Asger Feldthaus
d33200ea83
JS: Add test for WithArity
2022-01-05 14:35:02 +01:00
Asger Feldthaus
21928bee6c
JS: Rename padded -> inversePad
2022-01-05 14:35:01 +01:00
Asger Feldthaus
1989d51942
JS: Update documentation in Impl.qll
2022-01-05 14:35:01 +01:00
Asger Feldthaus
3ced5c9269
JS: Resolve first N tokens instead of constructing each prefix
2022-01-05 14:35:01 +01:00
Asger Feldthaus
772681d249
JS: Initial support for models as data
2022-01-05 14:34:52 +01:00
Arthur Baars
e96fcf8568
Merge pull request #7498 from github/dependabot/cargo/ruby/generator/clap-3.0
...
Update clap requirement from 2.33 to 3.0 in /ruby/generator
2022-01-05 12:24:42 +01:00
Mathias Vorreiter Pedersen
a48d5dcf48
Merge pull request #7459 from MathiasVP/promote-arithmetic-uncontrolled
...
C++: Increase precision of `cpp/arithmetic-uncontrolled` to `high`
2022-01-05 11:24:09 +00:00
Mathias Vorreiter Pedersen
23b8b776ab
C++: Add change-note.
2022-01-05 10:12:20 +00:00
Mathias Vorreiter Pedersen
37c72cae3e
Merge branch 'main' into promote-arithmetic-uncontrolled
2022-01-05 08:12:47 +00:00
Anders Schack-Mulligen
fdb3cd03ef
Merge pull request #7513 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2022-01-05 08:54:46 +01:00
github-actions[bot]
0aa1152899
Add changed framework coverage reports
2022-01-05 00:10:19 +00:00
Erik Krogh Kristensen
c7da8df03c
Merge pull request #7511 from erik-krogh/dedup-spaces
...
Python: remove duplicated spaces in qldoc
2022-01-04 21:39:15 +01:00
Erik Krogh Kristensen
fe1107ccac
remove duplicated spaces in qldoc
2022-01-04 21:03:06 +01:00
Mathias Vorreiter Pedersen
8f843209a8
Merge pull request #7493 from MrAnno/relax-ambiguously-signed-bit-field
...
C++: relax ambiguously-signed-bit-field by allowing GLib's gboolean
2022-01-04 16:18:46 +01:00
Mathias Vorreiter Pedersen
e31185fea4
C++: add change-note for cpp/ambiguously-signed-bit-field.
2022-01-04 14:31:19 +00:00
László Várady
6496bf8c1d
C++: relax ambiguously-signed-bit-field by allowing GLib's gboolean
...
The gboolean type of GLib (a widely used C library) is a typedef to int.
It is meant to represent a simple true/false value.
Resolves #7491
2022-01-04 14:22:48 +00:00
Tom Hvitved
bfb573c86a
Merge pull request #7508 from hvitved/python/change-note-typo2
...
Python: Fix another change note typo
2022-01-04 14:10:37 +01:00
Tom Hvitved
6b4eaf674f
Python: Fix another change note typo
2022-01-04 13:53:07 +01:00
Erik Krogh Kristensen
b9964799f3
Merge pull request #7458 from erik-krogh/modelling
...
QL: add "modelling/modeling" to `ql/non-us-spelling`
2022-01-04 13:33:54 +01:00
Anders Schack-Mulligen
6457f42497
Merge pull request #7500 from zbazztian/stringbuilder-reverse-taint
...
Propagate taint through AbstractStringBuilder.reverse()
2022-01-04 13:28:14 +01:00
Geoffrey White
344e380fa3
Merge pull request #6949 from ihsinme/ihsinme-patch-073
...
CPP: Add query for CWE-266 Incorrect Privilege Assignment
2022-01-04 11:37:17 +00:00
Tom Hvitved
a2c1995b9b
Merge pull request #7506 from hvitved/python/change-note-typo
...
Python: Fix typo in change note
2022-01-04 11:47:48 +01:00
Anders Schack-Mulligen
f8380dabe0
Update java/ql/lib/semmle/code/java/frameworks/Strings.qll
2022-01-04 11:47:26 +01:00
Tom Hvitved
23fb3455c0
Python: Fix typo in change note
2022-01-04 11:06:23 +01:00
Tom Hvitved
1f8a291d6f
Merge pull request #7198 from hvitved/ruby/dataflow/arrays
...
Ruby: Flow through arrays/enumerables
2022-01-04 10:37:08 +01:00
yoff
5ba70ff3b6
Merge pull request #7369 from RasmusWL/filter-tag-cwe
...
