hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 04:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,686 Branches 158 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
e7f009e879 support top-level for await statements 2022-08-11 09:53:32 +02:00
Anders Schack-Mulligen
74b05d2aa4 Kotlin: Reflection test should not refer to DataFlowPrivate. 2022-08-11 09:48:10 +02:00
Anders Schack-Mulligen
87461fece4 Merge pull request #10006 from aschackmull/java/sensitive-log-dedup 
Java: Remove SensitiveLoggingQuery results that flow through a source.
 2022-08-11 09:26:33 +02:00
Anders Schack-Mulligen
ced083be61 Merge pull request #10015 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-08-11 09:20:12 +02:00
Michael Nebel
b817bd43ca Merge pull request #10005 from michaelnebel/csharp/constructorsummaries 
C#: Constructor summaries
 2022-08-11 09:16:05 +02:00
Michael Nebel
9cb4e4a61c C#: Update release note. 2022-08-11 08:57:10 +02:00
Tom Hvitved
e106edc04e Merge pull request #9989 from hvitved/csharp/lua-tracer-improvements2 
C#: Handle `dotnet exec csc.dll` and the likes in the Lua tracer
 2022-08-11 08:55:46 +02:00
github-actions[bot]
33ce9552cb Add changed framework coverage reports 2022-08-11 00:17:52 +00:00
Erik Krogh Kristensen
803e079dab fix accidental typo 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-08-10 23:23:32 +02:00
Erik Krogh Kristensen
a66229ee9d update the expected output of the misspelling test 2022-08-10 23:21:41 +02:00
Erik Krogh Kristensen
887f6557ed fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Erik Krogh Kristensen
db614bda29 generalize the ql/misspelling query to work on all kinds of comments 2022-08-10 23:21:41 +02:00
Jeroen Ketema
32a2363f85 C++: Add change note 2022-08-10 21:11:59 +02:00
Jeroen Ketema
32db845af8 C++: Add DB scheme upgrade and downgrade scripts 2022-08-10 21:11:58 +02:00
Jeroen Ketema
bdd8f2bbe9 C++: Update DB scheme stats file 2022-08-10 21:11:58 +02:00
Jeroen Ketema
8528e6b8e1 C++: Update test results for exposing attribute arguments as proper constants 2022-08-10 21:11:58 +02:00
Jeroen Ketema
b20961a065 C++: Expose constant expressions as attribute arguments 2022-08-10 21:11:58 +02:00
Jeroen Ketema
553f1c496e C++: Update DB scheme to allow for constant expression as attribute arguments 2022-08-10 21:11:58 +02:00
Jeroen Ketema
9ae9b89529 C++: Improve accuracy of AttributeArgument.getValueText QLDoc 2022-08-10 21:11:58 +02:00
Jeroen Ketema
0e12c9d8b1 C++: Simplify this suppression for specifiers 2022-08-10 21:11:58 +02:00
Geoffrey White
d16a7754e1 Swift: Take out common code. 2022-08-10 19:04:01 +01:00
Geoffrey White
d7f50eafae Swift: Minor fixes. 2022-08-10 19:03:52 +01:00
Geoffrey White
11f45cf20c Swift: Add expectation annotations. 2022-08-10 18:53:45 +01:00
Geoffrey White
c2ee5fe258 Swift: Add inlineExpectations test. 2022-08-10 18:47:46 +01:00
Chris Smowton
cc8e9806c4 Merge pull request #10009 from smowton/smowton/java17-options 
Java: Adapt tests as required by JDK17 extractor upgrade
 2022-08-10 18:46:06 +01:00
Chris Smowton
bf24d7886a Accept test changes 2022-08-10 18:10:02 +01:00
Chris Smowton
341241cf43 Use SrcFloatingPointLiteral 2022-08-10 17:28:14 +01:00
