hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 22:02:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
94a72ec051 Java: Refactor SummarizedCallable. 2022-05-19 11:10:58 +02:00
Michael Nebel
73802cbd6d Ruby: Refactor SummarizedCallable. 2022-05-19 11:04:18 +02:00
Michael Nebel
be79f20ef1 C#: Refactor SummarizedCallable. 2022-05-19 11:03:50 +02:00
Stephan Brandauer
b928ca518f update dependency version to 4.7.1-rc 2022-05-19 10:47:08 +02:00
Erik Krogh Kristensen
fff70da650 Merge pull request #9182 from erik-krogh/useStringComp 
use string equality instead of regexps to compare constant strings
 2022-05-19 10:42:37 +02:00
Tom Hvitved
eef5022e3d Merge pull request #9014 from michaelnebel/csharp/dataflowcallablerefactor 
C#: Dataflow callable refactoring.
 2022-05-19 09:02:38 +02:00
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Rasmus Wriedt Larsen
6611e5b4b8 Merge branch 'main' into promote-pam 2022-05-18 10:35:39 +02:00
Anders Schack-Mulligen
a4dac9fd2b Merge pull request #9201 from Marcono1234/marcono1234/NumericType-type-qll 
Java: Move `NumericType` to `Type.qll`
 2022-05-18 10:31:40 +02:00
Rasmus Wriedt Larsen
b54de13d97 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-05-18 10:30:29 +02:00
Tom Hvitved
209a1e4bd8 Merge pull request #9202 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-18 10:26:55 +02:00
Tom Hvitved
5e57e82997 Merge pull request #9191 from hvitved/ruby/taint-tracking-stage 
Ruby: Force cached taint tracking predicates to be evaluated in data flow stage
 2022-05-18 09:54:38 +02:00
Anders Schack-Mulligen
af7df79289 Autoformat 2022-05-18 09:38:11 +02:00
Anders Schack-Mulligen
a4a004a322 Java: Simplify recursion prevention. 2022-05-18 09:27:55 +02:00
Anders Schack-Mulligen
d4c9fddae3 Java: Use fastTC. 2022-05-18 09:27:54 +02:00
Anders Schack-Mulligen
48ab5b2403 C#/Ruby/Java: Fix references. 2022-05-18 09:27:54 +02:00
Anders Schack-Mulligen
829eb7f7a5 C#/Ruby: Sync FlowSummaryImpl. 2022-05-18 09:27:48 +02:00
Anders Schack-Mulligen
25fda206b2 Java: Prevent accidental recursion through AdditionalValueStep. 2022-05-18 09:25:23 +02:00
Anders Schack-Mulligen
1d3b3204df Merge pull request #9190 from hvitved/dataflow/summary-arg-param-no-materialize 
Data flow: Do not materialize `summaryArgParam`
 2022-05-18 09:17:57 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Tom Hvitved
23ee033a57 C#: Review fixes 2022-05-18 07:48:21 +02:00
Michael Nebel
df6d86b9aa C#: Use getUnderlyingCallable instead of asCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
6f7af11517 C#: Needs to be updated as SummaryParameterNodes are printed slightly different. 2022-05-18 07:48:21 +02:00
Michael Nebel
b41bb3fe08 C#: System.Web.HttpResponse.Write is now considered safe (known) and will this not show up as untrusted external API. 2022-05-18 07:48:21 +02:00
Michael Nebel
97c6d7884d C#: Source and Sink models are now also considered summarized callables and thus considered safe as they are known external APIs. 2022-05-18 07:48:21 +02:00
Michael Nebel
aeadad62be C#: Improve implementation. 2022-05-18 07:48:21 +02:00
Michael Nebel
26e2cad528 C#: Improve getCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
f78def5316 C#: Hide SummaryParamterNodes from path explanations. 2022-05-18 07:48:21 +02:00
Michael Nebel
220526f305 C#: Fix issues with summarized callables parameter types and other casting issues. 2022-05-18 07:48:21 +02:00
Michael Nebel
2c414b2201 C#: Add Summary parameter nodes. 2022-05-18 07:48:21 +02:00
Michael Nebel
0e3fc464a3 C#: Use SummarizedCallable external instead of the internal. 2022-05-18 07:48:20 +02:00
Michael Nebel
b578fcb069 C#: Use the external SummarizedCallable implementation. 2022-05-18 07:48:20 +02:00
Michael Nebel
4f7297715d C#: Also extract callable from FlowSummary SummarizedCallable in DataFlowCallable. 2022-05-18 07:48:20 +02:00
Michael Nebel
3fa990a984 C#: Make sure that all callables with a summary are added to the external SummarizedCallable class. 2022-05-18 07:48:20 +02:00
Michael Nebel
4810419dfd C#: Extend SummarizedCallable from FlowSummaryImpl. 2022-05-18 07:48:20 +02:00
Michael Nebel
eb022118f3 C#: Fix issue in ExternalApi. 2022-05-18 07:48:20 +02:00
Michael Nebel
68055bc022 C#: Update flow summaries test code. 2022-05-18 07:48:20 +02:00
Michael Nebel
c8a7354086 C#: Refactor to align implementation between languages. 2022-05-18 07:48:20 +02:00
Michael Nebel
0d61a2c797 C#: Add QL doc to SummarizedCallable. 2022-05-18 07:48:20 +02:00
Michael Nebel
2f2ca18898 C#: Update dependencies. 2022-05-18 07:48:20 +02:00
Michael Nebel
e70a283cfd C#: Initial refactor of SummarizedCallable and DataFlowCallable (dependencies needs to be updates). 2022-05-18 07:48:19 +02:00
github-actions[bot]
91694b4bac Add changed framework coverage reports 2022-05-18 00:15:25 +00:00
Marcono1234
c53d315697 Java: Move NumericType to Type.qll 2022-05-18 01:40:17 +02:00
Cornelius Riemenschneider
415c3d1c72 Merge pull request #740 from github/criemen/lua-tracing-config 
Update Lua tracing config.
 2022-05-18 01:03:16 +02:00
Cornelius Riemenschneider
d352253b02 Merge pull request #9187 from github/criemen/lua-tracing-configs 
Update Lua tracing configs.
 2022-05-18 01:03:15 +02:00
Erik Krogh Kristensen
d5f0446940 exclude self parameter from the API-graph edge for keywordParameter 2022-05-17 22:34:38 +02:00
Taus
b2fe615ef2 Python: Modernise weak file permissions query 
Using API graphs instead of points-to.

Unfortunately, some results will be lost because of this, due to the
fact that points-to tracks bitwise operations on small numbers (i.e.
flags), whereas API graphs does no such thing. This means using
something like `stat.S_IWUSR | stat.S_IWGRP` will not work.

A custom type tracker (like the one used for `re` flags) could be used
to recapture this behaviour, but I think that's best left as future
work, as it's not clear to me that this query is actually worth the
effort it would take to implement this.
 2022-05-17 20:20:15 +00:00
Mathias Vorreiter Pedersen
5d625d6156 Merge pull request #9188 from MathiasVP/fix-GetAPrimaryQlClassConsistency-for-swift 2022-05-17 20:47:24 +01:00
Erik Krogh Kristensen
6c7c9b6a4b Merge pull request #9082 from erik-krogh/countZero 
QL: add query warning about `count(...) = 0`.
 2022-05-17 21:46:58 +02:00
Mathias Vorreiter Pedersen
a6ac14f4de QL: Allow class + 'Base' in 'ql/primary-ql-class-consistency'. 2022-05-17 16:54:12 +01:00