hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,688 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Lynagh
a6cee9edf9 Kotlin: Add an integration test for TRAP compression 2022-08-19 13:34:43 +01:00
Tom Hvitved
1b29bddb73 Python: Revert change to AnyNode 2022-08-19 14:08:21 +02:00
Tom Hvitved
663096fe3a Remove redundant overrides 2022-08-19 13:57:41 +02:00
Ian Lynagh
62779944e8 Kotlin: Compress TRAP files 
The Kotlin extractor can now be told to write TRAP with no compression,
gzip compression or Brotli compression - although Brotli is not yet
supported and it will fall back to gzip.

The invocation TRAP file is a bit more complicated, as it's already been
started before the extractor starts. For now that continues to always be
uncompressed.
 2022-08-19 12:47:10 +01:00
Sebastian Bauersfeld
da79ad854c Added change notes. 2022-08-19 17:46:02 +07:00
Sebastian Bauersfeld
2ec3746861 Address PR comments. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
f6d42bd3c6 Allow blacklist sanitizers. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
11f527ea5b Fix up query tests. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
354a7fd252 Make taint flow through java.lang.String.(replace|replaceFirst|replaceAll) more permissive. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
5cf320d553 Add corresponding taint steps. 2022-08-19 17:33:35 +07:00
Sebastian Bauersfeld
b0fbe3658d Add java.lang.String taint tests. 2022-08-19 17:33:35 +07:00
Chris Smowton
949de2a8dd Create 2022-08-19-java-19-support.md 2022-08-19 11:15:23 +01:00
Chris Smowton
e2afc80aff Autoformat go 2022-08-19 10:29:45 +01:00
Chris Smowton
45f922b3f2 Add models for Go 1.19's new url.JoinPath and URL.JoinPath functions 2022-08-19 10:29:45 +01:00
Chris Smowton
6068f63e9e Add taint models for go 1.19's new fmt.Append functions 2022-08-19 10:29:45 +01:00
Tom Hvitved
c86c9ec2c3 QL: Move query logic into library 2022-08-19 10:35:47 +02:00
Tom Hvitved
93fc952ef1 Merge pull request #10099 from hvitved/csharp/html-raw-tests 
C#: Add a cshtml-based XSS test
 2022-08-19 10:24:52 +02:00
Tom Hvitved
50a53008cd QL: Refine 'redundant override' query 2022-08-19 10:15:47 +02:00
Michael Nebel
c3e0388a75 C#: Add testcase for complex models. 2022-08-19 08:51:39 +02:00
Michael Nebel
058541c0d6 C#: Added change note. 2022-08-19 08:10:23 +02:00
Michael Nebel
bbb6ba088b C#: Add more Map like remote flow source testcases. 2022-08-19 08:10:23 +02:00
Michael Nebel
424d909201 C#: Add more Map like method delegate parameter as flow sources. 2022-08-19 08:10:23 +02:00
Michael Nebel
d2c5266139 C#: Add more test examples. 2022-08-19 08:10:23 +02:00
Michael Nebel
aaf14b0184 C#: Improve solution (pair programming with @hvitved). 2022-08-19 08:10:23 +02:00
Michael Nebel
6e5a412150 C#: Make one more ASP.NET routing example. 2022-08-19 08:10:23 +02:00
Michael Nebel
bd6d3c7347 C#: Consider parameters passed to lambdas in MapGet remote flow sources. 2022-08-19 08:10:23 +02:00
Michael Nebel
c8afb1bb94 C#: Update expected test case with new line numbers. 2022-08-19 08:10:23 +02:00
Michael Nebel
328e47834e C#: Add ASP.NET Core MapGet routing end point example. 2022-08-19 08:10:23 +02:00
Andrew Eisenberg
d737b5715f Merge and update about-ql-packs with about-codeql-packs 
This is the first of a series of commits around updating packaging docs.

