hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-02 16:23:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,832 Commits 1,688 Branches 159 Tags
f56ffbc25ed70bbae48dc159cf88179d74a28a82
Commit Graph

54832 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
f56ffbc25e Merge pull request #13232 from github/redsun82/swift-hidden-ast 
Swift: fix hidden AST getters
 2023-05-22 14:47:11 +02:00
Erik Krogh Kristensen
3647b9cfeb Merge pull request #13196 from erik-krogh/indirectCommand 
JS: require arguments to be shell interpreted to be flagged by indirect-command-injection
 2023-05-22 11:53:57 +02:00
Paolo Tranquilli
20893bdef5 Swift: accept test changes after hidden AST fix 2023-05-22 10:14:29 +02:00
Tony Torralba
05c30e8fac Merge pull request #13230 from atorralba/atorralba/java/groove-template-engine-sink 
Java: Add TemplateEngine.createTemplate as a Groovy injection sink
 2023-05-22 10:04:29 +02:00
Paolo Tranquilli
de03bdc235 Swift: fix hidden AST getters 
For consistency with the C/C++ QL library, getters of AST elements
within the hidden AST should not themselves skip other hidden AST
elements.
 2023-05-22 09:57:48 +02:00
Tom Hvitved
224a2c3d91 Merge pull request #13231 from hvitved/ruby/type-tracker-missing-callback-flow-out 
Ruby: Allow for flow through callbacks to summarized methods in type tracking
 2023-05-22 09:38:59 +02:00
Tom Hvitved
128168a7e7 Ruby: Allow for flow through callbacks to summarized methods in type tracking 2023-05-21 20:51:45 +02:00
Mathias Vorreiter Pedersen
58f4b7696d Merge pull request #13223 from geoffw0/useasnominaltypedecl 
Swift: Use asNominalTypeDecl more.
 2023-05-19 16:53:28 +01:00
Tony Torralba
b58eb3a92c Java: Add TemplateEngine.createTemplate as a groovy injection sink 2023-05-19 17:45:47 +02:00
Philip Ginsbach
999e7f96c7 Merge pull request #13222 from github/ginsbach/SignatureSyntax 
add syntax for signature definitions to QL specification
 2023-05-19 16:22:45 +01:00
Alexandre Boulgakov
f943502e41 Merge pull request #13224 from github/sashabu/tsp-empty-help-links 
Swift: Drop support for plaintext diagnostics (and `helpLinks`).
 2023-05-19 15:44:44 +01:00
Alexandre Boulgakov
b3e76d6052 Swift: Drop support for plaintext diagnostics (and helpLinks). 
The recommended option is Markdown diagnostics, and we have already migrated everything to emit them. The empty help link we're currently emitting everywhere is a bug.
 2023-05-19 15:16:02 +01:00
Alexandre Boulgakov
a1beaa6300 Merge pull request #13186 from github/redsun82/swift-diagnostics-wording 
Swift: reword TSP diagnostics after doc team review
 2023-05-19 15:15:46 +01:00
Alexandre Boulgakov
110b766770 Swift: Add a . to a test message to match the logging API change in this PR. 2023-05-19 14:46:12 +01:00
Philip Ginsbach
6957857773 add syntax for signature declarations to QL specification 2023-05-19 14:44:29 +01:00
Alexandre Boulgakov
1e9b849e93 Merge branch 'main' into redsun82/swift-diagnostics-wording 2023-05-19 14:43:01 +01:00
Alexandre Boulgakov
8f7279ee05 Swift: TSP message wording changes. 2023-05-19 14:39:57 +01:00
Alexandre Boulgakov
5bb2eb4155 Swift: TSP message wording changes. 
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
 2023-05-19 14:37:18 +01:00
Alexandre Boulgakov
137b4a99ef Swift: TSP message wording changes. 
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
 2023-05-19 14:36:24 +01:00
Alexandre Boulgakov
ddcac20a94 Swift: TSP message wording changes. 
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
 2023-05-19 14:36:14 +01:00
Alexandre Boulgakov
8a15af5614 Swift: TSP message wording changes. 
