hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 12:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,768 Commits 1,686 Branches 158 Tags
cce39fb2ce5bd032deef2e858b163ab8580fd670
Commit Graph

41768 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nora Dimitrijević
cce39fb2ce Merge pull request #9998 from d10c/use-strcpyfunction-in-bad-strncpy-size 
Use StrcpyFunction in `cpp/bad-strncpy-size`

This PR:

- Uses the [StrcpyFunction](https://github.com/github/codeql/blob/main/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll#L14) class in the [StrncpyFlippedArgs](https://github.com/github/codeql/blob/main/cpp/ql/src/Likely%20Bugs/Memory%20Management/StrncpyFlippedArgs.ql) query instead of an ad-hoc predicate for finding strcpy-like functions.
- Tests this by adding one previously unsupported strcpy-like function (`wcsxfrm_l`) to StrncpyFlippedArgs's test.cpp.
 2022-08-10 15:11:20 +02:00
Tamás Vajk
b2c22dacc2 Merge pull request #9769 from tamasvajk/fix/ctor-field-flow 
C#: Fix dataflow for default constructors
 2022-08-10 15:06:25 +02:00
Anders Schack-Mulligen
cbd6d24b9c Merge pull request #9963 from intrigus-lgtm/java/model-set-properties 
Model `java.util.Properties.setProperty`
 2022-08-10 14:51:00 +02:00
Nora Dimitrijević
60f4049388 Re-autoformat StrncpyFlippedArgs.ql 2022-08-10 14:14:42 +02:00
Nora Dimitrijević
05f4f98aa0 Add change note 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
8e60a4a478 Update StrncpyFlippedArgs.expected 
Add output lines for the newly implemented test case, test.cpp/test9().
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
df419003ad Use Strcpy.qll in StrncpyFlippedArgs.ql 
As a result, the query gets access to more types of strncpy-like
functions, as demonstrated by test.cpp, which now "fails" (i.e. works) for the new test
cases instroduced
in the previous commit.
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
554aea1bb8 New strcpy-variant in StrncpyFlippedArgs test 
Added wcsxfrm_l, which is not currently caught by the query,
meaning that in this case a successful
test implies missing functionality.
 2022-08-10 13:42:21 +02:00
Chris Smowton
8c32758ae5 Merge pull request #9829 from smowton/smowton/fix/kotlin-underscore-parameter-names 
Kotlin: Don't extract a name for a '_' parameter
 2022-08-10 12:28:26 +01:00
Rasmus Wriedt Larsen
40d25cb34c Merge pull request #9849 from tausbn/python-fix-bad-essa-getInput-join 
Python: Fix bad join in ESSA `getInput`
 2022-08-10 11:45:23 +02:00
Michael Nebel
7fc95fb49b Merge pull request #9988 from michaelnebel/csharp/updatestubs 
C#: Update .NET Core and ASP.NET Core Stubs.
 2022-08-10 11:02:35 +02:00
Rasmus Wriedt Larsen
b541103b7f Merge pull request #9846 from tausbn/python-fix-bad-syntactic_call_count-join 
Python: Fix bad join in `syntactic_call_count`
 2022-08-10 10:09:51 +02:00
Michael Nebel
0aa64b3a8f Merge pull request #10001 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-08-10 10:09:19 +02:00
Tom Hvitved
19043bdf38 Merge pull request #9976 from hvitved/ruby/hash-literal-summary-simplification 
Ruby: Simplify flow summaries for hash literals
 2022-08-10 08:57:33 +02:00
Erik Krogh Kristensen
d008975ff4 Merge pull request #9825 from erik-krogh/repeatedWord 
QL: add ql/repeated-word query
 2022-08-10 07:25:26 +02:00
github-actions[bot]
cb19ae2638 Add changed framework coverage reports 2022-08-10 00:16:31 +00:00
Harry Maclean
30ff18aec8 Merge pull request #9919 from hmac/hmac/ar-associations 
Ruby: ActiveRecord associations
 2022-08-10 11:13:39 +12:00
Esben Sparre Andreasen
0c6f28014c Merge pull request #9821 from erik-krogh/jsQlFix 
JS: fix some QL-for-QL warnings in JS
 2022-08-09 22:06:29 +02:00
Erik Krogh Kristensen
559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00
