hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,684 Branches 159 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
cdf343c5ee Merge pull request #9576 from erik-krogh/swift-fix 
Swift: add empty implementation of `defaultImplicitTaintRead`
 2022-06-16 09:51:44 +01:00
Mathias Vorreiter Pedersen
2ed3f5cafe Merge pull request #9560 from MathiasVP/swift-non-empty-query-directory 
Swift: Add a placeholder query
 2022-06-16 09:29:25 +01:00
Ian Lynagh
0d97753cf8 Merge pull request #9573 from igfoo/igfoo/typo 
CaptureSinkModels.ql: Fix typo
 2022-06-16 09:24:45 +01:00
Erik Krogh Kristensen
c5e412db01 add empty implementation of defaultImplicitTaintRead 2022-06-16 10:17:59 +02:00
Michael Nebel
9211d75b3d C#: Add change note. 2022-06-16 08:43:06 +02:00
Michael Nebel
1f2f2fff7f C#: Update testcases with examples. 2022-06-16 08:43:06 +02:00
Michael Nebel
e1c7003cde C#: Only consider directly public auto implemented properties with public getters and setters as being tainted. 2022-06-16 08:43:06 +02:00
Michael Nebel
ef0a3d0a79 C#: Add testcase for controller parameter types tainted members. 2022-06-16 08:38:31 +02:00
Michael Nebel
93007f89c8 C#: Move ASP Net Core stubs into stubs folder. 2022-06-16 08:38:31 +02:00
thiggy1342
ef9442d377 Merge branch 'main' into experimental-archive-api 2022-06-15 21:46:23 -04:00
thiggy1342
056fa71f3e add change notes 2022-06-16 01:04:50 +00:00
thiggy1342
b078430faf add Zip::File.new query to tests 2022-06-16 00:51:50 +00:00
Harry Maclean
311296469d Minor improvements to ImproperMemoizationQuery 2022-06-16 12:44:33 +12:00
Harry Maclean
ff0422c12d Ruby: Add rb/improper-memoization change note 2022-06-16 12:44:33 +12:00
Harry Maclean
1ac604f769 Ruby: Private import in ImproperMemoizationQuery 2022-06-16 12:44:33 +12:00
Harry Maclean
457a84006c Ruby: Narrow memo method candidates earlier 2022-06-16 12:44:33 +12:00
Harry Maclean
ef6f0e5b30 Ruby: Add Improper Memoization query 
This query finds cases where a method memoizes its result but fails to
include one or more of its parameters in the memoization key (or doesn't
use memoization keys at all). This can lead to the method returning
incorrect results when subsequently called with different arguments.
 2022-06-16 12:44:33 +12:00
thiggy1342
e317392336 add Zip::File.new to framework 2022-06-16 00:22:15 +00:00
thiggy1342
0281dbd532 remove Zip::Entry.extract from query 2022-06-16 00:04:31 +00:00
Harry Maclean
7c5a83833b Merge pull request #8737 from hmac/hmac/posix-spawn 
Ruby: Model the posix-spawn gem
 2022-06-16 00:50:10 +01:00
Harry Maclean
a38e59a681 Merge pull request #9030 from hmac/hmac/activesupport 
Ruby: Model various bits of ActiveSupport
 2022-06-16 00:49:38 +01:00
Ian Lynagh
5280cf4e91 CaptureSinkModels.ql: Fix typo 2022-06-15 20:19:15 +01:00
Erik Krogh Kristensen
ce323e215b add heuristic taint-step for potentially unmodelled libraries, and meta query for counting potential unmodelled steps 2022-06-15 20:27:49 +02:00
thiggy1342
540c51022d Merge branch 'main' into experimental-decompression-api 2022-06-15 13:40:27 -04:00
thiggy1342
c67c25d4a5 Merge branch 'main' into experimental-archive-api 2022-06-15 13:40:13 -04:00
Chris Smowton
2d57d3aa78 Implement array type variance lowering 
Kotlin permits introducing a `? extends ...` wildcard against an Array even though the class is final, so long as its argument itself can be extended (i.e. isn't final or is another array type satisfying this condition).

