hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,238 Commits 1,673 Branches 157 Tags
ff55efff9920a48a97ddd9625be67aa71741e204
Commit Graph

40238 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
425d66e454 Update swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll 2022-05-30 12:52:48 +01:00
Mathias Vorreiter Pedersen
2106d48785 Swift: Add 'Argument.getIndex()' and use it in 'DataFlowDispatch'. 2022-05-30 12:51:29 +01:00
Mathias Vorreiter Pedersen
0d8a9458c6 Merge branch 'main' into rdmarsh2/swift/dataflow-global-flow 2022-05-30 12:46:06 +01:00
yoff
cd46f31cba Merge branch 'main' into py/CsvInjection 2022-05-30 13:41:31 +02:00
Michael Nebel
72dd1a6ec9 Java: Generate models without sources. 2022-05-30 13:40:14 +02:00
Rasmus Wriedt Larsen
7a6646dcaf Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00
Michael Nebel
a0ae8b3a97 Merge pull request #9361 from michaelnebel/java/capturemodels-metadata 
Java: Update capture models meta data.
 2022-05-30 13:22:09 +02:00
Asger F
5f42866de3 Merge pull request #9318 from asgerf/js/type-confusion-parmaeter-tampering-barrier 
JS: Fix FP in js/type-confusion-through-parameter-tampering
 2022-05-30 12:52:37 +02:00
Erik Krogh Kristensen
b700972e6f fix bad join in XmlParers::getAResult 2022-05-30 12:37:51 +02:00
Max Schaefer
820dfac48c Manually write out a transitive closure. 2022-05-30 12:37:50 +02:00
Max Schaefer
ea70aaff57 Improve detection of UMD modules. 
We previously required the `define` to appear directly as an expression statement, but there are common patterns where this is not the case.
 2022-05-30 12:37:50 +02:00
Max Schaefer
47e425a184 Improve inVoidContext to take conditional expressions into account. 2022-05-30 12:37:50 +02:00
Erik Krogh Kristensen
adb40f9360 Merge pull request #9289 from erik-krogh/es2022 
JS: Support the remaining of the finished ES2022 proposals
 2022-05-30 12:27:19 +02:00
Erik Krogh Kristensen
ab28b0a690 Merge pull request #9348 from erik-krogh/polyRegSyntax 
JS: use syntactically correct JS in poly-redos example
 2022-05-30 12:26:04 +02:00
Erik Krogh Kristensen
e557d8839b have the Instance token just be an alias for ReturnValue 2022-05-30 12:21:42 +02:00
Erik Krogh Kristensen
c7a8008897 Merge pull request #9235 from kaeluka/extractor-update-typescript-4_7 
JS: Update the extractor to use TypeScript 4.7
 2022-05-30 12:02:06 +02:00
Erik Krogh Kristensen
63e637503d rewrite js/sensitive-get-query to use routing trees 2022-05-30 11:55:09 +02:00
Chris Smowton
49d9d8e7d6 Remove unused imports 2022-05-30 09:59:11 +01:00
Chris Smowton
2f436c800b Merge pull request #9357 from smowton/smowton/fix/extension-properties-backing-fields 
Kotlin: Disambiguate the names and trap labels of backing fields of extension properties
 2022-05-30 09:55:02 +01:00
Asger F
cc42f2f824 Merge pull request #8606 from asgerf/js/api-graph-api 
JS/Python/Ruby: Document how API graphs should be interpreted
 2022-05-30 10:49:14 +02:00
Michael Nebel
815dff338d Java: Update capture models meta data. 2022-05-30 09:44:39 +02:00
Michael Nebel
6a4a4cbbe4 Java: Re-generate commons-io models. 2022-05-30 08:16:58 +02:00
Michael Nebel
48da8dde6f Java: Do not derive new write-file sinks. 2022-05-30 08:16:58 +02:00
Michael Nebel
ad4d8304ed Java: Update hand written summary for writeLines as the generated one will be ignored. 2022-05-30 08:16:58 +02:00
Michael Nebel
7e5dd7a065 Java: Manually prefix kind column with generated. 2022-05-30 08:16:58 +02:00
Michael Nebel
0f33c3188c Java: Re-arrange import pattern for generated models. 2022-05-30 08:16:58 +02:00
