hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 13:53:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,698 Branches 161 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
ff9327a035 Add diagnostic query to get correctly extracted files 2021-04-22 09:21:46 +02:00
Tamas Vajk
b05e211e21 Fix failing test 2021-04-22 09:21:45 +02:00
Tamas Vajk
353d43a039 Log model errors even in standalone extraction 2021-04-22 09:13:06 +02:00
Tamas Vajk
5149ffdd16 C#: Add extraction error diagnostic query 2021-04-22 09:13:06 +02:00
edvraa
ade238307f Add a test 2021-04-22 10:02:06 +03:00
Tamás Vajk
9c936867fa Exclude code from XML files 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2021-04-22 09:00:31 +02:00
Tamás Vajk
a7cc9f98ef Merge pull request #5745 from tamasvajk/feature/fix-arg-default 
C#: Fix special case of default argument value extraction
 2021-04-22 08:58:13 +02:00
edvraa
86444bfa09 Use set literal expression 2021-04-22 09:48:46 +03:00
edvraa
9774b24c4e Use TypeString 2021-04-22 09:44:07 +03:00
Sauyon Lee
b808c187cf Add test with curly braces in filename 2021-04-21 21:14:41 -07:00
Sauyon Lee
f15b65d07e Extract dummy files for errors with no location 2021-04-21 21:14:40 -07:00
Sauyon Lee
488f7f5b9b Use pre-transformed path for extractor fileinfo 2021-04-21 21:14:40 -07:00
Chris Smowton
90c4b5d63f Switch to using HTML entities for escaping 2021-04-21 21:14:39 -07:00
Chris Smowton
06c958e61f Extractor: tolerate curly braces in struct field tags, directory names 
These previously produced malformed TRAP. I have checked the other uses of GlobalID and don't see any others that should require escaping.
 2021-04-21 21:14:39 -07:00
haby0
454324781d delete IfStmt 2021-04-22 11:59:33 +08:00
Robert Marsh
cac1bef6ea C++: deprecate cpp/return-stack-allocated-object 2021-04-21 15:17:31 -07:00
Asger Feldthaus
fe8deeaf6b JS: Autoformat 2021-04-21 23:13:57 +01:00
Dave Bartolomeo
383210096c C++: Isolate models from AST dataflow's reference/object conflation 
`DataFlowFunction` models treat references a pointers - an explicit level of indirection. The AST dataflow library generally treats references as if they were the referred-to object. This commit removes a workaround in the dataflow model for unary `operator*` on smart pointers, and makes the AST dataflow library adjust the results of querying the model so that a returned reference only gets flow that was modeled as going to the dereference of the return value.

This fixes some missing flow in IR dataflow, and recovers some (presumably) missing reverse taint flow in AST taint tracking as well.
 2021-04-21 18:09:44 -04:00
Asger Feldthaus
e98bfe921e JS: QLDoc 2021-04-21 22:14:50 +01:00
Asger Feldthaus
bb7934b381 JS: Change note 2021-04-21 21:20:12 +01:00
Asger Feldthaus
c113cfd8b7 JS: Autoformat 2021-04-21 21:13:07 +01:00
edvraa
57689df5aa Remove DataFlow::Node 2021-04-21 19:29:30 +03:00
Dave Bartolomeo
0bc4b0421d C++: Remove unnecessary cast 2021-04-21 12:12:01 -04:00
Sauyon Lee
466d87684d Merge pull request #528 from sauyon/tuple-map-read 2021-04-21 08:50:40 -07:00
Rasmus Wriedt Larsen
5a9e27c6fc Merge branch 'main' into django-3.2 2021-04-21 17:15:47 +02:00
Chris Smowton
76091f0f8d Use ArrayElement accessor where needed 2021-04-21 15:58:41 +01:00
Chris Smowton
2c95b7539f Remove now-redundant steps 2021-04-21 15:57:09 +01:00
Chris Smowton
874733a61b Argument -> specific Argument indices 2021-04-21 15:53:55 +01:00
Chris Smowton
fce1d6122f Add change note 2021-04-21 15:47:20 +01:00
Chris Smowton
6589460357 Add models for Commons ToStringBuilder 
These don't include support for reflectionToString yet, which is coming up in a subsequent PR.
 2021-04-21 15:47:19 +01:00
Chris Smowton
94f0a1532d Merge pull request #5682 from smowton/smowton/docs/fix-has-modifier-comment 
Fix documentation of Modifier.qll
 2021-04-21 15:41:29 +01:00
Tamas Vajk
a0f5e45ae9 C#: Fix special case of default argument value extraction 2021-04-21 16:34:29 +02:00
Chris Smowton
9ab1a8d144 Reword change note 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-04-21 15:28:28 +01:00
edvraa
a93d6a3ef6 Remove SafeConstructorTrackingConfig 2021-04-21 17:16:54 +03:00
Geoffrey White
ba335089c4 Merge pull request #5601 from ihsinme/ihsinme-patch-259 
CPP: Add query for CWE-691 Insufficient Control Flow Management After Refactoring The Code
 2021-04-21 15:13:38 +01:00
edvraa
9e46ef3cd9 Get rid of getParent 2021-04-21 17:11:40 +03:00
edvraa
808444986d Get rid of UnsafeDeserializerCallable 2021-04-21 17:06:20 +03:00
Owen Mansel-Chan
9c72e73a82 Make ExecTainted easier to extend 
To add a method that executes a command, you can now define a class
extending ExecMethod.
 2021-04-21 14:55:37 +01:00
edvraa
b6952d541a get rid of getParent 2021-04-21 16:55:34 +03:00
edvraa
9cc67e4266 make private where possible 2021-04-21 16:48:05 +03:00
CodeQL CI
30d7f0dc98 Merge pull request #5687 from RasmusWL/inline-taint-tests 
Approved by yoff
 2021-04-21 06:24:12 -07:00
Taus
71780228ae Python: Rename TypeTrackerPrivate.qll 2021-04-21 13:08:26 +00:00
Asger Feldthaus
2c9a6e7bef JS: Cache function-wrapping steps in type-tracking stage 2021-04-21 13:45:58 +01:00
Arthur Baars
bc6aec7a99 Merge pull request #167 from github/alexrford/numlines 
Implement FLines metrics queries
 2021-04-21 14:42:18 +02:00
Tamas Vajk
e25305e3cc Java: Introduce LoC summary metric query 2021-04-21 14:27:00 +02:00
Anders Schack-Mulligen
f9599da32d Java/C#: Move a couple of flow summary tweaks to the shared implementation. 2021-04-21 14:24:15 +02:00
Alex Ford
240f0abf27 drop @tags from metrics queries 2021-04-21 13:00:48 +01:00
Alex Ford
15289dba34 simplify File.getNumberOfLines 2021-04-21 12:59:25 +01:00
Rasmus Wriedt Larsen
be9cbd79d6 Python: Add change-note for Django 3.2 support 2021-04-21 13:58:34 +02:00
Alex Ford
cc5bbfce0b Get -> Gets 2021-04-21 12:57:55 +01:00