hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 11:52:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,686 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
6f06267892 Java: Implement union type flow. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
7692a9e2e7 Java: Minor TypeFlow tweaks. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
85d4742a01 Java: Add dispatch test showing lack of union types. 2022-09-13 13:30:40 +02:00
Mathias Vorreiter Pedersen
c7ccff2e20 C++: Accept test changes. 2022-09-13 12:11:22 +01:00
Asger F
d3d47a261c JS: Accept test output again 2022-09-13 11:56:51 +02:00
Tom Hvitved
4247843a27 Ruby: Adjust the scope of singleton class targets 
In

```rb
class << x
  ...
end
```

the scope of `x` is not the singleton class itself, but rather the outer scope.
 2022-09-13 11:39:38 +02:00
Tom Hvitved
87db5fc6b1 Ruby: Add tests for getEnclosing{Method,Module} 2022-09-13 11:39:15 +02:00
Erik Krogh Kristensen
2739b9cfd8 Merge pull request #10390 from erik-krogh/unmentionedGuard 
QL: add unmentioned guard class query
 2022-09-13 11:04:13 +02:00
Paolo Tranquilli
9227203336 Swift: print a helpful message on macOS ARM 
Also remove the tentative way compilation was expected to be fixed on
macOS ARM without really working.

In the future we will create universal binaries (which requires
compiling our prebuilt package for ARM as well), but until then we must
require the developer to pass `--cpu=darwin_x86_64` to the build
command when building on an ARM macOS platform like the M1. This will be
printed out explicitly now if it's not the case.
 2022-09-13 11:00:47 +02:00
Erik Krogh Kristensen
86417cec34 Merge pull request #10381 from erik-krogh/protoList 
JS: recognize a list of bad strings as a sanitizer for `js/prototype-polluting-assignment`
 2022-09-13 11:00:29 +02:00
Asger F
87ab16a7af JS: Update test expectations 2022-09-13 10:59:12 +02:00
erik-krogh
063c76b6d1 apply suggestions from review 2022-09-13 10:52:23 +02:00
Mathias Vorreiter Pedersen
4130616ab1 C++: Use experimental dataflow for the product flow library. 2022-09-13 09:41:03 +01:00
Robert Marsh
ededfaa40b C++: use-use flow in ArrayAccessProductFlow 2022-09-13 09:39:39 +01:00
Robert Marsh
0fcfe5772f C++: query-specific model for ffmpeg allocator 2022-09-13 09:39:31 +01:00
Robert Marsh
61017a7997 C++: prevent a bad join order 2022-09-13 09:39:11 +01:00
Mathias Vorreiter Pedersen
7f6b400b78 Merge pull request #10366 from MathiasVP/use-use-flow-in-experimental 
C++: Use-use flow in `experimental`
 2022-09-13 09:30:48 +01:00
Asger F
eca2632a3e JS: Add change note 2022-09-13 10:17:34 +02:00
Asger F
f411798101 JS: Fix typo in alert message 2022-09-13 10:13:34 +02:00
Asger F
b4e6fb781a JS: Consider empty regexp to be obviously empty 2022-09-13 10:13:03 +02:00
Rasmus Lerchedahl Petersen
58cfac27d2 Python: adjust expectations to new spelling 2022-09-13 10:10:17 +02:00
erik-krogh
03a325ca31 autoformat 2022-09-13 10:06:35 +02:00
Erik Krogh Kristensen
dd5da79e46 recognize setters and getters of a class as exported 
Co-authored-by: Asger F <asgerf@github.com>
 2022-09-13 10:04:02 +02:00
Rasmus Lerchedahl Petersen
c1ab66181b Python: format 2022-09-13 08:08:04 +02:00
erik-krogh
dd5db2e6d7 add to isSanitizerGuard 2022-09-13 07:27:51 +02:00
erik-krogh
3eb7675292 rename to DenyListInclusionGuard 2022-09-13 07:27:31 +02:00
Sebastian Bauersfeld
f95663cdfb Java: Added change note. 2022-09-13 11:38:15 +07:00
Sebastian Bauersfeld
0468b3a361 Java: Track taint through constructor arguments of java.net.URI. 2022-09-13 11:35:04 +07:00
Raul Garcia
0df2b64355 Merge branch 'main' into Token_validation 2022-09-12 18:31:00 -07:00
Raul Garcia
9e63a3d30b Fixing a couple of bug from PR comments 2022-09-12 18:22:13 -07:00
Rasmus Lerchedahl Petersen
03c243175b Python: fix QL alerts 2022-09-12 23:53:42 +02:00
Andrew Eisenberg
68f0505c39 Apply suggestions from code review 2022-09-12 14:49:41 -07:00
Rasmus Lerchedahl Petersen
2e9c60de6c Python: remove ressurected file 2022-09-12 23:38:44 +02:00
Rasmus Lerchedahl Petersen
56dcfc2161 Python: --max-import-depth=0 
to avoid nodes in the extracted stdlib

