hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-23 03:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,685 Branches 158 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
463173eae4 Accept integration test changes 2022-09-28 10:26:58 +02:00
Geoffrey White
9780dffa79 Merge pull request #10596 from geoffw0/swifturl 
Swift: URL is a struct, not a class
 2022-09-28 09:15:29 +01:00
Tamas Vajk
13fb032b1c Kotlin: Remove unbound symbol owner lookup 2022-09-28 09:47:10 +02:00
Tom Hvitved
92a38b30cf Data flow: Update documentation on array flow modeling 2022-09-28 09:32:52 +02:00
Harry Maclean
adb8368e07 Add change note 2022-09-28 12:16:12 +13:00
Harry Maclean
24a10aa5ff Recognise send_file as a FileSystemAccess 
This method is available in ActionController actions, and sends the file
at the given path to the client.
 2022-09-28 12:14:22 +13:00
Harry Maclean
eada74a15c Add change note 2022-09-28 11:43:31 +13:00
Robert Marsh
82bbe67267 Merge pull request #10593 from MathiasVP/fix-fp-on-cwe-193 
C++: Fix FPs on `cpp/invalid-pointer-deref`
 2022-09-27 17:38:17 -04:00
Jami Cogswell
61e24a888f remove stubs/android directory and update options files 2022-09-27 14:55:08 -04:00
Tom Hvitved
31806b84ba Ruby: Add more flow summaries tests 
The tests highlight the differences between `(With|Without)?Element[1]` and
`(With|Without)?Element[1!]`.
 2022-09-27 20:16:31 +02:00
Tom Hvitved
2351c0288a Ruby: Fix spurious flow through reverse stores 2022-09-27 20:16:31 +02:00
Harry Maclean
28a23209a5 Ruby: Identify ActionController::Metal controllers 
Subclasses of `ActionController::Metal` are stripped-down controllers.
We want to recognise them as ActionController controllers.
There are some common ActionController methods that are not available in
Metal, but these are not likely to be used anyway as they would throw an
exception, so I don't think there's much harm in including them in the
modelling.
 2022-09-28 07:10:09 +13:00
Tom Hvitved
fea1e47daa Ruby: Add data-flow test for spurious flow through a reverse store 2022-09-27 20:05:35 +02:00
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Geoffrey White
1248810e35 Swift: Add model for URL.resourceBytes and URL.lines. 2022-09-27 18:58:56 +01:00
Geoffrey White
fa5e03a53d Swift: Add tests of URL.resourceBytes and URL.lines. 2022-09-27 18:58:56 +01:00
Geoffrey White
69dd2c0eec Swift: Add a test of taint sources. 2022-09-27 18:58:56 +01:00
Geoffrey White
3ffb2a3ee6 Swift: Fix. 2022-09-27 18:39:03 +01:00
Geoffrey White
286fcb672c Swift: Additional test results. 2022-09-27 18:31:43 +01:00
Geoffrey White
d2c74913c8 Swift: Repair UnsafeWebViewFetch query via taint summary. 2022-09-27 18:25:32 +01:00
Geoffrey White
13b2b1f304 Swift: Repair CleartextTransmission query. 2022-09-27 18:25:32 +01:00
Geoffrey White
62aa5de781 Swift: URL is a struct not a class. 2022-09-27 18:25:31 +01:00
Mathias Vorreiter Pedersen
485568331a Swift: Add a class that's the union of struct and class. 2022-09-27 17:52:12 +01:00
Harry Maclean
6e60a6ff2e Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-09-28 05:51:28 +13:00
Nora Dimitrijević
cacf78838c C++: Tests (w/ FPs) from MRVA top 1000 run 2022-09-27 18:48:32 +02:00
Jami
56e3334c6d Merge pull request #10479 from jcogs33/android-service-sources 
Java: add Android service sources
 2022-09-27 12:40:18 -04:00
Andrew Eisenberg
aefd51601c Re-order query suite descriptions 
Add a pull quote and apply some suggestions from code review.
 2022-09-27 09:22:46 -07:00
Mathias Vorreiter Pedersen
549eca1b17 C++: Fix 'implicit use of this'. 2022-09-27 16:29:30 +01:00
Mathias Vorreiter Pedersen
e4305948ef C++: Fix FP on CWE-193 by blocking flow through back-edges of phi nodes. 2022-09-27 16:28:03 +01:00
Nick Rolfe
8ca1e1b2d1 Ruby: add changenote for XXE improvements 2022-09-27 16:11:41 +01:00
Jami Cogswell
7e0c61de2c switch to hasName 2022-09-27 10:45:52 -04:00
Tamas Vajk
847a64c03b Kotlin: extract call target even if it's unbound 2022-09-27 15:30:38 +02:00
Tony Torralba
be9509ceb9 Merge pull request #9199 from luchua-bc/java/unsafe-url-forward-dispatch-load 
Java: CWE-552 Query to detect unsafe resource loading in Java Spring applications
 2022-09-27 15:27:51 +02:00
Asger F
52b6dd5bec Ruby: update test expectation 2022-09-27 14:41:59 +02:00
Erik Krogh Kristensen
162edd6883 Merge pull request #10586 from erik-krogh/pyRegFix 
ReDoS: fix RegExpEscape::getValue having multiple results for some escapes
 2022-09-27 14:41:18 +02:00
Erik Krogh Kristensen
b9937269b9 Merge pull request #10584 from erik-krogh/csharp-unqueryable 
C#: deprecate/delete some unused code
 2022-09-27 14:26:59 +02:00
Tom Hvitved
335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
Tony Torralba
7ff82bbed3 Update java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll 2022-09-27 13:26:21 +02:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Nick Rolfe
bfda08e69c Ruby: detect uses of libxml with entity substitution enabled by default 
Including uses of ActiveSupport::XmlMini with the libxml backend
 2022-09-27 11:53:43 +01:00
Nick Rolfe
7c30d333ad Ruby: move XXE tests to subdirectory 2022-09-27 11:53:43 +01:00
Tamás Vajk
9358070ae9 Merge pull request #10506 from tamasvajk/kotlin-enum-type-access 
Kotlin: Fix type access expressions in enum constructor calls
 2022-09-27 12:42:30 +02:00
Tamás Vajk
8a6d56a57d Merge pull request #10520 from tamasvajk/kotlin-fix-anonymous-object-comment 
Kotlin: Fix comment extraction for anonymous objects
 2022-09-27 12:42:05 +02:00
erik-krogh
ae6dd05249 deprecate unused class in query specific file 2022-09-27 12:40:05 +02:00
erik-krogh
d23b128457 delete unused code in an internal file 2022-09-27 12:31:58 +02:00
Mathias Vorreiter Pedersen
0c79c2836c Merge pull request #10573 from erik-krogh/cpp-unqueryable 
C: deprecate/delete some unused code
 2022-09-27 10:13:24 +01:00
Asger F
ea4ba27297 Ruby: add RbiInstantiatedType 2022-09-27 10:51:29 +02:00
Anders Schack-Mulligen
9f1bbf2bbd Merge pull request #10575 from aschackmull/dataflow/cleanup-module 
Dataflow: Minor visibility cleanup
 2022-09-27 10:10:53 +02:00
Harry Maclean
9709aa87fb Fix changenote month 2022-09-27 15:23:12 +13:00
Harry Maclean
cb8865f3ff Add missing doc 2022-09-27 11:23:08 +13:00