hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,698 Commits 1,703 Branches 162 Tags
cbeefd418b1d2bfc0eebe6c6883dc93180c69b30
Commit Graph

44698 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
cbeefd418b add change-note 2022-10-07 13:47:32 +02:00
erik-krogh
1bdc2374e4 fix deprecation warning 2022-10-07 13:33:54 +02:00
erik-krogh
a0725fba71 fix some more style-guide violations in the alert-messages 2022-10-07 12:01:03 +02:00
Chris Smowton
0d98eba604 Merge pull request #10683 from smowton/smowton/feature/kotlin-function-overloads 
Kotlin: implement $default function synthesis
 2022-10-07 10:27:24 +01:00
Harry Maclean
75cb0efecb Merge pull request #10538 from hmac/hmac/actioncontroller-parameters 
Ruby: Model flow through ActionController::Parameters
 2022-10-07 22:21:40 +13:00
Tony Torralba
5f740a5598 Merge pull request #10715 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-10-07 10:56:47 +02:00
github-actions[bot]
47c461a241 Add changed framework coverage reports 2022-10-07 00:26:57 +00:00
Mathias Vorreiter Pedersen
10eb548156 Merge pull request #10699 from MathiasVP/swift-mad-summaries 2022-10-06 17:44:35 +01:00
Mathias Vorreiter Pedersen
cfbb9e3339 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-10-06 17:04:56 +01:00
Mathias Vorreiter Pedersen
7a425ffcc3 Update swift/ql/lib/codeql/swift/elements/type/NominalType.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-10-06 16:59:31 +01:00
Chris Smowton
28fa06ab9c Merge pull request #10709 from gregxsunday/main 
add BeegoInput.RequestBody source to Beego framework
 2022-10-06 16:04:04 +01:00
Chris Smowton
289843eb83 Remove accidentally duplicated test 
This was moved to a unit test, but the integration test version was somehow retained.
 2022-10-06 16:00:56 +01:00
Chris Smowton
812a5e5c74 Autoformat test.go 2022-10-06 14:08:56 +01:00
Chris Smowton
4e161c867e Rename 2022-10-06-beego- to 2022-10-06-beego-request-body-source.md 2022-10-06 14:01:36 +01:00
Chris Smowton
7d98b74eec Create 2022-10-06-beego- 2022-10-06 14:00:52 +01:00
Henry Mercer
7a7d164b07 Merge pull request #10698 from github/henrymercer/successfully-extracted-files-tag 
Tag successfully extracted files queries
 2022-10-06 13:21:52 +01:00
Chris Smowton
fcf24f7671 Fix typo 2022-10-06 12:59:43 +01:00
Chris Smowton
1d8547d4c1 Avoid using count(...) = 0 2022-10-06 12:57:56 +01:00
Chris Smowton
0024e54e63 Make method private 2022-10-06 12:55:17 +01:00
Chris Smowton
86e5e4c4bc Accept test changes 2022-10-06 12:40:04 +01:00
Chris Smowton
020f29a1ab Add visibility tests 2022-10-06 12:40:03 +01:00
Chris Smowton
764c139e3e Visibility consistency query: allow $default methods to have package-private (default) visibility 2022-10-06 12:40:03 +01:00
Chris Smowton
34b83f01d0 Fix naming of internal default methods 2022-10-06 12:40:03 +01:00
Chris Smowton
5e182755a5 Fix generated $default method visibilities 2022-10-06 12:40:03 +01:00
Chris Smowton
bec948682d Fix calls to static methods defined in association with local functions 
These are a bit weird since they involve static calls to unnamed synthetic class members, but while unwriteable as Java they ought to work as a database description.
 2022-10-06 12:40:03 +01:00
Chris Smowton
b79d273de4 When calling a $default method, ensure the real method gets extracted 2022-10-06 12:40:02 +01:00
Chris Smowton
3452dcbced Fix class type parameter erasure within $default methods 2022-10-06 12:40:02 +01:00
Chris Smowton
be655432d6 Use new terse extraction functions where applicable 2022-10-06 12:40:02 +01:00
Chris Smowton
03c895853b Clarify test and accept test changes 2022-10-06 12:40:02 +01:00
Chris Smowton
6119670be8 Suppress use of function type parameters in the context of building a $defaults method 
These methods have erased signatures and no type parameters, so anything that refers to one must itself be erased. For signatures this would be easy, but for potentially deep default expressions these types can occur in various places and need erasing at each occurence.
