hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-25 00:27:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
31,397 Commits 1,758 Branches 168 Tags
bfaaa16b211b9ead0aa1d36cd5eb6140eebd54a6
Commit Graph

31397 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
bfaaa16b21 Remove pseudo-properties 2022-01-12 15:05:35 +00:00
Esben Sparre Andreasen
0c798975d6 Remove 2020 sinks from SqlInjection.ql 2022-01-12 15:05:35 +00:00
Esben Sparre Andreasen
84665f2b3a Remove 2020 sinks from Xss.ql 2022-01-12 15:05:35 +00:00
Esben Sparre Andreasen
d81edd784e Remove 2020 sinks from TaintedPath.ql 2022-01-12 15:05:34 +00:00
Henry Mercer
e36dda5c08 JS: Update featurization for absent features optimization 
Absent features are now represented implicitly by the absence of a row
in the `tokenFeatures` relation, rather than explicitly by an empty
string. This leads to improved runtime performance. To enable this
implicit representation, we pass the set of supported token features to
the `scoreEndpoints` HOP. Requires CodeQL CLI v2.7.4.
 2022-01-12 15:05:34 +00:00
Henry Mercer
efaaa2fcb0 JS: Bump ATM pack versions to 0.0.3 2022-01-12 14:59:26 +00:00
Henry Mercer
3ef69763a7 Merge pull request #7567 from github/henrymercer/atm-body-tokens-perf-opt 
ATM: Optimize body tokens by pushing in size restriction
 2022-01-12 12:45:27 +00:00
Tamás Vajk
9065a7f320 Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr 
Java: Fix toString on field declarations with single field
 2022-01-12 13:03:16 +01:00
Tony Torralba
8a80e02861 Merge pull request #7574 from pwntester/improve_strings_qll 
Add models for AbstractStringBuilder.substring,subsequence,getChars
 2022-01-12 12:01:28 +01:00
Tony Torralba
c2105e506b Added test cases 2022-01-12 11:06:58 +01:00
Alvaro Muñoz Sanchez
715d372572 Add models for AbstractStringBuilder.substring,subsequence,getChars 2022-01-12 10:54:27 +01:00
Anders Schack-Mulligen
c6a9b2b6ff Merge pull request #7572 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-12 09:39:14 +01:00
Tamas Vajk
b9e0310aa2 Java: Fix toString on field declarations with single field 2022-01-12 09:22:16 +01:00
Michael Nebel
f17c110f51 Merge pull request #7562 from michaelnebel/csharp/record-seal-tostring 
C#: Record types are allowed to seal ToString (test only).
 2022-01-12 08:08:32 +01:00
github-actions[bot]
c79e8ab440 Add changed framework coverage reports 2022-01-12 00:10:48 +00:00
Andrew Eisenberg
da4f1d86aa Merge pull request #7355 from github/aeisenberg/remove-upgrades 
Move upgrades into standard library packs
 2022-01-11 14:09:10 -08:00
Andrew Eisenberg
07228672df Merge branch 'main' into aeisenberg/remove-upgrades 2022-01-11 11:25:27 -08:00
Mathias Vorreiter Pedersen
c45127fdd6 Merge pull request #7541 from github/rdmarsh2/dataflow-ipa-params 
C++: Use an IPA type rather than negative indexes for argument/parameter matching in data flow
 2022-01-11 16:52:13 +00:00
Tony Torralba
7b0d9ea525 Merge pull request #7054 from atorralba/atorralba/promote-log-injection 
Java: Promote Log Injection from experimental
 2022-01-11 17:26:18 +01:00
Henry Mercer
3f70476c87 ATM: Optimize body tokens by pushing in size limit 
Pushing the restriction to 256 tokens into the `bodyTokens` predicate
means we avoid this predicate blowing up due to very large functions.

This results in a runtime improvement from 1800s+ to 294s as measured
on a problematic repo on my machine (I didn't wait for the query to
finish running).
 2022-01-11 16:16:54 +00:00
Tony Torralba
1030ff7063 Update java/ql/src/Security/CWE/CWE-117/LogInjection.ql 2022-01-11 16:25:32 +01:00
Tony Torralba
4aacba8594 Merge pull request #6468 from atorralba/atorralba/promote-cleartext-sharedprefs 
Java: Promote Cleartext storage of sensitive information using SharedPreferences from experimental
 2022-01-11 16:23:53 +01:00
Tony Torralba
394c4a9ee0 Remove unused code 2022-01-11 14:50:48 +01:00
Michael Nebel
77763d7ee5 Merge pull request #7559 from michaelnebel/csharp/const-interpolatedstring 
C#: Constant string interpolation (test only).
