hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
59,429 Commits 1,741 Branches 165 Tags
e0fefce2a33f3b335cb4d3ffed52da342170c9ea
Commit Graph

59429 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Brown
ad86e576a4 autoformat 2023-10-03 13:40:17 -07:00
Josh Brown
b683a3caf8 Merge branch 'main' into jb1/16-cryptography-models-libraries-and-queries-migration 2023-10-04 07:24:29 +11:00
Robert Marsh
06da5fd05c Swift: move import to make codegen happy 2023-10-03 17:23:00 +00:00
Geoffrey White
d258f69ab0 Merge pull request #14329 from geoffw0/sinks 
Swift: Update summary queries
 2023-10-03 17:39:00 +01:00
Geoffrey White
34b33e1577 Merge pull request #14328 from geoffw0/debugdesc 
Swift: Model .description, .debugDescription more generally
 2023-10-03 17:37:22 +01:00
Geoffrey White
c518f39a0c Merge pull request #14357 from geoffw0/commandinject3 
Swift: Replace two additional taint steps with implicit reads
 2023-10-03 17:34:59 +01:00
Henry Mercer
da92da2204 Bump minor versions of packs we regularly release 2023-10-03 16:31:23 +01:00
Henry Mercer
f3847b3f51 Merge branch 'main' into henrymercer/rc-3.11-mergeback 2023-10-03 16:30:23 +01:00
Robert Marsh
cdef0796e3 Swift: QLDoc for NilCoalescingExpr.qll 2023-10-03 15:00:03 +00:00
Robert Marsh
497f0aa8ab Swift: sync test files and update expectation 2023-10-03 14:57:04 +00:00
Michael Nebel
8224f172b2 Merge pull request #14257 from michaelnebel/java/threatmodelsources 
Java: Introduce a class of dataflow nodes for the threat modeling.
 2023-10-03 16:10:49 +02:00
Mathias Vorreiter Pedersen
9a139ea903 C++: Accept test changes. 2023-10-03 15:58:35 +02:00
Mathias Vorreiter Pedersen
57d3f3f482 C++: Actually propagate the 'isBarrier1' or 'isBarrier2' predicates to the dataflow configurations. 2023-10-03 15:58:24 +02:00
Mathias Vorreiter Pedersen
9df5e43fae C++: Block flow through indirect flow through pointer-arithmetic instructions when following flow for the allocation size. 2023-10-03 15:31:50 +02:00
Owen Mansel-Chan
7c8233aade Add change note 2023-10-03 13:35:26 +01:00
Tamás Vajk
df988e46da Merge pull request #14351 from tamasvajk/csharp/standalone-compilation 
C#: Extract compilation DB entity in standalone mode
 2023-10-03 14:21:21 +02:00
Owen Mansel-Chan
5433636d49 Fix formatting errors in files included in qhelp 2023-10-03 12:48:03 +01:00
Owen Mansel-Chan
2a52455619 Improve output of check-formatting in Makefile 
The list of files that would change when reformatted is now printed.
Also, parsing errors now make the check fail.
 2023-10-03 12:48:01 +01:00
Ian Lynagh
c365f459fd Merge pull request #14355 from igfoo/igfoo/lang-vers 
Kotlin: Specify language version when compiling for old compilers
 2023-10-03 11:33:23 +01:00
Mathias Vorreiter Pedersen
dbe3bd0c50 Merge pull request #14360 from MathiasVP/promote-use-after-free-and-double-free 
C++: Promote `cpp/double-free` and `cpp/use-after-free` to Code Scanning
 2023-10-03 11:52:23 +02:00
Michael Nebel
fcbd301de8 Java: Address review comments. 2023-10-03 10:36:45 +02:00
Mathias Vorreiter Pedersen
b6ed9ccfda C++: Add change notes. 2023-10-03 09:33:40 +02:00
Mathias Vorreiter Pedersen
7084dc1a88 C++: Promote 'cpp/use-after-free' and 'cpp/double-free' to Code Scanning. 2023-10-03 09:22:47 +02:00
Mathias Vorreiter Pedersen
5632dd5e46 Merge pull request #14275 from alexet/fix-use-after-free-fp 
CPP: Fix some use after free FPs.
 2023-10-03 09:16:42 +02:00
Michael Nebel
5b949b19f7 Java: Cleanup threat model taxanomy to align with the EDR. 2023-10-03 09:16:39 +02:00
Michael Nebel
5c700afa27 Java: Add some threat model dataflow tests. 2023-10-03 09:16:39 +02:00
Michael Nebel
537965c0e8 Java: Add some testfiles. 2023-10-03 09:16:39 +02:00
Michael Nebel
2055d5492c Java: Let RemoteFlowSource and LocalUserInput extends SourceNode and fine grain the LocalUserInput threat models. 2023-10-03 09:16:38 +02:00
Michael Nebel
9a112dde66 Java: Introduce a class of dataflow nodes for the threat modeling. 2023-10-03 09:16:38 +02:00
Geoffrey White
0f1711fe1e Swift: Test insertMany. 2023-10-02 23:04:07 +01:00
Geoffrey White
bbd3c66d5a Swift: Update for CollectionContent. 2023-10-02 20:32:24 +01:00
Geoffrey White
81b358a711 Swift: Replace a similar additional taint step in another query. 2023-10-02 20:19:40 +01:00
Geoffrey White
27bdee8058 Swift: Replace additional taint step with implict read. 
Now that we have array content, this is a more principled approach than having a special case data step.
 2023-10-02 20:19:30 +01:00
Robert Marsh
ca722dc74c Swift: add NilCoalescingTest node to CFG 
Fixes an issue where a nil-coalescing operation used in a boolean
context would result in no control flow out of the default operand of
the nil-coalescing operator.
 2023-10-02 18:07:11 +00:00
Ian Lynagh
513a39f0b4 Kotlin: Specify language versino when compiling for old compilers 
Otherwise builds with Kotlin 2 won't work with older compilers.
 2023-10-02 18:14:01 +01:00
Ian Lynagh
f3c5c01ec5 Kotlin: Drop support for 1.4.32 
We never claimed to support anything < 1.5.0, and compiling with
-language-version 1.4 fails as it's not meant to support sealed classes.

