hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,688 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
309fecac92 C++: Extend getFunction to handle orphaned local variables 2022-08-19 15:22:30 +02:00
Paolo Tranquilli
6706ba6ded Swift: accept toString changes in tests 2022-08-19 15:22:02 +02:00
Jeroen Ketema
3b81f4860e C++: Add orphaned local variable relation to DB scheme 2022-08-19 15:21:56 +02:00
Paolo Tranquilli
e3f86a9eb0 Swift: fix QL warning 2022-08-19 15:03:18 +02:00
Tamas Vajk
e23d36909d Add DB stats file 2022-08-19 14:51:37 +02:00
Tamas Vajk
e30a488dab Fix downgrade folder SHA and file directions 2022-08-19 14:51:36 +02:00
Tamas Vajk
e668bf631a Add DB downgrade folder 2022-08-19 14:51:36 +02:00
Tamas Vajk
b34cae6bdd Add DB upgrade folder 2022-08-19 14:51:36 +02:00
Tamas Vajk
1c08ac1d7a Kotlin: Identify data classes during extraction 2022-08-19 14:51:36 +02:00
Paolo Tranquilli
9b50336e47 Swift: synthesize MethodRefExpr 
This introduces a `MethodRefExpr` node synthesized out of
`DotSyntaxCallExpr` under the `LookupExpr` hierarchy. This means that
much like
```free_function(1, 2)```
is a `CallExpr` with `getFunction` giving a `DeclRefExpr`,
```foo.method(1, 2)```
is now a `CallExpr` with `getFunction` giving a `MethodRefExpr`.

`ApplyExpr::getStaticTarget` has been made work with it (as well as
`ConstructorRefCallExpr` which for the moment has been left where it
is), a new `MethodApplyExpr` has been introduced deriving from it,
and control and data flow libraries have adapted.

A small but was fixed in `qlgen` where the default constructor for DB
types was not correctly subtracting derived IPA types depending on the
order of definitions in `schema.yml`.

There are still some occurrences of `DotSyntaxCallExpr`, and as already
mentioned the other `SelfApply` class (`ConstructorRefCallExpr`) was
left alone. Their treatment is left for a future PR.
 2022-08-19 14:48:36 +02:00
Tom Hvitved
18fb4a87af Revert change to QL test 2022-08-19 14:37:25 +02:00
Ian Lynagh
a6cee9edf9 Kotlin: Add an integration test for TRAP compression 2022-08-19 13:34:43 +01:00
Tom Hvitved
1b29bddb73 Python: Revert change to AnyNode 2022-08-19 14:08:21 +02:00
Tom Hvitved
663096fe3a Remove redundant overrides 2022-08-19 13:57:41 +02:00
Ian Lynagh
62779944e8 Kotlin: Compress TRAP files 
The Kotlin extractor can now be told to write TRAP with no compression,
gzip compression or Brotli compression - although Brotli is not yet
supported and it will fall back to gzip.

