hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,190 Commits 1,703 Branches 162 Tags
ce3665d50e63dfe9e315ac557492bcad4602b06a
Commit Graph

44190 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
ce3665d50e Ruby: remove unneeded qualified AST import 2022-09-28 10:49:34 +02:00
Asger F
665ee81967 Ruby: revert trackUseNode to idiomatic type-tracking 
The optimizations done here now seem to backfire and cause more problems than they fix.
 2022-09-28 10:49:34 +02:00
Asger F
032847f331 Ruby: inline getContents 2022-09-28 10:49:34 +02:00
Asger F
e09a5e87dd Ruby: clarify what getAnElement() does 2022-09-28 10:49:34 +02:00
Asger F
588b31d15d Ruby: fix another typo 2022-09-28 10:49:34 +02:00
Asger F
a7b92295a2 Ruby: fix a typo 2022-09-28 10:49:34 +02:00
Asger F
7dfa58b50d Remove Content::NoContent 2022-09-28 10:49:34 +02:00
Asger F
9c93ad904f Python: sync 2022-09-28 10:49:34 +02:00
Asger F
dd23e125e5 Rename TypeTrackerContentSet -> TypeTrackerContent 2022-09-28 10:49:34 +02:00
Asger F
6abf77d40d Factor comparison into compatibleContents 2022-09-28 10:49:34 +02:00
Asger F
85d0c63ec7 Ruby: store a ContentSet on type tracker instances 2022-09-28 10:49:34 +02:00
Asger F
a5ed3d791b Ruby: expand test case to reveal mismatching forward/backward flow 2022-09-28 10:49:34 +02:00
Asger F
e47deaffbf Ruby: More QLDoc police 2022-09-28 10:49:34 +02:00
Asger F
7737e75427 Update some QLDoc comments 2022-09-28 10:49:34 +02:00
Asger F
576e320bf5 Python: sync 2022-09-28 10:49:34 +02:00
Asger F
cbf16579ed Ruby: tweak pipeline a bit 2022-09-28 10:49:33 +02:00
Asger F
b13b2ce319 Ruby: fix join order when building append relation 2022-09-28 10:49:33 +02:00
Asger F
3498a04b89 Ruby: associate ContentSets with store/load edges in type tracker 2022-09-28 10:49:33 +02:00
Asger F
497258eda5 Ruby: reuse Content type 2022-09-28 10:49:33 +02:00
Asger F
ac1b7eb0b9 Remove SetterMethodCall in MkAttribute 2022-09-28 10:49:33 +02:00
Asger F
a64f7cd146 Ruby: simplify getSetterCallAttributeName 2022-09-28 10:49:33 +02:00
Asger F
a51a540582 Ruby: add content edges to API graph 
Fixes
 2022-09-28 10:49:33 +02:00
Asger F
d5e2b93554 Ruby: add API graph label for content 2022-09-28 10:49:33 +02:00
Asger F
e104b65106 Python: sync TypeTracker.qll and adapt accordingly 
fixup python
 2022-09-28 10:49:33 +02:00
Asger F
cd9cddf45a Ruby: generate type-tracking steps from simple summary specs 2022-09-28 10:49:33 +02:00
Asger F
f1b99e867c Ruby: use IPA type for type tracker contents 
fixup qldoc in OptionalTypeTrckerContent
 2022-09-28 10:49:33 +02:00
Asger F
53ef054c53 Ruby: Add getACallSimple and use it for arrays and hashes 2022-09-28 10:49:24 +02:00
Geoffrey White
9780dffa79 Merge pull request #10596 from geoffw0/swifturl 
Swift: URL is a struct, not a class
 2022-09-28 09:15:29 +01:00
Robert Marsh
82bbe67267 Merge pull request #10593 from MathiasVP/fix-fp-on-cwe-193 
C++: Fix FPs on `cpp/invalid-pointer-deref`
 2022-09-27 17:38:17 -04:00
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Geoffrey White
3ffb2a3ee6 Swift: Fix. 2022-09-27 18:39:03 +01:00
Geoffrey White
286fcb672c Swift: Additional test results. 2022-09-27 18:31:43 +01:00
Geoffrey White
d2c74913c8 Swift: Repair UnsafeWebViewFetch query via taint summary. 2022-09-27 18:25:32 +01:00
Geoffrey White
13b2b1f304 Swift: Repair CleartextTransmission query. 2022-09-27 18:25:32 +01:00
Geoffrey White
62aa5de781 Swift: URL is a struct not a class. 2022-09-27 18:25:31 +01:00
Jami
56e3334c6d Merge pull request #10479 from jcogs33/android-service-sources 
Java: add Android service sources
 2022-09-27 12:40:18 -04:00
Mathias Vorreiter Pedersen
549eca1b17 C++: Fix 'implicit use of this'. 2022-09-27 16:29:30 +01:00
Mathias Vorreiter Pedersen
e4305948ef C++: Fix FP on CWE-193 by blocking flow through back-edges of phi nodes. 2022-09-27 16:28:03 +01:00
Jami Cogswell
7e0c61de2c switch to hasName 2022-09-27 10:45:52 -04:00
Tony Torralba
be9509ceb9 Merge pull request #9199 from luchua-bc/java/unsafe-url-forward-dispatch-load 
Java: CWE-552 Query to detect unsafe resource loading in Java Spring applications
 2022-09-27 15:27:51 +02:00
Erik Krogh Kristensen
162edd6883 Merge pull request #10586 from erik-krogh/pyRegFix 
ReDoS: fix RegExpEscape::getValue having multiple results for some escapes
 2022-09-27 14:41:18 +02:00
Erik Krogh Kristensen
b9937269b9 Merge pull request #10584 from erik-krogh/csharp-unqueryable 
C#: deprecate/delete some unused code
 2022-09-27 14:26:59 +02:00
Tom Hvitved
335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
Tony Torralba
7ff82bbed3 Update java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll 2022-09-27 13:26:21 +02:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Tamás Vajk
9358070ae9 Merge pull request #10506 from tamasvajk/kotlin-enum-type-access 
Kotlin: Fix type access expressions in enum constructor calls
 2022-09-27 12:42:30 +02:00
Tamás Vajk
8a6d56a57d Merge pull request #10520 from tamasvajk/kotlin-fix-anonymous-object-comment 
Kotlin: Fix comment extraction for anonymous objects
 2022-09-27 12:42:05 +02:00
erik-krogh
ae6dd05249 deprecate unused class in query specific file 2022-09-27 12:40:05 +02:00
erik-krogh
d23b128457 delete unused code in an internal file 2022-09-27 12:31:58 +02:00
Mathias Vorreiter Pedersen
0c79c2836c Merge pull request #10573 from erik-krogh/cpp-unqueryable 
C: deprecate/delete some unused code
 2022-09-27 10:13:24 +01:00