hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,616 Commits 1,703 Branches 162 Tags
fdca8966149bbe8b5101ab4c39c30246b5bb8b9e
Commit Graph

34616 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Rolfe
fdca896614 Ruby: improve handling of [g]sub! 
rb/incomplete-sanitization has a few cases where we find flow from one
one string substitution call to another, e.g.

    a.sub(...).sub(...)

But this didn't find typical chained uses of the destructive variants,
e.g.

    a.sub!(...)
    a.sub!(...)

We now handle those cases by tracking flow from the post-update node for
the receiver of the first call.
 2022-04-13 17:19:25 +01:00
Nick Rolfe
bbb8177176 Ruby: add rc/incomplete-sanitization query 2022-04-13 16:48:43 +01:00
AlexDenisov
df2cc181a0 Merge pull request #8726 from redsun82/swift-prebuilt-fetching 
Swift: fetch prebuilt swift and link against it
 2022-04-13 16:58:36 +02:00
Paolo Tranquilli
aaf9e7da2f turn off universal_binaries for now 2022-04-13 16:45:23 +02:00
Paolo Tranquilli
9e3401ce59 make self repository name parametric 
In a workspace macro we must use the exact repository name, and this
can be different when importing the workspace (it is different in
semmle-code).
 2022-04-13 16:22:27 +02:00
Paolo Tranquilli
73d5691d91 update swift package 2022-04-13 16:22:27 +02:00
Paolo Tranquilli
e68172f4b0 Swift: fetch prebuilt swift and link against it 
This is known to break linux integration in sembuild.
 2022-04-13 16:22:27 +02:00
AlexDenisov
058ac5bcae Merge pull request #8717 from AlexDenisov/alexdenisov/swift-ql-ci 
Swift: enable QL tests on CI
 2022-04-13 14:42:27 +02:00
Paolo Tranquilli
6166f0601c Merge pull request #8727 from redsun82/bazel_workspace_rename 
Bazel: rename workspace to codeql
 2022-04-13 10:51:10 +02:00
Alex Denisov
60c6241382 Swift: run QL tests on macOS 2022-04-13 10:35:15 +02:00
Alex Denisov
b8c1f1a6e1 Swift: run QL tests on Linux 2022-04-13 07:44:19 +02:00
Paolo Tranquilli
141ba2e039 Bazel: rename workspace to codeql 2022-04-12 17:37:29 +02:00
Paolo Tranquilli
03ebf8b049 Merge pull request #8700 from redsun82/swift-skeleton 
Swift: first skeleton extractor
dsp-testing/codeql-swift-artifacts 		2022-04-12 17:14:42 +02:00
Paolo Tranquilli
8ef28787b6 Swift: do not fail pack creation if dir does not exist 2022-04-12 17:05:26 +02:00
Paolo Tranquilli
6440242268 Swift+Bazel: apply review comments 2022-04-12 16:03:20 +02:00
Paolo Tranquilli
f2f99611bd .gitignore CLion project files 2022-04-12 12:41:00 +02:00
Paolo Tranquilli
a205b465ba Bazel: reorganization 
* fixed 5.0.0 as bazel version
* made dependencies better loadable
* moved `//swift/install` to `//swift:create-extractor-pack` (following
  the clearer ruby naming)
* renamed `extractor_pack` to `extractor-pack` for consistency with Ruby
 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
13b2442fed Bazel: code reorganization 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
664d5ba0a9 Swift: moved install to a separate package 
When importing the workspace from semmle-code, we do not need nor want
to instantiate `@util`, so that must be in a separate bazel package.
 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
95dbf2d666 Swift: first skeleton extractor 
This adds a first dummy extractor for swift.