The invocation TRAP file is a bit more complicated, as it's already been
started before the extractor starts. For now that continues to always be
uncompressed.
 2022-08-19 12:47:10 +01:00
Sebastian Bauersfeld
da79ad854c Added change notes. 2022-08-19 17:46:02 +07:00
Sebastian Bauersfeld
2ec3746861 Address PR comments. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
f6d42bd3c6 Allow blacklist sanitizers. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
11f527ea5b Fix up query tests. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
354a7fd252 Make taint flow through java.lang.String.(replace|replaceFirst|replaceAll) more permissive. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
5cf320d553 Add corresponding taint steps. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
b0fbe3658d Add java.lang.String taint tests. 2022-08-19 17:33:35 +07:00
Chris Smowton
949de2a8dd Create 2022-08-19-java-19-support.md 2022-08-19 11:15:23 +01:00
Chris Smowton
e2afc80aff Autoformat go 2022-08-19 10:29:45 +01:00
Chris Smowton
45f922b3f2 Add models for Go 1.19's new url.JoinPath and URL.JoinPath functions 2022-08-19 10:29:45 +01:00
Chris Smowton
6068f63e9e Add taint models for go 1.19's new fmt.Append functions 2022-08-19 10:29:45 +01:00
Tom Hvitved
c86c9ec2c3 QL: Move query logic into library 2022-08-19 10:35:47 +02:00
Tom Hvitved
93fc952ef1 Merge pull request #10099 from hvitved/csharp/html-raw-tests 
C#: Add a cshtml-based XSS test
 2022-08-19 10:24:52 +02:00
Tom Hvitved
50a53008cd QL: Refine 'redundant override' query 2022-08-19 10:15:47 +02:00
Michael Nebel
c3e0388a75 C#: Add testcase for complex models. 2022-08-19 08:51:39 +02:00
Michael Nebel
058541c0d6 C#: Added change note. 2022-08-19 08:10:23 +02:00
Michael Nebel
bbb6ba088b C#: Add more Map like remote flow source testcases. 2022-08-19 08:10:23 +02:00
Michael Nebel
424d909201 C#: Add more Map like method delegate parameter as flow sources. 2022-08-19 08:10:23 +02:00
Michael Nebel
d2c5266139 C#: Add more test examples. 2022-08-19 08:10:23 +02:00
Michael Nebel
aaf14b0184 C#: Improve solution (pair programming with @hvitved). 2022-08-19 08:10:23 +02:00
Michael Nebel
6e5a412150 C#: Make one more ASP.NET routing example. 2022-08-19 08:10:23 +02:00
Michael Nebel
bd6d3c7347 C#: Consider parameters passed to lambdas in MapGet remote flow sources. 2022-08-19 08:10:23 +02:00
Michael Nebel
c8afb1bb94 C#: Update expected test case with new line numbers. 2022-08-19 08:10:23 +02:00
Michael Nebel
328e47834e C#: Add ASP.NET Core MapGet routing end point example. 2022-08-19 08:10:23 +02:00
Andrew Eisenberg
d737b5715f Merge and update about-ql-packs with about-codeql-packs 
This is the first of a series of commits around updating packaging docs.

`about-ql-packs.rst` is outdated. All relevant information has been
moved to about-codeql-packs.rst`.
 2022-08-18 15:31:35 -07:00
Chris Smowton
d2055283de Add models for go 1.19's new atomic pointer typex 2022-08-18 17:47:13 +01:00
Chris Smowton
8eb5d001f7 Upgrade Go extractor to latest golang and x-packages 2022-08-18 16:22:04 +01:00
Jeroen Ketema
38b4c02508 C++: Support link targets for global and namespace variables 2022-08-18 17:01:02 +02:00
Mathias Vorreiter Pedersen
c953b05cc2 Merge branch 'main' into fix-joins-in-using-expired-stack-address 2022-08-18 15:13:05 +01:00
Chris Smowton
ec1cc72669 Note support for Java 19 2022-08-18 15:02:16 +01:00
Erik Krogh Kristensen
4f93f2b9ba Merge pull request #10076 from erik-krogh/ql-for-ql-fixes 
various QL-for-QL fixes
 2022-08-18 15:46:48 +02:00
Chris Smowton
17dd1f64ec Java: pick an arbitrary representative location when an entity has many candidate locations. 2022-08-18 14:29:16 +01:00
Tom Hvitved
f275885258 C#: Add a cshtml-based XSS test 2022-08-18 15:24:04 +02:00
Anders Schack-Mulligen
61a2c0dab5 Merge pull request #10084 from aschackmull/java/numericcasttainted-barrier 
Java: Move sink-constraints into the configuration in NumericCastTainted.ql.
 2022-08-18 15:22:00 +02:00
Joe Farebrother
e8f027dab2 Apply docs suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-08-18 14:21:40 +01:00