hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,238 Commits 1,673 Branches 157 Tags
ff55efff9920a48a97ddd9625be67aa71741e204
Commit Graph

40238 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
4b2b6fae88 Merge pull request #9395 from asgerf/js/fix-type-confusion 
JS: Fix cartesian product in TypeConfusionThroughParameterTampering
 2022-06-01 16:28:17 +02:00
Mathias Vorreiter Pedersen
7d962ac62b Merge pull request #9397 from MathiasVP/use-autogenerated-parent-in-cfg-library 
Swift: Use the autogenerated `getParent`
 2022-06-01 14:45:43 +01:00
Mathias Vorreiter Pedersen
cb7be4f8ba Merge pull request #9398 from github/redsun82/swift-getparent 
Swift: simplify `GetImmediateParent.qll`
 2022-06-01 14:35:20 +01:00
Mathias Vorreiter Pedersen
eabb5c7137 Swift: Respond to PR comments. 2022-06-01 14:34:22 +01:00
Paolo Tranquilli
3414028b1b Swift: simplify GetImmediateParent.qll 2022-06-01 15:01:49 +02:00
Mathias Vorreiter Pedersen
db0498e38c Swift: Use the autogenerated 'getParent' predicate in the CFG library. 2022-06-01 13:49:12 +01:00
Mathias Vorreiter Pedersen
ecce7f1f10 Merge pull request #9380 from github/redsun82/swift-getparent 
Swift: generate `getParent` implementation
 2022-06-01 13:48:48 +01:00
Paolo Tranquilli
6b90b2b05f Swift: add children to IsPattern 2022-06-01 14:35:58 +02:00
Paolo Tranquilli
a4f97dd67a Swift: add comment about unique in getImmediateParent 2022-06-01 14:32:59 +02:00
Paolo Tranquilli
bc0a32c26e Swift: sort import list 
Also fix parent tests with updated `statements.swift` file.
 2022-06-01 14:32:59 +02:00
Paolo Tranquilli
3597efb728 Swift: rename to getImmediateParent and use hidden AST 2022-06-01 14:32:58 +02:00
Paolo Tranquilli
a894ba64c4 Swift: make test run in Python 3.8 2022-06-01 14:32:58 +02:00
Paolo Tranquilli
a86d0fc8a7 Swift: move getAChild to a separate module 2022-06-01 14:32:58 +02:00
Paolo Tranquilli
946e1f498a Swift: generate getParent implementation 
By explicitly marking children in the `schema.yml` file, an internal
`getAChild` predicate is implemented, that is in turn used in `AstNode`
to implement `getParent`.

This is yet to be used in the control flow library to replace the
hand-rolled implementation.

A further, more complex step is to use the same information to fully
generate the core implementation of `PrintAst` (including the
accessor string). This will be done later.

