hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 12:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,816 Commits 1,688 Branches 160 Tags
codeql-cli/v2.12.4
Commit Graph

50816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
3b69821630 ATM: Add descriptions to ML-powered packs 2022-11-23 10:46:23 +00:00
Tom Hvitved
a55c56feed Fix typo in codeql-workspace.yml 2022-11-23 11:33:52 +01:00
Ben Ahmady
40c2b3c43b Merge branch 'codeql-cli-2.11.4' into subatoi/codeql-cli-2.11.4 2022-11-23 10:18:46 +00:00
Asger F
1c910550e6 Python: merge package/type columns 2022-11-23 11:17:42 +01:00
Asger F
22316ee4fe Ruby: merge package/type columns 2022-11-23 11:17:42 +01:00
Asger F
2e3413c9b8 JS: Merge package/type columns 2022-11-23 11:17:42 +01:00
Ben Ahmady
093ff4061d Update docs/codeql/reusables/kotlin-java-differences.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-11-23 10:08:45 +00:00
Ben Ahmady
7644ecad52 Update docs/codeql/reusables/kotlin-java-differences.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-11-23 10:08:29 +00:00
Ben Ahmady
0a91ee1019 Update docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst 2022-11-23 10:08:20 +00:00
Ben Ahmady
df7f0cf9a9 Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst 2022-11-23 10:08:10 +00:00
Ben Ahmady
c06b8a68e5 Update docs/codeql/reusables/kotlin-java-differences.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-11-23 10:08:00 +00:00
Ben Ahmady
c663da5be6 Update docs/codeql/reusables/kotlin-java-differences.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-11-23 10:07:03 +00:00
Ben Ahmady
4bd7e24b5f Update docs/codeql/reusables/kotlin-java-differences.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-11-23 10:06:57 +00:00
Ben Ahmady
605c7113a2 Update docs/codeql/reusables/kotlin-java-differences.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-11-23 10:06:48 +00:00
Ben Ahmady
e2240abc78 Update docs/codeql/codeql-language-guides/codeql-for-java.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-11-23 10:06:34 +00:00
Nick Rolfe
e16bdc4d07 Ruby/QL: only create dbscheme case-splits for columns on defining tables 2022-11-23 10:00:08 +00:00
Geoffrey White
556d68aeed Update swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-11-23 09:17:18 +00:00
Paolo Tranquilli
545c2f67e9 Merge pull request #11382 from github/alexdenisov/swift-relax-file-archiving 
Swift: do not abort if cannot archive a source file
 2022-11-23 06:56:26 +01:00
Paolo Tranquilli
d345cec339 Merge pull request #11381 from github/alexdenisov/swift-fix-remapping-regression 
Swift: fix remapping bug
 2022-11-23 06:56:05 +01:00
ka1n4t
d113fb23c8 Add test case for PR-11368 2022-11-23 11:05:58 +08:00
Tom Hvitved
4ad7d2d822 C#: Also include extractor unit tests in csharp-qltest.yml 2022-11-22 19:55:38 +01:00
Ben Ahmady
24c413fbf9 Adds Kotlin (beta) content 2022-11-22 18:33:24 +00:00
Geoffrey White
7d45ca6293 Merge branch 'main' into optionals2 2022-11-22 17:35:27 +00:00
Alex Denisov
8f02463411 Swift: fix remapping bug 
This issue has slipped during a recent refactoring:
https://github.com/github/codeql/pull/10987/files#diff-c5ab26a06a93c4507a834859a6a56878d5bfe16c4d7cbac4afc4f081d46f461aL63-R64
 2022-11-22 17:25:07 +01:00
Alex Denisov
a2ac1384cb Swift: do not abort if cannot archive a source file 2022-11-22 17:18:40 +01:00
Tony Torralba
92ee0aa7ae Merge pull request #11367 from atorralba/atorralba/java/add-bitwise-implicit-intents 
Java: Consider taint through bitwise operations on PendingIntent flags
 2022-11-22 17:08:52 +01:00
Rasmus Wriedt Larsen
69b43f147a Python: Fix ql4ql alerts 
The rest will be ignored.
 2022-11-22 16:24:47 +01:00
Tony Torralba
2e1a78e1bf Add models for NSData and NSMutableData 2022-11-22 15:48:58 +01:00
Rasmus Wriedt Larsen
5866af413f Merge pull request #11347 from tausbn/python-clean-up-import-resolution 
Python: Add change note for module resolution
 2022-11-22 15:28:38 +01:00
Rasmus Wriedt Larsen
04a68f8d52 Merge pull request #11372 from RasmusWL/getpass 
Python: Model `getpass.getpass` as source of passwords
 2022-11-22 14:49:04 +01:00
Rasmus Wriedt Larsen
00ec3a23ba Python: Accept fix from module-resolution PR 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
ee2f7401e8 Python: Add generator-flow/dataflow-consistency.ql 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
8de5cfef43 Python: Update dataflow-consistency.expected 
After merging in main
 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
c0ad870949 Python: Exclude synthetic generator functions from DataFlowCallable 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
d86f98d60b Python: Accept changes for enclosing-callable test 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
aa382ac042 Python: Add test for strange generator taint flow 
I did check, and this was not a problem with the old call-graph on main!

I'm absolutely baffled!
 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
36e8b8bfb9 Python: Add call-graph to cached dataflow stage 
I didn't do any performance investigation on this, since it just seems
so much like the right approach.
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
fc0545561e Python: Introduce points-to cached stage 
With points-to not being used for the call-graph any longer, it's time
to split them.
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
bd46b7deaa Python: Cache a few call-graph predicates 
We DON'T want to recompute these ones for sure!
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
6646e98d20 Python: Fix results outside DB for StackTraceExposure 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
972cfa5cf6 Python: Accept bad StackTraceExposure.expected 
This is only Python 2 though
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
a301c93ebf Python: Fix results outside DB for CleartextLogging 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
0a41d8d2c1 Python: Accept bad CleartextLogging.expected 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
39ce50fadc Python: Fix problems with sinks in pathlib 
This must mean that we did not have this flow with the old call-graph,
which means the new call-graph is doing a better job (yay).
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
edcaff26af Python: Add path-injection test using pathlib 
Since it has the same problem of showing sinks inside the extracted
stdlib
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
9d29a0a044 Python: Accept changes to .expected from more pathlib flow 
But we don't want to keep this, this commit is just to show why we need a fix :)
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
df4d09b3f9 Python: Don't rely on all DataFlowCall being resolved 
I've been living dangerously with that assumption :|
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
478f5ffe96 Python: Limit self argument for PotentialLibraryCall 
Using the object from `MethodCallNode` meant that in the code below,
`lib` from the import expression would be considered a self argument

(this showed up in dataflow-consistency query results, that were not
comitted... sorry)

```
from lib import func
func()
```
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
c4122275dc Python: Bring back support for flow-summaries 
Also needed to fix up `TestUtil/UnresolvedCalls.qll` after a bad merge
conflict resolution. Since all calls are now DataFlowCall, and not JUST
the ones that can be resolved, we need to put in the restriction that
the callable can also be resolved.
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
e5fdeae6fc Python: Add return (func_ref, ...) test 2022-11-22 14:46:32 +01:00