hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
91b413d59f Dataflow: Sync identical files. 2022-04-19 09:57:21 +01:00
Erik Krogh Kristensen
4b6d8e6865 add missing qldoc 2022-04-19 10:56:58 +02:00
Mathias Vorreiter Pedersen
d5722ffa61 C++: Add 'nomagic' to 'revPartialPathStep'. 2022-04-19 09:56:41 +01:00
Erik Krogh Kristensen
8e5a7bcd76 add change-note 2022-04-19 10:53:48 +02:00
Erik Krogh Kristensen
e0b5197d3c a slight refactor 2022-04-18 22:21:41 +02:00
Erik Krogh Kristensen
7f592a6c64 merge Clipboard.qll and DragAndDrop.qll, and support InputEvent 2022-04-18 22:17:31 +02:00
Robert Marsh
cae08c505f Merge branch 'main' into rdmarsh2/ir-global-vars 2022-04-18 15:25:03 -04:00
Robert Marsh
b5c8413f5c Merge branch 'main' into rdmarsh2/ir-global-vars 2022-04-18 15:19:25 -04:00
Chuan-kai Lin
b433f08cef Merge pull request #8770 from cklin/csharp-downgrades-remove-version 
C#: remove version from downgrades pack
 2022-04-18 09:41:21 -07:00
Chuan-kai Lin
8e850ee564 C#: remove version from downgrades pack 2022-04-18 08:46:05 -07:00
Chad Bentz
990b7a29e8 Docs - Supported Queries - Fixing broken link 
update link target
 2022-04-18 10:30:24 -04:00
Marcono1234
6a48ba955c Clarify that min, max and rank may have multiple results 2022-04-16 19:12:25 +02:00
Marcono1234
8fdfe5426f Clarify min, max and rank documentation regarding expression type 2022-04-16 18:53:07 +02:00
jorgectf
9e1b98e5a4 Detach MyBatisAbstractSqlMethodsStep from MyBatisAbstractSql 2022-04-15 13:08:04 +02:00
Jean Helie
f1f00ccac5 ML: add .gitkeep to resources dir in which ML models are to be found 2022-04-15 12:19:06 +02:00
Chris Smowton
90505949c7 Generally define lower-numbered data-flow configs in terms of higher-numbered ones 
Since usually we have DataFlow3::Configurations that stand alone, DataFlow2::Configurations that depend on them, and finally DataFlow::Configurations that produce a top-level query result (for example), qll files where the reverse pattern holds will usually not be concurrently importable due to dataflow configuration recursion prevention.
 2022-04-15 09:25:40 +01:00
Chris Smowton
27d87e9300 Add TaintTracking3 2022-04-15 09:25:26 +01:00
Erik Krogh Kristensen
2e5d435bea add CWE-400, and add a reference to DoS attacks 2022-04-14 18:37:50 +02:00
Geoffrey White
8a32c17c56 C++: Fix the issue. 2022-04-14 17:03:28 +01:00
Paolo Tranquilli
24697feebc Swift: integrated template name in dataclass 2022-04-14 15:53:15 +02:00
Paolo Tranquilli
197ea5b8f3 Swift: use more @property in codegen 2022-04-14 12:28:52 +02:00
Paolo Tranquilli
71f9b25500 Swift: uses classes instead of Enum for Properties 2022-04-14 11:35:11 +02:00
Paolo Tranquilli
64496b4c97 Swift: cleanup and some docstrings for codegen 
Also added code generation and clang formatting to the pre-commit
configuration.
 2022-04-14 11:27:41 +02:00
Paolo Tranquilli
91fd83a554 Swift: dbscheme generator 
This patch introduces the basic infrastructure of the code generation
suite and the `dbscheme` generator.

Notice that the checked in `schema.yml` should reflect swift 5.6 but
might need some tweaking.