`about-ql-packs.rst` is outdated. All relevant information has been
moved to about-codeql-packs.rst`.
 2022-08-18 15:31:35 -07:00
Chris Smowton
d2055283de Add models for go 1.19's new atomic pointer typex 2022-08-18 17:47:13 +01:00
Chris Smowton
8eb5d001f7 Upgrade Go extractor to latest golang and x-packages 2022-08-18 16:22:04 +01:00
Jeroen Ketema
38b4c02508 C++: Support link targets for global and namespace variables 2022-08-18 17:01:02 +02:00
Mathias Vorreiter Pedersen
c953b05cc2 Merge branch 'main' into fix-joins-in-using-expired-stack-address 2022-08-18 15:13:05 +01:00
Chris Smowton
ec1cc72669 Note support for Java 19 2022-08-18 15:02:16 +01:00
Erik Krogh Kristensen
4f93f2b9ba Merge pull request #10076 from erik-krogh/ql-for-ql-fixes 
various QL-for-QL fixes
 2022-08-18 15:46:48 +02:00
Chris Smowton
17dd1f64ec Java: pick an arbitrary representative location when an entity has many candidate locations. 2022-08-18 14:29:16 +01:00
Tom Hvitved
f275885258 C#: Add a cshtml-based XSS test 2022-08-18 15:24:04 +02:00
Anders Schack-Mulligen
61a2c0dab5 Merge pull request #10084 from aschackmull/java/numericcasttainted-barrier 
Java: Move sink-constraints into the configuration in NumericCastTainted.ql.
 2022-08-18 15:22:00 +02:00
Joe Farebrother
e8f027dab2 Apply docs suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-08-18 14:21:40 +01:00
Tom Hvitved
2afb4abaa2 Merge pull request #10094 from hvitved/csharp/redundant-override 
C#: Remove redundant override
 2022-08-18 15:17:20 +02:00
Tom Hvitved
d68f817e53 Merge pull request #10098 from hvitved/ql/redundant-override 
QL: Add redundant overrides query
 2022-08-18 15:13:35 +02:00
erik-krogh
26fcf6b25b apply suggestions from review 2022-08-18 15:00:57 +02:00
Tom Hvitved
e5911df697 QL: Add redundant overrides query 2022-08-18 14:59:04 +02:00
Rasmus Wriedt Larsen
47c9c5bddd Ruby: Update RequestWithoutValidation.ql to match Python version 
No library modeling currently has support for the new disablesCertificateValidation/2, so only the alert text has changed

(removed an import from Python so the queries would ACTUALLY match)
 2022-08-18 14:32:41 +02:00
Mathias Vorreiter Pedersen
5704995b62 C++: Fix joins in 'cpp/using-expired-stack-address'. 2022-08-18 13:23:39 +01:00
Chris Smowton
72009f8614 Merge pull request #10085 from smowton/smowton/fix/dont-use-write-instruction-for-channel-flow 
Go: don't use WriteNode for channel writes
 2022-08-18 12:47:55 +01:00
Rasmus Wriedt Larsen
4a82025087 Ruby: Base HTTP::Client::Request on shared concept 
Fixing up deprecation errors in next commit
 2022-08-18 13:42:53 +02:00
Rasmus Wriedt Larsen
e2b78df5ad Ruby: Change HTTP::Client::Request to have DataFlow::Node as base class 
Although this is a breaking change, as explained in the change-note, it
should onyl affect peopel that have created their own HTTP client
request modeling, which I assume is none.

The alternative would have been to keep the old class/module as
deprecated, and introduce a `HTTP::Client::Requestv2` class/module that
is based on `DataFlow::Node` instead. The old class could then be
deprecated in 1 year, and we could do a rename from
`HTTP::Client::Requestv2` -> `HTTP::Client::Request` at the same time.
(and then wait 1 more year before being able to delete
`HTTP::Client::Requestv2`)

All in all, I think this is the right tradeoff, given that CodeQL Ruby
is still in beta.
 2022-08-18 13:42:52 +02:00
Rasmus Wriedt Larsen
e6b4d12f94 Sync ConceptsShared 2022-08-18 13:42:52 +02:00
Rasmus Wriedt Larsen
635fd1902d Python: Move HTTP::Client::Request to shared concepts 
New shared concepts uses correct casing of HTTP according to our
style-guide.
 2022-08-18 13:42:52 +02:00