hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-26 04:43:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,688 Branches 158 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
4c53c341f6 Swift: make TargetFile::good() a class invariant 
Fallible initialization has been moved to a factory function, and
`commit` has been moved to the destructor.
 2022-07-14 06:02:35 +02:00
thiggy1342
62a10e20b2 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-13 20:28:09 -04:00
thiggy1342
8ca7d7d775 update change note 2022-07-14 00:22:38 +00:00
thiggy1342
9d277027a3 Merge branch 'main' into experimental-strong-params 2022-07-13 20:19:50 -04:00
thiggy1342
3dd61cadf4 formatting query 2022-07-14 00:19:36 +00:00
github-actions[bot]
9a186ba5d2 Add changed framework coverage reports 2022-07-14 00:18:56 +00:00
thiggy1342
ee79834cc8 formatting in qhelp 2022-07-14 00:15:39 +00:00
thiggy1342
ae634367c9 add qhelp file 2022-07-14 00:11:52 +00:00
thiggy1342
2cc703387b use taint config for data flow 2022-07-14 00:11:52 +00:00
thiggy1342
f5301aa478 Merge branch 'main' into add-activerecord-annotate 2022-07-13 14:35:44 -04:00
Chris Smowton
80cbddf626 Merge pull request #9817 from smowton/smowton/feature/model-java-util-properties 
Java: Model `java.util.Properties.getProperty`
 2022-07-13 17:12:11 +01:00
Raul Garcia
f7c47b6c75 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.py 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-13 08:34:48 -07:00
Chris Smowton
f9da4a0456 Add change note 2022-07-13 14:11:31 +01:00
Chris Smowton
b1dd3c2d84 Model java.util.Properties.getProperty 2022-07-13 13:59:28 +01:00
Erik Krogh Kristensen
9e2e32f037 Merge pull request #9322 from erik-krogh/fixAutoBuild 
QL/RB: fix the QL-for-QL and ruby autobuilders
 2022-07-13 14:39:59 +02:00
Paolo Tranquilli
6dd09c1815 Merge pull request #9796 from github/redsun82/swift-codegen-skip-cpp-pragma 
Swift: allow skipping fields in cppgen
 2022-07-13 13:20:47 +02:00
Erik Krogh Kristensen
3e4a182ee8 Merge pull request #7450 from erik-krogh/missDocParam 
QL: Add query detecting suspiciously missing parameters from the QLDoc of a predicate
 2022-07-13 12:45:15 +02:00
Paolo Tranquilli
5773a734c3 Swift: slightly simplify a cppgen change 2022-07-13 11:27:50 +02:00
Paolo Tranquilli
f7dca4d70f Swift: trap output rework 
Firstly, this change reworks how inter-process races are resolved.
Moreover some responsability reorganization has led to merging
`TrapArena` and `TrapOutput` again into a `TrapDomain` class.

A `TargetFile` class is introduced, that is successfully created
only for the first process that starts processing a given trap output
file. From then on `TargetFile` simply wraps around `<<` stream
operations, dumping them to a temporary file. When `TargetFile::commit`
is called, the temporary file is moved on to the actual target trap
file.

Processes that lose the race can now just ignore the unneeded
extraction and go on, while previously all processes would carry out
all extractions overwriting each other at the end.

Some of the file system logic contained in `SwiftExtractor.cpp` has been
moved to this class, and two TODOs are solved:
* introducing a better inter process file collision avoidance strategy
* better error handling for trap output operations: if unable to write
  to the trap file (or carry out other basic file operations), we just
  abort.

