hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-16 06:53:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,816 Commits 1,690 Branches 160 Tags
codeql-cli/v2.12.4
Commit Graph

50816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
720cf5682b Exclude enum constructor invocations from defaults handling 
These seem to provide null arguments even though the constructor doesn't provide defaults, presumably for completion by a later compiler phase.
 2022-10-06 12:40:01 +01:00
Chris Smowton
6cc74da004 Defaults function extraction: respect the extract-type-accesses flag 2022-10-06 12:39:57 +01:00
Chris Smowton
34a0a0d080 Implement $default method synthesis 
This adds methods that fill in default parameters whenever a constructor or method uses default parameter values. I use as similar an approach to the real Kotlin compiler as possible both because this produces the desirable dataflow, and because it should merge cleanly with the same class file seen by the Java extractor, which will see and
extract the signatures of the default methods.
 2022-10-06 12:38:55 +01:00
erik-krogh
169965cfb9 make rb/meta/taint-steps into a @kind problem query 2022-10-06 13:28:10 +02:00
gregxsunday
9960d11042 added RequestBody source to Beego framework 2022-10-06 13:23:56 +02:00
Geoffrey White
c6b7bb436d C++: Make the ql-for-ql checks happy. 2022-10-06 11:25:22 +01:00
Chris Smowton
6f3c9e4403 Split up extractRawMethodAccess 2022-10-06 11:05:27 +01:00
Mathias Vorreiter Pedersen
a856bc8678 Merge pull request #10562 from rdmarsh2/rdmarsh2/cpp/field-off-by-one 
C++: prototype for off-by-one in array-typed field
 2022-10-06 11:04:12 +01:00
Tom Hvitved
48bdf13c89 Ruby: Take overrides into account for singleton methods defined on modules 2022-10-06 11:56:26 +02:00
Mathias Vorreiter Pedersen
0065a5af96 Swift: Accept path-explanation test changes. 2022-10-06 10:30:18 +01:00
Mathias Vorreiter Pedersen
1edd4d855a Swift: Add an example with flow through a callback function. 2022-10-06 10:30:11 +01:00
Mathias Vorreiter Pedersen
197f036797 Swift: Support local MaD steps in both dataflow and taintflow. 2022-10-06 10:30:04 +01:00
Mathias Vorreiter Pedersen
9d069b32b0 Swift: Create ArgumentNodes and OutNodes for MaD. 2022-10-06 10:29:59 +01:00
Mathias Vorreiter Pedersen
0b6ea703ea Swift: Create explicit parameter nodes for source parameters and MaD parameters. 2022-10-06 10:29:52 +01:00
Mathias Vorreiter Pedersen
bba70a70fb Swift: Support selecting fields in Swift MaD. 2022-10-06 10:29:45 +01:00
tyage
ddc8f72ef7 accept test result Xss.qlref 2022-10-06 18:23:10 +09:00
Mathias Vorreiter Pedersen
32d0b58923 C++: Fix qhelp example. 2022-10-06 10:19:53 +01:00
Tom Hvitved
7608276397 Ruby: Add more call graph tests 2022-10-06 10:38:02 +02:00
Anders Schack-Mulligen
5b67ba2939 Merge pull request #10177 from atorralba/atorralba/path-sanitizer 
Java: Promote `PathSanitizer.qll` from experimental
 2022-10-06 10:29:33 +02:00
Anders Schack-Mulligen
cbeff4efc8 Merge pull request #10693 from atorralba/atorralba/fix-guard-bad-magic 
Java: Fixes bad magic in `Guard::guardControls_v3`
 2022-10-06 10:14:48 +02:00
erik-krogh
db056aae1b add some more meta queries for Ruby evaluations 2022-10-06 10:14:28 +02:00
