hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-09 12:40:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,251 Commits 1,679 Branches 157 Tags
e7e6529df696a245f91ade7a2c53fe0ca415aa7d
Commit Graph

60251 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
e7e6529df6 Swift: Add tests. 2023-11-03 12:21:32 +00:00
Geoffrey White
49add7d8ce Swift: Add stubs to test. 2023-11-03 12:07:15 +00:00
Harry Maclean
dc9f171ee6 Merge pull request #14631 from hmac/hmac-dynamic-neutral-model 
JS/Ruby/Python: Add neutralModel extensible predicate
 2023-10-30 12:50:09 +00:00
Harry Maclean
083be305e1 Shared: Add neutralModel extensible predicate 
The neutralModel extensible predicate already exists in Java and C#, so
this change brings the dynamic languages more in line with static
languages. The Model Editor uses this predicate to mark endpoints as
"not interesting" from a data flow perspective.
 2023-10-30 11:31:57 +00:00
Harry Maclean
38ecde0cc1 Shared: Include data extensions in workspace 
This change allows codeql to see data extensions stored in the .github
directory inside the codeql repo. This is useful when using the CodeQL
Model Editor whilst working inside the codeql repo.
 2023-10-30 11:31:56 +00:00
Mathias Vorreiter Pedersen
3a9ffe189e Merge pull request #14567 from github/redsun82/swift-case-variables 
Swift: clean up `VarDecl`, `NamedPattern` and `SwitchStmt` interactions
 2023-10-30 11:23:38 +00:00
Mathias Vorreiter Pedersen
9e2f0b5ed0 Merge branch 'main' into redsun82/swift-case-variables 2023-10-30 10:14:45 +00:00
Mathias Vorreiter Pedersen
c4521a30aa Merge pull request #14113 from geoffw0/implicitflow 
Swift: Flow through OpenExistentialExpr
 2023-10-30 10:08:29 +00:00
Mathias Vorreiter Pedersen
4e08ba6820 Merge pull request #14618 from geoffw0/qldoc 
Swift: QLDoc and test for getCanonicalType
 2023-10-30 10:06:26 +00:00
Tamás Vajk
b9c89750b9 Merge pull request #14493 from tamasvajk/fix/params-attribute-argument 
C#: Fix params attribute argument extraction
 2023-10-30 10:50:02 +01:00
Mathias Vorreiter Pedersen
342b3d7733 Merge pull request #14619 from MathiasVP/fix-strtol-model 
C++: Fix `strtol` model
 2023-10-30 09:41:23 +00:00
Geoffrey White
1929dead39 Merge branch 'main' into implicitflow 2023-10-27 23:35:54 +01:00
Owen Mansel-Chan
c1ecd5a0da Merge pull request #14608 from Kwstubbs/golang-cookie-reflectedxss-sanitizer 
Go: GoAdd Cookie Sanitizer to Reflected XSS
 2023-10-27 21:47:39 +01:00
Kevin Stubbings
57cbacb495 test.go change 2023-10-27 12:07:51 -07:00
Kevin Stubbings
ce0104799a Fix minor issues 2023-10-27 11:42:22 -07:00
Geoffrey White
8937e0b313 Swift: == -> = 2023-10-27 17:18:09 +01:00
Alex Ford
cb1cd5ed2a Merge pull request #14560 from alexrford/rb/modgen 
Ruby: add a query and script for autogenerating typeModel and summaryModel data extensions entries
 2023-10-27 16:43:42 +01:00
Mathias Vorreiter Pedersen
28eb2caacb Swift: Accept test changes. 2023-10-27 16:30:01 +01:00
Mathias Vorreiter Pedersen
33494fe9e1 C++: Extend the taint model and accept test changes. 2023-10-27 16:26:37 +01:00
Mathias Vorreiter Pedersen
e4683449cb C++: Add failing test. 2023-10-27 16:26:37 +01:00
Mathias Vorreiter Pedersen
8bf8888c24 C++: Simplify 'parameterNeverEscapes' and add a comment. 2023-10-27 16:26:37 +01:00
Mathias Vorreiter Pedersen
6538a7645d Swift: Add up and downgrade scripts. 2023-10-27 15:55:12 +01:00
Mathias Vorreiter Pedersen
6062fbb475 Merge pull request #14383 from geoffw0/nsstringregex 
Swift: Add regular expression evaluation models for StringProtocol and NSString methods