Was there a reason for this depth to be 1?
 2022-09-12 23:25:48 +02:00
Rasmus Lerchedahl Petersen
bf16e220a0 Python: adjust expectations 2022-09-12 22:43:03 +02:00
erik-krogh
a567c132c1 fix all ql/unmentioned-guard 2022-09-12 22:42:46 +02:00
erik-krogh
9446cad32e add ql/unmentioned-guard class 2022-09-12 22:39:20 +02:00
Andrew Eisenberg
a9202b5c37 Tweak the query suites documentation 
- Add examples to filter on `@id`
- Add examples that include regexes
- Add examples that include both lists and single elements
- Add some `import` examples
- Remove mention of `eval` since it is not a user-facing instruction
 2022-09-12 13:07:32 -07:00
Rasmus Lerchedahl Petersen
e3280c8a3e Python: handle TODO 
although this is not actually tested,
so we may have to adjust once we use it.
But the _very_ generic implementation is modeled on the Ruby code.
 2022-09-12 21:03:56 +02:00
intrigus
894a0f1c3b Add string to int sanitizer. 2022-09-12 21:02:18 +02:00
Rasmus Lerchedahl Petersen
78d4dc3123 Python: sync files 2022-09-12 21:01:57 +02:00
Rasmus Lerchedahl Petersen
203481ad3e Python: rearrange to minimize diff 
also fix typo
 2022-09-12 20:07:32 +02:00
Rasmus Lerchedahl Petersen
efc5cfb852 Merge branch 'main' of github.com:github/codeql into python-dataflow/flow-summaries-from-scratch 2022-09-12 19:56:16 +02:00
Arthur Baars
e07e6c9053 Merge pull request #10382 from RasmusWL/ruby-typo-fix 
Ruby: Fix typo in QLDoc
 2022-09-12 19:04:37 +02:00
Tony Torralba
f412f433bf Add thymeleaf steps 2022-09-12 17:52:38 +02:00
Erik Krogh Kristensen
bb3753a682 Merge pull request #10317 from erik-krogh/py-unqueryable 
PY: deprecate a bunch of unused code
 2022-09-12 17:44:59 +02:00
erik-krogh
ceda5f69fc recognize returning an instanceof of a class as exporting that class 2022-09-12 17:31:51 +02:00
Mathias Vorreiter Pedersen
6e4b3c242f Merge pull request #10377 from geoffw0/deprecate-pointsto 
C++: Put a warning on the PointsTo library.
 2022-09-12 16:25:40 +01:00
Andrew Eisenberg
abdc79b009 Update the example codeql-workspace.yml 
Add a better example for `registries`.
 2022-09-12 08:22:51 -07:00
Andrew Eisenberg
361dba17de Add information about the registries block in codeql-workspace.yml 2022-09-12 08:22:51 -07:00