Contravariant arrays get lowered to Object[], and are subject to automatic `extends` wildcard introduction, unless their element type was already Any.
 2022-06-15 18:36:56 +01:00
Andrew Eisenberg
b993558987 Update docs to include how to run a pack with path 
`scope/name@range:path` is a valid way to specify a set of queries.
 2022-06-15 10:14:51 -07:00
Erik Krogh Kristensen
b16124d522 Merge pull request #9568 from tausbn/ql-add-parser-support-for-parameterised-modules 
QL: Allow module applications to the right of `::`
 2022-06-15 19:14:07 +02:00
Taus
73a807c7e8 QL: Allow module applications to the right of :: 2022-06-15 16:18:30 +00:00
Robert Marsh
478c2773fe Merge pull request #9555 from MathiasVP/swift-mad 
Swift: Add MaD skeleton
 2022-06-15 11:58:04 -04:00
Rasmus Wriedt Larsen
d6e68258a4 Python: API-graphs: allow class decorators in .getASubclass() 2022-06-15 17:30:34 +02:00
Rasmus Wriedt Larsen
5f32f898d5 Python: API-graphs: test class decorators and subclass 
A class decorator could change the class definition in any way.

In this specific case, it would be better if we allowed the subclass to
be found with API graphs still.

inspired by
c2250cfb80/tests/auth_tests/test_views.py (L40-L46)
 2022-06-15 16:16:34 +02:00
Rasmus Wriedt Larsen
b2c8e0fe8d Python: Add comment to test 2022-06-15 15:59:54 +02:00
Rasmus Wriedt Larsen
24c9aff2fc Python: Fix a type-tracking test 2022-06-15 15:58:17 +02:00
Paolo Tranquilli
0957801588 Merge pull request #9521 from github/redsun82/swift-qltestgen 
Swift: generated extractor tests
 2022-06-15 15:39:35 +02:00
Alex Ford
34065f9e93 Ruby: recognize ActiveRecord find_by_x methods 2022-06-15 14:33:09 +01:00
github-actions[bot]
1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
Michael Nebel
9639dca33f C#: Consider all properties of ASP.NET Core like objects to also be sources of tainted data. 2022-06-15 15:13:37 +02:00
Paolo Tranquilli
78deff68a3 Swift: add generated enum tests 2022-06-15 14:50:33 +02:00
yoff
f14a90ff09 Merge pull request #9200 from tausbn/python-modernise-weak-file-permissions-query 
Python: Modernise weak file permissions query
 2022-06-15 14:37:17 +02:00
Erik Krogh Kristensen
b24b275b94 Merge pull request #7669 from erik-krogh/fieldUnusedInDisjunct 
QL: field unused in disjunct
 2022-06-15 14:32:37 +02:00
Alex Denisov
08ad95b769 Swift: switch to references instead of pointers 2022-06-15 14:19:31 +02:00
Rasmus Lerchedahl Petersen
0608d4d2f9 python: fix alerts 
Also, remove the `toLowerCase` again,
as I do not know what effect it will have.
 2022-06-15 14:18:29 +02:00
AlexDenisov
343ba5ffa8 Update swift/extractor/SwiftDispatcher.h 
Co-authored-by: Paolo Tranquilli <redsun82@github.com>
 2022-06-15 14:13:50 +02:00
Rasmus Lerchedahl Petersen
40b61fa85f python: fix qldocs and clean-up dead code 2022-06-15 14:07:35 +02:00
Mathias Vorreiter Pedersen
eff046e2f7 Swift: Respond to review comments. 2022-06-15 13:01:27 +01:00
Mathias Vorreiter Pedersen
693575a7e5 Update sync-identical-files. 2022-06-15 13:00:57 +01:00
Mathias Vorreiter Pedersen
55d551c99c Swift: Add 'MaD' skeleton. 2022-06-15 13:00:56 +01:00
Tamas Vajk
aedf43f14a C#: Change kind query metadata to diagnostic for compiler/extractor errors and messages 2022-06-15 13:50:27 +02:00
Jeroen Ketema
77b2f07eff Merge pull request #9561 from jketema/frontend-patches 
Revert "C++: Fix test failures where location of reference dereference in lambda changed"
 2022-06-15 13:29:53 +02:00