hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,684 Branches 159 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Raul Garcia
64343e00f4 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:25 -07:00
Raul Garcia
8a48708014 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:13 -07:00
Raul Garcia
2bac181094 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:53 -07:00
Raul Garcia
a4e35a97ea Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:38 -07:00
Raul Garcia
a51d713925 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:12 -07:00
Jeroen Ketema
f7c4fa691d Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-07-12 16:59:15 +02:00
Erik Krogh Kristensen
8e52fc97fc changes based on review by Shack 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
220ff3cb2e convert tabs to spaces in qhelp 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
712805f3bf add a!=b to the overlap predicate 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
592464d98b simplify the overlap computation 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
aae3e2ddde other changes based on Esbens review 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Ian Lynagh
a0636ff843 Merge pull request #9545 from igfoo/igfoo/type_cycles 
Java: Fix RefType.getAStrictAncestor() in the presence of type hierarchy cycles
 2022-07-12 14:28:54 +01:00
Jeroen Ketema
8f9d419441 C++: Add change note 2022-07-12 15:24:09 +02:00
Jeroen Ketema
e5eabc4e47 C++: Slightly tweak nullness test and update test results 2022-07-12 15:23:33 +02:00
Jeroen Ketema
d63b0946d9 C++: Use ConditionDeclExpr in AnalysedExpr::isDef 2022-07-12 15:22:13 +02:00
Jeroen Ketema
2ceb25dc9a C++: Order left and right operands in the logical left to right order 2022-07-12 15:21:37 +02:00
Ian Lynagh
d0bf424b19 Merge pull request #9806 from igfoo/igfoo/useType 
Kotlin: Extract an ErrorType if we fail to correctly extract a type
 2022-07-12 13:45:04 +01:00
Ian Lynagh
1bcb17b760 Update java/ql/lib/change-notes/2022-07-12-errortype.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-07-12 12:16:24 +01:00
Paolo Tranquilli
48c71c9407 Swift: add comment about TypeRepr in ASTNode fetching 2022-07-12 12:10:22 +02:00
Jeroen Ketema
de6a9375ba Merge pull request #9804 from jketema/get-target 
C++: Clarify the "most-specific" part of `FunctionCall:getTarget`
 2022-07-12 12:06:50 +02:00
Ian Lynagh
2edeeaac0e Merge pull request #9801 from igfoo/igfoo/psi 
Kotlin: We can't extract comments for < 1.5.20
 2022-07-12 11:01:30 +01:00
Ian Lynagh
965f5a980a Java/Kotlin: Add changenote for ErrorType 2022-07-12 10:58:16 +01:00
Henry Mercer
2ddcf8364c Merge pull request #9585 from github/henrymercer/packaging-on-ghes 
Docs: Document packaging support for CodeQL CLI 2.9.4+ on GHES 3.6+
 2022-07-12 10:36:03 +01:00
Paolo Tranquilli
033b239b22 Swift: collapse TypeRepr hierarchy 
Now `TypeRepr` is a final class in the AST, which is more or less just
a type with a location in code.

As the frontend does not provide a direct way to get a type from a
type representation, this information must be provided when fetching
the label of a type repr.

This meant:
* removing the type repr field from `EnumIsCaseExpr`: this is a virtual
  AST node introduced in place of some kinds of `IsEpxr`. The type
  repr is still available from the `ConditionalCheckedCastExpr` wrapped
  by this virtual node, and we will rebuild the original `IsExpr` with
  the IPA layer.
* some logic to get the type of keypath roots has been added to
  `KeyPathExpr`. This was done to keep the `TypeRepr` to `Type` relation
  total in the DB, but goes against the design of a dumb extractor. The
  logic could be moved to QL in the future
* in the control flow library, `TypeRepr` children are now ignored. As
  far as I can tell, there is no runtime evaluation going on in
  `TypeRepr`s, so it does not make much sense to have control flow
  through them.
 2022-07-12 10:49:14 +02:00
Nick Rolfe
685389d219 Merge pull request #9797 from github/nickrolfe/railties_fix 
Ruby: fix defining every dataflow node as a command execution sink
 2022-07-12 09:30:55 +01:00
Jeroen Ketema
c75599c3da C++: Clarify the "most-specific" part of FunctionCall:getTarget 2022-07-12 10:28:19 +02:00
Nick Rolfe
217c9a8aaf Fix typo in changenote 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-07-12 08:50:58 +01:00
Paolo Tranquilli
47a4cac8ee Merge branch 'main' into redsun82/swift-extraction 2022-07-12 09:29:10 +02:00
Paolo Tranquilli
70838fe57f Merge pull request #9774 from github/redsun82/swift-disable-change-note-check 
Swift: disable change note checking for now
 2022-07-12 09:28:37 +02:00
Shyam Mehta
65b9947428 Incorporate jksco's feedback 2022-07-12 02:02:31 -04:00
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Aditya Sharad
02e11b7ee9 Docs: Add links from query help to query pack changelog for each language 2022-07-11 13:59:38 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Raul Garcia
e5702d0e15 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 13:07:37 -07:00
Raul Garcia
7fc9ae6c49 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 13:07:20 -07:00
Andrew Eisenberg
022acf2de0 Merge pull request #9570 from github/aeisenberg/docs/packs-with-paths 
Update docs to include how to run a pack with path
 2022-07-11 11:40:11 -07:00
Ian Lynagh
960d1dba8a Kotlin: We can't etract comments for < 1.5.20 
We were making our own PsiSourceManager, but that didn't know about any
IrFile -> PsiFile mappings.
 2022-07-11 19:36:43 +01:00
Ian Lynagh
4c68624b00 Kotlin: Pass a FileLogger to Psi2Ir 2022-07-11 19:17:21 +01:00
Ian Lynagh
b9072a3594 Kotlin: Share a Psi2Ir instance 2022-07-11 18:57:43 +01:00
Henry Mercer
4704269086 Add example registry authentication string 2022-07-11 18:36:03 +01:00
Nick Rolfe
a3628b06f1 Ruby: fix markup in changenote 2022-07-11 17:23:45 +01:00
Nick Rolfe
032aa56dc3 Ruby: add change note for system command execution sink bug 2022-07-11 17:00:07 +01:00
Nick Rolfe
6632dfaf88 Ruby: fix another SystemCommandExecution::isShellInterpreted implementation 2022-07-11 16:53:30 +01:00
Raul Garcia
5d89a5d164 Update csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 08:42:50 -07:00
Raul Garcia
156bc34cda Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-11 08:41:05 -07:00
thiggy1342
ad7c3e7217 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-11 10:20:07 -04:00
thiggy1342
539fbbc126 Merge branch 'main' into experimental-strong-params 2022-07-11 10:20:00 -04:00
Nick Rolfe
348ad95fc0 Ruby: fix defining every dataflow node as a command execution sink 2022-07-11 15:06:27 +01:00