hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-17 16:34:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,977 Commits 1,679 Branches 158 Tags
c07db098a73be1c0168ca93807bda37aeb84d0fa
Commit Graph

45977 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
alexet
c07db098a7 QLSpec: Adress comments from review 2022-11-04 15:27:21 +00:00
alexet
04a47093ee QL Spec: Add instanceof in classes 2022-11-01 18:31:43 +00:00
Tom Hvitved
e8f9429b92 Merge pull request #10917 from hvitved/ruby/singleton-call-sensitivity 
Ruby: Call-context sensitivity for singleton method calls
 2022-11-01 14:13:26 +01:00
Geoffrey White
84c754e007 Merge pull request #11062 from geoffw0/rename 
Swift: Rename ECB-Encryption directory
 2022-11-01 12:59:53 +00:00
Arthur Baars
aba87a139d Merge pull request #10668 from aibaars/ruby-deps 
Ruby: update dependencies
 2022-11-01 13:55:42 +01:00
Tom Hvitved
f623ea0a55 Merge pull request #10576 from hvitved/ssa/consistency-queries 
SSA: Turn consistency predicates into `query` predicates
 2022-11-01 13:07:33 +01:00
Arthur Baars
8b39059d3a Update .github/workflows/ruby-build.yml 2022-11-01 10:49:12 +01:00
Geoffrey White
a1edd65542 Merge pull request #11034 from geoffw0/global 
Swift: Add and use AbstractFunctionDecl.hasGlobalName predicate.
 2022-11-01 09:27:26 +00:00
Geoffrey White
c3577b2256 Swift: Rename test directory. 2022-11-01 09:21:50 +00:00
Geoffrey White
7d80c5c7f7 Swift: Rename query directory. 2022-11-01 09:21:10 +00:00
Tom Hvitved
4edef874d6 SSA: Turn consistency predicates into query predicates 2022-11-01 10:01:56 +01:00
erik-krogh
84a7fddd95 remove explicit versions in lock files, as the dependencies are all installed locally 2022-11-01 09:09:26 +01:00
Erik Krogh Kristensen
ff2a5e8c27 Merge pull request #10986 from erik-krogh/tsPerf 
JS: push more context into load/store steps from the exploratory flow-analysis
 2022-11-01 09:03:24 +01:00
Erik Krogh Kristensen
994c033c62 Merge pull request #11049 from erik-krogh/noCrossTalk 
QL: prevent some cross-talk between modules
 2022-10-31 21:41:00 +01:00
Jeroen Ketema
222c9a6357 Merge pull request #11048 from jketema/add-constant-test 
C++: Add `strcpy` test for `cpp/non-constant-format`
 2022-10-31 18:01:13 +01:00
Jeroen Ketema
b43cbf7f95 Update cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-10-31 17:03:29 +01:00
erik-krogh
86e81f523c add explicit this 2022-10-31 15:56:01 +01:00
erik-krogh
7d0beeafad QL: prevent some cross-talk between modules 2022-10-31 15:51:05 +01:00
Jeroen Ketema
abe9258943 C++: Add strcpy test for cpp/non-constant-format 2022-10-31 15:29:17 +01:00
Jeroen Ketema
83afc2a0ad C++: Add strcpy prototype to test 2022-10-31 15:25:35 +01:00
Ian Lynagh
21600c612d Merge pull request #11037 from igfoo/igfoo/log 
Kotlin: Integration tests: Allow \ as a path separator in logs test
 2022-10-31 14:03:57 +00:00
Tamás Vajk
e356720c73 Merge pull request #11014 from tamasvajk/kotlin-for-loop-var 
Kotlin: Resugar `for` loops
 2022-10-31 14:48:21 +01:00
Chris Smowton
d959630991 Merge pull request #11040 from smowton/smowton/fix/inherited-method-implementing-collection-interface 
Kotlin: fix method types when an inherited method implements a collection type
 2022-10-31 12:40:28 +00:00
Ian Lynagh
a53c2104d1 Kotlin: Integration tests: Allow \ as a path separator in logs test 2022-10-31 11:24:39 +00:00
Chris Smowton
c11d63e4d2 Merge pull request #11015 from smowton/smowton/fix/go-cleartext-logging-exclude-protobuf-getters 
Go: exclude protobuf read steps from cleartext-logging query
 2022-10-31 10:43:52 +00:00
Geoffrey White
ca586b4f3d Merge remote-tracking branch 'upstream/main' into global 2022-10-31 10:28:29 +00:00
Geoffrey White
0dd8f574a7 Swift: Redesign as a FreeFunctionDecl class + add some qldoc. 2022-10-31 10:24:12 +00:00
Geoffrey White
c161bb5e95 Merge pull request #11035 from geoffw0/simplify2 
Swift: Simplify some more QL
 2022-10-31 09:50:55 +00:00
Rasmus Wriedt Larsen
ead0844174 Merge pull request #10998 from RasmusWL/essa-use-use-test 
Python: Add failing ESSA use-use test
 2022-10-31 10:38:26 +01:00
Tamas Vajk
4cd0f1ca66 Apply code review findings 2022-10-31 08:43:53 +01:00
Harry Maclean
3f403f0f87 Merge pull request #10700 from hmac/activesupport 
Ruby: Model some ActiveSupport methods
 2022-10-31 11:50:44 +13:00
Chris Smowton
b370497f96 Avoid split overrides 2022-10-29 18:23:45 +01:00
Chris Smowton
3573e211cc Correct test expectations 2022-10-29 11:40:58 +01:00
Chris Smowton
b6e4f472d1 Remove unnecessary import 2022-10-29 11:40:57 +01:00
Chris Smowton
6d321e0151 Add change note 2022-10-29 11:40:57 +01:00
Chris Smowton
5c66d87ed6 gofmt 2022-10-29 11:40:57 +01:00
Chris Smowton
0c6c135967 Go: exclude protobuf read steps from cleartext-logging query 
This query already treats structs differently to usual: it includes field -> whole struct taint steps, but explicitly excludes struct -> field steps. This means that a logging framework sinking an entire struct with a tainted field yields an alert, but we don't get FPs caused by writing field `x` but then reading field `y`.

