hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 05:13:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
24750dcc17 Ruby: Sync comment for self API graph label 2022-06-16 11:03:07 +02:00
Rasmus Wriedt Larsen
2ad4921a76 Ruby: Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2022-06-16 11:01:14 +02:00
Mathias Vorreiter Pedersen
cdf343c5ee Merge pull request #9576 from erik-krogh/swift-fix 
Swift: add empty implementation of `defaultImplicitTaintRead`
 2022-06-16 09:51:44 +01:00
Mathias Vorreiter Pedersen
2ed3f5cafe Merge pull request #9560 from MathiasVP/swift-non-empty-query-directory 
Swift: Add a placeholder query
 2022-06-16 09:29:25 +01:00
Ian Lynagh
0d97753cf8 Merge pull request #9573 from igfoo/igfoo/typo 
CaptureSinkModels.ql: Fix typo
 2022-06-16 09:24:45 +01:00
Erik Krogh Kristensen
c5e412db01 add empty implementation of defaultImplicitTaintRead 2022-06-16 10:17:59 +02:00
Michael Nebel
9211d75b3d C#: Add change note. 2022-06-16 08:43:06 +02:00
Michael Nebel
1f2f2fff7f C#: Update testcases with examples. 2022-06-16 08:43:06 +02:00
Michael Nebel
e1c7003cde C#: Only consider directly public auto implemented properties with public getters and setters as being tainted. 2022-06-16 08:43:06 +02:00
Michael Nebel
ef0a3d0a79 C#: Add testcase for controller parameter types tainted members. 2022-06-16 08:38:31 +02:00
Michael Nebel
93007f89c8 C#: Move ASP Net Core stubs into stubs folder. 2022-06-16 08:38:31 +02:00
thiggy1342
ef9442d377 Merge branch 'main' into experimental-archive-api 2022-06-15 21:46:23 -04:00
thiggy1342
056fa71f3e add change notes 2022-06-16 01:04:50 +00:00
thiggy1342
b078430faf add Zip::File.new query to tests 2022-06-16 00:51:50 +00:00
Harry Maclean
311296469d Minor improvements to ImproperMemoizationQuery 2022-06-16 12:44:33 +12:00
Harry Maclean
ff0422c12d Ruby: Add rb/improper-memoization change note 2022-06-16 12:44:33 +12:00
Harry Maclean
1ac604f769 Ruby: Private import in ImproperMemoizationQuery 2022-06-16 12:44:33 +12:00
Harry Maclean
457a84006c Ruby: Narrow memo method candidates earlier 2022-06-16 12:44:33 +12:00
Harry Maclean
ef6f0e5b30 Ruby: Add Improper Memoization query 
This query finds cases where a method memoizes its result but fails to
include one or more of its parameters in the memoization key (or doesn't
use memoization keys at all). This can lead to the method returning
incorrect results when subsequently called with different arguments.
 2022-06-16 12:44:33 +12:00
thiggy1342
e317392336 add Zip::File.new to framework 2022-06-16 00:22:15 +00:00
thiggy1342
0281dbd532 remove Zip::Entry.extract from query 2022-06-16 00:04:31 +00:00
Harry Maclean
7c5a83833b Merge pull request #8737 from hmac/hmac/posix-spawn 
Ruby: Model the posix-spawn gem
 2022-06-16 00:50:10 +01:00
Harry Maclean
a38e59a681 Merge pull request #9030 from hmac/hmac/activesupport 
Ruby: Model various bits of ActiveSupport
 2022-06-16 00:49:38 +01:00
Ian Lynagh
5280cf4e91 CaptureSinkModels.ql: Fix typo 2022-06-15 20:19:15 +01:00
Erik Krogh Kristensen
ce323e215b add heuristic taint-step for potentially unmodelled libraries, and meta query for counting potential unmodelled steps 2022-06-15 20:27:49 +02:00
thiggy1342
540c51022d Merge branch 'main' into experimental-decompression-api 2022-06-15 13:40:27 -04:00
thiggy1342
c67c25d4a5 Merge branch 'main' into experimental-archive-api 2022-06-15 13:40:13 -04:00
Chris Smowton
2d57d3aa78 Implement array type variance lowering 
Kotlin permits introducing a `? extends ...` wildcard against an Array even though the class is final, so long as its argument itself can be extended (i.e. isn't final or is another array type satisfying this condition).

