hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-11 13:40:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,463 Commits 1,679 Branches 158 Tags
c06336480c94c21300a7a7efe34a3ae4e7629dc0
Commit Graph

33463 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
c06336480c add change note 2022-03-14 11:41:53 +01:00
Erik Krogh Kristensen
6d66ea4253 also deprecate the definitionReaches predicate, it was only used in a test 2022-03-14 10:14:15 +01:00
Erik Krogh Kristensen
54760081dc add pointers to the qldoc of deprecated predicates 2022-03-14 10:10:38 +01:00
Erik Krogh Kristensen
8f86b067e7 deprecate the unused localTaintStep and stringStep predicates 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
cc231fef4c deprecate some unused predicate in DefUse.qll 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
c0a63beec1 deprecate unused document predicates in DOM.qll 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
5e52a71091 remove test .qll files that weren't imported 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
4fc85a791d deprecate DefiningIdentifier, it was not used in any query 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
9cf0a94e4d use some Sanitizer classes that were unused in the query code 2022-03-13 23:54:53 +01:00
Robert Marsh
5c04516179 Merge pull request #8390 from redsun82/remove-unique-from-uuid 
C++: Remove uniqueness constraint from uuid
 2022-03-11 11:08:34 -05:00
Alex Ford
808cc9cf35 Merge pull request #8396 from alexrford/ruby/charpred-only-field 
Ruby: resolve `ql/field-only-used-in-charpred` alerts
 2022-03-11 15:48:05 +00:00
Erik Krogh Kristensen
fa37ece593 Merge pull request #8408 from erik-krogh/pathProblem 
QL: make a query checking for `edges` relation in a path-problem query
 2022-03-11 16:27:46 +01:00
Erik Krogh Kristensen
14e0d387e7 add a ql/path-problem-query query 2022-03-11 16:06:27 +01:00
Alex Ford
757aa294aa Update ruby/ql/lib/codeql/ruby/ast/internal/Scope.qll 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-11 14:53:02 +00:00
Tony Torralba
c49d19eb0f Merge pull request #8407 from smowton/smowton/admin/revert-8325 
Java: Revert #8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue
 2022-03-11 14:55:10 +01:00
Chris Smowton
58d4513d84 Change note 2022-03-11 12:51:13 +00:00
Chris Smowton
496cae7742 Revert 8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue 
As pointed out in 8325's thread, this breaks the corner case of char-literal addition and the convention that getStringValue only applies to String-typed constants.
 2022-03-11 12:45:53 +00:00
Jeroen Ketema
a8b2805aeb Merge pull request #8246 from ihsinme/ihsinme-patch-82 
CPP: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
 2022-03-11 12:54:49 +01:00
Chris Smowton
b1a42816bd Merge pull request #8402 from smowton/smowton/admin/revert-8360 
Java: Revert #8360, "Add CompileTimeConstantExpr.getStringified method"
 2022-03-11 11:54:24 +00:00
Erik Krogh Kristensen
e625d17978 Merge pull request #8374 from erik-krogh/nonDocBlock 
QL: add query detecting block comments in a position where a QLDoc should be
 2022-03-11 12:24:44 +01:00
Chris Smowton
46cd85c70b Revert #8360, "Add CompileTimeConstantExpr.getStringified method" 2022-03-11 11:13:21 +00:00
Chris Smowton
f006cd0e37 Merge pull request #8360 from JLLeitschuh/feat/JLL/compile_time_constant_getStringified 
[Java] Add CompileTimeConstantExpr.getStringified method
 2022-03-11 10:34:52 +00:00
Erik Krogh Kristensen
122ab6e6d8 C#: fix some ql/non-doc-block warnings 2022-03-11 11:02:58 +01:00
Erik Krogh Kristensen
