hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 02:44:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,685 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jami Cogswell
960e9db2fb add missing expectation to tests 2022-10-04 12:33:24 +02:00
Tony Torralba
1857a5d311 Refactor Intent flow steps 2022-10-04 12:33:24 +02:00
Jami Cogswell
00b0a6bf38 update act tests 2022-10-04 12:33:23 +02:00
Jami Cogswell
834927c50b update tests 2022-10-04 12:33:23 +02:00
Jami Cogswell
9a7cf7db65 simplify hasName usage 2022-10-04 12:33:23 +02:00
Jami Cogswell
c7e7e24cf8 clean up files 2022-10-04 12:33:23 +02:00
Jami Cogswell
012cfebd7a resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
da7f27a7f2 add change note 2022-10-04 12:33:23 +02:00
Jami Cogswell
66b3c4687d resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
0a135a7f21 resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
0f64361065 remove simple query 2022-10-04 12:33:23 +02:00
Jami Cogswell
af812cf407 fix code scanning bot warnings 2022-10-04 12:33:23 +02:00
Jami Cogswell
47fcbdd4b4 resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
d07babe3c5 add initial framework for service and receiver test cases 2022-10-04 12:33:23 +02:00
Jami Cogswell
6cf3898101 add experimental global flow config, and clean-up some code 2022-10-04 12:33:23 +02:00
Jami Cogswell
9947b32446 resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
11ce910c38 resolved merge conflict in FlowSources 2022-10-04 12:33:23 +02:00
Jami Cogswell
7576047214 create simple query and initial experimentation 2022-10-04 12:33:23 +02:00
Nick Rolfe
dd1b302fce Ruby: revert making inActionViewContext private 2022-10-04 11:29:09 +01:00
Tony Torralba
9db65eae7f Address review comments 2022-10-04 12:27:01 +02:00
Tony Torralba
b8fa9433be Fix duplicated test 2022-10-04 12:27:01 +02:00
Tony Torralba
264d6db9d7 Rename AllowListGuard to AllowedPrefixGuard 2022-10-04 12:27:01 +02:00
Tony Torralba
90020b6aab Make block lists work with substring matching too 
A block list approach doesn't need to restrict itself to prefix matching
 2022-10-04 12:27:01 +02:00
Tony Torralba
69d1895175 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-10-04 12:27:01 +02:00
Tony Torralba
6fcaae20e7 Add tests and fix bugs highlighted by them 2022-10-04 12:27:01 +02:00
Tony Torralba
f19eb783be Generalize file/path taint steps 
This is needed by PathSanitizer but also helps simplify ZipSlip.ql
 2022-10-04 12:27:01 +02:00
Tony Torralba
4e29c39c78 Merge ZipSlip sanitization logic into PathSanitizer.qll 
Apply code review suggestions regarding weak sanitizers
 2022-10-04 12:27:01 +02:00
Tony Torralba
89d905cc03 Add change note 2022-10-04 12:27:01 +02:00
Tony Torralba
08c67fb174 Use PathInjectionSanitizer in relevant queries 2022-10-04 12:27:01 +02:00
Tony Torralba
dff878e531 Apply TaintedPath recent changes to TaintedPathLocal 2022-10-04 12:26:59 +02:00
Tony Torralba
5706e8b377 Improve PathSanitizer 
Rename PathTraversalSanitizer to PathInjectionSanitizer
 2022-10-04 12:26:17 +02:00
Tony Torralba
50ad234694 Move PathSanitizer to the main library 2022-10-04 12:26:17 +02:00
Tony Torralba
d5478a01ab Merge pull request #10671 from github/revert-10640-atorralba/fix-cartesian-product 
Java: Revert #10489 and #10640
 2022-10-04 12:25:46 +02:00
Chris Smowton
e29be411ef Merge pull request #9811 from smowton/smowton/feature/kotlin-jvmoverloads-annotation 
Kotlin: Implement JvmOverloads annotation
 2022-10-04 11:21:44 +01:00
Nick Rolfe
a738f1d5cf Ruby: remove public abstract classes for Action{View,Controller} 2022-10-04 10:53:41 +01:00
Asger F
948594043d Ruby: share type-tracking test with array test 2022-10-04 11:15:13 +02:00
Asger F
28f4dff1d3 Python: sync 2022-10-04 11:15:11 +02:00
Asger F
b6231e82ec Ruby: do not treat WithoutElement[0..!] as a type filter 2022-10-04 11:14:31 +02:00
Asger F
3ccc3a2058 Ruby: move special treatment of Hash.[] into Hash.qll 2022-10-04 11:14:31 +02:00
Asger F
94d41b9fa4 Ruby: add hook for adding type-tracking steps 
fixup docs

fixup docs

fixup TypeTrackingStep
 2022-10-04 11:14:31 +02:00
Asger F
96711b2810 Ruby: improve join order in trackInstanceRec 2022-10-04 11:14:31 +02:00
Asger F
6e7aea85ef Ruby: update benign test output 
API graph tests only report the shortest path, and a new shortest path has appeared, but the old path is still there, so this is not a regression.
 2022-10-04 11:14:31 +02:00
Asger F
c220f4e103 Ruby: prune unusable summaries earlier 
Ruby: prune more aggressively
 2022-10-04 11:14:30 +02:00
Asger F
ff4ce4a151 Ruby: use Element[n..] tokens in inject and reduce 2022-10-04 11:14:30 +02:00
Asger F
fd9c1e4507 Ruby: filter out obvious module 'prepend' calls 2022-10-04 11:14:30 +02:00
Asger F
00e52ad109 Ruby: add type-tracking variant of hash-flow test 
Ruby: fixup type-tracking hash flow test

Fixup! type-tracking hash flow test result
 2022-10-04 11:14:30 +02:00
Asger F
9302271c15 Ruby: Hack special-casing of hash literals 2022-10-04 11:14:30 +02:00
Asger F
bd11946aec Ruby: support WithoutContent steps in restricted cases 
fixup ContentFilter

fixup basicWith(out)contentstep
 2022-10-04 11:14:28 +02:00
Asger F
323abf45ca Ruby: Speed up evaluateSummaryComponentStackLocal 2022-10-04 11:12:09 +02:00
Asger F
a7d764d2a7 Ruby: Improve join order when generating edges 2022-10-04 11:12:09 +02:00