hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 16:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
69,676 Commits 1,692 Branches 160 Tags
ec7ad84cd14ee604a529e1ccf53fea90fab4a2b5
Commit Graph

69676 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Farebrother
ec7ad84cd1 Update formatting 2024-08-30 13:51:33 +01:00
Joe Farebrother
5360192a58 Apply review suggestions - change = to in 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-08-30 13:25:59 +01:00
Joe Farebrother
5494389c4b Update changenote 
Co-authored-by: Sid Shankar <sidshank@github.com>
 2024-08-29 09:44:23 +01:00
Joe Farebrother
a8591c79c5 Update test 2024-08-28 09:11:34 +01:00
Joe Farebrother
f3dea1d647 Add changenote 2024-08-28 09:04:01 +01:00
Joe Farebrother
fc24ca304d Update tests 2024-08-27 14:18:50 +01:00
Joe Farebrother
1cb23e7e86 Exclude certificates from being cinsidered sensitive data by cleartext-storage and cleartext-logging queries 2024-08-27 14:18:39 +01:00
Ian Lynagh
3a864d3de2 Merge pull request #17292 from igfoo/igfoo/open 
Kotlin: Remove a redundant 'open'
 2024-08-27 12:14:04 +01:00
Ian Lynagh
085bf2f662 Merge pull request #17293 from igfoo/igfoo/dtw 
Kotlin: Restrict some TrapWriter types to DiagnosticTrapWriter
 2024-08-27 12:13:59 +01:00
Michael Nebel
287857c5db Merge pull request #17301 from michaelnebel/shared/contentflowbadjoin 
Shared: Fix bad join in content flow.
 2024-08-27 10:17:04 +02:00
Paolo Tranquilli
b79be718e1 Merge pull request #17306 from github/redsun82/bazel-lfs 
Bazel: fix logging bug in `git_lfs_probe.py`
 2024-08-27 09:42:39 +02:00
Anders Schack-Mulligen
b3fa4f3d9e Merge pull request #17289 from aschackmull/dataflow/summaryctx 
Dataflow: Simplify using a SummaryCtx type.
 2024-08-27 09:32:43 +02:00
Paolo Tranquilli
0738e01e7e Bazel: fix logging bug in git_lfs_probe.py 
The case of an `HTTPError` was printed to stdout (and therefore globbed
by bazel).

While I'm at it, I also introduced a timeout to `urlopen` and improved
the `no endpoints found` error message.
 2024-08-27 09:12:37 +02:00
Michael Nebel
e81fdc951a Merge pull request #17246 from michaelnebel/modelgendebug 
C#/Java: Add some model generator summary debugging queries.
 2024-08-26 16:13:03 +02:00
Michael Nebel
77bfe39ca7 Shared: Address review comments. 2024-08-26 15:24:56 +02:00
Michael Nebel
4381bae5d1 Shared: Fix bad join. 2024-08-26 15:24:54 +02:00
Anders Schack-Mulligen
d8c8bcd386 Dataflow: Tweak qldoc. 2024-08-26 15:12:37 +02:00
Anders Schack-Mulligen
cbb58d0041 Dataflow: Add a getLocation rootdef. 2024-08-26 15:05:30 +02:00
Michael Nebel
34d83a6b0d C#/Java: Address review comments. 2024-08-26 15:02:27 +02:00
Asger F
4e3440aad0 Merge pull request #17275 from asgerf/cpp/taint-test-case-false-negative 
C++: Reveal false negative in test case
 2024-08-26 12:36:03 +02:00
Asger F
16c2cf24b3 C++: use inline annotation for missing flow 2024-08-26 11:53:31 +02:00
Asger F
592e2eafb6 Merge pull request #17262 from asgerf/shared/implicit-read 
Shared: restrict flow after using implicit read
 2024-08-26 11:48:50 +02:00
Paolo Tranquilli
c4c8c9ddc1 Merge pull request #17291 from github/criemen/ripunzip 
Make ripunzip installer accessible from outside this repo.
 2024-08-23 20:14:44 +02:00
Cornelius Riemenschneider
3ac8108c4a Address review. 2024-08-23 17:26:05 +02:00
Ian Lynagh
6a7d8b5301 Kotlin: Restrict some TrapWriter types to DiagnosticTrapWriter 
We never use the greater generality, so this makes it easier to see
what's happening.
 2024-08-23 15:41:21 +01:00
Ian Lynagh
7d500cf58c Kotlin: Remove a redundant 'open' 2024-08-23 15:08:10 +01:00
Tamás Vajk
d710c1e89d Merge pull request #17287 from tamasvajk/message-count-telemetry 
C#: Add aggregated compiler and extractor message counts to extractio…
 2024-08-23 14:41:27 +02:00
Cornelius Riemenschneider
d84e745ce9 Make ripunzip installer accessible from outside this repo. 
* The relative path to misc doesn't work when running from another repo
* The buildifier dependency is not available from other repos,
  therefore we can't pull in //misc/bazel without further refactoring.

