hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,688 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
284c8dd448 C++: Add change note 2022-08-22 11:25:40 +02:00
Tony Torralba
3314b56ffe Fix Fragment tests after androidx stubs update 2022-08-22 11:13:19 +02:00
Taus
c904ba1d16 Merge pull request #9852 from tausbn/python-add-str-class 
Python: Add `Str` class
 2022-08-22 10:55:01 +02:00
Jeroen Ketema
f00a9ac8fc Merge pull request #10112 from jketema/orphaned 
C++: Handle orphaned local variables
 2022-08-22 10:45:10 +02:00
Chris Smowton
f3ef8510d3 Merge pull request #10093 from smowton/smowton/feature/java-singular-locations 
Java: pick an arbitrary representative location when an entity has many candidate locations.
 2022-08-22 09:32:43 +01:00
Jeroen Ketema
04564b4323 Merge pull request #10123 from MathiasVP/optimize-exec-tainted 
C++: Remove CP in `cpp/command-line-injection`
 2022-08-22 10:20:03 +02:00
Michael Nebel
642c9929e6 Merge pull request #10050 from michaelnebel/csharp/asproutingendpoints 
C#: ASP.NET MapGet Routing endpoints (Remote Flow Sources)
 2022-08-22 09:05:12 +02:00
erik-krogh
2fd09d34de improve performance of global dataflow by inlining a step predicate 2022-08-22 08:35:19 +02:00
erik-krogh
2f11f3760e simplify getALibraryInputParameter by adding more general dataflow for the arguments object 2022-08-22 08:32:43 +02:00
Erik Krogh Kristensen
11b039c1f1 add tests 2022-08-22 08:29:28 +02:00
Erik Krogh Kristensen
31c09ba678 implement flow for .apply() by adding a ReflectiveParametersNode data-flow node 2022-08-22 08:29:28 +02:00
Erik Krogh Kristensen
d86b7f6c54 recognize an access to the arguments object as library-input 2022-08-22 08:29:24 +02:00
Erik Krogh Kristensen
7b1ef7473e change ArrayCreationStep to a PreCallGraphStep and unrestrict the storeStep 2022-08-22 08:15:54 +02:00
erik-krogh
049af68bc2 restrict suffix-construction to relevant regexps 2022-08-21 20:35:39 +02:00
erik-krogh
0aebc90b61 don't lowercase the endpointExample, and correctly handle root states 2022-08-21 18:38:47 +02:00
Mathias Vorreiter Pedersen
d209231ff9 C++: Remove cartesian product in 'ExecTainted'. 2022-08-21 16:45:36 +01:00
Mathias Vorreiter Pedersen
b944005046 Merge pull request #10095 from MathiasVP/fix-joins-in-using-expired-stack-address 
C++: Fix joins in `cpp/using-expired-stack-address`
 2022-08-20 12:18:34 +01:00
Jeroen Ketema
2adf5662a2 C++: Add DB scheme upgrade and downgrade scripts 2022-08-20 08:55:33 +02:00
Jeroen Ketema
02c8e316d3 C++: Update DB scheme stats file 2022-08-20 08:46:50 +02:00
Jeroen Ketema
4a7ad84d02 C++: Add __func__ and __PRETTY_FUNCTION__ IR tests 2022-08-20 01:09:52 +02:00
Chris Smowton
e5370a0caa Set MacOS and Windows Go versions to 1.19 2022-08-19 21:19:13 +01:00
Andrew Eisenberg
38909076ea Update other articles to with details about packaging 
In this commit:

- Replace _QL pack_ with _CodeQL pack_
- Replace `about-ql-pack` references with `about-codeql-packs`
- Replace examples using `libraryPathDependencies with
  `dependencies`
- Update some examples to specify the optional `version` field
- Update description of query specifiers to note that a path
  within a pack is valid.
 2022-08-19 13:14:43 -07:00
Jeroen Ketema
584a0189a8 C++: Update test results after changes 2022-08-19 21:50:45 +02:00
Chris Smowton
259b942fac Indent blocks that gofmt would mistake for markdown 
As of go 1.19 it will try to format markdown nicely, but in both these cases the formatting isn't supposed to be interpreted this way, so indent it to make it a preformatted block.