Geoffrey White
86756538f2 C++: Change note. 2022-10-06 09:14:25 +01:00
Geoffrey White
3f78a244b9 C++: Make the tests use more repetitions. 2022-10-06 09:14:24 +01:00
Geoffrey White
9a365d83cf C++: Tighten up the heuristic in cpp/unterminated-variadic-call. 2022-10-06 09:14:16 +01:00
Tom Hvitved
0e6735b804 Merge pull request #10691 from hvitved/dataflow/conjunctive-clears 
Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`
 2022-10-06 09:03:30 +02:00
Tamas Vajk
0bbc7adca0 Accept test changes 2022-10-06 08:45:57 +02:00
Henry Mercer
d80d39504f Tag successfully extracted files queries 
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
 2022-10-05 19:19:43 +01:00
Asger F
387e57546b Merge pull request #10650 from asgerf/rb/summarize-more 
Ruby: more type-tracking steps
 2022-10-05 19:16:56 +02:00
Alex Ford
a28d7b64ea Merge branch 'main' into rb/sensitive-get-query 2022-10-05 15:59:02 +01:00
Alex Ford
fa58c51810 Ruby: switch rb/sensitive-get-query back to using local flow 2022-10-05 15:58:05 +01:00
Tamas Vajk
46fb9865ac Add lateinit test to print the extracted AST 2022-10-05 16:09:00 +02:00
Chris Smowton
7f8bcf76bf Merge pull request #10665 from dilanbhalla/dilan-java/guidance-exectainted 
Java Guidance: ExecTainted.ql (experimental version)
 2022-10-05 15:05:10 +01:00
Tom Hvitved
0beea9fd1a Fix typos 2022-10-05 15:54:52 +02:00
Tamas Vajk
082544e88c Kotlin: Extract lateinit modifier 2022-10-05 15:25:49 +02:00
Tamas Vajk
61a05c2b6c Kotlin: add lateinit declarations to modifiers test 2022-10-05 15:25:15 +02:00
Asger F
decd4c93c7 Ruby: update type tracking test 2022-10-05 15:15:52 +02:00
Asger F
c9c36985b2 Ruby: address review comments 2022-10-05 14:59:37 +02:00
Nora Dimitrijević
29df69742c Swift: Docs review response: consistent naming 2022-10-05 14:42:11 +02:00
Alex Ford
71670a4f75 Ruby: add RequestInputAccess#getKind predicate 2022-10-05 13:38:31 +01:00
Alex Ford
dea53d86c9 Ruby: remove some redundant imports of DataFlow 2022-10-05 13:22:19 +01:00
Alex Ford
f01670f663 Ruby: add a note to a test case 2022-10-05 13:06:49 +01:00
Alex Ford
d64f8c73be Merge branch 'main' into rb/sensitive-get-query 2022-10-05 12:59:35 +01:00
Alex Ford
084efe062a Ruby: limit rb/sensitive-get-query to data from query params 2022-10-05 12:57:57 +01:00
Alex Ford
977e8a8a6f Ruby: add a test case for sensitive data from cookies for rb/sensitive-get-query (should not be flagged) 2022-10-05 12:57:07 +01:00
Tamás Vajk
d0d8ef1236 Merge pull request #10672 from tamasvajk/kotlin-unary-op 
Kotlin: extract unary plus and minus operators
 2022-10-05 13:30:21 +02:00
Arthur Baars
6509c19aad Merge pull request #10692 from aibaars/fix-splats 
Ruby: fix CFG and toString for anonymous '*' and '**'
 2022-10-05 13:25:29 +02:00
Alex Ford
880fb2b14a Ruby: split out rb/sensitive-get-query using query/customizations pattern 2022-10-05 11:59:40 +01:00
Tom Hvitved
6f518c1996 Data flow: Sync files 2022-10-05 12:58:29 +02:00
Tom Hvitved
3f0f16afc4 Ruby: Update flow summary for Hash#except 2022-10-05 12:58:29 +02:00
Tom Hvitved
e51c20bfc7 Data flow: Take conjunctive With(out)Contents into account in prohibitsUseUseFlow 2022-10-05 12:58:29 +02:00