 2022-10-06 12:40:02 +01:00
Chris Smowton
720cf5682b Exclude enum constructor invocations from defaults handling 
These seem to provide null arguments even though the constructor doesn't provide defaults, presumably for completion by a later compiler phase.
 2022-10-06 12:40:01 +01:00
Chris Smowton
6cc74da004 Defaults function extraction: respect the extract-type-accesses flag 2022-10-06 12:39:57 +01:00
Chris Smowton
34a0a0d080 Implement $default method synthesis 
This adds methods that fill in default parameters whenever a constructor or method uses default parameter values. I use as similar an approach to the real Kotlin compiler as possible both because this produces the desirable dataflow, and because it should merge cleanly with the same class file seen by the Java extractor, which will see and
extract the signatures of the default methods.
 2022-10-06 12:38:55 +01:00
gregxsunday
9960d11042 added RequestBody source to Beego framework 2022-10-06 13:23:56 +02:00
Chris Smowton
6f3c9e4403 Split up extractRawMethodAccess 2022-10-06 11:05:27 +01:00
Mathias Vorreiter Pedersen
a856bc8678 Merge pull request #10562 from rdmarsh2/rdmarsh2/cpp/field-off-by-one 
C++: prototype for off-by-one in array-typed field
 2022-10-06 11:04:12 +01:00
Mathias Vorreiter Pedersen
0065a5af96 Swift: Accept path-explanation test changes. 2022-10-06 10:30:18 +01:00
Mathias Vorreiter Pedersen
1edd4d855a Swift: Add an example with flow through a callback function. 2022-10-06 10:30:11 +01:00
Mathias Vorreiter Pedersen
197f036797 Swift: Support local MaD steps in both dataflow and taintflow. 2022-10-06 10:30:04 +01:00
Mathias Vorreiter Pedersen
9d069b32b0 Swift: Create ArgumentNodes and OutNodes for MaD. 2022-10-06 10:29:59 +01:00
Mathias Vorreiter Pedersen
0b6ea703ea Swift: Create explicit parameter nodes for source parameters and MaD parameters. 2022-10-06 10:29:52 +01:00
Mathias Vorreiter Pedersen
bba70a70fb Swift: Support selecting fields in Swift MaD. 2022-10-06 10:29:45 +01:00
Mathias Vorreiter Pedersen
32d0b58923 C++: Fix qhelp example. 2022-10-06 10:19:53 +01:00
Anders Schack-Mulligen
5b67ba2939 Merge pull request #10177 from atorralba/atorralba/path-sanitizer 
Java: Promote `PathSanitizer.qll` from experimental
 2022-10-06 10:29:33 +02:00
Anders Schack-Mulligen
cbeff4efc8 Merge pull request #10693 from atorralba/atorralba/fix-guard-bad-magic 
Java: Fixes bad magic in `Guard::guardControls_v3`
 2022-10-06 10:14:48 +02:00
Tom Hvitved
0e6735b804 Merge pull request #10691 from hvitved/dataflow/conjunctive-clears 
Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`
 2022-10-06 09:03:30 +02:00
Henry Mercer
d80d39504f Tag successfully extracted files queries 
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
 2022-10-05 19:19:43 +01:00
Asger F
387e57546b Merge pull request #10650 from asgerf/rb/summarize-more 
Ruby: more type-tracking steps
 2022-10-05 19:16:56 +02:00
Chris Smowton
7f8bcf76bf Merge pull request #10665 from dilanbhalla/dilan-java/guidance-exectainted 
Java Guidance: ExecTainted.ql (experimental version)
 2022-10-05 15:05:10 +01:00
Tom Hvitved
0beea9fd1a Fix typos 2022-10-05 15:54:52 +02:00