hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 06:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,684 Branches 159 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
thiggy1342
9c9ac919b7 Update ruby/ql/src/experimental/decompression-api/DecompressionApi.ql 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 09:49:52 -04:00
thiggy1342
3949e04797 Update ruby/ql/src/experimental/decompression-api/DecompressionApi.ql 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 09:49:11 -04:00
thiggy1342
2f505c527b Merge branch 'main' into experimental-decompression-api 2022-06-20 09:48:21 -04:00
Anders Schack-Mulligen
730871cc74 Swift: Deprecate BarrierGuard. 2022-06-20 15:46:38 +02:00
Anders Schack-Mulligen
a7c268f804 Python: adjust test. 2022-06-20 15:46:38 +02:00
Anders Schack-Mulligen
1b13790a36 Ruby: Deprecate and replace BarrierGuard class. 2022-06-20 15:46:38 +02:00
Anders Schack-Mulligen
f473a0a961 Python: Deprecate and replace BarrierGuard class. 2022-06-20 15:46:38 +02:00
Anders Schack-Mulligen
87d5305f5b Go: Ad-hoc patch the shared libs. 2022-06-20 15:46:38 +02:00
Anders Schack-Mulligen
406f5b525b Go: Deprecate and replace BarrierGuard class 2022-06-20 15:46:27 +02:00
Geoffrey White
30557ebe55 Swift: Test for string length conflation query. 2022-06-20 14:38:52 +01:00
Cornelius Riemenschneider
d3c7395fa2 Go: Properly escape dash in tracing-config.lua 
Previously, the pattern didn't match what it was intended to match.
 2022-06-20 14:29:50 +02:00
Alex Denisov
42dc6814f0 Swift: extract all output-producing source files, not only primary files 2022-06-20 14:06:54 +02:00
AlexDenisov
fc7e0ec193 Merge pull request #9615 from github/redsun82/swift-fix-synthesized-entities 
Swift: fix emission of synthesized entities
 2022-06-20 13:29:32 +02:00
Asger F
2936e1ada8 Merge pull request #9457 from asgerf/js/madman-prep2 
JS: Some more improvements to d.ts file analysis
 2022-06-20 13:25:07 +02:00
Tony Torralba
b373c435f6 Fix test expectations 2022-06-20 13:16:45 +02:00
Paolo Tranquilli
90f0e3ee72 Swift: remove forgotten resolved TODO 2022-06-20 13:08:28 +02:00
Tamás Vajk
b16fcb72eb Merge pull request #9559 from tamasvajk/kotlin-fix-parcelize-symbols-3 
Kotlin: substitute fake Parcelize functions with their real equivalent ones
 2022-06-20 13:05:23 +02:00
Paolo Tranquilli
95a6c5d4e5 Swift: fix emission of synthesized entities 
This was temporarily broken as we were skipping full emission of all
entities without any valid location.

We now rely on `decl->getDeclContext()->getParentSourceFile()` which is
more robust.
