hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,688 Branches 158 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
1c8090fa04 Merge pull request #9964 from geoffw0/cwe95 
Swift: Query for CWE-79 / CWE-95
 2022-08-05 10:38:33 +01:00
Geoffrey White
1ce06accbd Swift: Fix capitalization issue? 2022-08-05 10:20:51 +01:00
Mathias Vorreiter Pedersen
ac26371de0 Merge pull request #9909 from geoffw0/stringlengthconflation6 
Swift: Understand String.utf8.count etc in the string length conflation CVE query
 2022-08-05 10:13:25 +01:00
Tony Torralba
9ee90f8022 Remove unnecessary import from test 2022-08-05 11:11:13 +02:00
Tony Torralba
792d34c3a1 Add change note 2022-08-05 11:10:09 +02:00
Anders Schack-Mulligen
3d47875b60 Dataflow: Generate shorter RA/DIL names. 2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen
d3dcc3ce3a Dataflow: Sync. 2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen
09d0f8e0ce Dataflow: Replace stage duplication with parameterised modules. 2022-08-05 11:00:56 +02:00
Tom Hvitved
56ee07e24c Merge pull request #9936 from aibaars/gh-codeql-nightly 
Use 'gh codeql' with the nightly release for CI jobs
 2022-08-05 10:34:39 +02:00
Tony Torralba
5ebce6ee4f Improve AsyncTask data flow support 
Model the life-cycle described here: https://developer.android.com/reference/android/os/AsyncTask\#the-4-steps
 2022-08-05 10:29:49 +02:00
Tom Hvitved
e0dadb4df6 Ruby: Simplify flow summaries for hash literals 2022-08-05 10:20:07 +02:00
Jeroen Ketema
ba2cee07a9 Merge pull request #8596 from rdmarsh2/rdmarsh2/dataflow-global-vars 
C++: IR data flow through global variables
 2022-08-05 10:07:00 +02:00
Anders Schack-Mulligen
1fde06c0a8 Merge pull request #9970 from aschackmull/java/confusingoverload-perf 
Java: Improve performance of ConfusingOverloading.
 2022-08-05 09:38:22 +02:00
Harry Maclean
74d529d3e3 Merge pull request #9918 from hmac/hmac/mime-type-match 
Ruby: Model Mime::Type
 2022-08-05 11:51:45 +12:00
Harry Maclean
157bbccf62 Merge pull request #9851 from hmac/hmac/active-record-improvements 
Ruby: Recognise more AR write accesses
 2022-08-05 11:49:50 +12:00
Mathias Vorreiter Pedersen
2f13c65ad7 Update swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-08-04 22:45:45 +01:00
Mathias Vorreiter Pedersen
05e6dd85d4 Swift: Add taint tests for flow through interpolated strings. 2022-08-04 21:57:05 +01:00
Mathias Vorreiter Pedersen
9c48ce1bf2 Swift: Flow (1) through the internal function calls generated by the compiler during string interpolation, and (2) out of the internal 'TapExpr' and into the interpolated string result. 2022-08-04 21:57:05 +01:00
Mathias Vorreiter Pedersen
52b78b6e68 Swift: Don't assume we know the call target statically in 'TInOutUpdateNode'. 2022-08-04 21:57:04 +01:00
Mathias Vorreiter Pedersen
ff6b8c5c9c Swift: Replace 'CallExpr' with 'ApplyExpr'. This is needed because not all the calls inside the interpolated string computations are 'CallExpr's. 2022-08-04 21:57:04 +01:00
Mathias Vorreiter Pedersen
3028b80e46 Swift: Control-flow through interpolated strings. 2022-08-04 21:57:04 +01:00
Tom Hvitved
6fa1e06afb Merge pull request #9966 from hvitved/csharp/no-clr-tracer 
C#: Disable CLR tracer
 2022-08-04 20:50:19 +02:00
intrigus
b7d94906bf Add change note 2022-08-04 16:21:55 +02:00
intrigus
88ded4679a Accept test changes 2022-08-04 16:21:53 +02:00
intrigus
c867a1a146 Test setProperty/put with taint stored earlier 2022-08-04 16:21:51 +02:00
intrigus
0b7f0fbe54 Accept test changes 2022-08-04 16:21:50 +02:00
intrigus
55618adf6a Model java.util.Properties.setProperty 2022-08-04 16:21:48 +02:00
Tom Hvitved
01c0d4b59f Ruby: Support more flow through keyword arguments 2022-08-04 16:20:08 +02:00
Anders Schack-Mulligen
43d4324f65 Java: Improve performance of ConfusingOverloading. 2022-08-04 16:05:30 +02:00
Tom Hvitved
38ede25385 Ruby: Add test that illustrates missing flow for keyword arguments 2022-08-04 14:39:22 +02:00
Michael Nebel
64e8660904 C#: Simplification of AspNetCoreRemoteFlowSourceMember. 2022-08-04 14:18:25 +02:00
Tom Hvitved
bc6a74b4dd C#: Disable CLR tracer 
Also remove old tracer configs, as we now use the Lua tracer.