 2022-08-19 19:06:21 +01:00
Chris Smowton
8d20b9cf52 Use hasLocationInfo to match several Location fields at once 2022-08-19 19:03:17 +01:00
Chris Smowton
3266f1f35f Create 2022-08-19-signular-locations.md 2022-08-19 18:42:41 +01:00
Chris Smowton
6ac6a81bfa Update test action to use go 1.19 2022-08-19 18:37:39 +01:00
Chris Smowton
678ecffea8 Accept test changes 2022-08-19 18:34:05 +01:00
erik-krogh
bcf4c57060 Merge branch 'main' into redosPrefix 2022-08-19 19:22:49 +02:00
erik-krogh
d052b1e3c9 also support regular expressions without repetitions 2022-08-19 19:21:44 +02:00
Chris Smowton
1ea7caf559 Fix join ordering in inline-expectations test 2022-08-19 18:17:22 +01:00
Chris Smowton
e39475d778 Merge pull request #10100 from github/smowton/admin/note-java-19-support 
Note support for Java 19
 2022-08-19 17:20:23 +01:00
Chris Smowton
6f4fbac412 Create 2022-08-19-go-119-support.md 2022-08-19 17:20:03 +01:00
Tony Torralba
90aa7d8be5 Add change note 2022-08-19 17:01:37 +02:00
Tom Hvitved
a0a3dfb93d Merge pull request #10108 from hvitved/remove-redundant-overrides 
Remove redundant overrides
 2022-08-19 16:43:23 +02:00
Tony Torralba
3c6c09b0f8 No longer require a mode in Cipher.init 2022-08-19 16:40:59 +02:00
Tony Torralba
794fd976a9 Add androidx Fragment support 2022-08-19 16:32:06 +02:00
Paolo Tranquilli
75f62098e0 Merge pull request #10111 from github/redsun82/swift-add-methodrefexpr 
Swift: synthesize `MethodRefExpr`
 2022-08-19 16:27:16 +02:00
Rasmus Wriedt Larsen
9790594984 Ruby: Bugfix after HTTP::Client::Request change 
I guess this is not 100% accurate any longer since the base class is
only a `DataFlow::Node` now... I guess we could make it a
`DataFlow::CallNode` in the Concept definition.
 2022-08-19 16:25:47 +02:00
Paolo Tranquilli
631d234026 Swift: expand tests 2022-08-19 16:15:17 +02:00
Rasmus Wriedt Larsen
9eda630965 Ruby: Add CallNode.getKeywordArgumentIncludeHashArgument 2022-08-19 15:54:15 +02:00
Rasmus Wriedt Larsen
10968bf115 Ruby: Fix alert-msg logic for RequestWithoutValidation.ql 
This really surprised me, but as shown on the results, it does actually
make a difference in the alert-message.
 2022-08-19 15:50:09 +02:00
Ian Lynagh
5d670c6186 Kotlin: Remove another instance of a not-null-expression 2022-08-19 14:50:06 +01:00
Rasmus Wriedt Larsen
0ac3624342 Ruby: Implement new disablesCertificateValidation for all HTTP client models 
Sadly most alert text changed, but the two important changes are:

1. The request on RestClient.rb:19 now has an expanded alert text,
   highlighting where the origin of the value that disables certificate
   validation comes from. (in this case, it's trivial since it's the
   line right above)
2. We handle passing `false`/`OpenSSL::SSL::VERIFY_NONE` the same in the
   argument passing examples in Faraday.rb
 2022-08-19 15:46:22 +02:00
Erik Krogh Kristensen
812b6bddcf Merge pull request #10053 from erik-krogh/msgConsis-ql-query 
QL: add ql/consistent-alert-message
 2022-08-19 15:45:35 +02:00
Rasmus Wriedt Larsen
1f028ac206 Ruby: Implement new disablesCertificateValidation for RestClient 2022-08-19 15:43:19 +02:00
Rasmus Wriedt Larsen
07d95918f2 Ruby: Add more RequestWithoutValidation.ql tests 
Added:
- one where the value is not directly used when disabling certificate
  validation.
- one with argument passing, Faraday, where it is only the passing of
  `OpenSSL::SSL::VERIFY_NONE` that is recognized.
 2022-08-19 15:42:50 +02:00
Paolo Tranquilli
f0ec43b04c Swift: remove getMethodDeclaration 
`getStaticTarget` gives the same result.
 2022-08-19 15:37:49 +02:00
Paolo Tranquilli
66459b81da Swift: use field in MethodApplyExpr 
Also rename `getMethod` to `getMethodDeclaration` to clear up possible
confusion with `getFunction`.
 2022-08-19 15:31:00 +02:00
Tom Hvitved
99c049c09e Merge pull request #10102 from hvitved/ql/redundant-override-refined 
QL: Refine 'redundant override' query
 2022-08-19 15:25:11 +02:00