hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 22:21:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,816 Commits 1,690 Branches 160 Tags
codeql-cli/v2.12.4
Commit Graph

50816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Denisov
f6cfeab357 Swift: add Xcode autobuilder to CI 2022-10-19 16:29:08 +02:00
Tony Torralba
429bd5fbd8 Add flow summaries for startActivities 
Uses SyntheticCallables and SyntheticGlobals to pair each startActivities call to getIntent calls in the components targeted by the intent(s).
 2022-10-19 16:25:04 +02:00
Alex Denisov
95b7e8abb5 Swift: make xcode-autobuilder tester work with several tests 2022-10-19 16:20:32 +02:00
Ian Lynagh
71b649558b Merge pull request #10648 from igfoo/igfoo/lockless 
Kotlin: Implement lockless TRAP writing
 2022-10-19 15:04:19 +01:00
Alex Denisov
e51485595c Swift: introduce xcode-autobuilder tests 2022-10-19 16:04:07 +02:00
Erik Krogh Kristensen
8086d37cfc Merge pull request #10840 from erik-krogh/html_safe 
RB: simplify html_safe modeling
 2022-10-19 15:02:21 +02:00
ALJI Mohamed
d6fa745279 Add TarSlip Improv query 2022-10-19 14:01:40 +01:00
Tamas Vajk
3e476f96bd Kotlin: Exclude captured variables from constant loop condition check 2022-10-19 15:01:17 +02:00
Jami Cogswell
961e5c72a3 minor updates 2022-10-19 08:44:35 -04:00
Tamas Vajk
0bc57410a0 Kotlin: Add FP test case for constant loop condition 2022-10-19 14:19:49 +02:00
Ian Lynagh
24a84875ad Merge pull request #10879 from jsoref/spelling-kotlin 
Spelling kotlin
 2022-10-19 12:26:52 +01:00
erik-krogh
3dd89bb7bf remove duplicate alerts due to multiple states reaching the same sink 2022-10-19 13:19:18 +02:00
Tom Hvitved
9e5d9f897f Merge pull request #10824 from jsoref/spelling-csharp 
Spelling csharp
 2022-10-19 13:16:02 +02:00
Ian Lynagh
83a3ae64c4 Kotlin: Accept test changes 2022-10-19 12:14:39 +01:00
Ian Lynagh
c9cf33dd20 Kotlin: Nest TRAP files inside their basename 2022-10-19 12:14:39 +01:00
Ian Lynagh
dff1cf4c48 Kotlin: Don't write TRAP files that are already out-of-date 2022-10-19 12:14:38 +01:00
Ian Lynagh
e6e0fe0cd4 Kotlin: Tweak custom_plugin/diagnostics test 2022-10-19 12:14:38 +01:00
Ian Lynagh
b251078976 Kotlin: Implement lockless TRAP writing 
Rather than using lock files and rewriting TRAP file, and storing the
metadata in a .metadata file, we now encode the metadata in the filename
and rename all but the newest TRAP file so that the importer doesn't
see them.

So we might end up with e.g.
    Text.members#0.0-1664381081060-java.trap.gz
    Text.members#55.0-1658481279000-java.trap-old.gz
    Text.members#55.0-1664381081060-java.trap-old.gz

For now, you can go back to the old system by setting
    CODEQL_EXTRACTOR_JAVA_TRAP_LOCKING=true
in the environment.
 2022-10-19 12:14:38 +01:00
erik-krogh
226bd1f321 add flow-state support to sanitizers in code-execution, and use that to refactor the string-concatenation-sanitizer 2022-10-19 13:06:54 +02:00
erik-krogh
3e51f6fa8e use flow-states to remove FPs related to an attacker only controlling a substring in code-injection 2022-10-19 13:00:44 +02:00
Erik Krogh Kristensen
caaee26ae5 Merge pull request #10880 from jsoref/spelling-ql 
Spelling ql
 2022-10-19 12:38:48 +02:00
erik-krogh
2a72e89090 add a runsImmediately predicate to CodeExecution (name chosen by Copilot) 2022-10-19 12:30:47 +02:00
Chris Smowton
7ba9a31766 Use US spelling 2022-10-19 10:41:29 +01:00
Paolo Tranquilli
861377f650 Swift: property doc tweaks 2022-10-19 11:40:05 +02:00
erik-krogh
d77b31672d add failing test for safe-ish uses of Object.send 2022-10-19 11:27:08 +02:00
erik-krogh
cb33d5aeff add test for .send(..) in code-injection 2022-10-19 11:25:30 +02:00
Tony Torralba
fd8f8cb930 Merge pull request #10223 from atorralba/atorralba/unsafe-content-resolver 
Java: New Android query to detect unsafe content URI resolution
 2022-10-19 11:22:04 +02:00
Tamás Vajk
0f499dfb75 Merge pull request #10877 from tamasvajk/kotlin-safe-call-null-check 
Kotlin: Add test for useless null check on safe calls
 2022-10-19 11:19:58 +02:00
Tamás Vajk
086362d8ee Merge pull request #10859 from tamasvajk/kotlin-field-masking 
Kotlin: Exclude fields of live literals from `java/field-masks-super-field`
 2022-10-19 11:19:44 +02:00
Josh Soref
99aa5ffea6 spelling: substitutions 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 05:10:23 -04:00
Josh Soref
24a032041f spelling: sanitize 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 05:10:23 -04:00
Henry Mercer
3afb9c1b3b Merge pull request #10845 from github/henrymercer/remove-worsening-queries 
ATM: Remove worsening-based queries
 2022-10-19 10:05:53 +01:00
Josh Soref
0bc19506e7 spelling: reinitialised 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:59:16 -04:00
Josh Soref
0079ee3d54 spelling: annotation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:59:16 -04:00
James Fletcher
e9e2e90a92 Merge pull request #10647 from jf205/lgtm-cli-vs-code 
Partially remove mentions of lgtm.com from the CodeQL documentation
 2022-10-19 09:32:01 +01:00
Josh Soref
d722448796 spelling: injection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:27:37 -04:00
Josh Soref
a4beafbe44 spelling: classifier 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:27:37 -04:00
Josh Soref
7055b139bf spelling: the 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:22:34 -04:00
AlexDenisov
5c8fa84d30 Merge pull request #10786 from github/alexdenisov/xcode-autobuilder 
Swift: introduce Xcode autobuilder
 2022-10-19 10:19:49 +02:00
Josh Soref
2636f7108e spelling: subclasses 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00
Josh Soref
08b06aa056 spelling: regular 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00
Josh Soref
e39706afc1 spelling: regex 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00
Josh Soref
866cc1eda1 spelling: recursive 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00
Josh Soref
b3df4ab207 spelling: preferable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00
Josh Soref
d9900fe548 spelling: possibility 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00
Josh Soref
bc029bd1b8 spelling: plentiful 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00
Josh Soref
f2ce34cd41 spelling: parameterized 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00
Josh Soref
08d479bff4 spelling: override 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00
Josh Soref
a6e0f0e47a spelling: maintainability 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00
Josh Soref
4d22b2aaab spelling: interesting 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-19 04:19:27 -04:00