hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 21:21:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,816 Commits 1,688 Branches 160 Tags
codeql-cli/v2.12.4
Commit Graph

50816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
ac5a1d68ea Merge pull request #11170 from asgerf/rb/taint-known-or-unknown 
Ruby: handle knownOrUnkown in default taint step
 2022-11-09 10:42:02 +01:00
Erik Krogh Kristensen
138a16f0b3 use getImportedModuleNode() 
Co-authored-by: Asger F <asgerf@github.com>
 2022-11-09 09:53:23 +01:00
Asger F
694d987365 JS: Update test output 2022-11-09 09:36:03 +01:00
Asger F
f4b2af730d Update ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2022-11-09 09:28:07 +01:00
Paolo Tranquilli
b399d8df7e Swift: extract opaque types and their decls 2022-11-09 09:27:25 +01:00
Harry Maclean
ad7b5ae7ed Ruby: Add inline barrier guard test 2022-11-09 16:35:28 +13:00
Harry Maclean
f1b63c4df3 Ruby: Fix in clause barrier guard 2022-11-09 16:10:17 +13:00
Harry Maclean
0ab88c2e29 Ruby: Handle simple in clauses in barrier guard 2022-11-09 16:01:33 +13:00
Harry Maclean
87944a3a75 Ruby: Add test for another case guard variant 2022-11-09 15:05:03 +13:00
Harry Maclean
25ceeaf241 Ruby: Fix SplatExprCfgNode 2022-11-09 15:03:15 +13:00
Harry Maclean
4bc9096446 Ruby: Add case string comparison barrier guard 
This recognises barriers of the form

    STRINGS = ["foo", "bar"]

    case foo
    when "some string literal"
      foo
    when *["other", "strings"]
      foo
    when *STRINGS
      foo
    end

where the reads of `foo` inside each `when` are guarded by the comparison
of `foo` with the string literals.

We don't yet recognise this construct:

    case foo
    when "foo", "bar"
      foo
    end

This is due to a limitation in the shared barrier guard logic.
 2022-11-09 15:03:13 +13:00
Jami
cfbaf5e53b Merge pull request #10785 from jcogs33/insuff-key-size-globalflow-keysize 
Java: Promote insufficient key size query from experimental
 2022-11-08 18:05:01 -05:00
Geoffrey White
af9ad7b699 Merge branch 'main' into tuples 2022-11-08 21:38:38 +00:00
tiferet
ac14b6d685 Create EndpointCharacteristics to replace all existing NotASinkReasons and LikelyNotASinkReasons 2022-11-08 13:37:49 -08:00
Jami Cogswell
13decd38d9 update sink 2022-11-08 15:29:33 -05:00
Jami Cogswell
bada986433 apply review comments 2022-11-08 15:29:33 -05:00
Jami Cogswell
b99a1d2cd9 update sink and tests 2022-11-08 15:29:33 -05:00
Jami Cogswell
e49c5213ca update change note 2022-11-08 15:29:33 -05:00
Jami Cogswell
0e93e71127 update tests 2022-11-08 15:29:33 -05:00
Jami Cogswell
695d6f0e4e move files to regexp directory 2022-11-08 15:29:33 -05:00
Jami Cogswell
5402001362 remove original sanitizer 2022-11-08 15:29:33 -05:00
Jami Cogswell
be548c13e1 switch sink to use csv models 2022-11-08 15:29:33 -05:00
Jami Cogswell
5dcd3b2c0f clean up files 2022-11-08 15:29:33 -05:00
Jami Cogswell
32f7348d30 update help file 2022-11-08 15:29:33 -05:00
Jami Cogswell
eb30e8fe9e move Pattern.quote and Pattern.LITERAL models to Regex.qll 2022-11-08 15:29:33 -05:00
Jami Cogswell
81ad10bab5 update sink names 2022-11-08 15:29:33 -05:00
Jami Cogswell
5b089bbb9c split sanitizer into three 2022-11-08 15:29:33 -05:00
Jami Cogswell
91491d9a7b refactor into more classes; add more test cases; add LITERAL sanitizer 2022-11-08 15:29:33 -05:00
Jami Cogswell
50d638d1b6 create RegexInjection.qll file 2022-11-08 15:29:33 -05:00
Jami Cogswell
f6f26fe6c5 refactor code; add change note 2022-11-08 15:29:33 -05:00
Jami Cogswell
037a05cd66 add classes for Pattern, Matcher, and RegExUtils 2022-11-08 15:29:33 -05:00
Jami Cogswell
6ba7449df7 adjust imports 2022-11-08 15:29:33 -05:00
Jami Cogswell
6545cff0ef add Pattern.quote sanitizer 2022-11-08 15:29:33 -05:00
Jami Cogswell
833c5edf06 move to .qll file and switch to InlineExpectations tests 2022-11-08 15:29:32 -05:00
Jami Cogswell
25436fe555 update options and qlref files 2022-11-08 15:29:32 -05:00
Jami Cogswell
32b140045e move files out of experimental 2022-11-08 15:29:32 -05:00
Paolo Tranquilli
53b7584a90 Merge pull request #11169 from github/redsun82/swift-extract-last-stmts 
Swift: extract remaining `Stmt`s
 2022-11-08 20:51:10 +01:00
Paolo Tranquilli
7939b84380 Merge pull request #11168 from github/redsun82/swift-postfix-expr 
Swift: extract `PostfixUnaryExpr`
 2022-11-08 20:50:45 +01:00
tiferet
fadbdc1f63 Documentation improvements suggested by Andrew 2022-11-08 11:45:33 -08:00
Jeroen Ketema
6a5f37b1b7 Merge pull request #11149 from geoffw0/wrong-number-msg 
C++: Clearer messages for the format args queries
 2022-11-08 20:44:10 +01:00
erik-krogh
c1727ba005 lower precision to high in ql/override-any 2022-11-08 20:35:07 +01:00
erik-krogh
107cbb29b1 guide users towards using exists(variable) in ql/override-any 2022-11-08 20:34:58 +01:00
erik-krogh
c5fece7a87 QL: improve the dead-code query 2022-11-08 20:20:34 +01:00
Erik Krogh Kristensen
8b11e98d42 Merge pull request #11162 from erik-krogh/ciCache 
CI: try only to fill the compilation cache from main in the compile-queries workflow
 2022-11-08 19:24:14 +01:00
Asger F
43769ad464 Ruby: update test output 2022-11-08 19:20:57 +01:00
Nick Rolfe
a9ff0bdbbf Ruby: accept changed test output 2022-11-08 17:36:31 +00:00
Paolo Tranquilli
cbae72d9da Swift: remove emoji in test 2022-11-08 17:41:40 +01:00
Paolo Tranquilli
9ee4f8b388 Swift: extract remaining Stmts 
`FailStmt` are `return nil` in fallible initializers.

`PoundAssertStmt` are an experimental feature for compile time
assertions.
 2022-11-08 17:38:17 +01:00
Mathias Vorreiter Pedersen
4cdcebf022 Merge pull request #11161 from geoffw0/localflowsource 
Swift: Add LocalFlowSource class and a few sources.
 2022-11-08 16:12:32 +00:00
Paolo Tranquilli
00d3ff8a18 Swift: extract UnaryPostfixExpr 2022-11-08 17:10:33 +01:00