hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-17 08:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,679 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
e669754d0b Swift: Also add local flow sources to summary queries. 2022-11-08 13:05:41 +00:00
Geoffrey White
be05b807cd Swift: Add models-as-data local flow sources as well. 2022-11-08 13:05:41 +00:00
Geoffrey White
0dcb5546a1 Swift: Add a LocalFlowSource and FlowSource class. 2022-11-08 13:05:41 +00:00
Geoffrey White
c5285acb04 Swift: Add more tests for String flow sources. 2022-11-08 13:05:40 +00:00
Paolo Tranquilli
552c5249ac Merge pull request #11131 from github/redsun82/swift-incomplete-ast 
Swift: deal with incomplete ASTs
 2022-11-08 14:01:58 +01:00
Tom Hvitved
f0554fcdee Merge pull request #11155 from hvitved/ruby/avoid-stage-recomputation 
Ruby: Avoid stage recomputation
 2022-11-08 13:46:53 +01:00
Tom Hvitved
edde3defed Merge pull request #11153 from hvitved/ruby/basic-block-at-conditions 
Ruby: Split basic blocks around constant conditionals
 2022-11-08 13:35:52 +01:00
Rasmus Wriedt Larsen
4895daba85 DataFlow: Add read/store stepIsLocal consistency checks 2022-11-08 13:32:49 +01:00
Asger F
69f5879384 JS: Update TRAP test output 2022-11-08 13:02:26 +01:00
Tony Torralba
d813590780 Merge pull request #11156 from atorralba/atorralba/swift/bitwise-operation 
Swift: Add `BitwiseOperation.qll`
 2022-11-08 12:15:00 +01:00
Jeroen Ketema
c61a9c5911 C++: Also taint the return value dereference in the strcat model 2022-11-08 12:08:44 +01:00
Asger F
44e94f6615 JS: Change note 2022-11-08 11:51:26 +01:00
Paolo Tranquilli
9731048836 Swift: remove an assert from swift headers 
An interesting byproduct was finding a problematic `assert` in the
Swift headers. An incomplete `FallthroughStmt` was asserting on having
a destination. I did not find any other sensible way of getting rid of
the crash when running in debug mode than to patch the header.
 2022-11-08 11:47:12 +01:00
Paolo Tranquilli
fda9d19a97 Swift: replace undefined labels with UnspecifiedElement 2022-11-08 11:47:12 +01:00
Paolo Tranquilli
8d3e6ff8a7 Swift: add label iteration 2022-11-08 11:47:12 +01:00
Paolo Tranquilli
450a4a04af Swift: add incomplete ast test 
The test was inspired by locally running the query against files in
https://github.com/apple/swift/tree/main/test/Parse

A query for missing elements was also added to the AST tests, expecting
nothing to be found.
 2022-11-08 11:46:07 +01:00
Asger F
fef922e417 JS: Bump extractor version string 2022-11-08 11:44:40 +01:00
Paolo Tranquilli
d6fb6bf036 Swift: customize UnspecifiedElement 2022-11-08 11:40:27 +01:00
Paolo Tranquilli
e17bc6c581 Swift: add UnspecifiedElement 2022-11-08 11:40:27 +01:00
Asger F
92e8f059c8 JS: Avoid emitting column zero in yaml files 2022-11-08 11:38:26 +01:00
Tony Torralba
4411852e59 Add BitwiseOperation.qll 2022-11-08 11:33:10 +01:00
Paolo Tranquilli
2aa528852e Swift: add possibility to specify null class 2022-11-08 11:27:14 +01:00
Nora Dimitrijević
7585541514 Merge branch 'main' into swift/js-injection 2022-11-08 11:25:54 +01:00
Nora Dimitrijević
d37ed02e79 Swift: basic Data-related taint flow in query 
Still TODO: a more comprehensive taint flow model for Data in the libs.
 2022-11-08 11:24:53 +01:00
Nora Dimitrijević
66291d3575 Swift: sync tests pass with additional flow steps 
TODO: Convert those flow steps to taint flow models in the library.