 2022-08-04 13:11:07 +02:00
mc
935def739c Merge pull request #9955 from securingdev/patch-1 
Update Other section with example exit code details
 2022-08-04 10:26:45 +01:00
mc
df1633a838 Merge branch 'main' into patch-1 2022-08-04 10:13:23 +01:00
Anders Schack-Mulligen
a5a58f46eb Merge pull request #9945 from aschackmull/java/wrappedinvocation-joinorder 
Java: Improve join-order.
 2022-08-04 11:12:23 +02:00
mc
360cff9c24 Merge branch 'main' into patch-1 2022-08-04 10:08:55 +01:00
Anders Schack-Mulligen
c2b99747d4 Merge pull request #9951 from aschackmull/java/notintersect-perf 
Java: Improve join-order for `not haveIntersection`.
 2022-08-04 11:08:02 +02:00
mc
8905df9abb Merge branch 'main' into patch-1 2022-08-04 10:06:01 +01:00
mc
e4c9f8a9a2 Update docs/codeql/codeql-cli/exit-codes.rst 2022-08-04 10:05:52 +01:00
Chris Smowton
96091e4fa0 Merge pull request #9947 from github/smowton/fix/golang-path-injection-numeric-sanitizer 
Go: note that numeric-typed nodes can't cause path traversal
 2022-08-04 09:00:34 +01:00
Chris Smowton
af274354a0 Merge pull request #9956 from github/smowton/feature/tainted-path-query-mad 
Make java/path-injection recognise create-file MaD sinks
 2022-08-04 08:59:59 +01:00
Harry Maclean
ee9e6b1f2e Ruby: Add change note 2022-08-04 17:27:34 +12:00
Harry Maclean
452811dbf2 Ruby: move change note 2022-08-04 17:25:55 +12:00
Harry Maclean
83393dc195 Ruby: Recognise more AR write accesses 
This change means we recognise calls like

```rb
User.create(params)
User.update(id, params)
```

as instances of `PersistentWriteAccess`.
 2022-08-04 17:22:46 +12:00
Harry Maclean
21b4918904 Ruby: Add getPositionalArgument 
This gets positional arguments from a call. These are arguments which
are not keyword arguments.
 2022-08-04 17:22:46 +12:00
Harry Maclean
d4f7f2b75e Ruby: Add test for AR PersistentWriteAccesses 2022-08-04 17:22:46 +12:00
Harry Maclean
7ed81db32d Ruby: Move ActiveRecord tests to new directory 2022-08-04 17:22:46 +12:00
Harry Maclean
def1b3c3b3 Ruby: QLDoc fix 2022-08-04 17:21:29 +12:00
Harry Maclean
fdbe16945f Ruby: Add change note 2022-08-04 17:19:05 +12:00
Geoffrey White
997068a9cb Swift: Fix a suggestion merge conflict. 2022-08-03 18:16:31 +01:00