hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,688 Branches 158 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Lynagh
2edeeaac0e Merge pull request #9801 from igfoo/igfoo/psi 
Kotlin: We can't extract comments for < 1.5.20
 2022-07-12 11:01:30 +01:00
Ian Lynagh
965f5a980a Java/Kotlin: Add changenote for ErrorType 2022-07-12 10:58:16 +01:00
Henry Mercer
2ddcf8364c Merge pull request #9585 from github/henrymercer/packaging-on-ghes 
Docs: Document packaging support for CodeQL CLI 2.9.4+ on GHES 3.6+
 2022-07-12 10:36:03 +01:00
Paolo Tranquilli
033b239b22 Swift: collapse TypeRepr hierarchy 
Now `TypeRepr` is a final class in the AST, which is more or less just
a type with a location in code.

As the frontend does not provide a direct way to get a type from a
type representation, this information must be provided when fetching
the label of a type repr.

This meant:
* removing the type repr field from `EnumIsCaseExpr`: this is a virtual
  AST node introduced in place of some kinds of `IsEpxr`. The type
  repr is still available from the `ConditionalCheckedCastExpr` wrapped
  by this virtual node, and we will rebuild the original `IsExpr` with
  the IPA layer.
* some logic to get the type of keypath roots has been added to
  `KeyPathExpr`. This was done to keep the `TypeRepr` to `Type` relation
  total in the DB, but goes against the design of a dumb extractor. The
  logic could be moved to QL in the future
* in the control flow library, `TypeRepr` children are now ignored. As
  far as I can tell, there is no runtime evaluation going on in
  `TypeRepr`s, so it does not make much sense to have control flow
  through them.
 2022-07-12 10:49:14 +02:00
Nick Rolfe
685389d219 Merge pull request #9797 from github/nickrolfe/railties_fix 
Ruby: fix defining every dataflow node as a command execution sink
 2022-07-12 09:30:55 +01:00
Jeroen Ketema
c75599c3da C++: Clarify the "most-specific" part of FunctionCall:getTarget 2022-07-12 10:28:19 +02:00
Nick Rolfe
217c9a8aaf Fix typo in changenote 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-07-12 08:50:58 +01:00
Paolo Tranquilli
47a4cac8ee Merge branch 'main' into redsun82/swift-extraction 2022-07-12 09:29:10 +02:00
Paolo Tranquilli
70838fe57f Merge pull request #9774 from github/redsun82/swift-disable-change-note-check 
Swift: disable change note checking for now
 2022-07-12 09:28:37 +02:00
Shyam Mehta
65b9947428 Incorporate jksco's feedback 2022-07-12 02:02:31 -04:00
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Aditya Sharad
02e11b7ee9 Docs: Add links from query help to query pack changelog for each language 2022-07-11 13:59:38 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Raul Garcia
e5702d0e15 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 13:07:37 -07:00
Raul Garcia
7fc9ae6c49 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 13:07:20 -07:00
Andrew Eisenberg
022acf2de0 Merge pull request #9570 from github/aeisenberg/docs/packs-with-paths 
Update docs to include how to run a pack with path
 2022-07-11 11:40:11 -07:00
Ian Lynagh
960d1dba8a Kotlin: We can't etract comments for < 1.5.20 
We were making our own PsiSourceManager, but that didn't know about any
IrFile -> PsiFile mappings.
 2022-07-11 19:36:43 +01:00
Ian Lynagh
4c68624b00 Kotlin: Pass a FileLogger to Psi2Ir 2022-07-11 19:17:21 +01:00
Ian Lynagh
b9072a3594 Kotlin: Share a Psi2Ir instance 2022-07-11 18:57:43 +01:00
Henry Mercer
4704269086 Add example registry authentication string 2022-07-11 18:36:03 +01:00
Nick Rolfe
a3628b06f1 Ruby: fix markup in changenote 2022-07-11 17:23:45 +01:00
Nick Rolfe
032aa56dc3 Ruby: add change note for system command execution sink bug 2022-07-11 17:00:07 +01:00
Nick Rolfe
6632dfaf88 Ruby: fix another SystemCommandExecution::isShellInterpreted implementation 2022-07-11 16:53:30 +01:00
Raul Garcia
5d89a5d164 Update csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 08:42:50 -07:00
Raul Garcia
156bc34cda Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-11 08:41:05 -07:00
thiggy1342
ad7c3e7217 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-11 10:20:07 -04:00
thiggy1342
539fbbc126 Merge branch 'main' into experimental-strong-params 2022-07-11 10:20:00 -04:00
Nick Rolfe
348ad95fc0 Ruby: fix defining every dataflow node as a command execution sink 2022-07-11 15:06:27 +01:00
Paolo Tranquilli
93d06daf67 Swift: allow skipping fields in cppgen 
Some fields of base classes pose some problems with diamond hierarchies,
and we don't use them any way as we are emitting them using directly
trap entries instead of structured C++ classes.