The changes to `ExprVisitor` and `StmtVisitor` are due to wanting to
hide the raw `TrapDomain::createLabel` from them, and bring more
funcionality under the generic caching/dispatching mechanism.
 2022-07-13 11:19:57 +02:00
Harry Maclean
1fa2144716 Ruby: Update test fixtures 2022-07-13 21:02:08 +12:00
Erik Krogh Kristensen
fd10947ca0 use small steps in TypeBackTracker correctly 2022-07-13 10:29:57 +02:00
Erik Krogh Kristensen
cd5fbe633f update locations in test after merging in the focus-location-pr 2022-07-13 10:12:52 +02:00
Erik Krogh Kristensen
c4f44bb67f sync files 2022-07-13 10:01:26 +02:00
Erik Krogh Kristensen
a49d34cf0f Merge branch 'main' into missDocParam 2022-07-13 09:58:04 +02:00
Erik Krogh Kristensen
dded3af3d8 remove more false positives from the ql/missing-parameter-qldoc query 2022-07-13 09:57:17 +02:00
Erik Krogh Kristensen
047b14e310 get the autobuilders to work after introducing test-cases 2022-07-13 09:50:55 +02:00
Erik Krogh Kristensen
eb0340dcb6 get excludes to work properly 2022-07-13 09:50:55 +02:00
Erik Krogh Kristensen
878168384e remove tools:latest from codeql-action in QL-for-QL 2022-07-13 09:50:54 +02:00
Erik Krogh Kristensen
2850b35a04 update, and fix, the autobuilders by using the new --also-match option 2022-07-13 09:48:29 +02:00
Harry Maclean
49aab51893 Ruby: Make helper predicate private 2022-07-13 18:20:27 +12:00
Harry Maclean
ea95e2e1d0 Ruby: Use InclusionTests library in barrier guards 2022-07-13 18:20:27 +12:00
Harry Maclean
b9fc82a741 Ruby: Test both old and new-style barrier guards 2022-07-13 18:20:25 +12:00
Harry Maclean
4cfaa86d5d Ruby: Update new-style barrier-guard 2022-07-13 18:20:14 +12:00
Harry Maclean
5f17d8370c Ruby: Small change to isArrayExpr 2022-07-13 18:20:14 +12:00
Harry Maclean
63dcce9a31 Ruby: Refactor isArrayConstant 2022-07-13 18:20:14 +12:00
Harry Maclean
b5a3d3c488 Ruby: Extract isArrayConstant 
This predicate might be useful elsewhere.
 2022-07-13 18:20:14 +12:00
Harry Maclean
301914d80c Ruby: Add an extra barrier guard test 2022-07-13 18:20:14 +12:00
Harry Maclean
706d1d2eee Ruby: Make StringArrayInclusion more sensitive 
We now recognise the following pattern as a barrier guard for `x`:

    values = ["foo", "bar"]

    if values.include? x
      sink x
    end
 2022-07-13 18:20:12 +12:00
Raul Garcia
0dbb03f732 Adding CVE information. 2022-07-12 21:49:19 -07:00
thiggy1342
7df7b92d86 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-12 20:36:34 -04:00
thiggy1342
7129002573 tweak tests more 2022-07-13 00:33:58 +00:00
thiggy1342
b3f1a513d1 Update tests 2022-07-13 00:25:43 +00:00
thiggy1342
9a0a9491da Merge branch 'main' into add-activerecord-annotate 2022-07-12 20:13:56 -04:00
thiggy1342
2566ae9889 Merge branch 'main' into experimental-strong-params 2022-07-12 20:12:51 -04:00
thiggy1342
db5f63b208 add tests 2022-07-12 23:14:16 +00:00
thiggy1342
7facc63699 remove predicate 2022-07-12 22:59:48 +00:00
Erik Krogh Kristensen
2aaedacd5d Merge pull request #9593 from erik-krogh/param2 
QL: followup fixes to parameterized modules
 2022-07-13 00:23:11 +02:00
Erik Krogh Kristensen
89043ec4ef Merge branch 'main' into param2 2022-07-12 23:21:11 +02:00
thiggy1342
74d6061082 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-12 17:15:54 -04:00
Erik Krogh Kristensen
5cbe01d8dc Merge pull request #8351 from erik-krogh/inconsistentDep 
QL: add query detecting inconsistent deprecations
 2022-07-12 23:12:24 +02:00