hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-17 16:34:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,679 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
tiferet
c0cc754fb5 Rename ClassificationReasons 
Change the name to EndpointCharacteristics.
 2022-11-04 09:30:30 -07:00
tiferet
a4939b91e7 Generalize the definition of a known sink: 
If the list of reasons includes positive indicators with maximal confidence for this class, it's a known sink for the class.

This negates the need for each query config to define the isKnownSink predicate individually.
 2022-11-04 09:30:29 -07:00
tiferet
08bbe596a2 Create the sink ClassificationReasons 
Write the reasons that indicate that an endpoint is a sink for each sink type.

Also fix import error.
 2022-11-04 09:30:29 -07:00
erik-krogh
d7f1491f41 fix non-attached annotations for newtype branches 2022-11-04 17:19:42 +01:00
Dave Bartolomeo
649c3af98a Merge pull request #11127 from github/henrymercer/fix-atm-pr-checks 
ATM: Fix CodeQL pack workspace references
 2022-11-04 12:19:42 -04:00
Alex Ford
53e83ff048 Ruby: AST ref docs - add futher reading section 2022-11-04 16:01:31 +00:00
Alex Ford
13aad99194 Ruby: AST ref docs - add Calls section intro 2022-11-04 16:01:31 +00:00
Alex Ford
a77fc96067 Ruby: AST ref docs - note about desugaring and synthesized AstNodes 2022-11-04 16:01:31 +00:00
Alex Ford
530b29ccdf Ruby: AST ref docs - note AssignExpr 2022-11-04 16:01:31 +00:00
Alex Ford
9cf3284371 Ruby: AST ref docs - add a missing space 2022-11-04 16:01:31 +00:00
Arthur Baars
5aee96d907 Merge branch 'codeql-cli-2.11.2' into ruby/ast-ref-table-docs 2022-11-04 16:39:29 +01:00
Arthur Baars
a11de9b145 Merge branch 'codeql-cli-2.11.2' into nickrolfe/ruby-dataflow-docs 2022-11-04 16:38:19 +01:00
Arthur Baars
20bebba1ff Merge pull request #10957 from aibaars/doc-api-graph 
Ruby: document API graphs
 2022-11-04 16:36:38 +01:00
Arthur Baars
58c0e65542 Merge pull request #11129 from aibaars/improve-weak-crypto 
Ruby: Improve weak crypto query
 2022-11-04 16:31:55 +01:00
alexet
c07db098a7 QLSpec: Adress comments from review 2022-11-04 15:27:21 +00:00
Arthur Baars
610bbeee97 Update docs/codeql/codeql-language-guides/using-api-graphs-in-ruby.rst 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-11-04 16:21:57 +01:00
Chris Smowton
8fd4041511 Kotlin: always populate the files table 
Previously individual top-level file declarations relied on their corresponding file-class to declare their `File` instance, but this can be scuppered by a Java extractor replacing that file-class and identifying a different file location.
 2022-11-04 15:00:27 +00:00
Arthur Baars
98f4c29913 Ruby: weak crypto: do not report weak hash algorithms 
Weak hash algorithms such as MD5 and SHA1 are often
used in non security sensitive contexts and reporting
all uses is far too noisy.
 2022-11-04 15:58:50 +01:00
Erik Krogh Kristensen
418d632738 Merge pull request #11123 from erik-krogh/stableCI-followup-2 
fix typo in compile-queries workflow
 2022-11-04 15:48:27 +01:00
AlexDenisov
c7da814bca Merge pull request #11122 from github/alexdenisov/make-macos-sed-happy 
Swift: make sed on macos happy
 2022-11-04 15:45:06 +01:00
Paolo Tranquilli
0370d1a1ba Merge pull request #11008 from github/redsun82/swift-macos-integration-tests 
Swift: rework workflows
 2022-11-04 15:44:42 +01:00
Alex Ford
d218572c72 Ruby: Apply review suggestions for AST reference guide 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-11-04 14:42:33 +00:00
Tom Hvitved
05bf86acb6 Merge pull request #11126 from hvitved/cpp/position-overrides 
C++: Let `(Indirect|Direct)Position` be sub classes of `Position`
 2022-11-04 15:35:27 +01:00
AlexDenisov
0260ecfbdb Merge branch 'main' into alexdenisov/make-macos-sed-happy 2022-11-04 15:17:08 +01:00
Henry Mercer
0b9588bf9e ATM: Add test pack to workspace 2022-11-04 14:07:14 +00:00
Henry Mercer
3e863a539a ATM: Fix CodeQL pack workspace references 
This fixes the
[ATM PR checks](https://github.com/github/codeql/actions/runs/3392995797/jobs/5639827326)
breaking on main as a result of
https://github.com/github/codeql/pull/11004.
 2022-11-04 14:03:34 +00:00
Tom Hvitved
95835b8297 C++: Let (Indirect|Direct)Position be sub classes of Position 2022-11-04 14:31:18 +01:00
erik-krogh
def9b5e2ce fix typo in compile-queries workflow 2022-11-04 13:58:29 +01:00
Erik Krogh Kristensen
265838aa2c Merge pull request #11117 from erik-krogh/stableCI-followup 
fix merge-base compilation when running directly on main
 2022-11-04 13:56:41 +01:00
Arthur Baars
fadc278485 Merge branch 'codeql-cli-2.11.2' into nickrolfe/ruby-dataflow-docs 2022-11-04 13:05:26 +01:00
AlexDenisov
476bbfbdb7 Update qltest.sh 2022-11-04 13:04:24 +01:00
Henry Mercer
cbbff0c401 ATM: Rename workflow 
Rename to take into account us now checking the results of the query
suite too.
 2022-11-04 11:51:35 +00:00
Henry Mercer
87f7b65052 ATM: Check the results of the queries too 2022-11-04 11:51:35 +00:00
Erik Krogh Kristensen
91b33f72b5 update name and comment to reflect that it also runs on rc branches 2022-11-04 12:50:18 +01:00
Anders Schack-Mulligen
a1dba82360 Dataflow: Sync. 2022-11-04 12:41:55 +01:00
Anders Schack-Mulligen
828d187198 Dataflow: Fix a couple of join-orders. 2022-11-04 12:41:55 +01:00
Tamás Vajk
545dd8b8d8 Merge pull request #11106 from tamasvajk/kotlin-binop-ext 
Kotlin: Extract extension binary operators
 2022-11-04 12:41:06 +01:00
Chris Smowton
ca04779dfc Kotlin: fix extraction of Java nested wildcards; wildcards in return types 
This fixes two mistakes: return-type extraction not imposing a wildcard where a Java prototype explicitly uses one, and nested wildcard detection quietly failing due to not looking through a `JavaWildcardType` correctly.