ddf93b555e PY: fix some ql/non-doc-block warnings 2022-03-11 11:02:58 +01:00
Erik Krogh Kristensen
8db51b49f3 QL: fix ql/non-doc-block in QL-for-QL 2022-03-11 11:02:58 +01:00
Erik Krogh Kristensen
8483b9fd65 QL: add query detecting block comments in a position where a QLDoc should be 2022-03-11 11:02:56 +01:00
Tony Torralba
c99bad4047 Recover old change note 2022-03-11 10:35:04 +01:00
Erik Krogh Kristensen
df9533f46e Merge pull request #8347 from erik-krogh/depBeGone 
remove all deprecations that are over a year old
 2022-03-11 10:01:07 +01:00
Erik Krogh Kristensen
d316ad198e Merge pull request #8380 from erik-krogh/chainedCalls 
JS: support that the base is not a method-call in getAChainedMethodCall
 2022-03-10 21:13:42 +01:00
Alex Ford
305a51754c Run python config/sync-files.py 2022-03-10 18:34:16 +00:00
Alex Ford
506989ff91 Ruby: simplify some charpreds 2022-03-10 18:27:43 +00:00
Alex Ford
25416babe0 Ruby: resolve ql/field-only-used-in-charpred alerts 2022-03-10 18:27:43 +00:00
ihsinme
ac8adeabf5 Update ImproperCheckReturnValueScanf.expected 2022-03-10 21:12:23 +03:00
ihsinme
623f3fbe21 Update test.cpp 2022-03-10 21:10:41 +03:00
Erik Krogh Kristensen
9466043169 CPP: remove remaining ObjectiveC references 2022-03-10 19:00:49 +01:00
Alex Ford
19c7f7be46 Merge pull request #8271 from github/alexrford/ruby/orm-write-access 
Ruby: Add `OrmWriteAccess` concept to model writes to a DB using an ORM
 2022-03-10 17:35:02 +00:00
ihsinme
a094e6f63b Update test.cpp 2022-03-10 17:56:34 +03:00
ihsinme
fa3ce61369 Update test.cpp 2022-03-10 17:54:03 +03:00
Tom Hvitved
d4808a7b4a Merge pull request #8389 from hvitved/ruby/regex-unique-get-value 
Ruby: Avoid multiple `RegExpEscape::getValue` results
 2022-03-10 15:53:28 +01:00
Erik Krogh Kristensen
41778328c2 Update javascript/ql/lib/semmle/javascript/dataflow/Sources.qll 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-03-10 14:16:28 +01:00
Mathias Vorreiter Pedersen
5de2e24e9a Merge pull request #8358 from geoffw0/cwe497c 
C++: Upgrade cpp/system-data-exposure to high precision
 2022-03-10 10:49:19 +00:00
Erik Krogh Kristensen
c2743177af JS: delete the TrackedNodes.qll, it had no public interface left 2022-03-10 11:34:17 +01:00
Chris Smowton
3113b27606 Fix style 2022-03-10 10:03:14 +00:00
Tom Hvitved
208851cb91 Merge pull request #7084 from hvitved/ruby/self-flow 
Ruby: Cleanup flow through `self`
 2022-03-10 10:50:24 +01:00
Tom Hvitved
5b974582e3 Merge pull request #8322 from hvitved/csharp/remove-odasa-legacy 
C#: Remove legacy `odasa` support
 2022-03-10 10:34:33 +01:00
Paolo Tranquilli
34829e92b1 C++: Remove uniqueness constraint from uuid 
Different class definitions can have the same uuid. This happens for
example when using `#import <msxml6.dll>` there will be several C++
classes generated in `msxml6.tlh` which will share uuids with
`extern "C"` struct declarations in the system header `msxml.h`.

Notice that as far as the standard cpp QL library and queries go, we
expose `getUuid()` on `UserType` and we never try to invert it, so we
only rely on uniqueness of the `id` column in the `usertype_uuid` table,
not the `uuid` column.

Closes github/codeql-c-team#893
 2022-03-10 10:33:37 +01:00
Tom Hvitved
76663f80f0 Ruby: Avoid multiple RegExpEscape::getValue results 2022-03-10 10:32:24 +01:00
Tom Hvitved
0d71f0ab40 Ruby: Add regex unicode test 2022-03-10 10:30:17 +01:00
Erik Krogh Kristensen
fa766126e5 CPP: remove import of deleted deprecation 2022-03-10 10:25:03 +01:00
Erik Krogh Kristensen
a96223c9c1 PY: remove leftover comments 2022-03-10 10:25:03 +01:00