hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,706 Commits 1,673 Branches 157 Tags
c47ba000d6f78b9b5a0c0492aa5a9c9bed6b900c
Commit Graph

58706 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
c47ba000d6 Add test exercising the case of a missing type used as an interface 
This induces the TypeEnter phase to create an ErrorType with a parameter, which in turn used to cause a stack overflow in comparing the TypeWrapper objects involved.

Note the output remains somewhat broken, exposing an <any> type, but at least the overflow is resolved.
 2023-09-14 17:42:00 +01:00
Chris Smowton
4b5651bde9 Add test for Java extracting ErrorType 2023-09-14 17:42:00 +01:00
Chris Smowton
c0f8973749 Add test for extracting a Java AST with an error expression 
Also note that ErrorExpr can occur outside upgrade/downgrade scripts
 2023-09-14 17:42:00 +01:00
Mathias Vorreiter Pedersen
8aeb9b9ae0 Merge pull request #14219 from MathiasVP/fix-phi-flow-2 
C++: Fix `phi`->`phi` flow
 2023-09-14 17:22:51 +01:00
AlexDenisov
ff7ff6dcfa Merge pull request #14201 from MathiasVP/add-ast-consistency-query 
C++: Add AST consistency query
 2023-09-14 16:34:20 +02:00
Robert Marsh
55546fe61c Merge pull request #14205 from rdmarsh2/rdmarsh2/swift/unify-array-collection-content 
Swift: Unify `ArrayContent` and `CollectionContent`
 2023-09-14 10:08:37 -04:00
Tom Hvitved
c0e600c515 Merge pull request #12672 from hvitved/ruby/implicit-array-reads-at-sinks 
Ruby: Allow for implicit array reads at all sinks during taint tracking
 2023-09-14 15:39:37 +02:00
Tom Hvitved
61bfc4ec09 Merge pull request #14204 from hvitved/ruby/simplify-viable-callable 
Ruby: Simplify `viableSourceCallableNonInit`
 2023-09-14 15:36:47 +02:00
Mathias Vorreiter Pedersen
6ce7a56b41 Merge pull request #14190 from github/alexdenisov/await-inconsistencies 
Swift: fix CFG for identity expressions (await, dot_self, parent)
 2023-09-14 14:15:31 +01:00
Robert Marsh
62953cb250 Swift: document "ArrayElement" case in MaD 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-09-14 09:11:35 -04:00
Robert Marsh
6ad78eba05 Swift: ArrayContent aliased to CollectionContent 2023-09-14 13:08:36 +00:00
Mathias Vorreiter Pedersen
b0566af938 C++: Accept test changes. 2023-09-14 14:04:12 +01:00
Mathias Vorreiter Pedersen
36b7b6cffe C++: Fix phi-phi flow. 2023-09-14 14:02:03 +01:00
Mathias Vorreiter Pedersen
2a55034e55 C++: Add failing test. 2023-09-14 14:01:48 +01:00
Erik Krogh Kristensen
7e7852eff6 Merge pull request #13641 from erik-krogh/multi-char 
JS/RB: write qhelp for `incomplete-multi-character-sanitization`
 2023-09-14 14:48:30 +02:00
Michael Nebel
b9acf1a4ee Merge pull request #14111 from michaelnebel/csharp/reduceprojectrestore 
C#: Avoid explicitly restoring projects in solution files.
 2023-09-14 10:06:49 +02:00
Tom Hvitved
e258324960 Ruby: Allow for implicit array reads at all sinks during taint tracking 2023-09-14 09:40:05 +02:00
Erik Krogh Kristensen
111227e763 Merge pull request #14211 from erik-krogh/usingOutOfBounds 
JS: fix out of bounds string access in isUsingDecl
 2023-09-13 22:23:15 +02:00
Robert Marsh
20de4c625c Swift: autoformat DataFlowPrivate 2023-09-13 18:57:27 +00:00
Robert Marsh
86bd2168ec Swift: breaking change note for array content removal 2023-09-13 18:34:30 +00:00
Robert Marsh
0b66be5f07 Swift: restore ArrayElement as an alias for CollectionElement 2023-09-13 18:29:03 +00:00
Robert Marsh
43ca192ceb Swift: remove ArrayContent in UnsafeJsEvalQuery 2023-09-13 18:26:06 +00:00
erik-krogh
fdd349c1a3 fix out of bounds string access in isUsingDecl 2023-09-13 20:11:21 +02:00
Geoffrey White
e109892388 Merge pull request #14189 from geoffw0/protocol2 
Swift: Consistent additional taint steps between the cleartext-* queries
 2023-09-13 18:44:20 +01:00
Chuan-kai Lin
00c83f185a Merge pull request #14182 from cklin/deprecate-assume-small-delta 
Document assume_small_delta deprecation
 2023-09-13 07:54:33 -07:00
Mathias Vorreiter Pedersen
18fa6f5d64 Merge pull request #14202 from alexet/translated-element-location 
CPP: Add a location to TranslatedElement to help with debugging IR creation
 2023-09-13 15:19:24 +01:00
Michael Nebel
84ec823ac0 C#: Add some explanatory comments about parallel restore. 2023-09-13 16:07:47 +02:00
Alex Ford
79c305c1a1 Merge pull request #14124 from alexrford/rb/dataflow-query-refactor 
Ruby: Use the new dataflow API for checked in queries
 2023-09-13 14:24:47 +01:00
Tom Hvitved
bb7ba7872f Merge pull request #14203 from hvitved/ruby/semantic-merge-fix 
Ruby: Fix semantic merge conflict
 2023-09-13 14:53:18 +02:00
Tom Hvitved
f15cbb9316 Ruby: Simplify viableSourceCallableNonInit 2023-09-13 14:25:28 +02:00
Max Schaefer
e722e3288f Merge pull request #13771 from github/max-schaefer/server-side-url-redirect-help 
JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.