Michael Nebel
71bcae068e Java: Avoid generating new regex-use sinks. 2022-05-30 08:16:58 +02:00
Michael Nebel
ff928bbb45 Java: Update commons-io SHA for model regeneration. 2022-05-30 08:16:58 +02:00
Michael Nebel
7d171f86ea Merge pull request #9335 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-29 13:33:10 +02:00
github-actions[bot]
31c91a6faa Add changed framework coverage reports 2022-05-29 00:16:56 +00:00
Chris Smowton
6ea87cd718 Accept test changes 2022-05-27 22:05:57 +01:00
Mathias Vorreiter Pedersen
c734646099 Swift: Accept test changes. 2022-05-27 17:42:51 +01:00
Mathias Vorreiter Pedersen
6d5504412a Swift: Only create a 'ThrowCompletion' for functions that actually can throw. 2022-05-27 17:42:51 +01:00
Henry Mercer
013b4c8768 Swift: Update mention of manifest file in docs 2022-05-27 17:31:47 +01:00
Andrew Eisenberg
ce2bf8477c Update codeql-workspace.yml 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-05-27 17:31:47 +01:00
Andrew Eisenberg
a82fea59e9 Add comment to codeql-workspace.yml 2022-05-27 17:31:47 +01:00
Andrew Eisenberg
7ab3a418be Convert .codeqlmanifest.json to codeql-workspace.yml 
The semantics are the same, except one is json, the other is
yaml.
 2022-05-27 17:31:47 +01:00
Mathias Vorreiter Pedersen
b9809b4219 Swift: CFG for opening existentials. 2022-05-27 17:29:22 +01:00
Mathias Vorreiter Pedersen
02c73d3c1c Swift: Fix implicit-this alert. 2022-05-27 17:25:56 +01:00
Chris Smowton
9ea139566d Disambiguate the names and trap labels of backing fields of extension properties 2022-05-27 16:27:48 +01:00
Chris Smowton
6eb2935469 Merge pull request #9220 from smowton/smowton/fix/promoted-companion-object-fields 
Associate certain companion object fields with the parent class
 2022-05-27 16:19:10 +01:00
Erik Krogh Kristensen
62fd3fd90f add test that we detect the used type variable in an infer type 2022-05-27 14:15:27 +00:00
Asger F
7e76e9a23b Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier 2022-05-27 15:55:42 +02:00
Asger F
468a4df215 Update javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-27 15:55:25 +02:00
Chris Smowton
9c62b349ec Autoformat 2022-05-27 13:36:55 +01:00
Erik Krogh Kristensen
8c12a7289f collapse a few small stages 2022-05-27 13:19:06 +02:00
Mathias Vorreiter Pedersen
2dcd7e16b1 Merge pull request #9353 from MathiasVP/swift-extract-throwing-and-async 
Swift: Extract `isThrowing` and `isAsync`
 2022-05-27 12:14:02 +01:00
Chris Smowton
a204c742d8 Associate certain companion object fields with the parent class 
Specifically `const`, `lateinit` and `@JvmField` properties get a static field which belongs to the containing class not the companion object, such that Java can address them via the containing class name rather than have to navigate a companion object pointer.
 2022-05-27 11:52:39 +01:00
Chris Smowton
a0d5d414b4 Kotlin: extract methods defined on collections types with their Java signatures 
Collection, List and Map all define various methods which are either made more generic in Kotlin (e.g. `remove(Object) -> remove(E)`, `containsAll(Collection<?>) -> containsAll(Collection<E>)`), or are made invariant (e.g. `addAll(Collection<? extends E>) -> addAll(Collection<E>)`). This substitutes the types back to their Java signatures,
thereby avoiding differing trap labels and duplicated methods for these types and their descendents.
 2022-05-27 11:51:46 +01:00
Mathias Vorreiter Pedersen
6815e731d2 Swift: Add test and accept output 2022-05-27 11:48:20 +01:00