 2022-06-20 13:00:05 +02:00
Tamás Vajk
f737804035 Merge pull request #9610 from tamasvajk/fix/global-statements 
C#: Fix global statement extraction
 2022-06-20 12:54:36 +02:00
Paolo Tranquilli
c9eef0c6f1 Merge pull request #9592 from github/alexdenisov/extend-lua-tracer-config 
Swift: extend tracer config to handle -resource-dir and drop unsupported CLI args
 2022-06-20 12:53:17 +02:00
Erik Krogh Kristensen
7d62b9e131 move the pruning for module resolution of TypeExprs 2022-06-20 12:12:57 +02:00
Michael Nebel
70203633a1 Merge pull request #9393 from michaelnebel/csharp/asptaintedmember 
C#: ASP.NET Core like members are tainted
 2022-06-20 12:11:16 +02:00
Tony Torralba
78fcdd22db Change test class name 2022-06-20 12:07:32 +02:00
Tony Torralba
3b60a1c3bc Add change note 2022-06-20 12:07:31 +02:00
Tony Torralba
2b2fa6e15b Add taint step for String.valueOf(Editable) 
Kotlin inlines expr.toString() as String.valueOf(expr) when expr is nullable
 2022-06-20 12:07:31 +02:00
Mathias Vorreiter Pedersen
edf0be0854 Merge pull request #9611 from MathiasVP/swift-nomagic-get-location 
Swift: Add `nomagic` to `getLocation`
 2022-06-20 10:42:45 +01:00
AlexDenisov
304f58b12c Update swift/tools/tracing-config.lua 
Co-authored-by: Paolo Tranquilli <redsun82@github.com>
 2022-06-20 11:22:13 +02:00
Mathias Vorreiter Pedersen
57abd4af89 Merge pull request #9612 from MathiasVP/fix-other-constructor-decl-ref-expr-to-string 
Swift: Fix 'toString' on 'OtherConstructorDeclRefExpr'
 2022-06-20 10:17:15 +01:00
Mathias Vorreiter Pedersen
12d27ec580 Swift: Modify 'toString' in 'OtherConstructorDeclRefExpr' to properly reflect that it's a reference and not a call. 2022-06-20 09:59:23 +01:00
yoff
8a2125353d Python: fix definition of LocalSourceNode 
and typo
 2022-06-20 08:48:33 +00:00
AlexDenisov
af379da7e6 Merge pull request #9321 from github/alexdenisov/xref-decls 
Swift: do not duplicate 'external' declarations
 2022-06-20 10:43:05 +02:00
Mathias Vorreiter Pedersen
068ac2b80e Swift: Add 'nomagic' to 'getLocation'. 2022-06-20 09:41:06 +01:00
Paolo Tranquilli
a91c94c38b Swift: temporarily disable failing test 2022-06-20 10:32:19 +02:00
Paolo Tranquilli
1f53b7fbe8 Merge main into alexdenisov/xref-decls 2022-06-20 10:25:29 +02:00
yoff
94145e9e74 Update python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll 2022-06-20 10:14:52 +02:00
Tamas Vajk
51f0a928dc C#: Fix global statement extraction by extracting statements inside the implicit main method context 2022-06-20 10:09:11 +02:00
Rasmus Wriedt Larsen
ae44a941f9 Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Tamas Vajk
c460e5757b C#: Add extractor error test for global statement extraction 2022-06-20 09:42:18 +02:00
Tamás Vajk
be2dfffb76 Merge pull request #9564 from tamasvajk/fix/diagnostic-query-metadata 
C#: Change `kind` query metadata to `diagnostic` for compiler/extractor errors and messages
 2022-06-20 09:02:35 +02:00
Jeroen Ketema
a4ecb7b4e9 Merge pull request #9473 from ton31337/fix/missing_closing 
doc: Add missing closing bracket in basic-query-for-cpp-code
 2022-06-20 08:38:35 +02:00
AlexDenisov
f1786f4d6b Apply suggestions from code review 
Co-authored-by: Cornelius Riemenschneider <cornelius@github.com>
 2022-06-20 07:29:10 +02:00
Harry Maclean
e1dcc207b4 Ruby: Model methods in Rails::Generators::Actions 
These methods are sinks for command injection.
 2022-06-20 13:36:09 +12:00
Harry Maclean
20ff4c4299 Ruby: Model ActiveRecord::Relation#touch_all 2022-06-20 13:36:02 +12:00
Harry Maclean
7dfab371f6 Ruby: Model redirect_back and redirect_back_or_to 
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
a298f5eb5e Ruby: Recognise File.atomic_write as a file writer 
This method is an ActiveSupport extension, but there's no harm in
recognising it universally as any identically-named method is likely to
also be a file writer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
0ce14fc4e5 Ruby: Recognise ActionCable logger class 2022-06-20 13:36:02 +12:00
Harry Maclean
4ecd595b73 Remove duplicate import 2022-06-20 13:36:02 +12:00
Erik Krogh Kristensen
6d3808bd89 remove redundant cast 2022-06-19 23:19:01 +02:00
Erik Krogh Kristensen
15f9e084d5 fix spurious resolved predicate expressions 2022-06-19 22:49:02 +02:00
Erik Krogh Kristensen
f8b451a514 get all calls to resolve to a unique predicate (within reason) 2022-06-19 22:38:09 +02:00