hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,684 Branches 159 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
d91b92511f Python: Add change-note 2022-06-08 17:46:51 +02:00
Rasmus Wriedt Larsen
5b2d799fde Python: Model certificate disabling in urllib3 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
0d02ca07d7 Python: Add certificate disable test of urllib/urllib2 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
049e87201c Python: Model certificate disabling in httpx 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
1a2a4232a8 Python: Refactor httpx tests 
and improve QLDocs a bit
 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
f72a1d98bb Python: Model certificate disabling in aiohttp.client 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
4b07a7b7be Python: Add missing QLDoc for requests 
Also fix links
 2022-06-08 17:41:42 +02:00
Rasmus Wriedt Larsen
f37d1775f1 Python: Improve requests tests 2022-06-08 17:41:11 +02:00
Rasmus Wriedt Larsen
c21e05aa44 Python: Use HTTP::Client::Request request for py/request-without-cert-validation 
This is very much like the Ruby query, except we also have the origin
that does the disabling.

976daddd36/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql (L18-L20)
 2022-06-08 15:42:32 +02:00
Rasmus Wriedt Larsen
9cb249fc2f Python: Add test we don't handle for py/request-without-cert-validation 2022-06-08 15:39:37 +02:00
Rasmus Wriedt Larsen
bb0435aba6 Merge branch 'main' into ruby-mad-argument-self 2022-06-08 14:19:29 +02:00
Paolo Tranquilli
8b52bb0c31 Swift: build x86_64 on arm64 macOS 
This is a temporary workaround. At a later stage we will add
* a Swift/LLVM prebuilt package for arm64
* universal binary for the extractor
 2022-06-08 10:25:38 +02:00
Dave Bartolomeo
5e5e2646e2 Fix codeql/suite-helpers dependency for Go 2022-06-07 10:55:49 -04:00
Ian Lynagh
5c9fea2283 Kotlin: Remove unused idOverride argument to extractFunction 2022-06-07 11:34:43 +01:00
Ian Lynagh
33e11b3014 Kotlin: Simplify samMember computation 2022-06-07 11:11:00 +01:00
thiggy1342
62291124ff remove constraint for Zip::File.open 2022-06-06 21:20:44 +00:00
thiggy1342
3c62271dba fix casing of Api 2022-06-06 21:18:08 +00:00
thiggy1342
074583eab8 add archive api file open query and test 2022-06-06 21:09:57 +00:00
Ian Lynagh
763f869e3f Kotlin: Remove some redundant code 2022-06-06 20:49:36 +01:00
thiggy1342
c5db11ee2e use select placeholder correctly 2022-06-06 14:01:02 +00:00
thiggy1342
6cb0717a07 Fix test syntax for sanitizer tests 2022-06-04 16:33:18 +00:00
thiggy1342
5ada3b76ed Merge branch 'main' into experimental-decompression-api 2022-06-03 16:45:53 -04:00
thiggy1342
54fd7809fe tweak metadata 2022-06-03 18:22:50 +00:00
thiggy1342
c5dc8779d1 Increased query robustness and test coverage 2022-06-03 18:05:56 +00:00
jorgectf
171239b78f Format FlaskMail.qll and Sendgrid.qll 2022-06-03 18:27:45 +02:00
Paolo Tranquilli
a0acb19b68 Swift: remove redundant import 2022-06-03 15:28:48 +02:00
Paolo Tranquilli
01e1c13c29 Swift: add UnknownLocation 
`getLocation()` will now exists for all entities. When there is no
valid location, the location will still not be emitted in the DB, but
on the QL side we will then assign a special `UnknownLocation` with
empty filename and 0 for line/column start/end.

This unknown location is currently emitted (with a unique `@` key) at
the start of every extraction, but we can move it elsewhere (and
possibly in a unique global trap file) at a later stage, possibly after
or when we rework the trap file strategy.

