hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-26 21:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,159 Commits 1,687 Branches 159 Tags
codeql-cli/v2.10.1
Commit Graph

41159 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Denisov
42dc6814f0 Swift: extract all output-producing source files, not only primary files 2022-06-20 14:06:54 +02:00
AlexDenisov
fc7e0ec193 Merge pull request #9615 from github/redsun82/swift-fix-synthesized-entities 
Swift: fix emission of synthesized entities
 2022-06-20 13:29:32 +02:00
Asger F
2936e1ada8 Merge pull request #9457 from asgerf/js/madman-prep2 
JS: Some more improvements to d.ts file analysis
 2022-06-20 13:25:07 +02:00
Tony Torralba
b373c435f6 Fix test expectations 2022-06-20 13:16:45 +02:00
Paolo Tranquilli
90f0e3ee72 Swift: remove forgotten resolved TODO 2022-06-20 13:08:28 +02:00
Tamás Vajk
b16fcb72eb Merge pull request #9559 from tamasvajk/kotlin-fix-parcelize-symbols-3 
Kotlin: substitute fake Parcelize functions with their real equivalent ones
 2022-06-20 13:05:23 +02:00
Paolo Tranquilli
95a6c5d4e5 Swift: fix emission of synthesized entities 
This was temporarily broken as we were skipping full emission of all
entities without any valid location.

We now rely on `decl->getDeclContext()->getParentSourceFile()` which is
more robust.
 2022-06-20 13:00:05 +02:00
Tamás Vajk
f737804035 Merge pull request #9610 from tamasvajk/fix/global-statements 
C#: Fix global statement extraction
 2022-06-20 12:54:36 +02:00
Paolo Tranquilli
c9eef0c6f1 Merge pull request #9592 from github/alexdenisov/extend-lua-tracer-config 
Swift: extend tracer config to handle -resource-dir and drop unsupported CLI args
 2022-06-20 12:53:17 +02:00
Erik Krogh Kristensen
7d62b9e131 move the pruning for module resolution of TypeExprs 2022-06-20 12:12:57 +02:00
Michael Nebel
70203633a1 Merge pull request #9393 from michaelnebel/csharp/asptaintedmember 
C#: ASP.NET Core like members are tainted
 2022-06-20 12:11:16 +02:00
Tony Torralba
78fcdd22db Change test class name 2022-06-20 12:07:32 +02:00
Tony Torralba
3b60a1c3bc Add change note 2022-06-20 12:07:31 +02:00
Tony Torralba
2b2fa6e15b Add taint step for String.valueOf(Editable) 
Kotlin inlines expr.toString() as String.valueOf(expr) when expr is nullable
 2022-06-20 12:07:31 +02:00
Mathias Vorreiter Pedersen
edf0be0854 Merge pull request #9611 from MathiasVP/swift-nomagic-get-location 
Swift: Add `nomagic` to `getLocation`
 2022-06-20 10:42:45 +01:00
AlexDenisov
304f58b12c Update swift/tools/tracing-config.lua 
Co-authored-by: Paolo Tranquilli <redsun82@github.com>
 2022-06-20 11:22:13 +02:00
Mathias Vorreiter Pedersen
57abd4af89 Merge pull request #9612 from MathiasVP/fix-other-constructor-decl-ref-expr-to-string 
Swift: Fix 'toString' on 'OtherConstructorDeclRefExpr'
 2022-06-20 10:17:15 +01:00
Mathias Vorreiter Pedersen
12d27ec580 Swift: Modify 'toString' in 'OtherConstructorDeclRefExpr' to properly reflect that it's a reference and not a call. 2022-06-20 09:59:23 +01:00
AlexDenisov
af379da7e6 Merge pull request #9321 from github/alexdenisov/xref-decls 
Swift: do not duplicate 'external' declarations
 2022-06-20 10:43:05 +02:00
Mathias Vorreiter Pedersen
068ac2b80e Swift: Add 'nomagic' to 'getLocation'. 2022-06-20 09:41:06 +01:00
Paolo Tranquilli
a91c94c38b Swift: temporarily disable failing test 2022-06-20 10:32:19 +02:00
Paolo Tranquilli
1f53b7fbe8 Merge main into alexdenisov/xref-decls 2022-06-20 10:25:29 +02:00
yoff
94145e9e74 Update python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll 2022-06-20 10:14:52 +02:00