Therefore, inline the runfiles snippet here.
 2024-08-23 14:24:51 +02:00
Anders Schack-Mulligen
65189e09f5 Dataflow: Simplify using a SummaryCtx type. 2024-08-23 14:18:46 +02:00
Asger F
8df7fbf6d6 Swift: update test output 
The 'first' field is seen as a TaintInheritingContent, which means any read step for 'first' becomes a taint step too.
This type of taint step does not permit an implicit read before it, because it wasn't contributed by a configuration.
So there is no way for the taint to get out of the collection content before the taint step through '.first'.
The test previously passed because an implicit read at once of the earlier sinks could follow use-use flow down to the receiver of .first,
allowing it to escape the collection content.
 2024-08-23 11:30:50 +02:00
Asger F
d27b28d371 C++: update test output 
This reveals that some tests were passing for the wrong reasons.
See https://github.com/github/codeql/pull/17275
 2024-08-23 11:29:24 +02:00
Asger F
9703f67794 Test output updates that only affect nodes/edges 2024-08-23 11:03:26 +02:00
Asger F
6bc8407bd6 Java: Update test output 2024-08-23 11:02:29 +02:00
Asger F
c3b36325b2 Shared: prevent use-use flow through implicit reads (part 1) 2024-08-23 11:02:28 +02:00
Michael Nebel
20d9fd11ac Merge pull request #17288 from michaelnebel/shared/contentflow 
Shared: ContentFlow.
 2024-08-23 09:52:27 +02:00
Michael Nebel
19c2eb17c4 C#: Remove redundant imports. 2024-08-23 09:04:13 +02:00
Chris Smowton
67d94376e8 Merge pull request #17227 from smowton/smowton/fix/baseline-vs-nonroot-vendor-dirs 
Go / configure-baseline: account for multiple vendor directories and the `CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS` setting
 2024-08-22 15:00:51 +01:00
Michael Nebel
d935c47231 C#: Use the shared content flow implementation. 2024-08-22 15:46:01 +02:00
Michael Nebel
e6424f0f45 Shared: Make ContentDataFlow reusable. 2024-08-22 15:45:58 +02:00
Owen Mansel-Chan
18b99ffecc Merge pull request #17284 from owen-mc/go/fix-frameworks-coverage 
Go: Try to fix packages in frameworks coverage
 2024-08-22 14:43:52 +01:00
Tamas Vajk
6827bedaa7 C#: Add aggregated compiler and extractor message counts to extraction telemetry query 2024-08-22 15:14:33 +02:00
Tamás Vajk
3dce56b0b1 Merge pull request #17276 from tamasvajk/impr/change-partial-method-location 
C#: Change reporting location of partial methods
 2024-08-22 15:10:21 +02:00
Michael Nebel
4cd34531c6 Shared: Add a copy of the existing C# Content Dataflow implementation. 2024-08-22 15:07:45 +02:00
Owen Mansel-Chan
2edadbf423 Try to fix packages in frameworks coverage 2024-08-22 11:44:34 +01:00
Asger F
a1688f6a1a Merge pull request #17240 from knewbury01/knewbury01/fix-helmetrequiredsetting-model 
Update JS helmet model structure
 2024-08-22 11:59:28 +02:00
Asger F
81239dcd95 Java: add test case 2024-08-22 11:26:05 +02:00
Michael Nebel
bd69b96752 Merge pull request #17273 from michaelnebel/csharp/sqlinject 
C#: ASP.NET Controller is allowed to be abstract.
 2024-08-22 11:18:48 +02:00
Asger F
43f54db4db Merge pull request #17274 from asgerf/java/implicit-pending-intents-implicit-read 
Java: Reveal false negative in test
 2024-08-22 11:00:07 +02:00
Tom Hvitved
d41d7c8246 Merge pull request #17207 from hvitved/csharp/content-set 
C#: Implement `ContentSet`
 2024-08-22 10:55:11 +02:00
Tom Hvitved
a213982b48 Merge pull request #17222 from hvitved/ruby/hash-splat-param-arg-matching 
Ruby: Rework (hash) splat argument/parameter matching
 2024-08-22 10:54:52 +02:00