However, protobuf messages have a special treatment, with taint usually associated with the whole struct and getter methods propagating that taint out. Suppressing these getter method steps specifically for the cleartext-logging query mirrors its treatment of structs in general and avoids this sort of field-mismatch FP.

On the downside we will miss same-field propagation like `m.field = password; Log(m.GetField())` if we don't have source code for the implementation of `m`. However this is hopefully unusual since the typical use of protobufs is to serialize and deserialize, rather than using the struct as a general-purpose datastructure.
 2022-10-29 11:40:57 +01:00
Chris Smowton
8266a22332 Kotlin: fix method types when an inherited method implements a collection type 
In this circumstance the compiler seems to generate a specialised version of the implementing function with its argument type replaced by the interface-implementing child class' type parameter. However it stores a back-pointer to the real declared function, which we should use as the call target.
 2022-10-29 11:29:04 +01:00
Dave Bartolomeo
85790fcade Merge pull request #10964 from smowton/smowton/admin/modernise-qlpacks 
qlpacks: libraryPathDependencies -> dependencies
 2022-10-28 16:44:22 -04:00
Chris Smowton
d9744c81b7 Merge pull request #11017 from smowton/smowton/fix/kotlin-wildcard-suppression-annotation 
Kotlin: fix wildcard suppression where the annotation applies to a parent type/argument.
 2022-10-28 18:33:07 +01:00
Ian Lynagh
84427e132e Kotlin: Move the logs test to all-platforms 2022-10-28 17:56:41 +01:00
Geoffrey White
f122005aaf Swift: Simplify out some variables. 2022-10-28 17:26:17 +01:00
Geoffrey White
b4d939a620 Swift: Correct a comment. 2022-10-28 17:11:24 +01:00
Chris Smowton
f9e811bddf Legacy support qlpacks: continue using libraryPathDependencies; add a comment noting this is obsolete. 2022-10-28 16:47:30 +01:00
Chris Smowton
1914a114a2 Merge pull request #11018 from smowton/smowton/fix/kotlin-extension-specialisation 
Kotlin: specialise extension receivers the same as other function parameters
 2022-10-28 16:15:41 +01:00
Chris Smowton
d6e2f5f4a8 Use ?.not() to negate a nullable boolean 2022-10-28 16:13:55 +01:00
Chris Smowton
1e1c9f639c Avoid Kotlin 1.5+ function firstNotNullOfOrNull 2022-10-28 16:13:55 +01:00
Chris Smowton
24f87ac963 Kotlin: fix wildcard suppression where the annotation applies to a parent type/argument. 
In the process I also fix the missed case where suppression can be switched off using a parameterized annotation.
 2022-10-28 16:13:55 +01:00
Ian Lynagh
2796d60d79 Merge pull request #11019 from igfoo/igfoo/win_integ 
Kotlin: Get some integration tests running on Windows
 2022-10-28 16:12:15 +01:00
Chris Smowton
5ad5cdce47 Swift integration-test runner: use --additional-packs 2022-10-28 16:07:38 +01:00