Contravariant arrays get lowered to Object[], and are subject to automatic `extends` wildcard introduction, unless their element type was already Any.
 2022-06-15 18:36:56 +01:00
Erik Krogh Kristensen
b16124d522 Merge pull request #9568 from tausbn/ql-add-parser-support-for-parameterised-modules 
QL: Allow module applications to the right of `::`
 2022-06-15 19:14:07 +02:00
Taus
73a807c7e8 QL: Allow module applications to the right of :: 2022-06-15 16:18:30 +00:00
Robert Marsh
478c2773fe Merge pull request #9555 from MathiasVP/swift-mad 
Swift: Add MaD skeleton
 2022-06-15 11:58:04 -04:00
Paolo Tranquilli
0957801588 Merge pull request #9521 from github/redsun82/swift-qltestgen 
Swift: generated extractor tests
 2022-06-15 15:39:35 +02:00
Alex Ford
34065f9e93 Ruby: recognize ActiveRecord find_by_x methods 2022-06-15 14:33:09 +01:00
github-actions[bot]
1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
Michael Nebel
9639dca33f C#: Consider all properties of ASP.NET Core like objects to also be sources of tainted data. 2022-06-15 15:13:37 +02:00
Paolo Tranquilli
78deff68a3 Swift: add generated enum tests 2022-06-15 14:50:33 +02:00
yoff
f14a90ff09 Merge pull request #9200 from tausbn/python-modernise-weak-file-permissions-query 
Python: Modernise weak file permissions query
 2022-06-15 14:37:17 +02:00
Erik Krogh Kristensen
b24b275b94 Merge pull request #7669 from erik-krogh/fieldUnusedInDisjunct 
QL: field unused in disjunct
 2022-06-15 14:32:37 +02:00
Alex Denisov
08ad95b769 Swift: switch to references instead of pointers 2022-06-15 14:19:31 +02:00
AlexDenisov
343ba5ffa8 Update swift/extractor/SwiftDispatcher.h 
Co-authored-by: Paolo Tranquilli <redsun82@github.com>
 2022-06-15 14:13:50 +02:00
Mathias Vorreiter Pedersen
eff046e2f7 Swift: Respond to review comments. 2022-06-15 13:01:27 +01:00
Mathias Vorreiter Pedersen
693575a7e5 Update sync-identical-files. 2022-06-15 13:00:57 +01:00
Mathias Vorreiter Pedersen
55d551c99c Swift: Add 'MaD' skeleton. 2022-06-15 13:00:56 +01:00
Tamas Vajk
aedf43f14a C#: Change kind query metadata to diagnostic for compiler/extractor errors and messages 2022-06-15 13:50:27 +02:00
Jeroen Ketema
77b2f07eff Merge pull request #9561 from jketema/frontend-patches 
Revert "C++: Fix test failures where location of reference dereference in lambda changed"
 2022-06-15 13:29:53 +02:00
Robert Marsh
a59335d0e2 Merge pull request #9557 from MathiasVP/closure-expr-as-cfg-callable 
Swift: Mark closures as callables in the CFG library
 2022-06-15 07:21:33 -04:00
yoff
9dbb451f41 Merge pull request #9463 from RasmusWL/req-wo-cert-validation 
Python: Rewrite `py/request-without-cert-validation`
 2022-06-15 13:00:57 +02:00
Chris Smowton
90e8d4e1de Name trap files after jvmnames 
This should lead to better Java/Kotlin correspondence since the Java extractor will naturally name trap files for JVM names, and avoids a specific bug (tested) where MapsKt.iterator's two overloads (one taking `Map` and one `MutableMap`) are JvmName'd differently since their Java-lowered signatures would be identical. Without this change only
one of the iterator overloads would get extracted leaving the other one a dangling reference.
 2022-06-15 11:55:58 +01:00
Anders Schack-Mulligen
28fe7a7660 Merge pull request #9558 from github/release-prep/2.9.4 
Release preparation for version 2.9.4
codeql-cli/v2.9.4 		2022-06-15 12:27:34 +02:00
Jeroen Ketema
a7d095e063 Revert "C++: Fix test failures where location of reference dereference in lambda changed" 
This reverts commit 8e7066600a.
 2022-06-15 11:58:31 +02:00