hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-15 03:54:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
49,294 Commits 1,736 Branches 164 Tags
c31c51520589a89e39c73d4e995310094de04330
Commit Graph

49294 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
c31c515205 Swift: move TargetFile as managed inside TrapDomain 2023-01-18 10:07:46 +01:00
Paolo Tranquilli
20eaa34485 Swift: failing tests for linkage awareness 2023-01-18 10:07:46 +01:00
Tony Torralba
c8e894b854 Merge pull request #11917 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-01-18 10:02:22 +01:00
Erik Krogh Kristensen
1a64393c4c Merge pull request #11893 from erik-krogh/csharpIndexFiles 
C#: add --working-dir=. to pre-finalize
 2023-01-18 09:05:29 +01:00
github-actions[bot]
571942fb21 Add changed framework coverage reports 2023-01-18 00:17:19 +00:00
Jeroen Ketema
6cd52237c3 Merge pull request #11913 from jketema/test-fixes 
C++: Some minor test fixes
 2023-01-17 21:52:57 +01:00
yoff
5a82012d03 Merge pull request #11854 from yoff/python/fix-tarslip-improv-bug 
Python: fix bug  in `py/tarslip-extended`
 2023-01-17 20:44:06 +01:00
Jeroen Ketema
ee19c3d80f C++: Rename identically named classes in syntax-zoo 
Conceptually the test that comprises the whole of `syntax-zoo` forms one
single binary. To this binary ODR applies. There were two class definitions
`Foo` in `syntax-zoo`, violating ODR. Rename those classes to have different
names.
 2023-01-17 19:02:40 +01:00
Jeroen Ketema
06767c6760 C++: Split bad_asts.cpp IR test into two files 
The statements from `errorExpr` - which does not parse correctly - affected the
tuples that were being generated for the other code in `bad_asts.cpp` due to
the way the front-end handles parse errors. This did not affect the test
results, but was also not the intention of the test. Split off `errorExpr` into
a separate file.
 2023-01-17 18:57:29 +01:00
Geoffrey White
ea06ad1933 Merge pull request #11529 from geoffw0/format 
Swift: Uncontrolled format string query
 2023-01-17 16:16:10 +00:00
Edward Minnix III
4c018759c8 Merge pull request #11283 from egregius313/egregius313/webview-setAllowContentAccess 
Java: Android WebView Content Access Query
 2023-01-17 11:02:47 -05:00
Geoffrey White
54b3262d9c Merge pull request #11891 from geoffw0/authbypass 
C++: Fix issue with cpp/user-controlled-bypass
 2023-01-17 15:43:08 +00:00
Jami
babdee36aa Merge pull request #11779 from jcogs33/jcogs33/model-more-top-jdk-apis 
Java: model top JDK APIs
 2023-01-17 10:20:32 -05:00
Geoffrey White
d628cc5ab8 Update cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-01-17 14:37:19 +00:00
Paolo Tranquilli
6b43ff45a4 Merge pull request #11904 from github/redsun82/swift-extension-protocols 
Swift: extract `ExtensionDecl` protocols
 2023-01-17 15:16:20 +01:00
Paolo Tranquilli
d9bd41b8b1 Merge pull request #11571 from github/redsun82/swift-open-redirection 
Swift: generalize open redirection on both platforms and rework output rewriting
 2023-01-17 15:15:56 +01:00
Jami Cogswell
10f0975812 Java: remove models for System.[get|set]Property 2023-01-17 08:51:48 -05:00
Paolo Tranquilli
9e5db7c6ec Merge branch 'main' into redsun82/swift-extension-protocols 2023-01-17 14:39:09 +01:00
Michael Nebel
951f6362aa Merge pull request #11825 from michaelnebel/csharp/genericmathsupport 
C# 11: Support for static virtual and static abstract interface members.
 2023-01-17 14:14:02 +01:00
Erik Krogh Kristensen
2e4f4c64fe Merge pull request #11903 from erik-krogh/revertClap 
QL: Revert "update clap to 3.0 in QL-for-QL"
 2023-01-17 13:29:04 +01:00
Paolo Tranquilli
0a792f2f61 Swift: add upgrade and downgrade scripts for ExtensionDecl new protocols property 2023-01-17 13:07:02 +01:00
Paolo Tranquilli
0d32f00020 Swift: update ExtensionDecl test results 2023-01-17 12:58:02 +01:00
Paolo Tranquilli
d6e0ef9ff9 Swift: extract ExtensionDecl protocols 2023-01-17 12:56:09 +01:00
Paolo Tranquilli
f6e26211f9 Swift: add protocols to ExtensionDecl schema 2023-01-17 12:54:50 +01:00
Paolo Tranquilli
8906e101cb Swift: add ExtensionDecl QL test 2023-01-17 12:49:53 +01:00
erik-krogh
5a4fe71529 Revert "update clap to 3.0 in QL-for-QL" 
This reverts commit d072ed969e.
