hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-17 08:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,679 Branches 158 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
d3cccca7f1 C++: Filter duplicate (source, sink)-pairs 2022-11-29 11:17:39 +01:00
Paolo Tranquilli
9a25de3ef1 Swift: revert swift-actions/setup-swift 2022-11-29 11:17:08 +01:00
Jeroen Ketema
378206ae7d C++: Stop taint from flowing to arithmetic types 
These are not likely to give the user much control over what can be accessed.
 2022-11-29 11:15:28 +01:00
Karim Ali
f0d9dabca2 updated expected output for LocalTaint and Tain 2022-11-29 12:13:10 +02:00
Karim Ali
9b3c4e8db2 add test case for unicodeScalars 2022-11-29 12:12:10 +02:00
Karim Ali
7541b01a86 add test case for utf8CString 2022-11-29 12:12:10 +02:00
Karim Ali
58a87396ba add taint steps for fields of String 
if a String is tainted, then all its fields (including those declared in extensions) should be tainted as well
 2022-11-29 12:12:10 +02:00
Mathias Vorreiter Pedersen
4233c91a7e Merge pull request #11469 from atorralba/atorralba/swift/fix-local-taint 
Swift: Fix local taint
 2022-11-29 10:00:12 +00:00
Jeroen Ketema
718663415b C++: Stop flow from going through another source 
Without this we get confusing results:
```
    char *userAndFile = argv[2];
    char *fileName = argv[1];
    fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without
                            // this change.
```

While here add some more test cases.
 2022-11-29 10:52:57 +01:00
Jeroen Ketema
63334764d7 C++: Rewrite cpp/path-injection to not use DefaultTaintTracking 2022-11-29 10:52:57 +01:00
erik-krogh
915d680fcc use a node script instead of bash to move the compilation cache 2022-11-29 10:41:08 +01:00
erik-krogh
67e9841bf3 place the compilation cache in the temp dir 2022-11-29 10:40:54 +01:00
Tony Torralba
0e59257442 Fix local taint steps 
Local taint should include local flow and simple summaries through library code
 2022-11-29 10:36:56 +01:00
Tom Hvitved
f3dca95958 Merge pull request #11087 from hvitved/dataflow/summary-ctx 
Data flow: Add summary/return context to pruning stages 2-4
 2022-11-29 10:36:53 +01:00
Geoffrey White
c3dc9672f7 Merge branch 'main' into constructor 2022-11-29 09:30:03 +00:00
Geoffrey White
e0c8a8ecff Merge pull request #11458 from geoffw0/simplify 
Swift: Simplify some QL.
 2022-11-29 09:29:12 +00:00
Felicity Chapman
5898615f5a Merge pull request #11420 from github/felicitymay-8441-query-guides-java 
LGTM deprecation: updates to CodeQL for Java articles
 2022-11-29 09:23:21 +00:00
Peter Stöckli
6b1865d2ca Merge branch 'main' into p--ruby-kernel-open-addition 2022-11-29 10:19:36 +01:00
Felicity Chapman
1dc6640bc1 Remove superfluous content 
(cherry picked from commit 5d03892943)
 2022-11-29 09:19:21 +00:00
Felicity Chapman
229c3e6e8f Update for James' review comments 
(cherry picked from commit 174fbf672f)
 2022-11-29 09:19:21 +00:00
Felicity Chapman
97db2c91f1 First draft update basic query to use VS Code 
(cherry picked from commit 3e0702f904)
 2022-11-29 09:19:21 +00:00
Peter Stöckli
deb3accd1e make predicate private 2022-11-29 10:07:13 +01:00
Felicity Chapman
9780990836 Merge pull request #11433 from github/8441-general-changes 
LGTM deprecation: miscellaneous changes
 2022-11-29 09:06:31 +00:00
Felicity Chapman
434c5ea188 Merge pull request #11422 from github/felicitymay-8441-query-guides-python 
LGTM deprecation: updates to CodeQL for Python articles
 2022-11-29 09:04:48 +00:00
Felicity Chapman
114d337210 Merge pull request #11421 from github/felicitymay-8441-query-guides-c 
LGTM deprecation: updates to CodeQL for C/C++ articles
 2022-11-29 09:04:31 +00:00
Felicity Chapman
0624324962 Merge branch 'rc/3.8' into felicitymay-8441-query-guides-java 2022-11-29 09:03:32 +00:00
Peter Stöckli
5b6dd786c3 Add changes for NonConstantKernelOpenQuery 2022-11-29 10:00:57 +01:00
Peter Stöckli
88282ade1a Add predicate to filter out calls to File in opal 2022-11-29 10:00:57 +01:00
Peter Stöckli
315480824b Fix KernelOpen qhelp 2022-11-29 10:00:57 +01:00
Peter Stöckli
d8752a0b12 Add additional sinks to the rb/kernel-open query 2022-11-29 10:00:56 +01:00
Erik Krogh Kristensen
0cd50aac40 Merge pull request #11398 from erik-krogh/splat-stuff 
Rb: add some more flow through splat parameters
 2022-11-28 22:31:25 +01:00
Erik Krogh Kristensen
ae40b0aba2 Merge pull request #11419 from github/felicitymay-8441-query-guides-javascript 
LGTM deprecation: updates to CodeQL for JavaScript articles
 2022-11-28 21:57:37 +01:00
tiferet
4580b55673 Oops -- forgot to stage one file in the previous commit :) 2022-11-28 11:34:34 -08:00
tiferet
210644e87d Delete StandardEndpointFilters. 
All remaining functionality in `StandardEndpointFilters` is only being used in `EndpointCharacteristics`, so it can be moved there as a small set of helper predicates.
 2022-11-28 11:34:34 -08:00
tiferet
15121931b4 Delete CoreKnowledge. 
All remaining functionality in `CoreKnowledge` is only being used in `EndpointCharacteristics`, so it can be moved there as a small set of helper predicates.
 2022-11-28 11:34:34 -08:00
tiferet
1c679378e7 FilteringReason is no longer being used and can be deleted 2022-11-28 11:34:33 -08:00
tiferet
99de397a5f Remove redundant code 
`isOtherModeledArgument` and `isArgumentToBuiltinFunction` contained the old logic for selecting negative endpoints for training.

