hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-13 02:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,885 Commits 1,712 Branches 162 Tags
fff70da650fceefae982beca093e66e3907d347a
Commit Graph

36885 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
fff70da650 Merge pull request #9182 from erik-krogh/useStringComp 
use string equality instead of regexps to compare constant strings
 2022-05-19 10:42:37 +02:00
Tom Hvitved
eef5022e3d Merge pull request #9014 from michaelnebel/csharp/dataflowcallablerefactor 
C#: Dataflow callable refactoring.
 2022-05-19 09:02:38 +02:00
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Anders Schack-Mulligen
a4dac9fd2b Merge pull request #9201 from Marcono1234/marcono1234/NumericType-type-qll 
Java: Move `NumericType` to `Type.qll`
 2022-05-18 10:31:40 +02:00
Tom Hvitved
209a1e4bd8 Merge pull request #9202 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-18 10:26:55 +02:00
Tom Hvitved
5e57e82997 Merge pull request #9191 from hvitved/ruby/taint-tracking-stage 
Ruby: Force cached taint tracking predicates to be evaluated in data flow stage
 2022-05-18 09:54:38 +02:00
Anders Schack-Mulligen
1d3b3204df Merge pull request #9190 from hvitved/dataflow/summary-arg-param-no-materialize 
Data flow: Do not materialize `summaryArgParam`
 2022-05-18 09:17:57 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Tom Hvitved
23ee033a57 C#: Review fixes 2022-05-18 07:48:21 +02:00
Michael Nebel
df6d86b9aa C#: Use getUnderlyingCallable instead of asCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
6f7af11517 C#: Needs to be updated as SummaryParameterNodes are printed slightly different. 2022-05-18 07:48:21 +02:00
Michael Nebel
b41bb3fe08 C#: System.Web.HttpResponse.Write is now considered safe (known) and will this not show up as untrusted external API. 2022-05-18 07:48:21 +02:00
Michael Nebel
97c6d7884d C#: Source and Sink models are now also considered summarized callables and thus considered safe as they are known external APIs. 2022-05-18 07:48:21 +02:00
Michael Nebel
aeadad62be C#: Improve implementation. 2022-05-18 07:48:21 +02:00
Michael Nebel
26e2cad528 C#: Improve getCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
f78def5316 C#: Hide SummaryParamterNodes from path explanations. 2022-05-18 07:48:21 +02:00
Michael Nebel
220526f305 C#: Fix issues with summarized callables parameter types and other casting issues. 2022-05-18 07:48:21 +02:00
Michael Nebel
2c414b2201 C#: Add Summary parameter nodes. 2022-05-18 07:48:21 +02:00
Michael Nebel
0e3fc464a3 C#: Use SummarizedCallable external instead of the internal. 2022-05-18 07:48:20 +02:00
Michael Nebel
b578fcb069 C#: Use the external SummarizedCallable implementation. 2022-05-18 07:48:20 +02:00
Michael Nebel
4f7297715d C#: Also extract callable from FlowSummary SummarizedCallable in DataFlowCallable. 2022-05-18 07:48:20 +02:00
Michael Nebel
3fa990a984 C#: Make sure that all callables with a summary are added to the external SummarizedCallable class. 2022-05-18 07:48:20 +02:00
Michael Nebel
4810419dfd C#: Extend SummarizedCallable from FlowSummaryImpl. 2022-05-18 07:48:20 +02:00
Michael Nebel
eb022118f3 C#: Fix issue in ExternalApi. 2022-05-18 07:48:20 +02:00
Michael Nebel
68055bc022 C#: Update flow summaries test code. 2022-05-18 07:48:20 +02:00
Michael Nebel
c8a7354086 C#: Refactor to align implementation between languages. 2022-05-18 07:48:20 +02:00
Michael Nebel
0d61a2c797 C#: Add QL doc to SummarizedCallable. 2022-05-18 07:48:20 +02:00
Michael Nebel
2f2ca18898 C#: Update dependencies. 2022-05-18 07:48:20 +02:00
Michael Nebel
e70a283cfd C#: Initial refactor of SummarizedCallable and DataFlowCallable (dependencies needs to be updates). 2022-05-18 07:48:19 +02:00
github-actions[bot]
91694b4bac Add changed framework coverage reports 2022-05-18 00:15:25 +00:00
Marcono1234
c53d315697 Java: Move NumericType to Type.qll 2022-05-18 01:40:17 +02:00
Cornelius Riemenschneider
d352253b02 Merge pull request #9187 from github/criemen/lua-tracing-configs 
Update Lua tracing configs.
 2022-05-18 01:03:15 +02:00
Mathias Vorreiter Pedersen
5d625d6156 Merge pull request #9188 from MathiasVP/fix-GetAPrimaryQlClassConsistency-for-swift 2022-05-17 20:47:24 +01:00
Erik Krogh Kristensen
6c7c9b6a4b Merge pull request #9082 from erik-krogh/countZero 
QL: add query warning about `count(...) = 0`.
 2022-05-17 21:46:58 +02:00
Mathias Vorreiter Pedersen
a6ac14f4de QL: Allow class + 'Base' in 'ql/primary-ql-class-consistency'. 2022-05-17 16:54:12 +01:00
Tony Torralba
53f32f5a97 Merge pull request #9186 from atorralba/atorralba/kotlin-inline-expectations-tests 
Kotlin: Add support for InlineExpectationsTest
 2022-05-17 15:28:03 +02:00
Cornelius Riemenschneider
3836d1550a Update Lua tracing configs. 2022-05-17 13:18:28 +00:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Geoffrey White
629e90f14b Merge pull request #9176 from geoffw0/xxe9 
C++: Clean up the XXE query QL.
 2022-05-17 12:40:39 +01:00
Erik Krogh Kristensen
440e6214f0 CPP: correctly escape underscores in calls to .matches() 2022-05-17 13:21:02 +02:00
Erik Krogh Kristensen
e32a04fc06 QL: add use-string-compare query 2022-05-17 13:20:49 +02:00
Tony Torralba
dbf249b199 Accept only EOL comments as Kotlin expectation comments 2022-05-17 13:05:51 +02:00
Tom Hvitved
f1f96b7e5c Ruby: Force cached taint tracking predicates to be evaluated in data flow stage 2022-05-17 12:54:26 +02:00
Tom Hvitved
284357d2a0 Data flow: Do not materialize summaryArgParam 2022-05-17 12:50:01 +02:00
Geoffrey White
246093d375 C++: Move the two implementation imports. 2022-05-17 11:03:21 +01:00
Arthur Baars
fcb3b82bde Merge pull request #9178 from aibaars/update-tree-sitter-ruby 
Ruby: update tree-sitter-ruby
 2022-05-17 11:47:41 +02:00
Mathias Vorreiter Pedersen
1280d43e36 Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2 
Post-release preparation for codeql-cli-2.9.2
 2022-05-17 10:01:37 +01:00
Tony Torralba
2b6d7bb3d8 Add support for InlineExpectationsTest to Kotlin 2022-05-17 10:55:00 +02:00
Tamás Vajk
3b07fe70a1 Merge pull request #9174 from tamasvajk/kotlin-fix-isUnspecialised 
Kotlin: Fix parent class lookup from field initializers in `isUnspecialised`
 2022-05-17 10:48:52 +02:00
Erik Krogh Kristensen
7abb7552a7 Merge pull request #9184 from erik-krogh/actionInjection 
JS: change @id from js/actions/injection to js/actions/command-injection
 2022-05-17 10:24:51 +02:00