hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 18:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,691 Branches 160 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
fd1136a777 Add change note for change to Function.getACall 2022-01-18 16:42:57 +00:00
Geoffrey White
982fb8f73a C++: Add change note. 2022-01-18 16:38:44 +00:00
Robert Marsh
024bd27485 Merge pull request #7578 from MathiasVP/store-dest-should-not-be-use 
C++: Store destinations should not be uses for dataflow SSA
 2022-01-18 11:36:15 -05:00
Jeff Gran
47697f59c1 Ruby: Add classes for detecting user input from graphql-ruby 2022-01-18 09:13:58 -07:00
CodeQL CI
1912c56f82 Merge pull request #7631 from RasmusWL/sqlalchemy-scoped-session 
Approved by tausbn
 2022-01-18 14:31:49 +00:00
Erik Krogh Kristensen
2433eafef2 add query for detecting insecure temprary files 2022-01-18 14:54:56 +01:00
Rasmus Wriedt Larsen
95e935e9c1 Python: Support SQLAlchemy scoped_session 2022-01-18 14:34:31 +01:00
Erik Krogh Kristensen
30d896bdbb QL: make the alert-message more precise when the type-cast is also redundant 2022-01-18 14:25:43 +01:00
Jaroslav Lobačevski
92f5a5f893 Reduce FPs in IncorrectPrivilegeAssignment.ql 
Implements suggestions from https://github.com/github/codeql/pull/6949#issuecomment-976482965
 2022-01-18 13:43:17 +01:00
Erik Krogh Kristensen
14d2f5fe02 QL: add a new ql/could-be-cast query 2022-01-18 13:37:32 +01:00
Erik Krogh Kristensen
a1f4c85dea QL: update expected output for the printAst test 2022-01-18 13:37:04 +01:00
Erik Krogh Kristensen
1ec868eeae QL: various improvements to Ast.qll 2022-01-18 13:23:33 +01:00
Erik Krogh Kristensen
95ae113994 QL: downgrade redundant-inline-cast to a warning query 2022-01-18 13:22:01 +01:00
Erik Krogh Kristensen
ea7945bac1 QL: show recommendation queries by default, and remove the MissingQLDoc query 2022-01-18 13:21:07 +01:00
Henry Mercer
be0c26f83d Merge pull request #7617 from github/henrymercer/js-atm-update-alert-messages 
JS: Update alert messages for ML-powered queries
 2022-01-18 11:37:02 +00:00
Mathias Vorreiter Pedersen
cb0cc8d859 Merge pull request #7625 from geoffw0/nullterm4 
C++: Fix some code duplication.
 2022-01-18 11:18:06 +00:00
Tony Torralba
b16b0270d2 Merge pull request #6779 from atorralba/atorralba/android-implicit-pending-intents 
Java: CWE-927 - Query to detect the use of implicit PendingIntents
 2022-01-18 12:14:47 +01:00
Geoffrey White
548a62d1ab C++: Fix branch related FPs in cpp/improper-null-termination. 2022-01-18 11:13:08 +00:00
Felicity Chapman
c3ed74d63c Merge pull request #7604 from github/lgtm-1.29-docs 
Update version numbers in CodeQL support notes for LGTM 1.29
 2022-01-18 11:09:38 +00:00
Chris Smowton
9819752bdd Merge pull request #7526 from smowton/smowton/fix/restore-nodes-edges-consistency 
Don't include arg -> param edges in PathGraph::edges where arg is not reachable
 2022-01-18 11:05:47 +00:00
Benjamin Muskalla
7e215a5193 Merge pull request #7599 from bmuskalla/modelWriter 
Java: Model Appenable and Writer
 2022-01-18 11:55:27 +01:00
Henry Mercer
1893b9f7a9 Merge pull request #7376 from github/henrymercer/js-atm-absent-features-optimization 
JS: Update featurization for absent features optimization
 2022-01-18 10:15:53 +00:00
Tony Torralba
f103d45340 Merge branch 'main' into atorralba/android-implicit-pending-intents 2022-01-18 10:50:49 +01:00
Mathias Vorreiter Pedersen
e1598aba5e C++: Fix spelling. 2022-01-18 09:44:36 +00:00
Tony Torralba
3ff7710a18 Improve ExplicitIntent's QLDoc 2022-01-18 10:43:52 +01:00
Tony Torralba
fe2755c4a0 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-18 10:41:19 +01:00
Benjamin Muskalla
365a8d9bbd Fix flow for fluent appendable api 2022-01-18 10:41:00 +01:00
Benjamin Muskalla
8e6a15640f Model basic channel APIs 2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen
fff3b5c5b4 Dataflow: Add qldoc. 2022-01-18 10:39:55 +01:00
Anders Schack-Mulligen
9479301485 Ruby: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
5cfa3c7927 C++: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
7b98ca9b0a C#: Adjust qltest expected output. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
aa9912a699 Java: Fix expected output 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
71e39353ca Dataflow: Sync. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
b22c4e3c56 Dataflow: Bugfix: include subpaths ending at a sink. 2022-01-18 10:34:14 +01:00
Chris Smowton
f7d3892320 Update test expectations 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
dfa79f6119 Dataflow: Sync. 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
46736a137c Dataflow: Don't include subpaths that can't reach a sink. 2022-01-18 10:30:09 +01:00
Chris Smowton
2c37885f6e Sync dataflow 2022-01-18 10:30:09 +01:00
Chris Smowton
7c9b44b4cb Don't include arg -> param edges in PathGraph::edges whose arg is not reachable 
This avoids lots of missing-node warnings from `codeql bqrs interpret` as it discards the nodes that occur in the `edges` relation but not `nodes`. The problem arises because subpaths introduced two variants of `reach`, one of which is more restrictive than simply `reach(succ) and succ = pred.getASuccessor()`, so it no longer suffices to just check that the successor is reachable.
 2022-01-18 10:30:09 +01:00
Michael Nebel
de3d62b3f4 C#: Update stats file for the new relations (they are unfortunately empty). 2022-01-18 09:33:40 +01:00
Michael Nebel
bf21026771 C#: Add downgrade scripts for the line span pragma. 2022-01-18 09:32:14 +01:00
Michael Nebel
8fd116fbd7 C#: Add upgrade scripts for the new tables requires for the line span pragma. 2022-01-18 09:32:14 +01:00
Michael Nebel
ac47c96f48 C#: Add Line span pragma test case. 2022-01-18 09:32:14 +01:00
Michael Nebel
8b048ca17e C#: Add line span pragma example. 2022-01-18 09:32:14 +01:00
Michael Nebel
93255dfe13 C#: Add QL library support for the Line span directive. 2022-01-18 09:32:14 +01:00
Michael Nebel
7e264668d8 C#: Refator directive visitor to use expression body. 2022-01-18 09:32:14 +01:00
Michael Nebel
af380f846e C#: Add support in the extractor for the LineSpanDirective. 2022-01-18 09:32:14 +01:00
Michael Nebel
195d40c04e C#: Add new class needed for LineSpanDirective and modify existing implementation to use the new types. 2022-01-18 09:32:14 +01:00
Michael Nebel
a197befb5f C#: Add shared base class for line and line span pragmas. 2022-01-18 09:32:14 +01:00