hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 01:14:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,679 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
70b48ad213 Merge pull request #10896 from jsoref/codeowners-codeql-frontend-reviewers 
Fix CODEOWNERS docs/codeql paths
 2022-10-20 09:26:03 +02:00
Paolo Tranquilli
9abaa5c0b3 Swift: rename doc_name with doc in properties 2022-10-20 08:59:08 +02:00
Paolo Tranquilli
492d5aec78 Swift: rename doc to description in properties 2022-10-20 08:57:41 +02:00
Josh Soref
2d83b86e1a Fix CODEOWNERS docs/codeql/ paths 
* codeql-cli
* codeql-for-visual-studio-code
* ql-language-reference path
 2022-10-19 23:36:42 -04:00
Josh Soref
8fa524cd52 spelling: substitution 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 23:27:19 -04:00
Josh Soref
7cc61ec018 spelling: monotonic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 23:27:19 -04:00
Josh Soref
cd0e69ae32 spelling: meaningful 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 23:27:19 -04:00
Erik Krogh Kristensen
534574f4d9 Merge pull request #10764 from pwntester/javascript_xss_improvements 
JS: Consider other XSS unsafe content-types when reasoning about XSS vulnerabilities
 2022-10-19 21:53:24 +02:00
Geoffrey White
5b1e138300 Swift: Another qhelp edit. 2022-10-19 20:49:26 +01:00
Geoffrey White
495f744cd3 Swift: Attempt to address qhelp suggestions. 2022-10-19 20:44:27 +01:00
Geoffrey White
05d9c7b892 Swift: More 'an SQL' -> 'a SQL'. 2022-10-19 19:44:59 +01:00
Geoffrey White
83dc6d1564 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-10-19 19:42:35 +01:00
Ian Lynagh
74a4061508 Kotlin: Refactor PSI handling 
We were giving warnings about comments, when we were actually trying to
populate numlines.
 2022-10-19 18:02:24 +01:00
Alvaro Muñoz
245be44eac Merge branch 'main' into javascript_xss_improvements 2022-10-19 18:18:19 +02:00
dependabot[bot]
c3693f1a20 Swift: bump actions/setup-python from 3 to 4 
Also fixes python version with a `.pythonversion` file.

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-19 18:10:42 +02:00
Chris Smowton
c6b62c934b Merge pull request #10853 from smowton/smowton/fix/specialised-anon-classes 
Kotlin: extract called private methods of specialised types, and specialised instances of anonymous types
 2022-10-19 16:48:28 +01:00
Tony Torralba
c2a2d6b379 Fix LaunchOptionsUrlVarDecl 
Update test expectations
 2022-10-19 17:42:28 +02:00
Jami Cogswell
b7f360647e rename change note 2022-10-19 11:37:42 -04:00
Henry Mercer
6a12d676b8 Merge pull request #10878 from jsoref/spelling-ml 
Spelling ml
 2022-10-19 16:28:06 +01:00
Paolo Tranquilli
6426b8dc7e Merge pull request #10891 from github/alexdenisov/xcode-autobuilder-tests 
Swift: add Xcode autobuilder tests
 2022-10-19 17:19:21 +02:00
ALJI Mohamed
9163cbec09 Restrict the reach for an additional taint step 2022-10-19 16:08:49 +01:00
Jami Cogswell
e5982f19fa minor updates 2022-10-19 11:05:40 -04:00
ALJI Mohamed
25a7fcffc0 Add an additional taint step 2022-10-19 16:01:34 +01:00
Tony Torralba
0678b06a9b Apply review suggestions 2022-10-19 16:58:43 +02:00
Chris Smowton
4da480ecc0 Accept test changes resulting from correctly mapping extension methods' default proxies 2022-10-19 15:56:17 +01:00
Tony Torralba
e2c9240973 Add a new Custom URL Scheme source 
Also adds a couple of data flow steps to model flow through `?` expressions.
 2022-10-19 16:55:14 +02:00
Chris Smowton
14b8892ced Don't create interface forwarders for other interfaces, and target super accesses correctly 
Intermediate interfaces don't need interface forwarders, since the Kotlin compiler won't try to make them non-abstract by synthesising methods.