These can now be deleted, and replaced by a single base class that collects all EndpointCharacteristics that are currently used to indicate negative training samples: `OtherModeledArgumentCharacteristic`.

This in turn lets us delete code from `StandardEndpointFilters` that effectively said that endpoints that are high-confidence non-sinks shouldn't be scored at inference time, either.
 2022-11-28 11:34:33 -08:00
tiferet
7b0269c999 Fix British spelling that code scanning didn't like. 
I've been working with Brits for too long :)
 2022-11-28 11:28:08 -08:00
Tiferet Gazit
72c46c662c Merge pull request #11462 from github/tiferet/endpoint-filters-sidebar 
Endpoint filters added commits
 2022-11-28 11:18:53 -08:00
tiferet
963407de4c Update the documentation 2022-11-28 11:16:06 -08:00
Geoffrey White
cf7cd2b470 Swift: Convert to MaD. 2022-11-28 19:02:56 +00:00
Gustav Munkby
545ad0179b Merge remote-tracking branch 'origin/main' into accelerate-go-list-option 2022-11-28 19:27:52 +01:00
Geoffrey White
03ae2821c3 Update swift/ql/lib/codeql/swift/frameworks/Alamofire/Alamofire.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-11-28 18:24:28 +00:00
Geoffrey White
349a10c013 Swift: codegen. 2022-11-28 17:41:41 +00:00
Geoffrey White
96e04e7f63 Swift: Use ConstructorDecl in place of name matching. 2022-11-28 17:39:45 +00:00
Geoffrey White
e97aee5d9d Swift: QLDoc. 2022-11-28 17:39:44 +00:00
Geoffrey White
410609fed4 Swift: Make ConstructorDecl, DestructorDecl into MethodDecls. 2022-11-28 17:20:43 +00:00
Geoffrey White
edb6325117 Swift: Fix comment. 2022-11-28 17:07:34 +00:00
Geoffrey White
aa5c893d5e Swift: Further simplify. 2022-11-28 17:07:34 +00:00
Geoffrey White
97bd91ed19 Swift: Simplify using ApplyExpr.getArgumentWithLabel. 2022-11-28 16:51:46 +00:00