This should solve flakiness that was observed on the control flow tests,
which is probably caused by the `nodes` predicate in the `TestOutput`
class in `ControlFlowGraphImplShared.qll` not able to assign a proper
rank when the node does not have a location.
 2022-06-03 14:59:22 +02:00
Tamás Vajk
4a025053cc Merge pull request #9400 from tamasvajk/kotlin-fix-parcelize-symbols 
Kotlin: Fix fake raw type symbols used by the Parcelize plugin
 2022-06-03 13:34:22 +02:00
Rasmus Wriedt Larsen
50196d099b Inline Expectation Tests: sync 2022-06-03 11:39:57 +02:00
Rasmus Wriedt Larsen
c1e6996e99 Inline Expectation Tests: Allow tag[foo bar] 
This is partly motivated by the MaD tests which looks much better now in
my opinion.

I also wanted this for testing argument passing. In Python we're
adopting the same argument positions as Ruby has
[here](4f3751dfea/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll (L508-L540))

So it would be nice if `arg[keyword foo]=...` was allowed, without
having to transform the `toString()` result of an argument position into
something without a space.
 2022-06-03 11:39:57 +02:00
Rasmus Wriedt Larsen
07c22a857f Merge pull request #9420 from RasmusWL/sync-go-inline 
Go: Sync InlineExpectationsTest
 2022-06-03 11:37:13 +02:00
Rasmus Wriedt Larsen
aa78ce3c75 Merge pull request #9413 from github/RasmusWL/query-list-cli-tags 
Misc: query-list should run on `codeql-cli/*` tags
 2022-06-03 11:36:52 +02:00
Rasmus Wriedt Larsen
cceeaef6bf Merge pull request #9412 from github/RasmusWL/labeler-permissions 
Misc: Set permissions for labeler Action
 2022-06-03 11:36:37 +02:00
Tamas Vajk
0a484aadf1 Improve code quality based on PR review 2022-06-03 11:17:13 +02:00
Tamas Vajk
ba5cf5b1b2 Kotlin: Fix fake raw type symbols used by the Parcelize plugin 2022-06-03 11:17:13 +02:00
AlexDenisov
0a861ff616 Merge pull request #9410 from github/alexdenisov/swift-extract-only-primary-files 
Swift: extract only primary files
 2022-06-03 10:44:18 +02:00
Alex Denisov
14384b7696 Swift: switch back to references 2022-06-03 10:22:25 +02:00
Paolo Tranquilli
87234938ef Swift: correct typo 2022-06-03 08:45:59 +02:00
Chris Smowton
04422eeaee Merge pull request #9378 from porcupineyhairs/goJwtSign 
Golang : Add query to detect JWT signing vulnerabilities
 2022-06-02 20:53:03 +01:00
Chris Smowton
d5ac7190cc Remove duplicate function 2022-06-02 17:02:54 +01:00
Chris Smowton
e54b29a846 Autoformat 2022-06-02 15:58:29 +01:00
Chris Smowton
602495df4c Replace cases accidentally handled by CompareExprSanitizer with ReturnedAlongsideErrorSanitizerGuard 2022-06-02 15:53:41 +01:00
Chris Smowton
70c74bfcc0 Merge pull request #9418 from smowton/smowton/admin/test-java-kotlin-map-entries 
Kotlin: add test for Java and Kotlin both extending Map.Entry
 2022-06-02 15:52:59 +01:00
Robert Marsh
43907b6a30 Merge pull request #9409 from github/alexdenisov/swift-fix-ctor-dtor-tostring 
Swift: fix ctor/dtor names in toString
 2022-06-02 10:34:03 -04:00
Chris Smowton
b48a07e7b8 Tighten up CompareExprSanitizer 
- Document
- Only actually consider comparisons
- Don't sanitize literals
 2022-06-02 15:18:38 +01:00
Chris Smowton
3155771abe Rename empty-string sanitizer to reflect what it actually does. 2022-06-02 15:10:02 +01:00
Chris Smowton
bfbc1d48b7 Simplify redundant sanitizer 2022-06-02 15:02:41 +01:00
Chris Smowton
3d63cec1e8 Autoformat 2022-06-02 14:45:28 +01:00
Porcupiney Hairs
361b7037c6 Include suggested changes from review. 2022-06-02 19:11:44 +05:30
Paolo Tranquilli
ede6bd8ffe Swift: document and partially simplify codegen 
This adds:
* a base `README.md` file to `codegen`
* module docstrings for the modules in `generators`
* help strings on all command line flags

Moreover some unneeded command line flags (`--namespace`,
`--include-dir` and `--trap-affix`) have been dropped.
 2022-06-02 15:28:57 +02:00