hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
46,285 Commits 1,703 Branches 162 Tags
eb8ef72e477371dbd62362757a937756ec4ee46e
Commit Graph

46285 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ed Minnix
eb8ef72e47 Java: addJavascriptInterface query test case 2022-11-15 23:28:18 -05:00
Ed Minnix
3b96fefc71 Java: Add Android stubs to options file for CWE-079 test cases 2022-11-15 23:26:49 -05:00
Ed Minnix
e09f0861f3 Java: documentation for WebView#addJavascriptInterface query 2022-11-12 09:40:49 -05:00
Ed Minnix
e1ff04cd95 Java: Query for android.webkit.WebView#addJavascriptInterface 2022-11-12 09:40:49 -05:00
Ed Minnix
30cd447f69 Java: Add class to represent android.webkit.WebView#addJavascriptInterface 2022-11-12 09:40:49 -05:00
Erik Krogh Kristensen
8b11e98d42 Merge pull request #11162 from erik-krogh/ciCache 
CI: try only to fill the compilation cache from main in the compile-queries workflow
 2022-11-08 19:24:14 +01:00
Mathias Vorreiter Pedersen
4cdcebf022 Merge pull request #11161 from geoffw0/localflowsource 
Swift: Add LocalFlowSource class and a few sources.
 2022-11-08 16:12:32 +00:00
AlexDenisov
6fb021a5bc Merge pull request #11164 from github/redsun82/swift-print-unextracted 
Swift: print unextracted entities
 2022-11-08 16:07:44 +01:00
Jeroen Ketema
2bef82babc Merge pull request #11163 from jketema/missing-return 
C++: Add dataflow test that deliberately omits the return of a non-void function
 2022-11-08 16:00:36 +01:00
Paolo Tranquilli
d325a42890 Swift: print unextracted entities 2022-11-08 15:38:53 +01:00
Jeroen Ketema
d93bda21c2 Merge pull request #11159 from jketema/strcat-return-deref-taint 
C++: Also taint the return value dereference in the `strcat` model
 2022-11-08 15:27:07 +01:00
Jeroen Ketema
fa2d58adff C++: Add dataflow test that deliberately omits the return of a non-void function 2022-11-08 15:12:34 +01:00
erik-krogh
22d7f3cfe5 try only to fill the cache from main 2022-11-08 15:06:00 +01:00
Geoffrey White
25b4296045 Swift: Rename predicate to avoid confusion. 2022-11-08 13:52:33 +00:00
Geoffrey White
24c8f1d8b5 Swift: Add some local (and remote) flow sources for String. 2022-11-08 13:38:25 +00:00
Erik Krogh Kristensen
e01cbb2ffa Merge pull request #10378 from erik-krogh/aliasFlow 
JS: expand localFieldStep to use access-paths, and build access-paths in more cases
 2022-11-08 14:26:12 +01:00
Geoffrey White
e669754d0b Swift: Also add local flow sources to summary queries. 2022-11-08 13:05:41 +00:00
Geoffrey White
be05b807cd Swift: Add models-as-data local flow sources as well. 2022-11-08 13:05:41 +00:00
Geoffrey White
0dcb5546a1 Swift: Add a LocalFlowSource and FlowSource class. 2022-11-08 13:05:41 +00:00
Geoffrey White
c5285acb04 Swift: Add more tests for String flow sources. 2022-11-08 13:05:40 +00:00
Paolo Tranquilli
552c5249ac Merge pull request #11131 from github/redsun82/swift-incomplete-ast 
Swift: deal with incomplete ASTs
 2022-11-08 14:01:58 +01:00
Tom Hvitved
f0554fcdee Merge pull request #11155 from hvitved/ruby/avoid-stage-recomputation 
Ruby: Avoid stage recomputation
 2022-11-08 13:46:53 +01:00
Tom Hvitved
edde3defed Merge pull request #11153 from hvitved/ruby/basic-block-at-conditions 
Ruby: Split basic blocks around constant conditionals
 2022-11-08 13:35:52 +01:00
Tony Torralba
d813590780 Merge pull request #11156 from atorralba/atorralba/swift/bitwise-operation 
Swift: Add `BitwiseOperation.qll`
 2022-11-08 12:15:00 +01:00
Jeroen Ketema
c61a9c5911 C++: Also taint the return value dereference in the strcat model 2022-11-08 12:08:44 +01:00
Paolo Tranquilli
9731048836 Swift: remove an assert from swift headers 
An interesting byproduct was finding a problematic `assert` in the
Swift headers. An incomplete `FallthroughStmt` was asserting on having
a destination. I did not find any other sensible way of getting rid of
the crash when running in debug mode than to patch the header.