Geoffrey White
f2fead7ec7 Merge pull request #9995 from MathiasVP/swift-cfg-for-anytry 
Swift: CFG for `any!`
 2022-08-09 18:00:28 +01:00
Tony Torralba
7f5fe85e2e Merge pull request #9975 from atorralba/atorralba/asynctask-improvs 
Java: Improve AsyncTask data flow support
 2022-08-09 17:10:09 +02:00
Mathias Vorreiter Pedersen
5ee11c3d7b Swift: Accept test changes. 2022-08-09 15:12:42 +01:00
Mathias Vorreiter Pedersen
06fecf3869 Swift: Include 'any!' in the the CFG tree for 'any' expressions. 2022-08-09 15:12:31 +01:00
Michael Nebel
eb19090746 C#: Remove unused hand written stubs. 2022-08-09 15:23:43 +02:00
Michael Nebel
cdd1172cee C#: Use generated stubs in the RequireSSLAspNetCore like tests and update test results with new line numbers. 2022-08-09 15:18:34 +02:00
Michael Nebel
a23be5ca3b C#: Manually re-order the values in the CookieSecurePolicy enum. 2022-08-09 15:17:14 +02:00
Michael Nebel
98f8bed037 C#: Update CookieWithoutHttpOnlyAspNetCore tests to use generated stubs and update line numbers in test output. 2022-08-09 14:54:19 +02:00
Michael Nebel
77a321ee9a C#: Manually re-order the values in the HttpOnlyPolicy enum. 2022-08-09 14:52:54 +02:00
Michael Nebel
d6880f059d C#: Use generated stubs for CookieHttpOnlyFalseAspNetCore testcases and update test output with new line numbers. 2022-08-09 14:32:19 +02:00
Tom Hvitved
28c8d9b885 Ruby: Add two more hash flow tests 2022-08-09 14:17:07 +02:00
Michael Nebel
3a908ac4b8 C#: Cleanup stub project references. 2022-08-09 14:15:00 +02:00
Michael Nebel
1a2fc2b565 C#: Remove unused stubs. 2022-08-09 14:14:00 +02:00
Michael Nebel
3ba893dfa8 C#: Remove System.Data.SqlClient 4.8.2 stub. 2022-08-09 13:15:44 +02:00
Michael Nebel
7c68947035 C#: Update flow summaries expected out as we now include ASP.NET Core as stubs for these tests. 2022-08-09 13:08:34 +02:00
Michael Nebel
6d96da1838 C#: Use ASP.NET Core stub instead of Microsoft.Extensions.Primitives and manual written ASP.NET Core stubs. 2022-08-09 13:08:34 +02:00
Michael Nebel
63b06d50b0 C#: Delete ServiceStack 5.11.0 and related projects. 2022-08-09 13:08:34 +02:00
Michael Nebel
094dcf989e C#: Update FlowSummaries test expected file (this is required since the .NET Runtime stubs have been updated). 2022-08-09 13:08:34 +02:00
Michael Nebel
d76b069bc5 C#: Manual changes to stubs to ensure compilation. 2022-08-09 13:08:34 +02:00
Michael Nebel
73b6697ea6 C#: Add ServiceStack 6.2.0 and friends. 2022-08-09 13:08:17 +02:00
Erik Krogh Kristensen
add9e9dac4 Merge pull request #9548 from erik-krogh/exports 
JS: support the "exports" property in a package.json
 2022-08-09 12:16:12 +02:00
Tamás Vajk
82a56608ef Merge pull request #9992 from tamasvajk/fix/fetch-codeql-path 
Fix path of `fetch-codeql`
 2022-08-09 10:57:11 +02:00
Geoffrey White
db8a3107b3 Merge pull request #9089 from ihsinme/ihsinme-patch-87 
CPP: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc
 2022-08-09 09:31:32 +01:00
Tom Hvitved
975edac34e Merge pull request #9969 from hvitved/ruby/kwargs-missing-flow 
Ruby: Support more flow through keyword arguments
 2022-08-09 09:59:57 +02:00
Michael Nebel
b90a404658 Merge pull request #9636 from michaelnebel/csharp/sinkmodelcsv 
C#: Convert Sinks to CSV format for SymmetricAlgorithm.
 2022-08-09 09:05:12 +02:00
Tamas Vajk
2cab1ed076 Fix path of fetch-codeql 2022-08-09 07:59:25 +02:00
Tom Hvitved
dd465e739b Code review suggestion 2022-08-09 07:46:27 +02:00
Tamas Vajk
36c913061c C#: Fix dataflow for default constructors 2022-08-09 07:46:27 +02:00
Tamas Vajk
1a92fc90e0 C#: Add test to demonstrate missing dataflow for default constructors 2022-08-09 07:46:27 +02:00
Harry Maclean
22d7b046ab Ruby: Fix << 2022-08-09 15:08:17 +12:00
Harry Maclean
e3115b5ed7 Ruby: Add test for other= 2022-08-09 15:08:17 +12:00