hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 02:44:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,685 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
8c43ab627f Ruby: go to local source in load-store steps 2022-10-04 11:11:50 +02:00
Tony Torralba
2deb3e5625 Reapply "Java: Fix cartesian product" 
This reverts commit c1654ce7cc.
 2022-10-04 11:11:44 +02:00
Asger F
8b389fe5f9 Ruby: use getACallSimple in more Hash methods 2022-10-04 11:08:46 +02:00
Asger F
74c3886167 Ruby: use getACallSimple in more Array methods 2022-10-04 11:08:46 +02:00
Asger F
c06743afb5 Ruby: update benign test updates 2022-10-04 11:08:46 +02:00
Asger F
f75f27d30e Ruby: update test 2022-10-04 11:08:46 +02:00
Asger F
5b2d8b0894 Ruby: make Array.each a simple summary 2022-10-04 11:08:46 +02:00
Asger F
fbab0f50f2 Ruby: Evaluate longer summary component stacks 2022-10-04 11:08:46 +02:00
Asger F
0000a7d429 Ruby: Summarize load-store steps in type-tracking 
fixup to LoadStore
 2022-10-04 11:08:44 +02:00
Asger F
a4d4e406c6 Ruby: Summarize level steps in type tracking 2022-10-04 11:06:44 +02:00
Asger F
1c484d80aa Ruby: add some calls to .each in call graph test 2022-10-04 11:06:44 +02:00
Asger F
ab672ded6a Ruby: strip trailing whitespace in calls.rb test 2022-10-04 11:06:44 +02:00
tyage
7205903a36 Using implicit this 2022-10-04 18:06:30 +09:00
Chris Smowton
58cb5446c3 Add cross-check to getValueParameterLabel 2022-10-04 10:04:18 +01:00
Tony Torralba
281e49daf7 Revert "Java: Add CompilationUnit.getATypeAvailableBySimpleName()" 
This reverts commit 431aa2cb79.
 2022-10-04 10:59:45 +02:00
Tony Torralba
01b950f68b Revert "Java: Rename predicate to getATypeInScope" 
This reverts commit fd99ae78b3.
 2022-10-04 10:59:43 +02:00
Tony Torralba
df29e05b9f Revert "Java: Adjust ImpossibleJavadocThrows.ql" 
This reverts commit c40b6285a2.
 2022-10-04 10:59:39 +02:00
Tom Hvitved
12536578d4 Merge pull request #10664 from hvitved/type-tracking-more-caching 
Ruby/Python: Cache more type tracking predicates
 2022-10-04 10:58:41 +02:00
tyage
f47c02431a Merge branch 'main' into property-stringify 2022-10-04 09:57:54 +01:00
tyage
6ec2abbd2d add change note 2022-10-04 17:57:08 +09:00
Tony Torralba
c1654ce7cc Revert "Java: Fix cartesian product" 2022-10-04 10:56:32 +02:00
tyage
192c1f3d89 make test json.stringify 2022-10-04 17:40:52 +09:00
Mathias Vorreiter Pedersen
2593120300 Merge pull request #10597 from geoffw0/swifttaintsource 
Swift: URL taint sources
 2022-10-04 09:22:27 +01:00
tyage
726cd2ca8a refactor test 2022-10-04 17:11:37 +09:00
tyage
9df0720da9 refactoring 2022-10-04 17:05:49 +09:00
tyage
2006ae8332 rename file 2022-10-04 17:05:15 +09:00
Tom Hvitved
76abf6fbd6 C#: Add another dotnet run integration test 2022-10-04 09:56:24 +02:00
Tom Hvitved
01830904ff C#: Recognize options to dotnet run in tracer when injecting -p:UseSharedCompilation=false 2022-10-04 09:54:48 +02:00
Tamas Vajk
2c467376ea Revert "Only log once the missing java-kotlin method mapping warnings" 
This reverts commit 7524f3372d.
 2022-10-04 08:54:07 +02:00
tyage
8a7f23a8ea support VarRef 2022-10-04 14:45:39 +09:00
tyage
33d204913c add test for json stringify xss 2022-10-04 14:45:09 +09:00
Dilan Bhalla
888d756472 Merge branch 'dilan-java/guidance-exectainted' of https://github.com/dilanbhalla/codeql into dilan-java/guidance-exectainted 2022-10-03 14:49:45 -07:00
Dilan Bhalla
536276a82b Merge branch 'main' of https://github.com/github/codeql into dilan-java/guidance-exectainted 2022-10-03 14:48:50 -07:00
dilanbhalla
35948b097d Merge branch 'main' into dilan-java/guidance-exectainted 2022-10-03 13:56:05 -07:00
Rasmus Wriedt Larsen
d7be27a1c0 Python: Fix experimental py/ip-address-spoofing 
I realized the modeling was done in a non-recommended way, so I changed
the modeling. It was very nice that I could use API graphs for the flask
part, and a little sad when I couldn't for Django/Tornado.
 2022-10-03 21:19:30 +02:00
Harry Maclean
42a97b26bb Merge pull request #10316 from hmac/hmac/actionview 
Ruby: Model ActionView
 2022-10-04 08:16:16 +13:00
Rasmus Wriedt Larsen
b01a0ae696 Python: Adjust .expected after flask source change 
It's really hard to audit that this is all good.. I tried my best with
`icdiff` though -- and there is a problem with
ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
that needs to be fixed in the next commit
 2022-10-03 20:35:49 +02:00
Robert Marsh
98f4caf76f Merge pull request #10645 from MathiasVP/add-more-range-analysis-tests 
C++: Port SimpleRangeAnalysis tests to the new range-analysis
 2022-10-03 14:34:56 -04:00
Robert Marsh
8d1817bc48 Merge pull request #10635 from MathiasVP/add-heuristic-allocation-class 
C++: Recognize allocation functions heuristically
 2022-10-03 14:34:09 -04:00
Tom Hvitved
e57c3bec63 Sync files 2022-10-03 20:29:39 +02:00
Tom Hvitved
bc3e9339dc Ruby: Cache more type tracking predicates 2022-10-03 20:29:17 +02:00
Dilan Bhalla
bff2633f8d java guidance: experimental version of exectainted 2022-10-03 11:18:17 -07:00
Ed Minnix
c6f91500f0 Update query description to better describe issue 2022-10-03 13:12:53 -04:00
Mathias Vorreiter Pedersen
872615bd58 Merge pull request #10536 from karimhamdanali/ecbmode 
Swift: check for using ECB encryption mode
 2022-10-03 17:53:10 +01:00
Ed Minnix
52d519765a Merge ContentProvider tests into one manifest 
Merge the read-only, write-only, read-write, and full test cases into
one AndroidManifest.xml file.

Also added the not-exported test case.
 2022-10-03 12:16:45 -04:00
Ed Minnix
09077935b1 Added query change note 2022-10-03 11:30:43 -04:00
Edward Minnix III
071f082b64 Add mention of content provider in query description 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-10-03 11:21:33 -04:00
Edward Minnix III
2970e8c76a Remove redundant documentation 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2022-10-03 11:21:02 -04:00
Edward Minnix III
cfc0bb595f Documentation fix for hasIncompletePermissions 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-10-03 11:20:15 -04:00
Ian Lynagh
01fe465bdf Kotlin: Make MiniStdLib more closely match the real stdlib 2022-10-03 16:16:11 +01:00