If we build 1.4.32 with -language-version 1.5 using a 2.0 compiler,
then the resulting plugin also fails.
 2023-10-02 17:29:10 +01:00
Tom Hvitved
2684a22484 Merge pull request #14255 from hvitved/dataflow/perf-improvements 
Data flow: Performance improvements
 2023-10-02 16:37:24 +02:00
Tamas Vajk
b2514b3c69 Adjust expected test output 2023-10-02 13:35:16 +02:00
Tamas Vajk
de45a9b137 C#: Extract compilation DB entity in standalone mode 2023-10-02 12:54:49 +02:00
Rasmus Wriedt Larsen
e7384da162 Merge pull request #14341 from GeekMasher/py-django-restframework 
Python - Add support for RestFramework ModelViewSet functions
 2023-10-02 10:50:11 +02:00
Henry Mercer
0dd3837c31 Merge pull request #14345 from github/adityasharad/atm/remove-js-ml-tests 
ATM/JS: Remove test workflow
 2023-10-02 09:44:46 +01:00
Tom Hvitved
4fa93a077c Address review comments 2023-10-02 09:03:12 +02:00
Erik Krogh Kristensen
5dccc8d33e Merge pull request #14348 from github/dependabot/cargo/ql/regex-1.9.6 
Bump regex from 1.9.5 to 1.9.6 in /ql
 2023-10-02 08:34:59 +02:00
dependabot[bot]
a86b010504 Bump regex from 1.9.5 to 1.9.6 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.9.5 to 1.9.6.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.9.5...1.9.6)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-02 03:33:25 +00:00
Aditya Sharad
cf98b84279 ATM/JS: Remove test workflow 
These queries are deprecated, and upcoming nightly CLIs will no longer support their experimental functionality. To avoid test breakage, remove this workflow.

The code and tests can be cleaned up as future follow-up.
 2023-09-29 15:19:45 -07:00
Sarita Iyer
178b5c1c30 Merge pull request #14282 from github/saritai/update-language-display-names 
Update language display names
 2023-09-29 11:15:56 -04:00
Sarita Iyer
f29063bca3 Update codeql-for-java.rst 2023-09-29 10:44:27 -04:00
Rasmus Wriedt Larsen
3162033d56 Python: Make tests run for django rest framework 2023-09-29 16:21:04 +02:00
Sarita Iyer
b6b554f384 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-09-29 10:07:22 -04:00
Sarita Iyer
c0653adc85 remove trailing space 2023-09-29 09:57:48 -04:00