JS/Py/Ruby: Add more CWEs to bad-tag-filter queries
2022-01-04 10:11:03 +01:00
Michael Nebel
c3007ff713
Merge pull request #7468 from michaelnebel/csharp-foreach-dataflow
...
C#: Re-factor the ForEachCapture query to use MaD flow summaries.
2022-01-04 09:46:39 +01:00
Tom Hvitved
de1697ab39
Merge pull request #7503 from dbartol/dbartol/move-change-notes
...
Move change notes to correct location
2022-01-04 09:35:21 +01:00
Dave Bartolomeo
5f5af4a29e
Move change notes to correct location
...
A few change notes slipped through the cracks of my previous change. These are now in the proper locations: `old-change-notes` for older notes, and `<lang>\ql\[src|lib]\change-notes` for current change notes.
2022-01-03 18:21:16 -05:00
Dave Bartolomeo
ded3c52a34
Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4
...
Post-release preparation for codeql-cli-2.7.4
2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa
Post-release version bumps
2022-01-03 20:11:15 +00:00
dependabot[bot]
b74af00b2b
Update clap requirement from 2.33 to 3.0 in /ruby/generator
...
Updates the requirements on [clap](https://github.com/clap-rs/clap ) to permit the latest version.
- [Release notes](https://github.com/clap-rs/clap/releases )
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/clap-rs/clap/compare/clap_generate-v3.0.0-rc.0...clap_complete-v3.0.0 )
---
updated-dependencies:
- dependency-name: clap
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-01-03 16:12:45 +00:00
Taus
ec533c8465
Merge pull request #7502 from tausbn/ql-support-trailing-comma-in-set-literals
...
QL: Support trailing comma in set literals
2022-01-03 17:06:46 +01:00
Taus
8845529548
QL: Support trailing comma in set literals
...
See
725395405e
for the grammar changes and corresponding test.
2022-01-03 15:48:24 +00:00
Sebastian Bauersfeld
421bd1b970
Propagate taint through AbstractStringBuilder.reverse() and its overrides.
2022-01-03 10:38:27 +07:00
Tom Hvitved
882caf4011
Merge pull request #7470 from hvitved/csharp/dispatch-join-order
...
C#: Fix bad join-order in dispatch library
2021-12-22 19:11:33 +01:00
Alex Ford
0cbf136e21
Merge pull request #7273 from github/ruby/crypto-algorithms
...
Ruby: add CryptoAlgorithms library
2021-12-22 17:42:59 +00:00
Alex Ford
69f1c18a39
Merge pull request #7446 from jeffgran/jg/constant-write-access
...
[Ruby] Bugfix: ConstantWriteAccess::getQualifiedName() returns wrong value in some cases
2021-12-22 17:07:49 +00:00
Alex Ford
3da98ecb73
Bump a date
2021-12-22 16:38:16 +00:00
Alex Ford
a2104de8a0
Move CryptoAlgorithms::AlgorithmsName into a separate internal/CryptoAlgorithmNames.qll
2021-12-22 16:38:15 +00:00
Alex Ford
f16d77615d
Remove unused isStrongBlockMode predicate from CryptoAlgorithms.qll
2021-12-22 16:38:15 +00:00
Alex Ford
df0da980ea
Update ruby/ql/lib/codeql/ruby/security/OpenSSL.qll
...
Co-authored-by: Nick Rolfe <nickrolfe@github.com >
2021-12-22 16:38:15 +00:00
Alex Ford
27a40fb5cf
Ruby: OpenSSL QLDoc fixes
2021-12-22 16:38:15 +00:00
Alex Ford
97c75de771
Ruby: OpenSSL and CryptoAlgorithms test update
2021-12-22 16:38:15 +00:00
Alex Ford
e6bc45ee3b
Ruby: Base OpenSSL supported algorithms on OpenSSL 1.1.1 and LibreSSL 3.4.1
2021-12-22 16:38:15 +00:00
Alex Ford
d3af687767
Add more encryption algorithms and modes to CryptoAlgorithms::AlgorithmNames
...
Strong encryption algorithms: ARIA, IDEA, SEED, SM4
Strong block modes: CBC, CFB, CTR, OFB
2021-12-22 16:38:15 +00:00
Alex Ford
bdb2d8ba16
Ruby: split OpenSSL parts from CryptoALgorithms.qll and sync with JS/Python version
2021-12-22 16:38:15 +00:00
Alex Ford
0303c279e2
Ruby: add empty ruby file to avoid DataFlowConsistency failure
2021-12-22 16:38:15 +00:00
Alex Ford
1156581b52
Ruby: add CryptoAlgorithms library
2021-12-22 16:38:15 +00:00
Jeff Gran
accfd482d4
autoformat file
2021-12-22 08:44:35 -07:00