hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 03:01:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,691 Branches 160 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
aee617f911 Autoformat 2021-12-14 08:40:30 +01:00
github-actions[bot]
3c57602653 Add changed framework coverage reports 2021-12-14 00:09:54 +00:00
Harry Maclean
f21948d0ca Ruby: Speed up private method modelling 2021-12-14 11:10:38 +13:00
Esben Sparre Andreasen
1949a4e59a autoformat 2021-12-13 22:21:52 +01:00
Erik Krogh Kristensen
de4458346f Merge pull request #7344 from SZFsir/main 
JS: Improve inter-procedural type inference for FunctionExpr
 2021-12-13 21:58:53 +01:00
Tony Torralba
1b761b3d12 Apply suggestions from code review 2021-12-13 20:38:06 +01:00
Owen Mansel-Chan
6a2a8298dd Add missing tests for DatabaseSql function models 2021-12-13 14:18:46 -05:00
Tony Torralba
ff2f5a5f91 Apply suggestions from code review 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
 2021-12-13 19:44:38 +01:00
Tony Torralba
d2dc19900f Apply suggestions from code review 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-12-13 19:39:52 +01:00
Geoffrey White
041c2c77b3 C++: Separate two test cases slightly so that we get clearer test coverage of the interprocedural / multi-path cases. 2021-12-13 18:18:29 +00:00
Nick Rolfe
dc27089714 Merge pull request #7375 from github/nickrolfe/cargo_update 
Ruby: update crate versions
 2021-12-13 18:16:29 +00:00
Dave Bartolomeo
7732c0885f Merge pull request #7374 from aeisenberg/aesenberg/upgrades-semver 
Fix semver for upgrades references
 2021-12-13 13:06:59 -05:00
Sergey
0f0bd34958 Update IncorrectPrivilegeAssignment.ql 2021-12-13 20:35:13 +03:00
Andrew Eisenberg
0669ef505e Fix semver for upgrades references 
Ensure the version range is flexible enough to handle
future version changes.
 2021-12-13 09:03:33 -08:00
Aditya Sharad
372f099850 Merge pull request #7323 from adityasharad/atm/perf-debugging-std-lib 
JS: Performance improvements to libraries using regex matching
 2021-12-13 08:53:11 -08:00
Nick Rolfe
b18f7a9bd7 Ruby: update crate versions 2021-12-13 15:37:35 +00:00
Rasmus Wriedt Larsen
cf2ee0672f Python: Model requests Responses 2021-12-13 15:09:46 +01:00
Michael Nebel
c0b61d7f73 Merge pull request #7370 from michaelnebel/csharp-mad-textreader 
C#: Flow summaries for virtual members in abstract classes should also apply to overrides.
 2021-12-13 15:00:54 +01:00
Rasmus Wriedt Larsen
35cba17642 Python: Consider taint of client http requests 2021-12-13 14:56:16 +01:00
Rasmus Wriedt Larsen
b68d280129 Python: Add modeling of requests 2021-12-13 14:56:16 +01:00
Alex Ford
124aac23c6 Merge pull request #7371 from github/ruby/comment-new-syntax 
Ruby: use Ruby object instantiation syntax in a comment
 2021-12-13 13:23:03 +00:00
Rasmus Wriedt Larsen
1ff56d5143 Python: Add tests of requests 
Also adjusts test slightly. Writing
`clientRequestDisablesCertValidation=False` to mean that certificate
validation was disabled by the `False` expression is just confusing, as
it easily reads as _certificate validate was NOT disabled_ :|

The new one ties to each request that is being made, which seems like
the right setup.
 2021-12-13 14:07:32 +01:00
Alex Ford
4ae92667e1 Ruby: use Ruby object instantiation syntax in a comment 2021-12-13 12:54:45 +00:00
Michael Nebel
ba23393c0d C#: Update test as we now also implicitly gets flow summary for StreamReader. 2021-12-13 13:51:53 +01:00
Michael Nebel
a6eba04793 C#: Convert System.IO.TextReader flow to CSV format. 2021-12-13 13:51:18 +01:00
Esben Sparre Andreasen
c66d29998e update test output for additional DatabaseAccesses 2021-12-13 13:42:28 +01:00
Michael Nebel
88bb8a2704 C#: Update flow summaries test cases. 2021-12-13 13:14:49 +01:00
Michael Nebel
d699ca9aa8 C#: Flow summaries should also apply for overides or virtual members in abstract classes. 2021-12-13 13:09:40 +01:00
Chris Smowton
9309abf8cd Merge pull request #574 from sauyon/dataflow-update 
Update dataflow libraries and add support for CSV summary flow
 2021-12-13 11:28:28 +00:00
Paolo Tranquilli
5ed7056707 C++: remove deprecation from getMaxData 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
3734e1ca4f C++: auto format 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
06acaef43e C++: fix deprecation comments in BufferWrite 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
a089898220 C++: remove reason from OverrunWrite output 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
85de6dd667 C++: make BufferWrite changes backward compatible 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
88d65b8fcb C++: postpone change-notes addition 
We can add it later when more consistent changes to the queries are made
 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
2020786fb0 C++: fix format 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
b0242dc55b C++: more idiomatic BufferWriteEstimationReason 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
160635ba3c C++: add missing docs for a toString predicate 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
a6cbe6f94c C++: add missing change note and docs 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
fb03561a31 C++: add docstrings to Printf and BufferWrite 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
aa68c51797 C++: preserve Printf and BufferWrite API 2021-12-13 11:28:02 +00:00
Paolo Tranquilli
598f283715 C++: add reason to buffer write estimations 2021-12-13 11:28:02 +00:00
Chris Smowton
89b2a2f9b0 Merge pull request #633 from owen-mc/database-sql-model-incorrect 
Fix incorrect type name in database/sql model
 2021-12-13 11:01:38 +00:00
Chris Smowton
559aec1d64 Merge pull request #632 from owen-mc/refactor-variadic-helper-functions-for-builtin-functions 
Refactor isVariadic helper functions
 2021-12-13 10:59:42 +00:00
Tamas Vajk
26194be8b6 Add workaround for equal lambda parameter symbols with different hashcodes 2021-12-13 11:59:24 +01:00
Michael Nebel
7ff2ee695d Merge pull request #7348 from michaelnebel/csharp-mad-as-csv-json 
C#: Convert flow summaries for JSon.NET
 2021-12-13 11:57:55 +01:00
Rasmus Wriedt Larsen
7bf285a52e Python: Alter disablesCertificateValidation to fit our needs 
For the snippet below, our current query is able to show _why_ we
consider `var` to be a falsey value that would disable SSL/TLS
verification. I'm not sure we're going to need the part that Ruby did,
for being able to specify _where_ the verification was removed, but
we'll see.

```
requests.get(url, verify=var)
```
 2021-12-13 11:37:12 +01:00
JrXnm
efc9e67ec2 Update javascript/ql/lib/semmle/javascript/dataflow/internal/InterProceduralTypeInference.qll 
Fix multiple declare may mismatch issue

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-13 18:36:06 +08:00
Chris Smowton
08c10bf97b Merge pull request #625 from smowton/smowton/fix/minor-perf-improvements 
Improve performance: join-order AllocationSizeOverflow's source and use `matches` not `regexpFind`
 2021-12-13 10:36:02 +00:00
JrXnm
fad95d8935 Update javascript/ql/lib/semmle/javascript/dataflow/internal/InterProceduralTypeInference.qll 
Commit coding style suggestion

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-13 18:32:11 +08:00