 2023-01-17 12:38:30 +01:00
Erik Krogh Kristensen
50b9f5bba0 Merge pull request #11892 from erik-krogh/clap 
QL: update clap to 3.0 in QL-for-QL
 2023-01-17 12:33:18 +01:00
Mathias Vorreiter Pedersen
77a9cea737 Merge pull request #11901 from github/redsun82/swift-ql-internal 
Swift: introduce `@ql.internal` pragma for classes
 2023-01-17 10:46:56 +00:00
Paolo Tranquilli
67bd8cba32 Merge pull request #11900 from github/alexdenisov/swift-ignore-lsregister 
Swift: do not trace lsregister
 2023-01-17 11:26:22 +01:00
Chris Smowton
29425982a5 Merge pull request #11899 from ataillefer/patch-1 
Fix partial path traversal Java example
 2023-01-17 09:39:36 +00:00
Paolo Tranquilli
6106edd5e2 Swift: add INTERNAL doc marker to ql.internal classes 2023-01-17 10:30:59 +01:00
Paolo Tranquilli
b22da25e05 Swift: remove ql.internal classes from global import 2023-01-17 10:18:03 +01:00
Paolo Tranquilli
48825442c3 Swift: add ql.internal pragma in schema definitions 2023-01-17 10:10:35 +01:00
Paolo Tranquilli
cdc99b5240 Swift: simplify pragma definition 2023-01-17 10:10:02 +01:00
Paolo Tranquilli
e3502e2e5f Merge branch 'main' into redsun82/swift-open-redirection 2023-01-17 09:43:00 +01:00
Alex Denisov
63b4e5ef5c Swift: do not trace lsregister 2023-01-17 09:26:31 +01:00
Erik Krogh Kristensen
51bd1ef1e1 Merge pull request #11884 from erik-krogh/qlWin 
QL/Ryby: fix qltest on Windows
 2023-01-16 21:57:01 +01:00
Antoine Taillefer
660e6d7085 Fix partial path traversal Java example 
The Java recommendation example for the "Partial path traversal vulnerability from remote" query doesn't seem right to me. Indeed, the following statement doesn't compile, since `dir.getCanonicalPath()` returns a String:
```
dir.getCanonicalPath().toPath()
```
Maybe the author wanted to state `dir.getCanonicalFile().toPath()`, which would compile, but is useless compared to `dir.getCanonicalPath()`.

Moreover, `parent.getCanonicalFile().toPath()` or `parent.getCanonicalPath()` will **not** be slash-terminated, contrary to what the description says.
From what I can see (and test), the correct fix is to concatenate `File.separator` to the parent canonical path.
 2023-01-16 21:14:29 +01:00
erik-krogh
dcc1c3d487 add --working-dir=. to pre-finalize for c# 2023-01-16 18:09:00 +01:00
Tony Torralba
bd5619147d Merge pull request #11590 from atorralba/atorralba/swift/sensitive-info-logs 
Swift: Add Cleartext Logging query
 2023-01-16 16:22:20 +01:00
erik-krogh
713599963b add --working-dir to Ruby qltest.cmd to fix Windows 2023-01-16 15:37:35 +01:00
erik-krogh
9e153cfb0d change the Ruby-build test such that Windows fails 2023-01-16 15:37:35 +01:00
erik-krogh
587adea809 QL: add --working-dir to qltest.cmd to fix qltest 2023-01-16 15:37:14 +01:00
erik-krogh
2c1ecb507d fix windows 2023-01-16 15:36:57 +01:00
erik-krogh
1de65131fe add compilation cache to QL-for-QL tests 2023-01-16 15:36:57 +01:00
erik-krogh
0685732e3f delete ql/ specific format step now that we have an all-languages format check 2023-01-16 15:36:57 +01:00
erik-krogh
1d62751e15 test QL-for-QL on mac/win 2023-01-16 15:36:55 +01:00
Tony Torralba
0017461e2d Update swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-01-16 15:35:58 +01:00
Michael Nebel
8981d4c06b C#: Add change note. 2023-01-16 13:43:26 +01:00
Michael Nebel
2f602a629f C#: Add upgrade and downgrade scripts. 2023-01-16 13:27:37 +01:00