The `parent` tests use the same swift code as the extractor tests, and
this is currently enforced by `sync-files.py`. Notice that `qltest.sh`
had to be modified to deal with multiple files, which was not working
yet.
 2022-06-01 14:32:58 +02:00
Ian Lynagh
6f9e9e889b Merge pull request #9396 from igfoo/igfoo/labeler 
CI: Add Kotlin and Go to labeler.yml
 2022-06-01 13:30:22 +01:00
Ian Lynagh
ef4f09cf52 CI: Labeler: Don't label Kotlin for changenotes 
They get labeled as Java. Given we aren't labeling shared QLL changes,
it makes sense not to label shared changenotes either.
 2022-06-01 13:19:00 +01:00
Geoffrey White
cd4ff54743 C++: Improve performance of Printf::callsVariadicFormatter. 2022-06-01 13:17:10 +01:00
Ian Lynagh
67c4850c61 CI: Add Kotlin and Go to labeler.yml 2022-06-01 12:01:08 +01:00
Ian Lynagh
e0d9317889 Merge pull request #9389 from igfoo/igfoo/function_loc_override 
Kotlin: Remove extractFunction's location override
 2022-06-01 11:46:22 +01:00
Ian Lynagh
703ced3fe9 Merge pull request #9390 from igfoo/igfoo/valueparam 
Kotlin: extractValueParameter: Simplify typeSubstitution logic
 2022-06-01 11:46:05 +01:00
Jorge
897d5c9471 Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-06-01 12:44:08 +02:00
Asger F
db0ac7b3b3 JS: Fix cartesian product in TypeConfusionThroughParameterTampering 2022-06-01 11:37:23 +02:00
Rasmus Wriedt Larsen
729cf79be7 Merge pull request #9351 from RasmusWL/django-file-read 
Python: Support `read` on Django file
 2022-06-01 10:45:26 +02:00
Anders Schack-Mulligen
9abd2259d3 Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Anders Schack-Mulligen
4f3751dfea Merge pull request #9316 from hvitved/dataflow/edges-get-a-successor-consistency 
Data flow: Make `PathGraph::edges/2` and `PathNode::getASuccessor/1` consistent
 2022-06-01 10:38:25 +02:00
Michael Nebel
9cc10e4511 Merge pull request #9257 from michaelnebel/java/mad-commons-io-sha 
Java: Update commons-io SHA for model regeneration and update models.
 2022-06-01 09:46:30 +02:00
Robert Marsh
42ec6350eb Merge pull request #9349 from MathiasVP/fix-inconsistent-cfg 
Swift: Fix three CFG inconsistencies
 2022-05-31 14:38:08 -04:00
Ian Lynagh
6be4afcf36 Kotlin: extractValueParameter: Simplify typeSubstitution logic 
The type substitution is now done in the wrapper, so the worker doesn't
need to be passed typeSubstitution.
 2022-05-31 19:23:54 +01:00
Porcupiney Hairs
ae2bc1b410 Include suggested changes from review. 2022-05-31 23:10:57 +05:30
Ian Lynagh
21d69ae819 Kotlin: Remove extractFunction's location override 
It wasn't being used.
 2022-05-31 17:43:25 +01:00
Mathias Vorreiter Pedersen
e2ddfcd437 Merge pull request #9387 from github/geoffw0-patch-2 
Swift: Update readme
 2022-05-31 16:34:17 +01:00
Robert Marsh
bd095abea4 Merge pull request #9388 from MathiasVP/cfg-for-yield 
Swift: CFG for `yield`
 2022-05-31 11:22:21 -04:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
Mathias Vorreiter Pedersen
6386daf44c Merge branch 'main' into fix-inconsistent-cfg 2022-05-31 15:59:53 +01:00
Robert Marsh
78fd0385fc Merge pull request #9355 from MathiasVP/not-all-functions-throw 
Swift: Only construct exceptional edges for calls that may throw
 2022-05-31 10:56:31 -04:00
Mathias Vorreiter Pedersen
5f9d03f7c6 Swift: CFG for 'yield'. 2022-05-31 15:45:43 +01:00
Chris Smowton
9b7597bcdb Merge pull request #9377 from porcupineyhairs/goPam 
Golang : Add Query To Detect PAM Authorization Bugs
 2022-05-31 15:42:45 +01:00
Geoffrey White
f598b26b03 Merge pull request #9384 from MathiasVP/qlpacks-for-swift 
Swift: Add qlpacks
 2022-05-31 15:39:20 +01:00
Mathias Vorreiter Pedersen
547cecf143 Merge pull request #9385 from MathiasVP/swift-extract-yield-stmt 
Swift: Extract `yield` statements
 2022-05-31 15:33:35 +01:00
Mathias Vorreiter Pedersen
a175f49759 Merge pull request #3 from geoffw0/swiftsrc 
Swift: Add swift-security-and-quality, swift-security-extended packs.
 2022-05-31 15:02:33 +01:00
Mathias Vorreiter Pedersen
b5d229d4d8 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-05-31 15:01:36 +01:00
Geoffrey White
01091ae1b9 Swift: Add codeql-suites. 2022-05-31 14:52:53 +01:00
Asger F
f70f769bb6 Merge pull request #9266 from asgerf/js/madman-prep 
JS: Some fixes to support proper analysis of d.ts files
 2022-05-31 15:43:40 +02:00
Mathias Vorreiter Pedersen
1d120486b4 Swift: Extract 'yield' statements. 2022-05-31 14:43:09 +01:00
Mathias Vorreiter Pedersen
9af31bab2a Swift: Add qlpacks. 2022-05-31 13:59:44 +01:00
Tamás Vajk
7f5dcfaf0f Merge pull request #9379 from tamasvajk/kotlin-android-specific-return-types 
Kotlin: Change return type of Android specific `ConcurrentHashMap.keySet`
 2022-05-31 14:00:36 +02:00
Porcupiney Hairs
e0f74a51ac Include suggested changes from review. 2022-05-31 17:17:54 +05:30
Chris Smowton
d4f9c75315 Remove dead code 2022-05-31 11:14:36 +01:00
Chris Smowton
cea909f03e Autoformat 2022-05-31 11:14:00 +01:00
CodeQL CI
9dd20f113d Merge pull request #8603 from github/max-schaefer/better-amd-modelling 
Approved by asgerf, erik-krogh
 2022-05-31 03:10:32 -07:00