hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-26 12:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,508 Commits 1,686 Branches 158 Tags
codeql-cli/v2.10.4
Commit Graph

42508 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
2aaedacd5d Merge pull request #9593 from erik-krogh/param2 
QL: followup fixes to parameterized modules
 2022-07-13 00:23:11 +02:00
Erik Krogh Kristensen
89043ec4ef Merge branch 'main' into param2 2022-07-12 23:21:11 +02:00
thiggy1342
74d6061082 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-12 17:15:54 -04:00
Erik Krogh Kristensen
5cbe01d8dc Merge pull request #8351 from erik-krogh/inconsistentDep 
QL: add query detecting inconsistent deprecations
 2022-07-12 23:12:24 +02:00
Erik Krogh Kristensen
e092cb02cd Merge pull request #8937 from erik-krogh/qlFocusedLocations 
QL: more precise alert locations
 2022-07-12 23:11:22 +02:00
Raul Garcia
a4adf06713 Addressing feedback for the qhelp file. 2022-07-12 13:51:12 -07:00
Jeroen Ketema
c18428f1a9 Merge pull request #9785 from bdrodes/main 
C++: Nullness.qll bug fixes
 2022-07-12 21:43:44 +02:00
Raul Garcia
d929b1338b Addressing API::Node feedback for all predicates 2022-07-12 11:55:06 -07:00
ihsinme
e77a989133 Update DangerousUseMbtowc.expected 2022-07-12 20:22:31 +03:00
ihsinme
98af52fba5 Update DangerousUseMbtowc.ql 2022-07-12 20:19:59 +03:00
ihsinme
1291f33c39 Merge pull request #1 from geoffw0/test123 
C++: Accept test results.
 2022-07-12 20:18:59 +03:00
Ian Lynagh
83edb3b5e9 Kotlin: Remove the last uses of fakeLabel 2022-07-12 17:43:50 +01:00
Geoffrey White
f29104ccce C++: Accept test results. 2022-07-12 16:49:04 +01:00
Raul Garcia
64343e00f4 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:25 -07:00
Raul Garcia
8a48708014 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:13 -07:00
Raul Garcia
2bac181094 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:53 -07:00
Raul Garcia
a4e35a97ea Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:38 -07:00
Raul Garcia
a51d713925 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:12 -07:00
Jeroen Ketema
f7c4fa691d Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-07-12 16:59:15 +02:00
Erik Krogh Kristensen
8e52fc97fc changes based on review by Shack 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
220ff3cb2e convert tabs to spaces in qhelp 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
712805f3bf add a!=b to the overlap predicate 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
592464d98b simplify the overlap computation 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
aae3e2ddde other changes based on Esbens review 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Ian Lynagh
a0636ff843 Merge pull request #9545 from igfoo/igfoo/type_cycles 
Java: Fix RefType.getAStrictAncestor() in the presence of type hierarchy cycles
 2022-07-12 14:28:54 +01:00
Jeroen Ketema
8f9d419441 C++: Add change note 2022-07-12 15:24:09 +02:00
Jeroen Ketema
e5eabc4e47 C++: Slightly tweak nullness test and update test results 2022-07-12 15:23:33 +02:00
Jeroen Ketema
d63b0946d9 C++: Use ConditionDeclExpr in AnalysedExpr::isDef 2022-07-12 15:22:13 +02:00
Jeroen Ketema
2ceb25dc9a C++: Order left and right operands in the logical left to right order 2022-07-12 15:21:37 +02:00
Ian Lynagh
d0bf424b19 Merge pull request #9806 from igfoo/igfoo/useType 
Kotlin: Extract an ErrorType if we fail to correctly extract a type
 2022-07-12 13:45:04 +01:00
Ian Lynagh
1bcb17b760 Update java/ql/lib/change-notes/2022-07-12-errortype.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-07-12 12:16:24 +01:00
Paolo Tranquilli
48c71c9407 Swift: add comment about TypeRepr in ASTNode fetching 2022-07-12 12:10:22 +02:00
Jeroen Ketema
de6a9375ba Merge pull request #9804 from jketema/get-target 
C++: Clarify the "most-specific" part of `FunctionCall:getTarget`
 2022-07-12 12:06:50 +02:00
Ian Lynagh
2edeeaac0e Merge pull request #9801 from igfoo/igfoo/psi 
Kotlin: We can't extract comments for < 1.5.20
 2022-07-12 11:01:30 +01:00
Ian Lynagh
965f5a980a Java/Kotlin: Add changenote for ErrorType 2022-07-12 10:58:16 +01:00
Henry Mercer
2ddcf8364c Merge pull request #9585 from github/henrymercer/packaging-on-ghes 
Docs: Document packaging support for CodeQL CLI 2.9.4+ on GHES 3.6+
 2022-07-12 10:36:03 +01:00
Paolo Tranquilli
033b239b22 Swift: collapse TypeRepr hierarchy 
Now `TypeRepr` is a final class in the AST, which is more or less just
a type with a location in code.

As the frontend does not provide a direct way to get a type from a
type representation, this information must be provided when fetching
the label of a type repr.

This meant:
* removing the type repr field from `EnumIsCaseExpr`: this is a virtual
  AST node introduced in place of some kinds of `IsEpxr`. The type
  repr is still available from the `ConditionalCheckedCastExpr` wrapped
  by this virtual node, and we will rebuild the original `IsExpr` with
  the IPA layer.
* some logic to get the type of keypath roots has been added to
  `KeyPathExpr`. This was done to keep the `TypeRepr` to `Type` relation
  total in the DB, but goes against the design of a dumb extractor. The
  logic could be moved to QL in the future
* in the control flow library, `TypeRepr` children are now ignored. As
  far as I can tell, there is no runtime evaluation going on in
  `TypeRepr`s, so it does not make much sense to have control flow
  through them.
 2022-07-12 10:49:14 +02:00
Nick Rolfe
685389d219 Merge pull request #9797 from github/nickrolfe/railties_fix 
Ruby: fix defining every dataflow node as a command execution sink
 2022-07-12 09:30:55 +01:00
Jeroen Ketema
c75599c3da C++: Clarify the "most-specific" part of FunctionCall:getTarget 2022-07-12 10:28:19 +02:00
Nick Rolfe
217c9a8aaf Fix typo in changenote 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-07-12 08:50:58 +01:00
Paolo Tranquilli
47a4cac8ee Merge branch 'main' into redsun82/swift-extraction 2022-07-12 09:29:10 +02:00
Paolo Tranquilli
70838fe57f Merge pull request #9774 from github/redsun82/swift-disable-change-note-check 
Swift: disable change note checking for now
 2022-07-12 09:28:37 +02:00
Shyam Mehta
65b9947428 Incorporate jksco's feedback 2022-07-12 02:02:31 -04:00
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Aditya Sharad
02e11b7ee9 Docs: Add links from query help to query pack changelog for each language 2022-07-11 13:59:38 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Raul Garcia
e5702d0e15 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 13:07:37 -07:00
Raul Garcia
7fc9ae6c49 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 13:07:20 -07:00