Super references should always target an immediate superclass, not the ancestor containing the intended implementation.
 2022-10-19 15:37:06 +01:00
Alex Denisov
bb31ff7aef Swift: drop redundant workflow 2022-10-19 16:36:45 +02:00
Alex Denisov
7790abce22 Swift: better CI names 2022-10-19 16:31:27 +02:00
Tony Torralba
25241276b0 Add change note 2022-10-19 16:29:36 +02:00
Alex Denisov
f6cfeab357 Swift: add Xcode autobuilder to CI 2022-10-19 16:29:08 +02:00
Tony Torralba
429bd5fbd8 Add flow summaries for startActivities 
Uses SyntheticCallables and SyntheticGlobals to pair each startActivities call to getIntent calls in the components targeted by the intent(s).
 2022-10-19 16:25:04 +02:00
Alex Denisov
95b7e8abb5 Swift: make xcode-autobuilder tester work with several tests 2022-10-19 16:20:32 +02:00
Ian Lynagh
71b649558b Merge pull request #10648 from igfoo/igfoo/lockless 
Kotlin: Implement lockless TRAP writing
 2022-10-19 15:04:19 +01:00
Alex Denisov
e51485595c Swift: introduce xcode-autobuilder tests 2022-10-19 16:04:07 +02:00
Erik Krogh Kristensen
8086d37cfc Merge pull request #10840 from erik-krogh/html_safe 
RB: simplify html_safe modeling
 2022-10-19 15:02:21 +02:00
ALJI Mohamed
d6fa745279 Add TarSlip Improv query 2022-10-19 14:01:40 +01:00
Tamas Vajk
3e476f96bd Kotlin: Exclude captured variables from constant loop condition check 2022-10-19 15:01:17 +02:00
Jami Cogswell
961e5c72a3 minor updates 2022-10-19 08:44:35 -04:00
Tamas Vajk
0bc57410a0 Kotlin: Add FP test case for constant loop condition 2022-10-19 14:19:49 +02:00
Ian Lynagh
24a84875ad Merge pull request #10879 from jsoref/spelling-kotlin 
Spelling kotlin
 2022-10-19 12:26:52 +01:00
erik-krogh
3dd89bb7bf remove duplicate alerts due to multiple states reaching the same sink 2022-10-19 13:19:18 +02:00
Tom Hvitved
9e5d9f897f Merge pull request #10824 from jsoref/spelling-csharp 
Spelling csharp
 2022-10-19 13:16:02 +02:00
Ian Lynagh
83a3ae64c4 Kotlin: Accept test changes 2022-10-19 12:14:39 +01:00
Ian Lynagh
c9cf33dd20 Kotlin: Nest TRAP files inside their basename 2022-10-19 12:14:39 +01:00
Ian Lynagh
dff1cf4c48 Kotlin: Don't write TRAP files that are already out-of-date 2022-10-19 12:14:38 +01:00
Ian Lynagh
e6e0fe0cd4 Kotlin: Tweak custom_plugin/diagnostics test 2022-10-19 12:14:38 +01:00
Ian Lynagh
b251078976 Kotlin: Implement lockless TRAP writing 
Rather than using lock files and rewriting TRAP file, and storing the
metadata in a .metadata file, we now encode the metadata in the filename
and rename all but the newest TRAP file so that the importer doesn't
see them.

So we might end up with e.g.
    Text.members#0.0-1664381081060-java.trap.gz
    Text.members#55.0-1658481279000-java.trap-old.gz
    Text.members#55.0-1664381081060-java.trap-old.gz

For now, you can go back to the old system by setting
    CODEQL_EXTRACTOR_JAVA_TRAP_LOCKING=true
in the environment.
 2022-10-19 12:14:38 +01:00
erik-krogh
226bd1f321 add flow-state support to sanitizers in code-execution, and use that to refactor the string-concatenation-sanitizer 2022-10-19 13:06:54 +02:00
erik-krogh
3e51f6fa8e use flow-states to remove FPs related to an attacker only controlling a substring in code-injection 2022-10-19 13:00:44 +02:00