 2023-09-13 13:20:48 +01:00
yoff
62b41799d2 Merge pull request #14178 from yoff/python/broaden-sql-injection-frameworks 
Python: import all frameworks in SQL-injection query
 2023-09-13 14:14:09 +02:00
Mathias Vorreiter Pedersen
177fcacf38 Merge pull request #14134 from MathiasVP/add-surprising-lifetimes-to-experimental 
C++: Copy the Coding Standards' use-after-lifetime-ended query to Experimental
 2023-09-13 13:06:18 +01:00
Tom Hvitved
f3a78efe03 Ruby: Fix semantic merge conflict 2023-09-13 14:04:20 +02:00
yoff
7d931492d8 Update python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-09-13 13:37:18 +02:00
Michael Nebel
0127b779b5 C#: Address review comments. 2023-09-13 13:31:58 +02:00
Alex Ford
b5ec99cb2f Ruby: fix missing qldoc 2023-09-13 12:28:19 +01:00
Mathias Vorreiter Pedersen
a0018c92e1 Merge pull request #14193 from MathiasVP/fully-converted-expressions-for-flow-after-free 
C++: Use fully converted expressions for `cpp/use-after-free` and `cpp/double-free`
 2023-09-13 12:24:23 +01:00
Alex Eyers-Taylor
0c10fa0c87 CPP: Add a location to TranslatedElement to help with debugging IR creation 2023-09-13 12:21:30 +01:00
Ian Lynagh
bd1d6e1d1e Merge pull request #14188 from igfoo/igfoo/kotlin-1.9.20 
Kotlin: Support 1.9.20
 2023-09-13 12:19:46 +01:00
Mathias Vorreiter Pedersen
0cd4e32ed8 C++: Add AST consistency query. 2023-09-13 12:15:40 +01:00
Erik Krogh Kristensen
cd5973764b Merge pull request #14112 from erik-krogh/pyAllowedHosts 
Py: add sanitizer guard for `url_has_allowed_host_and_scheme`
 2023-09-13 12:59:38 +02:00
Mathias Vorreiter Pedersen
af51a0a9ca C++: Respond to review comments. 2023-09-13 11:43:12 +01:00
Mathias Vorreiter Pedersen
81d20be1ee Update cpp/ql/src/experimental/Security/CWE/CWE-416/UseAfterExpiredLifetime.qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-09-13 11:37:32 +01:00
Rasmus Wriedt Larsen
7292730391 Python: Add change-note 2023-09-13 11:55:48 +02:00
Rasmus Wriedt Larsen
f62c4108ef Python: Move url_has_allowed_host_and_scheme to Django.qll 2023-09-13 11:55:44 +02:00
Tom Hvitved
7400b4741e Merge pull request #14108 from hvitved/dataflow/more-consistency-checks 
Data flow: Add `ArgumentNode` consistency checks
 2023-09-13 11:30:51 +02:00
Tom Hvitved
bb85f87d7b Merge pull request #11725 from hvitved/ruby/capture-field-flow 
Ruby: Reimplement flow through captured variables using field flow
 2023-09-13 10:52:36 +02:00
Geoffrey White
3bf0d66d6c Merge pull request #13906 from geoffw0/commandinject2 
Swift: Add tests and develop command injection query
 2023-09-13 08:59:06 +01:00
Stephan Brandauer
7a7dc9b68f Merge pull request #14184 from github/kaeluka/application-mode-new-candidates-fixes 
Java: Automodel, new candidates fix
 2023-09-13 09:27:10 +02:00