Tamas Vajk
51f0a928dc C#: Fix global statement extraction by extracting statements inside the implicit main method context 2022-06-20 10:09:11 +02:00
Rasmus Wriedt Larsen
ae44a941f9 Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Tamas Vajk
c460e5757b C#: Add extractor error test for global statement extraction 2022-06-20 09:42:18 +02:00
Tamás Vajk
be2dfffb76 Merge pull request #9564 from tamasvajk/fix/diagnostic-query-metadata 
C#: Change `kind` query metadata to `diagnostic` for compiler/extractor errors and messages
 2022-06-20 09:02:35 +02:00
Jeroen Ketema
a4ecb7b4e9 Merge pull request #9473 from ton31337/fix/missing_closing 
doc: Add missing closing bracket in basic-query-for-cpp-code
 2022-06-20 08:38:35 +02:00
AlexDenisov
f1786f4d6b Apply suggestions from code review 
Co-authored-by: Cornelius Riemenschneider <cornelius@github.com>
 2022-06-20 07:29:10 +02:00
Harry Maclean
e1dcc207b4 Ruby: Model methods in Rails::Generators::Actions 
These methods are sinks for command injection.
 2022-06-20 13:36:09 +12:00
Harry Maclean
20ff4c4299 Ruby: Model ActiveRecord::Relation#touch_all 2022-06-20 13:36:02 +12:00
Harry Maclean
7dfab371f6 Ruby: Model redirect_back and redirect_back_or_to 
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
a298f5eb5e Ruby: Recognise File.atomic_write as a file writer 
This method is an ActiveSupport extension, but there's no harm in
recognising it universally as any identically-named method is likely to
also be a file writer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
0ce14fc4e5 Ruby: Recognise ActionCable logger class 2022-06-20 13:36:02 +12:00
Harry Maclean
4ecd595b73 Remove duplicate import 2022-06-20 13:36:02 +12:00
Erik Krogh Kristensen
6d3808bd89 remove redundant cast 2022-06-19 23:19:01 +02:00
Erik Krogh Kristensen
15f9e084d5 fix spurious resolved predicate expressions 2022-06-19 22:49:02 +02:00
Erik Krogh Kristensen
f8b451a514 get all calls to resolve to a unique predicate (within reason) 2022-06-19 22:38:09 +02:00
Erik Krogh Kristensen
f08f02ed66 use the explicit super type to resolve calls 2022-06-19 20:38:16 +02:00
Erik Krogh Kristensen
115110475d fix getName() on module instantiations 2022-06-19 20:09:32 +02:00
Erik Krogh Kristensen
26df367a8a fix some instances of spuriously resolving to multiple predicates 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
1856e2b389 fixup the $schema in all .sarif files 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
6e2f3e2fcb merge all .sarif files at the end of the QL-for-QL workflow 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
638a886dfe move create-extractor-pack to a scripts folder 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
0391db6787 simplify some code based on review 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
7e93416e97 only resolve module types if we know that the TypeExpr could possibly resolve to a module 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
a59f0d36f5 run the implicit-this patch on QL-for-QL 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
3a4f0299c7 fix typo 2022-06-19 20:09:31 +02:00
Erik Krogh Kristensen
a5e789c72b Merge pull request #9537 from github/dependabot/cargo/ql/crossbeam-utils-0.8.8 
Bump crossbeam-utils from 0.8.5 to 0.8.8 in /ql
 2022-06-18 15:44:34 +02:00
Erik Krogh Kristensen
02b9745eb6 Merge pull request #9538 from github/dependabot/cargo/ql/regex-1.5.5 
Bump regex from 1.5.4 to 1.5.5 in /ql
 2022-06-18 15:44:10 +02:00