargs` sources for the C# Standard Library
 2024-03-08 14:10:09 -05:00
Edward Minnix III
5440dbf70d Merge pull request #15758 from egregius313/egregius313/csharp/docs/threat-modeling-in-mad-docs 
C#: Add references to threat modeling to C# Models-as-Data documentation
 2024-03-08 11:50:51 -05:00
am0o0
43df6a2c07 add comments for already implemented io.Read and io.WriteTo Sinks. 
remove some sinks about `"decompressor"` which was added wrongly.
change `GeneralReadIoSink` type from module to class.
separate `KlauspostGzipAndPgzip` `KlauspostPgzip` and `KlauspostGzip`.
 2024-03-08 20:05:46 +04:00
am0o0
66130d208e convert abstract predicate isAdditionalFlowStep to non-abstract 2024-03-08 19:30:41 +04:00
Joe Farebrother
dbd33d1cf0 Model Argument[1] of ActiveRecord from 2024-03-08 14:04:01 +00:00
Tamas Vajk
9b5cfc9026 Change assembly population in buildless 2024-03-08 15:02:30 +01:00
Rasmus Lerchedahl Petersen
3601773856 python: support encoding lower bound 2024-03-08 14:59:28 +01:00
Rasmus Wriedt Larsen
adf5a4b1e4 Python: Fix internal consistency failures 2024-03-08 14:13:47 +01:00
Tom Hvitved
9ee2314ef6 Merge pull request #15847 from hvitved/ruby/orm-field-as-source-no-args 
Ruby: Exclude calls with arguments from `OrmFieldAsSource`
 2024-03-08 13:52:34 +01:00
Asger F
7c35309732 Merge pull request #15823 from asgerf/js/lift-cg-restriction 
JS: Call graph improvements
 2024-03-08 13:40:38 +01:00
Rasmus Wriedt Larsen
87b6592dbc Python: Accept inconsistency for missing use-use flow 
At least until we have a proper fix
 2024-03-08 13:34:26 +01:00
Rasmus Wriedt Larsen
8fe483d9d8 Python: Add example of missing use-use flow 
(see PR for more detailed description)
 2024-03-08 13:26:01 +01:00
Asger F
245cd5c0b5 Merge pull request #15760 from asgerf/js/summarised-tt-store-steps 
JS: Summarise store steps for type tracking
 2024-03-08 13:16:25 +01:00
Asger F
ac4601cb8f Update javascript/ql/lib/semmle/javascript/dataflow/internal/CallGraphs.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-03-08 13:01:38 +01:00
Ian Lynagh
a9bab18804 Merge pull request #15848 from igfoo/igfoo/deleg2 
Kotlin 2: Accept some more loc changes in exprs test
 2024-03-08 11:49:11 +00:00
Michael Nebel
36a775502f Merge pull request #15851 from microsoft/54-csharp-add-missing-mad-for-httprequestmessage-upstream 
csharp update MaD for HttpRequestMessage
 2024-03-08 12:39:08 +01:00
Michael Nebel
7c46e9fcf4 Merge pull request #15838 from michaelnebel/csharp/deleteirqueries 
C#: Remove IR queries.
