hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 12:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,686 Branches 158 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
f30b735443 Merge pull request #10022 from github/release-prep/2.10.3 
Release preparation for version 2.10.3
codeql-cli/v2.10.3 		2022-08-11 13:52:43 +01:00
github-actions[bot]
57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Jeroen Ketema
a5c0fa24d7 Merge pull request #9971 from jketema/attribute-arg 
C++: Handle all forms of constant attribute arguments
 2022-08-11 11:30:18 +02:00
Jeroen Ketema
18094fb1d8 Merge pull request #10019 from erik-krogh/deleteDeadSwift 
delete the dead TypeRepr files
 2022-08-11 11:13:54 +02:00
Chris Smowton
3d4e9061a4 Merge pull request #10016 from aschackmull/java/kotlin-test-fix 
Kotlin: Reflection test should not refer to DataFlowPrivate.
 2022-08-11 10:08:38 +01:00
erik-krogh
c778b38a77 delete the dead TypeRepr files 2022-08-11 10:56:58 +02:00
Anders Schack-Mulligen
74b05d2aa4 Kotlin: Reflection test should not refer to DataFlowPrivate. 2022-08-11 09:48:10 +02:00
Anders Schack-Mulligen
87461fece4 Merge pull request #10006 from aschackmull/java/sensitive-log-dedup 
Java: Remove SensitiveLoggingQuery results that flow through a source.
 2022-08-11 09:26:33 +02:00
Anders Schack-Mulligen
ced083be61 Merge pull request #10015 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-08-11 09:20:12 +02:00
Michael Nebel
b817bd43ca Merge pull request #10005 from michaelnebel/csharp/constructorsummaries 
C#: Constructor summaries
 2022-08-11 09:16:05 +02:00
Tom Hvitved
e106edc04e Merge pull request #9989 from hvitved/csharp/lua-tracer-improvements2 
C#: Handle `dotnet exec csc.dll` and the likes in the Lua tracer
 2022-08-11 08:55:46 +02:00
github-actions[bot]
33ce9552cb Add changed framework coverage reports 2022-08-11 00:17:52 +00:00
Jeroen Ketema
32a2363f85 C++: Add change note 2022-08-10 21:11:59 +02:00
Jeroen Ketema
32db845af8 C++: Add DB scheme upgrade and downgrade scripts 2022-08-10 21:11:58 +02:00
Jeroen Ketema
bdd8f2bbe9 C++: Update DB scheme stats file 2022-08-10 21:11:58 +02:00
Jeroen Ketema
8528e6b8e1 C++: Update test results for exposing attribute arguments as proper constants 2022-08-10 21:11:58 +02:00
Jeroen Ketema
b20961a065 C++: Expose constant expressions as attribute arguments 2022-08-10 21:11:58 +02:00
Jeroen Ketema
553f1c496e C++: Update DB scheme to allow for constant expression as attribute arguments 2022-08-10 21:11:58 +02:00
Jeroen Ketema
9ae9b89529 C++: Improve accuracy of AttributeArgument.getValueText QLDoc 2022-08-10 21:11:58 +02:00
Jeroen Ketema
0e12c9d8b1 C++: Simplify this suppression for specifiers 2022-08-10 21:11:58 +02:00
Chris Smowton
cc8e9806c4 Merge pull request #10009 from smowton/smowton/java17-options 
Java: Adapt tests as required by JDK17 extractor upgrade
 2022-08-10 18:46:06 +01:00
Chris Smowton
341241cf43 Use SrcFloatingPointLiteral 2022-08-10 17:28:14 +01:00
Mathias Vorreiter Pedersen
56fddd75bb Merge pull request #10000 from geoffw0/defaulttaint 
Swift: Taint flow improvements
 2022-08-10 16:30:09 +01:00
Geoffrey White
6ffe5fcaed Swift: Comment some other cases. 2022-08-10 15:46:32 +01:00
Geoffrey White
537caf85f2 Swift: Fix cartesian product. 2022-08-10 15:46:30 +01:00
Geoffrey White
e09e64ee85 Swift: Restrict taint flow through + to strings. 2022-08-10 15:46:28 +01:00
Geoffrey White
f3499e98a4 Swift: Move try, ! to dataflow. 2022-08-10 15:13:04 +01:00
Nora Dimitrijević
cce39fb2ce Merge pull request #9998 from d10c/use-strcpyfunction-in-bad-strncpy-size 
Use StrcpyFunction in `cpp/bad-strncpy-size`

This PR:

- Uses the [StrcpyFunction](https://github.com/github/codeql/blob/main/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll#L14) class in the [StrncpyFlippedArgs](https://github.com/github/codeql/blob/main/cpp/ql/src/Likely%20Bugs/Memory%20Management/StrncpyFlippedArgs.ql) query instead of an ad-hoc predicate for finding strcpy-like functions.