This introduces a `cpp_skip` pragma to skip generation of those fields
in structured generated C++ classes, and applies it to `is_unknown` and
`location`.
 2022-07-11 15:59:21 +02:00
Paolo Tranquilli
39406436bf Swift: extract IfConfigDecl 
This also adds `UnresolvedDeclRefExpr` tests, as `IfConfigDecl`
consistently introduces those.
 2022-07-11 15:11:13 +02:00
Ben Rodes
a6048dd594 Merge branch 'github:main' into main 2022-07-11 08:49:13 -04:00
Jeroen Ketema
93a4a32527 Merge pull request #9786 from jketema/lossy 
C++: LossyFunctionResultCast updates
 2022-07-11 14:14:33 +02:00
Robert Marsh
bbd7e62341 Merge pull request #9793 from jketema/nullness 
C++: Add tests for `AnalysedExpr::isNullCheck` and `AnalysedExpr::isValidCheck`
 2022-07-11 08:07:24 -04:00
Ian Lynagh
28a8999b74 Java: Add an upgrade script 2022-07-11 12:09:48 +01:00
Ian Lynagh
aa07600f5a Java: Update stats 2022-07-11 12:09:48 +01:00
Erik Krogh Kristensen
9ed7aa9fae exclude variables in .vue files form js/unused-local-variable 2022-07-11 12:52:23 +02:00
Chris Smowton
74641ccfee Simplify test for no-arg constructor 2022-07-11 11:01:19 +01:00
Jeroen Ketema
6b2154eb8b C++: Add tests for AnalysedExpr::isNullCheck and AnalysedExpr::isValidCheck 2022-07-11 11:54:48 +02:00
Paolo Tranquilli
7d5dd384c3 Swift: extract UnresolvedPatternExpr 2022-07-11 10:59:00 +02:00
Paolo Tranquilli
7c3cadc9b6 Swift: extract OpenedArchetypeType 2022-07-11 10:48:21 +02:00
thiggy1342
e8e8da1b31 fix lib test expect for ActionController 2022-07-08 19:01:01 +00:00
thiggy1342
5d3232c614 refactor to use data flow 2022-07-08 18:53:24 +00:00
thiggy1342
96e66c4a50 move tests 2022-07-08 18:39:04 +00:00
thiggy1342
0435105d16 Merge remote-tracking branch 'upstream/main' into experimental-strong-params 2022-07-08 18:36:09 +00:00
thiggy1342
6aab970a9e refactor query to use cfg and dataflow 2022-07-08 18:32:54 +00:00
thiggy1342
bd50fd7f1e format fix 2022-07-08 17:20:41 +00:00
thiggy1342
11e39aa030 Add changelog 2022-07-07 21:40:16 +00:00
thiggy1342
940254d251 update framework tests 2022-07-07 19:39:59 +00:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00