 2022-11-08 11:09:55 +01:00
Tom Hvitved
f0b9ca4bf9 Ruby: Add more guards tests 2022-11-08 11:09:54 +01:00
Asger F
a75c50620c Ruby: update more SSA test output 2022-11-08 11:03:24 +01:00
Jeroen Ketema
e00585ca24 Merge pull request #11154 from jketema/dataflow-test-fix 
C++: Fix wrong return types and missing statement in dataflow test
 2022-11-08 10:55:09 +01:00
Tom Hvitved
37a69b4569 Ruby: Avoid stage recomputation 2022-11-08 10:51:30 +01:00
Karim Ali
c794fef9cb update qhelp with more details about the use of constant passwords 2022-11-08 11:26:52 +02:00
AlexDenisov
d1848194eb Merge pull request #11152 from github/redsun82/swift-bitwise-test 
Swift: add bitwise ops to `PrintAst` test
 2022-11-08 10:25:48 +01:00
Tamás Vajk
38abd389eb Merge pull request #11045 from tamasvajk/kotlin-confusing-default 
Kotlin: Excluded compiler generated methods from `java/confusing-method-signature`
 2022-11-08 10:25:36 +01:00
Karim Ali
b1679df3d2 tighten check against the "iv" argument only 2022-11-08 11:22:18 +02:00
Karim Ali
b077fc5e91 add more details in qhelp about the use of hardcoded/constant IVs 2022-11-08 11:19:41 +02:00
Jeroen Ketema
0d4a2239fc C++: Fix wrong return types and missing statement in dataflow test 2022-11-08 09:55:10 +01:00
Paolo Tranquilli
072edad0fd Swift: accept new test changes 2022-11-08 09:30:25 +01:00
Erik Krogh Kristensen
c82410fd16 Merge pull request #10680 from erik-krogh/unsafeRbCmd 
RB: add an unsafe-shell-command-construction query
 2022-11-08 09:22:33 +01:00
Tom Hvitved
7ba0682297 Ruby: Split basic blocks around constant conditionals 2022-11-08 09:07:23 +01:00
Tom Hvitved
c86f597153 Ruby: Add test for disjunctive guard 2022-11-08 09:01:22 +01:00
Paolo Tranquilli
21adcca065 Swift: add bitwise ops to PrintAst test 2022-11-08 08:53:36 +01:00
Harry Maclean
8c8f1418d5 Merge pull request #11150 from hmac/try-fixup 
Ruby: Cosmetic change
 2022-11-08 12:19:47 +13:00
Harry Maclean
03aa8df8e2 Ruby: Cosmetic change 2022-11-08 10:24:21 +13:00
Harry Maclean
d392cdaab6 Merge pull request #11022 from hmac/try-code-injection 
Ruby: try/try! as code execution
 2022-11-08 09:42:52 +13:00
Tony Torralba
ef967b6a21 Merge pull request #10890 from atorralba/atorralba/android-startactivities-summaries 
Java: Add flow summaries for startActivities
 2022-11-07 18:06:30 +01:00
Nora Dimitrijević
7c515bbef7 Swift: _ as in _ = ... is a CFG leaf node. 
This enables DataFlow to skip over it and not get stuck.
 2022-11-07 18:02:06 +01:00
Geoffrey White
d72ea52f68 C++: More accurate test tags. 2022-11-07 16:32:46 +00:00
Geoffrey White
55a7adff20 C++: Make the message clearer. 2022-11-07 16:32:45 +00:00
Geoffrey White
b911556896 C++: Add a test showing the motivation. 2022-11-07 16:17:32 +00:00
Alexander Eyers-Taylor
c6c4a7b14f Merge pull request #11068 from alexet/alexet/qlspec-instanceof 
QL Spec: Add instanceof in classes
 2022-11-07 16:15:09 +00:00
Felicity Chapman
cfb0ff2618 Merge pull request #11145 from github/felicitymay-ruby-docs-updates 
Ruby: add a couple of missing links to a new article
 2022-11-07 16:09:48 +00:00