Running `bazel run //swift:install` will create an `extractor_pack`
directory in `swift`. From that moment providing `--search-path=swift`
will pick up the extractor.
 2022-04-12 12:40:59 +02:00
CodeQL CI
a43f3a21a8 Merge pull request #8550 from erik-krogh/classJoin 
Approved by asgerf
 2022-04-12 09:23:58 +01:00
Geoffrey White
cb211f8844 Merge pull request #8599 from 4B5F5F4B/main 
C++: refactor some code, and add access_ok cases
 2022-04-11 15:57:27 +01:00
CodeQL CI
9c8dee2a4d Merge pull request #8687 from asgerf/js/missing-flow-fixes 
Approved by erik-krogh
 2022-04-11 14:08:15 +01:00
Taus
626770aaab Merge pull request #8004 from ahmed-farid-dev/ZipSlip 
Add query to detect ZipSlip
 2022-04-08 23:55:02 +02:00
Jeroen Ketema
4cfe04567f Merge pull request #8702 from jketema/command-line-sanitizer 
C++: Use `isSanitizerOut(DataFlow::Node node)` in `cpp/command-line-injection`
 2022-04-08 23:42:35 +02:00
Taus
3d14c5f3c3 Python: Update tests 
We need to import `tty` in order to be able to detect the standard library correctly.
 2022-04-08 23:20:47 +02:00
Taus
ab81247b7c Python: Fix modelling in ZipSlip.qll 
- Remove use of points-to.
- Exclude sources and sinks in the standard library (to prevent test brittleness).
 2022-04-08 23:19:41 +02:00
Taus
57beeaada0 Python: Fix name clash in CopyFile.qll 2022-04-08 23:18:03 +02:00
Taus
e1371151f9 Python: Autoformat Concepts.qll 2022-04-08 23:16:41 +02:00
Taus
8521f9a008 Python: Autoformat ZipSlip.ql 2022-04-08 23:13:38 +02:00
Taus
4b580820c8 Python: Fix broken QHelp 2022-04-08 23:12:46 +02:00
Edoardo Pirovano
3d41a5cae3 Merge pull request #8704 from github/edoardo/3.5-mergeback 
Merge `rc/3.5` branch into `main`
 2022-04-08 19:32:58 +01:00
Dave Bartolomeo
9f074cd8fd Bump a few more versions 
Also fixes up some dependency declarations that should have been "*" because they refer to packs in the same workspace.
 2022-04-08 13:01:41 -04:00
Edoardo Pirovano
f25618eed6 Bump minor version of all packs 2022-04-08 15:38:58 +01:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
Ian Lynagh
3e5b5bee8a Merge pull request #8642 from github/post-release-prep/codeql-cli-2.8.5 
Post-release preparation for codeql-cli-2.8.5
 2022-04-08 15:09:21 +01:00
Jeroen Ketema
83d35a9a96 C++: Use isSanitizerOut(DataFlow::Node node) in cpp/command-line-injection 2022-04-08 11:28:17 +02:00
Anders Schack-Mulligen
4eaec3953a Merge pull request #8694 from aschackmull/dataflow/cleanup-unused 
Dataflow: Cleanup unused column
 2022-04-07 15:16:27 +02:00
Anders Schack-Mulligen
c0f48b6c14 Merge pull request #8681 from JLLeitschuh/fix/JLL/os_check_bugs 
Java: Fix Local Temp File/Dir Incorrect Guard Logic
 2022-04-07 14:00:13 +02:00
Anders Schack-Mulligen
7beed570f2 Dataflow: Sync. 2022-04-07 13:53:48 +02:00
Anders Schack-Mulligen
876a9f80ce Dataflow: remove unused column. 2022-04-07 13:53:27 +02:00
Jeroen Ketema
319ff35bd7 Merge pull request #8692 from jketema/implied-cctor-source 
Revert "Revert "Merge pull request #8592 from jketema/implied-cctor-source""
 2022-04-07 13:38:39 +02:00
Asger Feldthaus
b85739cb7e JS: Update test output 2022-04-07 13:23:26 +02:00
Jeroen Ketema
bfe9fb1721 Revert "Revert "Merge pull request #8592 from jketema/implied-cctor-source"" 
This reverts commit b1d9a070f4.
 2022-04-07 12:29:43 +02:00
Mathias Vorreiter Pedersen
a6f7bd102a Merge pull request #8691 from jketema/revert-8592 
Revert "Merge pull request #8592 from jketema/implied-cctor-source"
 2022-04-07 11:26:33 +01:00
Owen Mansel-Chan
32f96c84ed Merge pull request #8677 from github/RasmusWL/update-codeowners 
Remove @xcorail from CODEOWNERS
 2022-04-07 11:16:01 +01:00
Jeroen Ketema
b1d9a070f4 Revert "Merge pull request #8592 from jketema/implied-cctor-source" 
This reverts commit d4834cb7ff, reversing
changes made to 268a3fd1c5.
 2022-04-07 12:02:37 +02:00
Mathias Vorreiter Pedersen
d4834cb7ff Merge pull request #8592 from jketema/implied-cctor-source 
C++: Add tests for copy constructor calls with implied source
 2022-04-07 11:00:40 +01:00
Rasmus Wriedt Larsen
268a3fd1c5 Merge pull request #8680 from RasmusWL/subclass 
Python: Refactor how we find a `Class` from `API::Node`
 2022-04-07 11:52:52 +02:00
Rasmus Wriedt Larsen
e9df2f8fca Update CODEOWNERS 
remove extra blank line
 2022-04-07 11:51:23 +02:00