 2022-01-11 14:01:55 +01:00
Michael Nebel
56bc3db46a C#: Add test case for sealed ToString modifier on a record type. 2022-01-11 13:58:43 +01:00
Michael Nebel
ae5d3a1ccb C#: Add example of sealing ToString on a record type. 2022-01-11 13:57:29 +01:00
Tony Torralba
50caf7d8dc Move change note to new location and remove import 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-11 12:24:44 +01:00
Tony Torralba
b9e32208ee Move change note to new location 2022-01-11 12:23:16 +01:00
Michael Nebel
1d8f8f79bb C#: Add const interpolated string test case. 2022-01-11 12:02:07 +01:00
Michael Nebel
5b89f0e0b8 C#: Add example of const interpolated string. 2022-01-11 12:01:40 +01:00
Anders Schack-Mulligen
2a36744deb Merge pull request #7552 from smowton/smowton/fix/local-parameterized-classes 
Note that parameterizations of local classes are themselves local
 2022-01-11 09:36:15 +01:00
Alex Ford
b9ed8ed416 Merge pull request #7553 from github/revert-7498-dependabot/cargo/ruby/generator/clap-3.0 
Ruby: Revert "Update clap requirement from 2.33 to 3.0 in /ruby/generator"
 2022-01-10 19:36:40 +00:00
Alex Ford
17e5b9cffa Revert "Update clap requirement from 2.33 to 3.0 in /ruby/generator" 2022-01-10 18:21:04 +00:00
Chris Smowton
e352a4b994 Note that parameterizations of local classes are themselves local 
Previously `LocalClass` itself would match `.isLocal()` whereas `LocalClass<Param>` would not. Rather than require each individual user to check for `.getSourceDeclaration().isLocal()`, let's note that the specializations themselves are local.
 2022-01-10 18:19:31 +00:00
Tony Torralba
fbebf5e953 Move change note to new location 2022-01-10 17:27:02 +01:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Tony Torralba
cc92ce2754 Fix QLDoc 2022-01-10 17:13:13 +01:00
Tony Torralba
e1e5e78464 Apply suggestions from code review 
- Update CleartextStorage library to latest refactor
- Move change note to new location
 2022-01-10 17:10:55 +01:00
Tony Torralba
d17e973b6b Apply suggestions from code review 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-10 17:09:41 +01:00
Tony Torralba
ec8c234872 Fix predicate name 2022-01-10 17:09:41 +01:00
Tony Torralba
55dc783f28 Move from experimental and refactor 2022-01-10 17:09:37 +01:00
CodeQL CI
d912a98b02 Merge pull request #7171 from asgerf/js/mad 
Approved by erik-krogh
 2022-01-10 13:17:09 +00:00
Tom Hvitved
d2ebbe0819 Merge pull request #7469 from hvitved/csharp/promote-adhoc-consistency-checks 
C#: Promote existing ad-hoc consistency checks to consistency queries
 2022-01-10 11:10:25 +01:00
Michael Nebel
533fc7a912 Merge pull request #7532 from michaelnebel/csharp/file-scoped-namespace 
C#: Make support for file scoped namespace declarations.
 2022-01-10 09:02:18 +01:00
Mathias Vorreiter Pedersen
a5ccd6a23b Merge pull request #7521 from rdmarsh2/rdmarsh2/cpp/use-guards-in-overflow 2022-01-09 14:09:04 +00:00
Robert Marsh
673399719e C++: autoformat DataFlowPrivate 2022-01-07 15:23:24 -05:00
Felicity Chapman
3b0d55e2f9 Merge pull request #5893 from niroshan/patch-1 
Update README.md
 2022-01-07 19:33:41 +00:00
Robert Marsh
78b8d113bb C++: PR comments on DataFlow Position 2022-01-07 14:21:56 -05:00
Robert Marsh
4322a39807 C++: fix typo in Overflow.qll abs handling 2022-01-07 14:09:47 -05:00
Robert Marsh
a126154dfb C++: use -1 for this in dataflow Position 2022-01-07 11:39:26 -05:00