- Tests this by adding one previously unsupported strcpy-like function (`wcsxfrm_l`) to StrncpyFlippedArgs's test.cpp.
 2022-08-10 15:11:20 +02:00
Tamás Vajk
b2c22dacc2 Merge pull request #9769 from tamasvajk/fix/ctor-field-flow 
C#: Fix dataflow for default constructors
 2022-08-10 15:06:25 +02:00
Anders Schack-Mulligen
cbd6d24b9c Merge pull request #9963 from intrigus-lgtm/java/model-set-properties 
Model `java.util.Properties.setProperty`
 2022-08-10 14:51:00 +02:00
Anders Schack-Mulligen
ecc15a1f95 Java: Remove SensitiveLoggingQuery results that flow through a source. 2022-08-10 14:28:07 +02:00
Michael Nebel
736ae4f7d6 C#: Update FlowSummaries expected output. 2022-08-10 14:23:54 +02:00
Michael Nebel
5659db73d3 C#: Update alle manually written summaries for constructors to use Argument[Qualifier] instead of ReturnValue. 2022-08-10 14:17:16 +02:00
Nora Dimitrijević
60f4049388 Re-autoformat StrncpyFlippedArgs.ql 2022-08-10 14:14:42 +02:00
Nora Dimitrijević
05f4f98aa0 Add change note 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
8e60a4a478 Update StrncpyFlippedArgs.expected 
Add output lines for the newly implemented test case, test.cpp/test9().
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
df419003ad Use Strcpy.qll in StrncpyFlippedArgs.ql 
As a result, the query gets access to more types of strncpy-like
functions, as demonstrated by test.cpp, which now "fails" (i.e. works) for the new test
cases instroduced
in the previous commit.
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
554aea1bb8 New strcpy-variant in StrncpyFlippedArgs test 
Added wcsxfrm_l, which is not currently caught by the query,
meaning that in this case a successful
test implies missing functionality.
 2022-08-10 13:42:21 +02:00
Chris Smowton
8c32758ae5 Merge pull request #9829 from smowton/smowton/fix/kotlin-underscore-parameter-names 
Kotlin: Don't extract a name for a '_' parameter
 2022-08-10 12:28:26 +01:00
Tom Hvitved
2bb9e4859f C#: Handle dotnet exec csc.dll and the likes in the Lua tracer 2022-08-10 12:52:18 +02:00
Rasmus Wriedt Larsen
40d25cb34c Merge pull request #9849 from tausbn/python-fix-bad-essa-getInput-join 
Python: Fix bad join in ESSA `getInput`
 2022-08-10 11:45:23 +02:00
Michael Nebel
7fc95fb49b Merge pull request #9988 from michaelnebel/csharp/updatestubs 
C#: Update .NET Core and ASP.NET Core Stubs.
 2022-08-10 11:02:35 +02:00
Rasmus Wriedt Larsen
b541103b7f Merge pull request #9846 from tausbn/python-fix-bad-syntactic_call_count-join 
Python: Fix bad join in `syntactic_call_count`
 2022-08-10 10:09:51 +02:00
Michael Nebel
0aa64b3a8f Merge pull request #10001 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-08-10 10:09:19 +02:00
Tom Hvitved
19043bdf38 Merge pull request #9976 from hvitved/ruby/hash-literal-summary-simplification 
Ruby: Simplify flow summaries for hash literals
 2022-08-10 08:57:33 +02:00
Erik Krogh Kristensen
d008975ff4 Merge pull request #9825 from erik-krogh/repeatedWord 
QL: add ql/repeated-word query
 2022-08-10 07:25:26 +02:00
github-actions[bot]
cb19ae2638 Add changed framework coverage reports 2022-08-10 00:16:31 +00:00
Harry Maclean
30ff18aec8 Merge pull request #9919 from hmac/hmac/ar-associations 
Ruby: ActiveRecord associations
 2022-08-10 11:13:39 +12:00
Esben Sparre Andreasen
0c6f28014c Merge pull request #9821 from erik-krogh/jsQlFix 
JS: fix some QL-for-QL warnings in JS
 2022-08-09 22:06:29 +02:00
Erik Krogh Kristensen
559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00