 2022-11-08 11:47:12 +01:00
Paolo Tranquilli
fda9d19a97 Swift: replace undefined labels with UnspecifiedElement 2022-11-08 11:47:12 +01:00
Paolo Tranquilli
8d3e6ff8a7 Swift: add label iteration 2022-11-08 11:47:12 +01:00
Paolo Tranquilli
450a4a04af Swift: add incomplete ast test 
The test was inspired by locally running the query against files in
https://github.com/apple/swift/tree/main/test/Parse

A query for missing elements was also added to the AST tests, expecting
nothing to be found.
 2022-11-08 11:46:07 +01:00
Paolo Tranquilli
d6fb6bf036 Swift: customize UnspecifiedElement 2022-11-08 11:40:27 +01:00
Paolo Tranquilli
e17bc6c581 Swift: add UnspecifiedElement 2022-11-08 11:40:27 +01:00
Tony Torralba
4411852e59 Add BitwiseOperation.qll 2022-11-08 11:33:10 +01:00
Paolo Tranquilli
2aa528852e Swift: add possibility to specify null class 2022-11-08 11:27:14 +01:00
Tom Hvitved
f0b9ca4bf9 Ruby: Add more guards tests 2022-11-08 11:09:54 +01:00
Jeroen Ketema
e00585ca24 Merge pull request #11154 from jketema/dataflow-test-fix 
C++: Fix wrong return types and missing statement in dataflow test
 2022-11-08 10:55:09 +01:00
Tom Hvitved
37a69b4569 Ruby: Avoid stage recomputation 2022-11-08 10:51:30 +01:00
AlexDenisov
d1848194eb Merge pull request #11152 from github/redsun82/swift-bitwise-test 
Swift: add bitwise ops to `PrintAst` test
 2022-11-08 10:25:48 +01:00
Tamás Vajk
38abd389eb Merge pull request #11045 from tamasvajk/kotlin-confusing-default 
Kotlin: Excluded compiler generated methods from `java/confusing-method-signature`
 2022-11-08 10:25:36 +01:00
Jeroen Ketema
0d4a2239fc C++: Fix wrong return types and missing statement in dataflow test 2022-11-08 09:55:10 +01:00
Paolo Tranquilli
072edad0fd Swift: accept new test changes 2022-11-08 09:30:25 +01:00
Erik Krogh Kristensen
c82410fd16 Merge pull request #10680 from erik-krogh/unsafeRbCmd 
RB: add an unsafe-shell-command-construction query
 2022-11-08 09:22:33 +01:00
Tom Hvitved
7ba0682297 Ruby: Split basic blocks around constant conditionals 2022-11-08 09:07:23 +01:00
Tom Hvitved
c86f597153 Ruby: Add test for disjunctive guard 2022-11-08 09:01:22 +01:00
Paolo Tranquilli
21adcca065 Swift: add bitwise ops to PrintAst test 2022-11-08 08:53:36 +01:00
Harry Maclean
8c8f1418d5 Merge pull request #11150 from hmac/try-fixup 
Ruby: Cosmetic change
 2022-11-08 12:19:47 +13:00
Harry Maclean
03aa8df8e2 Ruby: Cosmetic change 2022-11-08 10:24:21 +13:00
Harry Maclean
d392cdaab6 Merge pull request #11022 from hmac/try-code-injection 
Ruby: try/try! as code execution
 2022-11-08 09:42:52 +13:00
Tony Torralba
ef967b6a21 Merge pull request #10890 from atorralba/atorralba/android-startactivities-summaries 
Java: Add flow summaries for startActivities
 2022-11-07 18:06:30 +01:00
Alexander Eyers-Taylor
c6c4a7b14f Merge pull request #11068 from alexet/alexet/qlspec-instanceof 
QL Spec: Add instanceof in classes
 2022-11-07 16:15:09 +00:00
Erik Krogh Kristensen
3f871a08e2 apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-11-07 16:29:10 +01:00