hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,684 Branches 159 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
e36c59b285 ReDoS: Sync. 2022-05-31 11:04:42 +02:00
Anders Schack-Mulligen
e016feeb5c ReDoS: Improve performance in ExponentialBackTracking.qll. 2022-05-31 11:04:03 +02:00
Jeroen Ketema
ce26124c01 Update cpp/ql/lib/change-notes/2022-05-30-braced-initializers.md 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-05-31 10:42:31 +02:00
Jeroen Ketema
e3046fb05b C++: Fix typo in upgrade script 2022-05-31 10:37:46 +02:00
Tamas Vajk
90fdd7eaf9 Kotlin: Reuse codeQlWithHasQuestionMark 2022-05-31 08:47:25 +02:00
Erik Krogh Kristensen
95fae8155e fix wrong comment 
Co-authored-by: Asger F <asgerf@github.com>
 2022-05-31 08:38:03 +02:00
Porcupiney Hairs
5c5e978d30 Remove local data flow query 2022-05-31 03:53:02 +05:30
Tamas Vajk
89ffefd45e Kotlin: Change return type of Android specific ConcurrentHashMap.keySet 2022-05-30 23:45:38 +02:00
Jeroen Ketema
bb93179c45 Merge pull request #9279 from github/felicitymay-patch-1 
Fix typo in recent docs update
 2022-05-30 23:31:37 +02:00
Porcupiney Hairs
bd1ddc177e Golang : Add query to detect JWT signing vulnerabilities 
Supersedes github/codeql-go#705
 2022-05-31 01:56:59 +05:30
Porcupiney Hairs
ae2cc378e5 Golang : Add Query To Detect PAM Authorization Bugs 2022-05-31 01:28:55 +05:30
Henry Mercer
a661a0cc7e Merge pull request #9376 from github/henrymercer/internal-repo-preserve-invariant 
Clean merge to preserve submodule invariant of internal repo
 2022-05-30 20:28:43 +01:00
Henry Mercer
76375f8d73 Merge remote-tracking branch 'origin/main' into henrymercer/semmle-code-noop-merge 2022-05-30 20:14:22 +01:00
Erik Krogh Kristensen
6a6a63e1aa Merge pull request #9354 from erik-krogh/jsStages 
JS: collapse a few small stages
 2022-05-30 20:31:54 +02:00
Henry Mercer
b1faba9880 Merge pull request #9359 from github/henrymercer/migrate-to-codeql-workspace 
Migrate `.codeqlmanifest.json` to `codeql-workspace.yml`
 2022-05-30 18:20:11 +01:00
Chris Smowton
1708719fdf Merge pull request #9343 from smowton/smowton/fix/align-kotlin-java-generic-types 
Kotlin: extract methods defined on collections types with their Java signatures
 2022-05-30 17:52:58 +01:00
Mathias Vorreiter Pedersen
b88fe1b2b4 Swift: Add test case and accept changes. 2022-05-30 17:05:06 +01:00
Mathias Vorreiter Pedersen
eed42a4e14 Swift: Make a new scope for each KeyPath expression. 2022-05-30 17:05:06 +01:00
Mathias Vorreiter Pedersen
cd1800ec7e Merge pull request #9371 from MathiasVP/extract-key-path-application 
Swift: Extract KeyPath applications
 2022-05-30 17:02:42 +01:00
Henry Mercer
99e6d2a925 Run relevant tests when codeql-workspace.yml is updated 2022-05-30 15:54:52 +01:00
Henry Mercer
ca764576be Swift: Update mention of manifest file in docs 2022-05-30 15:54:52 +01:00
Andrew Eisenberg
e544a9b94b Update codeql-workspace.yml 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-05-30 15:53:48 +01:00
Andrew Eisenberg
18c5474431 Add comment to codeql-workspace.yml 2022-05-30 15:53:48 +01:00
Andrew Eisenberg
c5dd8aa703 Convert .codeqlmanifest.json to codeql-workspace.yml 
The semantics are the same, except one is json, the other is
yaml.
 2022-05-30 15:53:48 +01:00
Mathias Vorreiter Pedersen
9175354bbd Swift: Add test and accept changes. 2022-05-30 15:51:49 +01:00
Mathias Vorreiter Pedersen
52f0b0d8d8 Swift: Fix extraction of roots in 'KeyPathExpr'. 2022-05-30 15:46:54 +01:00
Mathias Vorreiter Pedersen
21527f66e1 Swift: Extract KeyPath applications and KeyPathDot expressions. 2022-05-30 15:46:18 +01:00
Jeroen Ketema
a833e77c30 C++: Update DB scheme stats 2022-05-30 16:26:26 +02:00
Jeroen Ketema
38be04461e C++: Introduce relation for tracking braced initializers 2022-05-30 16:26:19 +02:00
Rasmus Wriedt Larsen
b6cc438390 Merge pull request #9368 from RasmusWL/test-model-api-graphs 
Python: Port test model to API graphs
 2022-05-30 15:45:13 +02:00
Mathias Vorreiter Pedersen
d8916568b6 Merge branch 'main' into fix-inconsistent-cfg 2022-05-30 14:07:10 +01:00
Mathias Vorreiter Pedersen
9b17493b3b Merge branch 'main' into not-all-functions-throw 2022-05-30 14:03:29 +01:00
Asger F
c188aa87c7 Merge branch 'main' into js/madman-prep 2022-05-30 15:03:14 +02:00
Mathias Vorreiter Pedersen
7ca01443e8 Merge pull request #9342 from rdmarsh2/rdmarsh2/swift/dataflow-global-flow 
Swift: initial interprocedural data flow implementation
 2022-05-30 13:54:56 +01:00
Rasmus Wriedt Larsen
420dea0792 Python: Fix example TestCase 2022-05-30 14:48:06 +02:00
Rasmus Wriedt Larsen
08e64ea1b4 Python: Remove contrived test-case example 2022-05-30 14:45:34 +02:00
Rasmus Wriedt Larsen
4861a980be Python: Fix cryptography modeling 
The old code was my own suggestion, that I thought would just work, but
was also slightly skeptical about.