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
 2023-05-19 14:36:04 +01:00
Geoffrey White
68bdd51dd3 Swift: Add QLDoc encouraging this pattern. 2023-05-19 14:35:08 +01:00
Geoffrey White
0d8aa825d9 Swift: Use asNominalType() more widely to include things declared in extensions. 2023-05-19 14:19:32 +01:00
Geoffrey White
ccbd041875 Swift: Use asNominalTypeDecl() to simplify models. 2023-05-19 14:04:49 +01:00
Mathias Vorreiter Pedersen
2206216dbb Merge pull request #13221 from geoffw0/filepath 
Swift: Taint model for FilePath
 2023-05-19 14:01:22 +01:00
Geoffrey White
c8dfc87dae Swift: getName -> getFullName. 2023-05-19 12:18:17 +01:00
Geoffrey White
13755ad5f5 Swift: Remove placeholder lines I had left in. 2023-05-19 11:42:00 +01:00
Tony Torralba
babf429c9a Merge pull request #13220 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-05-19 08:57:15 +02:00
github-actions[bot]
66f2579437 Add changed framework coverage reports 2023-05-19 00:15:25 +00:00
Geoffrey White
6dfad79972 Swift: Model FilePath. 2023-05-18 18:56:08 +01:00
Geoffrey White
371bcc55fa Swift: Consolidate and extend tests of taint flow through FilePath. 2023-05-18 18:01:38 +01:00
Alexandre Boulgakov
fa52c32564 Merge pull request #13170 from github/sashabu/internal-error-tsp 
Swift: Emit diagnostics on assertion/expectation violations.
 2023-05-18 17:19:43 +01:00
Mathias Vorreiter Pedersen
e0263a719e Merge pull request #13218 from MathiasVP/c18-to-c17 
C++: Replace `C18` with `C17` in documentation
 2023-05-18 16:42:15 +01:00
Mathias Vorreiter Pedersen
70b08a093c C++: Replace 'C18' with 'C17'. 2023-05-18 15:55:21 +01:00
Mathias Vorreiter Pedersen
8f7bb8b11f Merge pull request #13217 from MathiasVP/cleanup-overrun-write-product-flow 
C++: Small cleanup of `cpp/overrun-write`
 2023-05-18 13:59:44 +01:00
Tony Torralba
a8afa4785e Merge pull request #13140 from atorralba/atorralba/java/spring-jdbc-namedparam-models 
Java: Add SQLi sinks for Spring JDBC
 2023-05-18 14:49:28 +02:00
Mathias Vorreiter Pedersen
a77c62473e C++: Reduce code-duplication in 'cpp/overrun-write'. 2023-05-18 13:23:15 +01:00
Mathias Vorreiter Pedersen
8cf25ba421 Merge pull request #13191 from MathiasVP/fix-pointer-pointee-conflation 
C++: Fix pointer/pointee conflation
 2023-05-18 13:09:10 +01:00
Mathias Vorreiter Pedersen
2e734755fb Merge pull request #13215 from MathiasVP/update-qldoc-on-typemention 
C++: Update documentation for `TypeMention`
 2023-05-18 10:24:13 +01:00
Jeroen Ketema
34fdeb4e6b Merge pull request #13203 from jketema/deref-size 
C++: Use range analysis-based `hasSize` predicate in `cpp/invalid-pointer-deref`
 2023-05-18 11:03:09 +02:00
Mathias Vorreiter Pedersen
a475efbe39 Update cpp/ql/lib/semmle/code/cpp/Type.qll 2023-05-18 09:37:20 +01:00
Mathias Vorreiter Pedersen
f3b6b470f4 C++: Update documentation for 'TypeMention'. 2023-05-18 09:32:31 +01:00
Tony Torralba
2c54996499 Apply @jcogs33's suggestions from code review 2023-05-18 08:51:19 +02:00
Tony Torralba
1b06bf132c Merge pull request #12932 from atorralba/atorralba/java/promote-xxe-experimental-sinks 
Java: Promote experimental XXE sinks
 2023-05-17 17:39:31 +02:00
Óscar San José
cc36e3c809 Merge pull request #13192 from github/post-release-prep/codeql-cli-2.13.2-fix-release-notes-check 
Change regexp to include released change-notes pattern in check-change-note CI check
 2023-05-17 17:28:59 +02:00
Jeroen Ketema
d1efffe492 Merge branch 'main' into deref-size 2023-05-17 17:13:49 +02:00
Jeroen Ketema
e3aecd3f1f Merge pull request #13200 from jketema/deref-subpath 
C++: Implement the `subpaths` query predicate for `cpp/invalid-pointer-deref`
 2023-05-17 17:13:28 +02:00
Óscar San José
f72afd0727 fixing typo 2023-05-17 17:08:37 +02:00
Michael Nebel
5a1c001f07 Merge pull request #13204 from michaelnebel/csharp/madextensionmethodtest 
C#: Add extension method testcase for Models as Data.
 2023-05-17 16:14:13 +02:00
Mathias Vorreiter Pedersen
f1530aa4b4 Merge pull request #12977 from RasmusWL/accept-expected-changes-from-ci-script 
Misc: Add script to accept `.expected` changes from CI
 2023-05-17 14:55:23 +01:00