hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 20:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,508 Commits 1,686 Branches 158 Tags
codeql-cli/v2.10.4
Commit Graph

42508 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
d4d6657cb7 Merge pull request #10008 from alexrford/rb/log-injection 
Ruby: Add `rb/log-injection` query
 2022-08-17 15:01:22 +01:00
Taus
1c15fc5600 Python: Define Str as an alias of StrConst 2022-08-17 13:36:32 +00:00
erik-krogh
6b9f01535b change All to Most in the change-notes 2022-08-17 15:34:57 +02:00
Chris Smowton
077bae55fe Go: don't use WriteNode for channel writes 
I overlooked the fact that this has a WriteInstruction, which wasn't bound in the channel-write case, but somehow the evaluator discarded the implied cartesian product until last night's performance evaluation.

Rather than try to cram channel writes into WriteInstruction, just handle them as their own beast.
 2022-08-17 14:27:16 +01:00
Anders Schack-Mulligen
f6eccd390e Java: Move sink-constraints into the configuration. 2022-08-17 15:06:55 +02:00
Tamas Vajk
5d01653371 Fix gradle exclude list after the version number changes 2022-08-17 15:03:37 +02:00
Mathias Vorreiter Pedersen
1eb0f6a12e Merge pull request #10081 from erik-krogh/desugar 
add desugered to the typo database
 2022-08-17 13:56:59 +01:00
Anders Schack-Mulligen
c3ba632a32 Java: Add some type-based sanitizers to SensitiveInfoLog.ql. 2022-08-17 14:54:28 +02:00
Erik Krogh Kristensen
bd4947fdbd Merge pull request #10046 from erik-krogh/protoFunc 
JS: generalize `BarrierGuardFunction`to work on function that have multiple parameters
 2022-08-17 14:50:54 +02:00
Anders Schack-Mulligen
6e495ba6e5 Merge pull request #10068 from aschackmull/java/summarizedcallable-split 
Java: Make synthesized method bodies disjoint from source code.
 2022-08-17 14:13:56 +02:00
erik-krogh
2622c78766 add change-notes 2022-08-17 13:55:16 +02:00
erik-krogh
14d83ab1b5 make the framework imports in FlowSources.qll private 2022-08-17 13:50:08 +02:00
erik-krogh
8066e39d07 delete some redundant imports 2022-08-17 13:50:04 +02:00
Tom Hvitved
355c1f5959 Merge pull request #10035 from hvitved/ssa/phi-reads 
SSA: Improve use-use calculation using "phi read nodes"
 2022-08-17 13:43:00 +02:00
erik-krogh
dbbba32579 revert change to generated swift code 2022-08-17 13:34:22 +02:00
erik-krogh
b7b80fe176 reintroduce redundant cast in synced file 2022-08-17 13:34:22 +02:00
erik-krogh
ffb65d054e delete redundant inline casts 2022-08-17 13:34:22 +02:00
erik-krogh
2e44fba67d add explicit this 2022-08-17 13:33:31 +02:00
erik-krogh
b9823cf335 fix ql/could-be-cast 2022-08-17 13:33:31 +02:00
erik-krogh
b2e3d8bb86 remove some more legacy code that existed to support deprecated code 2022-08-17 13:32:39 +02:00
erik-krogh
6ac898bad4 add desugered to the typo database 2022-08-17 13:13:43 +02:00
Ian Lynagh
0d4419dd8c Merge pull request #10071 from igfoo/igfoo/refactor 
Kotlin: Refactor TypeResults
 2022-08-17 11:58:33 +01:00
Joe Farebrother
5d00b871d4 Correct node type 2022-08-17 11:58:11 +01:00
Joe Farebrother
2bc2649204 Merge pull request #9853 from joefarebrother/static-init-vec 
Java: Promote Static Initialization Vector query
 2022-08-17 11:56:00 +01:00
Nick Rolfe
61db581512 Merge pull request #10080 from github/nickrolfe/desugared-typo 
Ruby: fix typo: s/Desugered/Desugared
 2022-08-17 11:54:15 +01:00
Anders Schack-Mulligen
c034a1e268 Java: Fix test. 2022-08-17 12:46:35 +02:00
Anders Schack-Mulligen
27f76330be Java: Fix models. 2022-08-17 12:46:09 +02:00
Anders Schack-Mulligen
857b473503 Java: Delete duplicate tests. 2022-08-17 12:44:42 +02:00
Nick Rolfe
94a51142d0 Ruby: fix typo in internal predicate name 2022-08-17 11:05:39 +01:00
Tamas Vajk
abc4405221 Kotlin: Change version numbers 2022-08-17 11:57:33 +02:00
Tamas Vajk
f12c73f472 Kotlin: Add support for version 1.7.20-Beta 2022-08-17 11:57:33 +02:00
Tom Hvitved
d8f7861ab1 C#: Include both source code and hand-written summaries in data flow 
Still, generated summaries are only included when there is no source code.
 2022-08-17 11:57:24 +02:00
Erik Krogh Kristensen
47353f6c28 Merge pull request #10067 from erik-krogh/paramSig 
QL: support signature parameters in QL-for-QL
 2022-08-17 11:50:39 +02:00
Joe Farebrother
de69827711 Use a full dataflow config rather than local flow 2022-08-17 10:35:48 +01:00
Joe Farebrother
fe5a61bdde Fix typos in docs and comments 2022-08-17 10:35:48 +01:00
Joe Farebrother
c77b17574a Use CryptoAlgoSpec rather than hadcoding Cipher.getInstance 2022-08-17 10:35:47 +01:00
Joe Farebrother
08b77493d2 Add security severity and change note 2022-08-17 10:35:47 +01:00
Joe Farebrother
9ae652dd6a Add tests 2022-08-17 10:35:47 +01:00
Joe Farebrother
41bdd6d4cc Add RSA without OEAP query and qhelp 2022-08-17 10:35:46 +01:00
Joe Farebrother
7c188a6b96 Apply doc suggestions 2022-08-17 10:35:16 +01:00
Joe Farebrother
7989ba3391 Replace a tainttracking instance with local flow 2022-08-17 10:35:16 +01:00
Joe Farebrother
5afc0b0c15 Add security severity 2022-08-17 10:35:15 +01:00
Joe Farebrother
bf32b5a8fd Reiview suggestions - add doc comment, reword description, simplify a part 2022-08-17 10:35:15 +01:00
Joe Farebrother
a62bb8e115 Add additional test case 2022-08-17 10:35:15 +01:00
Joe Farebrother
960a4e58a0 Add change note 2022-08-17 10:35:14 +01:00
Joe Farebrother
c152a27a68 Reword docs 2022-08-17 10:35:14 +01:00
Joe Farebrother
4d0957711b Reduce FPs from empty arrays 2022-08-17 10:35:14 +01:00
Joe Farebrother
c0a1300955 Improve initializedWthConstants to no longer need a workaround 2022-08-17 10:35:13 +01:00
Joe Farebrother
f8f21c7ee6 Move static init vector query and tests from experimental to main 2022-08-17 10:35:13 +01:00
Tom Hvitved
44e1ecdf94 Merge pull request #10060 from hvitved/ruby/pos-args-missing-flow-tests 
Ruby: Add tests that demonstrate missing flow through positional arguments
 2022-08-17 10:45:25 +02:00