hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 13:23:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,818 Commits 1,688 Branches 159 Tags
bedb1d4584082b62f1fa03d89eed97e9cfd2ce53
Commit Graph

767 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
dca74a1f45 get tainttracking3/TaintTrackingImpl.qll in sync 2022-04-22 10:37:31 +02:00
Chris Smowton
d309e15072 Merge pull request #8748 from smowton/smowton/admin/dependent-dataflow-configs 
Java: Avoid higher-numbered dataflow configs that depend on lower-numbered ones
 2022-04-22 08:56:00 +01:00
Tom Hvitved
bd09c61504 Merge pull request #8786 from hvitved/ruby/dataflow/argument-tokens 
Ruby: Implement `Argument[any]` and `Argument[n..]`
 2022-04-21 16:31:24 +02:00
Tom Hvitved
ea229d361c Sync files 2022-04-20 13:55:18 +02:00
Anders Schack-Mulligen
48fbbf2531 Dataflow: Add change notes. 2022-04-19 15:29:35 +02:00
Anders Schack-Mulligen
b521d64156 Dataflow: Sync. 2022-04-19 15:29:35 +02:00
Anders Schack-Mulligen
4ae59b530b Dataflow: Revert flow-state versions of in-/out-barriers. 2022-04-19 15:29:34 +02:00
Mathias Vorreiter Pedersen
91b413d59f Dataflow: Sync identical files. 2022-04-19 09:57:21 +01:00
Chris Smowton
90505949c7 Generally define lower-numbered data-flow configs in terms of higher-numbered ones 
Since usually we have DataFlow3::Configurations that stand alone, DataFlow2::Configurations that depend on them, and finally DataFlow::Configurations that produce a top-level query result (for example), qll files where the reverse pattern holds will usually not be concurrently importable due to dataflow configuration recursion prevention.
 2022-04-15 09:25:40 +01:00
Chris Smowton
27d87e9300 Add TaintTracking3 2022-04-15 09:25:26 +01:00
Edoardo Pirovano
f25618eed6 Bump minor version of all packs 2022-04-08 15:38:58 +01:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
Anders Schack-Mulligen
4eaec3953a Merge pull request #8694 from aschackmull/dataflow/cleanup-unused 
Dataflow: Cleanup unused column
 2022-04-07 15:16:27 +02:00
Anders Schack-Mulligen
c0f48b6c14 Merge pull request #8681 from JLLeitschuh/fix/JLL/os_check_bugs 
Java: Fix Local Temp File/Dir Incorrect Guard Logic
 2022-04-07 14:00:13 +02:00
Anders Schack-Mulligen
7beed570f2 Dataflow: Sync. 2022-04-07 13:53:48 +02:00
Anders Schack-Mulligen
876a9f80ce Dataflow: remove unused column. 2022-04-07 13:53:27 +02:00
Erik Krogh Kristensen
ef9b6a11a6 Merge pull request #8679 from erik-krogh/getUrl 
Java: rename existing getUrl predicate to getRepositoryUrl
 2022-04-07 10:01:14 +02:00
Michael Nebel
72d4c97463 Merge pull request #8628 from michaelnebel/csharp/generatedkind 
C#: Introduce generated flag as a part of the kind column for flow summaries
 2022-04-07 08:43:30 +02:00
Erik Krogh Kristensen
489d4cb908 add change-note 2022-04-06 23:23:50 +02:00
Jonathan Leitschuh
2753521650 Java: Fix Local Temp File/Dir Incorrect Guard Logic 
Resolves https://github.com/github/codeql/pull/8032#discussion_r841723906
 2022-04-06 12:16:09 -04:00
Erik Krogh Kristensen
563d0d6532 rename existing getUrl predicate to getRepositoryUrl 2022-04-06 15:32:33 +02:00
Anders Schack-Mulligen
879b8a1200 Merge pull request #8676 from pwntester/java_hotspots_mods 
Make security-related TaintTracking Configuration public
 2022-04-06 14:40:14 +02:00
Anders Schack-Mulligen