Mathias Vorreiter Pedersen
56fddd75bb Merge pull request #10000 from geoffw0/defaulttaint 
Swift: Taint flow improvements
 2022-08-10 16:30:09 +01:00
Alex Ford
7a61f59b1e Ruby: add change note for new rb/log-injeciton query 2022-08-10 16:17:55 +01:00
Alex Ford
44c4b9ba5c Ruby: add rb/log-injection test cases 2022-08-10 16:17:37 +01:00
Alex Ford
00e290e1f1 Ruby: document rb/log-injection 2022-08-10 16:17:18 +01:00
Alex Ford
c31995764b Ruby: add rb/log-inection query 2022-08-10 16:16:54 +01:00
Geoffrey White
6ffe5fcaed Swift: Comment some other cases. 2022-08-10 15:46:32 +01:00
Geoffrey White
537caf85f2 Swift: Fix cartesian product. 2022-08-10 15:46:30 +01:00
Geoffrey White
e09e64ee85 Swift: Restrict taint flow through + to strings. 2022-08-10 15:46:28 +01:00
Geoffrey White
f3499e98a4 Swift: Move try, ! to dataflow. 2022-08-10 15:13:04 +01:00
Nora Dimitrijević
cce39fb2ce Merge pull request #9998 from d10c/use-strcpyfunction-in-bad-strncpy-size 
Use StrcpyFunction in `cpp/bad-strncpy-size`

This PR:

- Uses the [StrcpyFunction](https://github.com/github/codeql/blob/main/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll#L14) class in the [StrncpyFlippedArgs](https://github.com/github/codeql/blob/main/cpp/ql/src/Likely%20Bugs/Memory%20Management/StrncpyFlippedArgs.ql) query instead of an ad-hoc predicate for finding strcpy-like functions.
- Tests this by adding one previously unsupported strcpy-like function (`wcsxfrm_l`) to StrncpyFlippedArgs's test.cpp.
 2022-08-10 15:11:20 +02:00
Tamás Vajk
b2c22dacc2 Merge pull request #9769 from tamasvajk/fix/ctor-field-flow 
C#: Fix dataflow for default constructors
 2022-08-10 15:06:25 +02:00
Anders Schack-Mulligen
abad133ab5 Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow. 2022-08-10 15:02:56 +02:00
Michael Nebel
0d83b7cbd0 C#: Add release note. 2022-08-10 14:58:22 +02:00
Anders Schack-Mulligen
cbd6d24b9c Merge pull request #9963 from intrigus-lgtm/java/model-set-properties 
Model `java.util.Properties.setProperty`
 2022-08-10 14:51:00 +02:00
Michael Nebel
da30436c44 C#: Update flow summaries test case with new summaries. 2022-08-10 14:49:20 +02:00
Michael Nebel
c3adb990a3 C#: Update SQL Injection with testcase with found vulnerability. 2022-08-10 14:49:20 +02:00
Michael Nebel
36a713510c C#: Add summary models for the FileStream constructor. 2022-08-10 14:49:20 +02:00
Michael Nebel
504160fee4 C#: Update expected file for Sql injection and Second Order sql injection (note that this is already a second order sql injection). 2022-08-10 14:49:20 +02:00
Michael Nebel
5c47ae3f98 C#: Add testcase for unsanitized filename used in Filestream. 2022-08-10 14:49:20 +02:00
Michael Nebel
1355931b50 C#: Update SecondOrder SQL Injection test case expected output with vulnerability from test case. 2022-08-10 14:49:19 +02:00
Michael Nebel
ced9ee5f5d C#: Update FlowSummaries test expected output after addition of new summaries. 2022-08-10 14:49:19 +02:00
Anders Schack-Mulligen
ecc15a1f95 Java: Remove SensitiveLoggingQuery results that flow through a source. 2022-08-10 14:28:07 +02:00
Michael Nebel
736ae4f7d6 C#: Update FlowSummaries expected output. 2022-08-10 14:23:54 +02:00