I add a variant of the `kotlin_java_lowering_wildcards` test where Java prototypes are only seen from Kotlin, to be sure extraction is working as expected.
 2022-11-04 11:39:26 +00:00
Henry Mercer
fe27e09a07 ATM: Add codeowners entry for new workflow 2022-11-04 10:57:00 +00:00
Henry Mercer
05dd161d76 ATM: Use database analyze to check results interpretation too 2022-11-04 10:54:08 +00:00
Henry Mercer
7976d746b6 ATM: Simplify DB path definition and improve quoting 2022-11-04 10:49:25 +00:00
Henry Mercer
35a4d31519 ATM: Fix naming of query pack 2022-11-04 10:46:06 +00:00
Henry Mercer
f558e858e7 ATM: Install codeql using new input to fetch-codeql Action 2022-11-04 10:44:14 +00:00
Paolo Tranquilli
2bec4479e7 Merge pull request #11029 from github/redsun82/swift-filtered-debugging 
Swift: add possibility to run the extractor under an env-specified tool
 2022-11-04 11:44:11 +01:00
erik-krogh
47289a4d33 fix merge-base compilation when running directly on main 2022-11-04 11:28:56 +01:00
Erik Krogh Kristensen
ec87a932b8 Merge pull request #11078 from erik-krogh/stableCI 
add workflow that checks compilation of all queries with the latest stable release
 2022-11-04 11:21:23 +01:00
Michael Nebel
d580722164 C#: Modify unsupported external library meta query to use call instead of dispatchcall. 2022-11-04 11:20:33 +01:00
Michael Nebel
187ece610b C#: Only evaluate api name and namespace strings if they are needed. 2022-11-04 11:20:33 +01:00
Michael Nebel
366b94addc C#: Implement override for getAPrimaryQlClass for AnonymousClass. 2022-11-04 11:20:33 +01:00
Michael Nebel
e0d7e277fb C#: Align counting with Java and only count calls and not all possible dispatch calls. 2022-11-04 11:20:33 +01:00