hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 14:34:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
46,203 Commits 1,680 Branches 158 Tags
dc88bdccc78b6579496aa910e638e60f00a9e598
Commit Graph

46203 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
dc88bdccc7 JS: Bump patch version of ML-powered library and query packs 2023-01-10 21:04:31 +00:00
github-actions[bot]
ea13925a92 JS: Bump patch version of ML-powered library and query packs 2022-12-13 13:28:09 +00:00
github-actions[bot]
9702ea02fb JS: Bump patch version of ML-powered library and query packs 2022-12-07 20:01:33 +00:00
github-actions[bot]
8d96bfe973 JS: Bump patch version of ML-powered library and query packs 2022-11-24 14:18:13 +00:00
github-actions[bot]
3e5e695325 JS: Bump patch version of ML-powered library and query packs 2022-11-11 12:36:19 +00:00
github-actions[bot]
82277d8f56 JS: Bump minor version of ML-powered library and query packs 2022-11-07 13:00:28 +00:00
github-actions[bot]
268a990aa6 JS: Bump version of ML-powered model pack to 0.3.1 2022-11-07 13:00:28 +00:00
github-actions[bot]
a1e0bf022e ATM: Update model pack dependency of ML-powered model building and query packs 2022-11-07 13:00:27 +00:00
github-actions[bot]
be808deb59 JS: Bump minor version of ML-powered model pack 2022-11-07 12:59:44 +00:00
Chris Smowton
eb365c1d24 Merge pull request #11079 from smowton/smowton/test/test-java-extractor-vs-captured-type-variables 
Java: Add test for multiply-bounded wildcards
 2022-11-07 12:31:19 +00:00
Tamás Vajk
830be92f1d Merge pull request #11089 from tamasvajk/kotlin-enum-ctor-call 
Kotlin: Extract missing arguments of enum constructor calls
 2022-11-07 12:55:27 +01:00
AlexDenisov
f8e80f96ff Merge pull request #11124 from github/redsun82/swift-await 
Swift: extract `AwaitExpr`
 2022-11-07 12:52:42 +01:00
Paolo Tranquilli
b30a6d36b5 Swift: extract AwaitExpr 2022-11-07 12:08:51 +01:00
Paolo Tranquilli
b94066acd8 Merge pull request #11094 from github/redsun82/swift-translators 
Swift: refactor visitors to use translations
 2022-11-07 12:01:44 +01:00
Geoffrey White
7b62bed9db Merge pull request #10947 from karimhamdanali/swift-pbe-iterations 
Swift: detect hash functions with low # of iterations
 2022-11-07 10:38:29 +00:00
Chris Smowton
e877967a62 Add test verifying no malformed wildcards result from captured type variables with a Collection<? extends ...> type 2022-11-07 10:29:04 +00:00
Chris Smowton
d999c1d3dd Java: Add test for multiply-bounded wildcards 
This exercises several cases of variables bounded both by a wildcard and by a bound on the type parameter, checking that the extractor strips the wildcards and captures to decide on a concrete type for the parameters and return values.
 2022-11-07 10:29:04 +00:00
Chris Smowton
1cd30847f6 Merge pull request #11121 from smowton/smowton/fix/java-wildcard-extraction 
Kotlin: fix extraction of Java nested wildcards; wildcards in return types
 2022-11-07 10:23:02 +00:00
Chris Smowton
68face8d46 Merge pull request #11130 from smowton/smowton/fix/kotlin-always-extract-file-labels 
Kotlin: always populate the `files` table
 2022-11-07 10:14:41 +00:00
Jeroen Ketema
d62e3f6bc2 Merge pull request #11137 from jketema/dataflow-test-fixes 
C++: Small fixes for the dataflow tests
 2022-11-07 11:07:09 +01:00
Anders Schack-Mulligen
99ca28ea9b Merge pull request #10886 from aschackmull/dataflow/joinorders 
Dataflow: Fix a couple of join-orders.
 2022-11-07 11:05:29 +01:00
Chris Smowton
587aa93f6d Merge pull request #11105 from smowton/smowton/fix/use-defaults-method-to-implement-jvmoverloads 
Kotlin: use `$default` functions to implement `@JvmOverloads`
 2022-11-07 09:54:16 +00:00
Tamas Vajk
4e8d8a4de1 Add compilerGeneratedReason for enum constructor call arguments 2022-11-07 10:07:05 +01:00
Tamas Vajk
7d927a7396 Adjust enum constructor argument extraction based on review 2022-11-07 10:07:05 +01:00
Tamas Vajk
fb5b344427 Fix failing build on early kotlin versions 2022-11-07 10:07:05 +01:00
Tamas Vajk
44e70afa85 Kotlin: Extract missing arguments of enum constructor calls 2022-11-07 10:07:04 +01:00
Jeroen Ketema
291027ad82 C++: Fix return type in dataflow test 2022-11-07 09:42:54 +01:00
Jeroen Ketema
3b1feeef6d C++: Remove unneeded isAdditionalFlowStep from dataflow test 
Since the introduction of flow through global variables these additional
steps are no longer needed.
 2022-11-07 09:40:57 +01:00
Dave Bartolomeo
b8e1aa67d8 Merge pull request #11134 from github/post-release-prep/codeql-cli-2.11.3 
Post-release preparation for codeql-cli-2.11.3
 2022-11-05 13:54:49 -04:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
Dave Bartolomeo
8344d5a376 Merge pull request #11133 from github/release-prep/2.11.3 
Release preparation for version 2.11.3
codeql-cli/v2.11.3 		2022-11-04 22:50:41 -04:00
Mathias Vorreiter Pedersen
60ac031db4 Merge pull request #11036 from geoffw0/simplify3 2022-11-05 00:31:05 +00:00
Dave Bartolomeo
013b7eff1c Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-04 18:46:32 -04:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Tiferet Gazit
5198ad7612 Merge pull request #11055 from github/tiferet/sink-classification-reasons 
Sink endpoint characteristics
 2022-11-04 11:24:08 -07:00
Henry Mercer
b32f4b844a Merge pull request #11118 from github/henrymercer/atm-check-queries-improvements 
ATM: Miscellaneous improvements for the check queries workflow
 2022-11-04 18:04:32 +00:00
tiferet
833041c62e Fix QLDoc style errors 2022-11-04 09:30:31 -07:00
tiferet
2aa4651534 Remove predicates not yet used from the current PR 2022-11-04 09:30:31 -07:00
tiferet
74c8bfff4f Minor changes from code review 2022-11-04 09:30:31 -07:00
tiferet
e60c016fc6 Format fixes 2022-11-04 09:30:31 -07:00
tiferet
cbf81b8839 Improve the import structure 2022-11-04 09:30:31 -07:00
tiferet
300456cd3e Enforce the abstraction over characteristics: 
Make the implementations of specific `EndpointCharacteristic`s private.
 2022-11-04 09:30:31 -07:00
tiferet
c0cc754fb5 Rename ClassificationReasons 
Change the name to EndpointCharacteristics.
 2022-11-04 09:30:30 -07:00
tiferet
a4939b91e7 Generalize the definition of a known sink: 
If the list of reasons includes positive indicators with maximal confidence for this class, it's a known sink for the class.