bbb6d08071 Merge pull request #8661 from Marcono1234/marcono1234/getMethod-public-only 
Java: Fix reflection predicate for `getMethod` having non-public method result
 2022-04-06 12:03:14 +02:00
Alvaro Muñoz Sanchez
9ccd0e564b Add QLDocs 2022-04-06 12:00:41 +02:00
Anders Schack-Mulligen
d0b5b99e74 Merge pull request #8611 from github/smowton/doc/switch-expr-accessors 
Java: make SwitchCase.getRuleExpression/Statement more consistent
 2022-04-06 11:16:40 +02:00
Alvaro Muñoz Sanchez
19b8d51c0b Update CommandLineQuery 
Make TaintTracking configuration public
 2022-04-06 10:58:56 +02:00
Alvaro Muñoz Sanchez
abaa71e2c5 Update Sql Injection queries 
move java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll -> java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
 2022-04-06 10:57:14 +02:00
Michael Nebel
2562910b94 C#: Update Csv validation to allow sources and sink kinds to be prefixed with generated. 2022-04-05 14:25:34 +02:00
Michael Nebel
0374f84c05 Java: Make support for generated as a part of kind. 2022-04-05 14:25:34 +02:00
Michael Nebel
784327c183 Java/Ruby: Hardcode generated flag to false. 2022-04-05 08:55:12 +02:00
Michael Nebel
de76df3988 C#: Only use generated summaries, if no handwritten model exist for a particular dataflow callable. 2022-04-05 08:55:12 +02:00
Michael Nebel
3fe941aae2 C#: Add missing empty ext column in generated summaries. 2022-04-04 15:58:35 +02:00
Marcono1234
6dd14a6cb3 Java: Fix reflection predicate for getMethod having non-public method result 2022-04-04 15:10:49 +02:00
github-actions[bot]
6af568b16d Post-release preparation for codeql-cli-2.8.5 2022-04-01 16:22:14 +00:00
Chris Smowton
28fa49dcd6 dataflow -> data-flow 2022-04-01 13:22:58 +01:00
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
Chris Smowton
3b0bd3bc0f Improve wording 2022-04-01 11:31:31 +01:00
Chris Smowton
99026a6071 Improve wording of isAdditionalFlow/TaintStep qldoc 2022-04-01 11:07:27 +01:00
Chris Smowton
9309a652df Merge pull request #8493 from JLLeitschuh/feat/JLL/test_assertion_guard_preconditions 
[Java]: Add precondition support for testing library asserts
 2022-03-31 22:30:09 +01:00
Chris Smowton
2829770003 Autoformat and fix typo 2022-03-31 14:11:09 +01:00
Chris Smowton
c2d461bcee Format 2022-03-31 12:19:53 +01:00
Chris Smowton
0d9c353c37 Represent switch statement and switch expression results alike 2022-03-31 12:19:11 +01:00
Chris Smowton
96bf754f01 Accept intrigus suggested doc clarifications 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-03-31 12:09:45 +01:00
Anders Schack-Mulligen
f28da00ec4 Java: Fix qldoc as followup to https://github.com/github/codeql/pull/8323 2022-03-31 12:50:36 +02:00
Chris Smowton
19cd97e426 Java: Clarify the meaning of getRuleExpression/Statement 2022-03-30 17:58:11 +01:00
Chris Smowton
005a020f04 Merge pull request #8508 from igfoo/igfoo/error_elements 
Java: Add ErrorExpr, ErrorStmt
 2022-03-24 10:39:14 +00:00
Jonathan Leitschuh
bd87be636a Refactor to conditionCheckArgument deprecate old method 2022-03-22 11:56:43 -04:00
Michael Nebel
1d45996001 Merge pull request #8466 from michaelnebel/csharp/refactor-aspartial 
C#: Refactor asPartial to allow re-use.
 2022-03-22 10:54:54 +01:00
github-actions[bot]
a3e74efc21 Post-release preparation for codeql-cli-2.8.4 2022-03-21 19:36:47 +00:00
Jonathan Leitschuh
b3ee1bd313 Refactor Preconditions and add Tests 2022-03-21 11:20:05 -04:00