Closes https://github.com/github/codeql-c-team/issues/979
 2022-04-14 11:27:41 +02:00
Jean Helie
d094bbc06d Merge pull request #8546 from github/jhelie/enforce-unknown-incompatibiliy-with-notasink 
ML: add defensive check to ensure Unknown endpoints cannot also be NotASink
 2022-04-14 11:21:18 +02:00
Geoffrey White
2ac21d6932 C++: Use isBarrier rather than isBarrierOut (which is going away). 2022-04-14 09:21:57 +01:00
Harry Maclean
cf0611d1e7 Pass args to jq via --arg 2022-04-14 13:50:41 +12:00
Harry Maclean
a90647798e Fail workflow if COMMENT_ID fails validation 
And print an error message to STDERR.
 2022-04-14 13:21:38 +12:00
Harry Maclean
c9a5cb4bf6 Distinguish between validated and raw COMMENT_ID 2022-04-14 13:19:14 +12:00
Harry Maclean
c3f1fba985 Merge pull request #8598 from hmac/hmac/insecure-dep-resolution 
Ruby: Add rb/insecure-dependency query
 2022-04-14 02:09:44 +02:00
Erik Krogh Kristensen
4c97f68a3d remove postmessage events as source for js/resource-exhaustion 2022-04-13 23:14:42 +02:00
Erik Krogh Kristensen
51a0b6d501 remove client-side remote-flow from js/resource-exhaustion 2022-04-13 23:05:59 +02:00
Geoffrey White
27b6b99cd0 C++: Correct and improve some comments and naming. 2022-04-13 18:34:15 +01:00
Nick Rolfe
a1a7d2c088 Ruby: add changenote for rb/incomplete-sanitization 2022-04-13 17:32:38 +01:00
Nick Rolfe
fdca896614 Ruby: improve handling of [g]sub! 
rb/incomplete-sanitization has a few cases where we find flow from one
one string substitution call to another, e.g.

    a.sub(...).sub(...)

But this didn't find typical chained uses of the destructive variants,
e.g.

    a.sub!(...)
    a.sub!(...)

We now handle those cases by tracking flow from the post-update node for
the receiver of the first call.
 2022-04-13 17:19:25 +01:00
Jean Helie
1e39a9caae ML: update regression test output following fix to getAnUnknown predicate 2022-04-13 18:14:16 +02:00
Jean Helie
f87cd164ce ML: add defensive check to ensure Unknown endpoints cannot also be NotASink 2022-04-13 18:14:16 +02:00
Jean Helie
f2b813a6e7 ML: add regression test for effective sink that is also NotASink 2022-04-13 18:14:16 +02:00
Henry Mercer
6603f8ab94 Merge pull request #8734 from github/henrymercer/non-extending-subtypes-minor-fixes 
Docs: Fix typo and formatting in "Non-extending subtypes"
 2022-04-13 17:11:33 +01:00
Nick Rolfe
bbb8177176 Ruby: add rc/incomplete-sanitization query 2022-04-13 16:48:43 +01:00
Henry Mercer
54b3d4d0d7 Docs: Fix typo and formatting in "Non-extending subtypes" 
- Fix typo `select any(Foo f) would yield bar` -> `select any(Foo f).foo() would yield bar`
- Fix inline code formatting
- Change `foo_method` to `fooMethod` to follow QL style guide
 2022-04-13 16:12:42 +01:00
Geoffrey White
2ad81e63a5 C++: Change note. 2022-04-13 16:11:14 +01:00
AlexDenisov
df2cc181a0 Merge pull request #8726 from redsun82/swift-prebuilt-fetching 
Swift: fetch prebuilt swift and link against it
 2022-04-13 16:58:36 +02:00
Geoffrey White
dfd846bb7b C++: Changes to the qhelp. 2022-04-13 15:53:13 +01:00
Paolo Tranquilli
aaf9e7da2f turn off universal_binaries for now 2022-04-13 16:45:23 +02:00
Paolo Tranquilli
9e3401ce59 make self repository name parametric 
In a workspace macro we must use the exact repository name, and this
can be different when importing the workspace (it is different in
semmle-code).
 2022-04-13 16:22:27 +02:00
Paolo Tranquilli
73d5691d91 update swift package 2022-04-13 16:22:27 +02:00
Paolo Tranquilli
e68172f4b0 Swift: fetch prebuilt swift and link against it 
This is known to break linux integration in sembuild.
 2022-04-13 16:22:27 +02:00
Geoffrey White
d83aea5ea3 C++: Copy the qhelp from Javascript. 2022-04-13 15:16:01 +01:00
Geoffrey White
b149666f45 C++: Query metadata (precision is provisional, might up it to 'high' later). 2022-04-13 15:15:28 +01:00