 2023-10-27 15:49:23 +01:00
Mathias Vorreiter Pedersen
572cec2c55 C++: Accept test changes. 2023-10-27 15:00:25 +01:00
Mathias Vorreiter Pedersen
43e8b900bf C++: Fix 'strtol' model. 2023-10-27 14:59:11 +01:00
Geoffrey White
2a552d9721 Swift: Address QL-for-QL warning. 2023-10-27 14:56:19 +01:00
Mathias Vorreiter Pedersen
d6b6c432d9 C++: Add test with incorrect IR due to wrong model. 2023-10-27 14:53:06 +01:00
Owen Mansel-Chan
d534c93ff1 Merge pull request #14606 from owen-mc/go/incorrect-integer-conversion-fixes 
Go: Two fixes to upper bound checks in "incorrect integer conversion" query
 2023-10-27 14:50:11 +01:00
Alex Ford
f6ac63b259 Ruby: modgen - use FeatureEqualSourceSinkCallContext feature rather than late filtering for method context 2023-10-27 14:48:50 +01:00
Geoffrey White
12201d2e8e Swift: Codegen. 2023-10-27 14:37:06 +01:00
Geoffrey White
6ad5c9542b Swift: Add getCanonicalType to the NominalType test as well. 2023-10-27 14:37:06 +01:00
Dave Bartolomeo
b18a6d5e0b Merge pull request #14582 from github/dbartol/threat-models-2 
Java: Threat model implementation with priorities.
 2023-10-27 09:33:53 -04:00
Geoffrey White
ce471105e2 Swift: QLDoc getCanonicalType. 2023-10-27 14:23:51 +01:00
Mathias Vorreiter Pedersen
4aed638066 Merge pull request #14577 from MathiasVP/capture-flow-swift 
Swift: Add variable-capture flow
 2023-10-27 14:09:04 +01:00
Erik Krogh Kristensen
c1a1ebfb60 Merge pull request #14616 from erik-krogh/identity-severity 
JS: lower the severity of js/identity-replacement to medium
 2023-10-27 14:27:05 +02:00
Anders Schack-Mulligen
e9cb272396 Merge pull request #14615 from aschackmull/dataflow/stage-alias 
Dataflow: simplify using stage aliases.
 2023-10-27 14:17:30 +02:00
erik-krogh
cf958f0828 lower the severity of js/identity-replacement to medium 2023-10-27 13:54:17 +02:00
Anders Schack-Mulligen
10c657bc23 Dataflow: simplify using stage aliases. 2023-10-27 13:40:21 +02:00
Alex Ford
0818354ad7 Ruby: modgen - fix unbound variable 2023-10-27 11:46:09 +01:00
Owen Mansel-Chan
00ba7e42b1 Merge pull request #14613 from owen-mc/change-note-check-on-shared 
Update `Change-note-check` workflow to detect changes in shared folder
 2023-10-27 11:45:03 +01:00
Anders Schack-Mulligen
c7be5ac527 Merge pull request #14602 from aschackmull/java/split-dispatch-cached-stages 
Java: Split the different layers of virtual dispatch into separate cached stages.
 2023-10-27 12:36:29 +02:00
Owen Mansel-Chan
1db622e740 Make check-change-note workflow include shared 2023-10-27 11:26:13 +01:00
Mathias Vorreiter Pedersen
68999f3cef Swift: Fix test by including the 'allowParameterReturnInSelf' hook from the variable capture library. 2023-10-27 11:25:19 +01:00
Mathias Vorreiter Pedersen
9b150e4ea9 Swift: Add failing test. 2023-10-27 11:22:56 +01:00
Mathias Vorreiter Pedersen
a5a7d27c4b Swift: Add change note. 2023-10-27 11:16:32 +01:00
Owen Mansel-Chan
3c9783c7c9 Add change note 2023-10-27 11:12:37 +01:00
Mathias Vorreiter Pedersen
b41ec37993 Swift: Remove the code related to constructor capture (and the related TODO). This cannot happen in Swift. 2023-10-27 11:05:48 +01:00
Tom Hvitved
ee5c014382 Merge pull request #14609 from hvitved/csharp/stub-gen-attribute-usage 
C#: Include `AttributeUsages` in stub generator
 2023-10-27 12:05:34 +02:00
Owen Mansel-Chan
581305b234 Improve QLDoc for UpperBoundCheckGuard 2023-10-27 10:59:20 +01:00
Owen Mansel-Chan
8beacb8d4a Change predicate name from getX to getOrder 2023-10-27 10:44:42 +01:00