This negates the need for each query config to define the isKnownSink predicate individually.
 2022-11-04 09:30:29 -07:00
tiferet
08bbe596a2 Create the sink ClassificationReasons 
Write the reasons that indicate that an endpoint is a sink for each sink type.

Also fix import error.
 2022-11-04 09:30:29 -07:00
Dave Bartolomeo
649c3af98a Merge pull request #11127 from github/henrymercer/fix-atm-pr-checks 
ATM: Fix CodeQL pack workspace references
 2022-11-04 12:19:42 -04:00
Arthur Baars
58c0e65542 Merge pull request #11129 from aibaars/improve-weak-crypto 
Ruby: Improve weak crypto query
 2022-11-04 16:31:55 +01:00
Chris Smowton
8fd4041511 Kotlin: always populate the files table 
Previously individual top-level file declarations relied on their corresponding file-class to declare their `File` instance, but this can be scuppered by a Java extractor replacing that file-class and identifying a different file location.
 2022-11-04 15:00:27 +00:00
Arthur Baars
98f4c29913 Ruby: weak crypto: do not report weak hash algorithms 
Weak hash algorithms such as MD5 and SHA1 are often
used in non security sensitive contexts and reporting
all uses is far too noisy.
 2022-11-04 15:58:50 +01:00
Erik Krogh Kristensen
418d632738 Merge pull request #11123 from erik-krogh/stableCI-followup-2 
fix typo in compile-queries workflow
 2022-11-04 15:48:27 +01:00