 2024-03-08 11:29:23 +01:00
Tamas Vajk
33eb69164c C#: Change ID of buildless output assembly 2024-03-08 11:20:04 +01:00
Rasmus Lerchedahl Petersen
6d8d106d91 Python: add test for ReturnValue.TupleElement[n] 2024-03-08 11:18:51 +01:00
Asger F
546b0a9a89 Merge pull request #15763 from asgerf/js/escaping-instance-detection 
JS: Improve detection of classes with escaping instances
 2024-03-08 11:13:50 +01:00
Asger F
fc5b9e2796 JS: Expand test case 2024-03-08 10:34:39 +01:00
Tom Hvitved
24e35f6f3d Update expected test output 2024-03-08 10:00:43 +01:00
Tom Hvitved
63bb772ef9 Variable capture: Avoid overlapping and false-positive data flow paths 2024-03-08 10:00:42 +01:00
Tom Hvitved
e793a1e9fe Ruby: Add variable capture spurious flow test 2024-03-08 10:00:42 +01:00
Tom Hvitved
2896bfbd9f Merge pull request #15821 from hvitved/dataflow/clears-content-store 
Data flow: Allow for direct stores into nodes with `clearsContent`
 2024-03-08 09:59:29 +01:00
Ed Minnix
7f950d8e0d Fix ExpandEnvironmentVariables test case 2024-03-07 21:48:05 -05:00
Lindsay Simpkins
7dd175d938 change note 2024-03-07 17:16:17 -08:00
Mathias Vorreiter Pedersen
761f6d3a7e C++: Disable field flow from the 'cpp/type-confusion' query to fix performance on ChakraCore. 2024-03-07 15:24:04 -08:00
Lindsay Simpkins
feb1ca29cc csharp update MaD for HttpRequestMessage 2024-03-07 15:00:05 -08:00
Chris Smowton
e4f680d476 Merge pull request #15778 from smowton/smowton/admin/test-multi-release-jars 
Java: Add tests for multi-release jars under Java 11 and 17
 2024-03-07 22:59:35 +00:00
Mathias Vorreiter Pedersen
a548316747 C++: Accept test changes. 2024-03-07 13:55:31 -08:00
Mathias Vorreiter Pedersen
4f9bdca4f0 C++: Optimize. 2024-03-07 13:08:26 -08:00
Chris Smowton
2321eecb9e Add tests for multi-release jars under Java 11 and 17 2024-03-07 21:07:49 +00:00
Mathias Vorreiter Pedersen
cedbfbe7ea C++: Use a more generous definition of compatible types. 2024-03-07 10:50:20 -08:00
Ian Lynagh
e74606eba3 Kotlin 2: Accept some more loc changes 2024-03-07 18:40:59 +00:00
Ian Lynagh
79c5ad93b0 Kotlin 2: Accept a loc change 
This is a bit of an odd location for the IrVariableImpl as it includes a
comment, but the comment is already included in the corrresponding
IrLocalDelegatedPropertyImpl so it's not clearly wrong:

 Element: 16 59 (2:4 - 2:47) class org.jetbrains.kotlin.ir.declarations.impl.IrLocalDelegatedPropertyImpl
-Element: 29 42 (2:17 - 2:30) class org.jetbrains.kotlin.ir.declarations.impl.IrVariableImpl
+Element: 16 59 (2:4 - 2:47) class org.jetbrains.kotlin.ir.declarations.impl.IrVariableImpl

So just accept the change.
 2024-03-07 18:37:00 +00:00
Michael Nebel
f2e467d8ea C#: Cleanup identical-files. 2024-03-07 19:22:47 +01:00
Michael Nebel
5b48bc4a3e C#: Delete the experimental IR queries. 2024-03-07 19:22:47 +01:00
Michael Nebel
48fcec82d6 Merge pull request #15736 from michaelnebel/csharp/disconnectfromdotnet 
C#: Deprecate dotnet and CIL in QL.
 2024-03-07 19:17:05 +01:00
Ed Minnix
608a3f907c Add type signature for methods with no overloads 2024-03-07 12:32:06 -05:00
Ed Minnix
1f64f5f8c9 Change note 2024-03-07 12:32:05 -05:00
Ed Minnix
f8c805de6b Microsoft.Extensions.Configuration models 2024-03-07 12:32:04 -05:00
Ed Minnix
ec6e17360d Replace Main-method parameters with ThreatModelFlowSource 2024-03-07 12:30:08 -05:00
Ed Minnix
a3f6bfe1df commandargs sources 2024-03-07 12:30:06 -05:00
Ed Minnix
51afe12ae1 Environment variable sources 2024-03-07 12:20:48 -05:00