I tested out whether it works with the code below

```codeql
predicate foo(int input, string res) {
  input = 1 and res = "that was one"
}

from int input, string res
where
  input in [1, 2] and
  if foo(input, res)
  then any()
  else res = "not one"
select input, res
```

which gave the 3 results

```
1 |	that was one
1 |	not one
2 |	not one
```

only by rewriting the code to be the one below, did I get down to the 2
results I actually wanted. So I've done the same kind of rewrite in the
commit.

```codeql
predicate foo(int input, string res) {
  input = 1 and res = "that was one"
}

from int input, string res
where
  input in [1, 2] and
  if foo(input, _)
  then foo(input, res)
  else res = "not one"
select input, res
```
 2022-05-30 14:37:27 +02:00
yoff
2492744a9b Merge pull request #8443 from haby0/py/CsvInjection 
Python: Add CSV injection model
 2022-05-30 14:31:28 +02:00
Rasmus Wriedt Larsen
a8b4b6a374 Python: Move test-modeling to API-graphs 
Notice that although we loose the contrived examples in `test.py`, we do
gain support for real-world test-case construction, which seems worth
the tradeoff.
 2022-05-30 14:13:06 +02:00
Rasmus Wriedt Larsen
a5dc4f430c Python: Expand test-filter tests 
With no virtual environment enabled, none of the third-party library
test case are found.
 2022-05-30 14:11:50 +02:00
Mathias Vorreiter Pedersen
ef31aec29e Swift: Autoformat. 2022-05-30 12:58:12 +01:00
Michael Nebel
61151d8980 Java: Update workflows and scripts usages to only generate summaries and sinks. 2022-05-30 13:53:44 +02:00
Mathias Vorreiter Pedersen
425d66e454 Update swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll 2022-05-30 12:52:48 +01:00
Mathias Vorreiter Pedersen
2106d48785 Swift: Add 'Argument.getIndex()' and use it in 'DataFlowDispatch'. 2022-05-30 12:51:29 +01:00
Mathias Vorreiter Pedersen
0d8a9458c6 Merge branch 'main' into rdmarsh2/swift/dataflow-global-flow 2022-05-30 12:46:06 +01:00
yoff
cd46f31cba Merge branch 'main' into py/CsvInjection 2022-05-30 13:41:31 +02:00
Michael Nebel
72dd1a6ec9 Java: Generate models without sources. 2022-05-30 13:40:14 +02:00
Rasmus Wriedt Larsen
7a6646dcaf Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00
Michael Nebel
a0ae8b3a97 Merge pull request #9361 from michaelnebel/java/capturemodels-metadata 
Java: Update capture models meta data.
 2022-05-30 13:22:09 +02:00
Asger F
5f42866de3 Merge pull request #9318 from asgerf/js/type-confusion-parmaeter-tampering-barrier 
JS: Fix FP in js/type-confusion-through-parameter-tampering
 2022-05-30 12:52:37 +02:00