hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 22:21:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,816 Commits 1,690 Branches 160 Tags
codeql-cli/v2.12.4
Commit Graph

50816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
c161bb5e95 Merge pull request #11035 from geoffw0/simplify2 
Swift: Simplify some more QL
 2022-10-31 09:50:55 +00:00
Rasmus Wriedt Larsen
ead0844174 Merge pull request #10998 from RasmusWL/essa-use-use-test 
Python: Add failing ESSA use-use test
 2022-10-31 10:38:26 +01:00
Paolo Tranquilli
2b395985e6 Swift: remove unneeded trailing / in README.md 2022-10-31 09:55:03 +01:00
Paolo Tranquilli
e62acb1e8c Swift: revert wrong paragraph edit in README.md 2022-10-31 09:54:15 +01:00
Paolo Tranquilli
7237362feb Swift: add debug path mapping to README.md 
This allows breakpoints to work more reliably, including on a bazel
project in CLion.
 2022-10-31 09:51:41 +01:00
Paolo Tranquilli
46c7ee0e4f Swift: refactor RUN_UNDER code 2022-10-31 09:51:20 +01:00
Paolo Tranquilli
80debe19e0 Swift: fix RUN_UNDER_FILTER check 2022-10-31 09:50:45 +01:00
Tamas Vajk
4cd0f1ca66 Apply code review findings 2022-10-31 08:43:53 +01:00
Harry Maclean
0dd63c007e Ruby: Add change note 2022-10-31 11:53:22 +13:00
Harry Maclean
fd61a5253d Ruby: Recognise try/try! as code executions 2022-10-31 11:53:22 +13:00
Harry Maclean
3f403f0f87 Merge pull request #10700 from hmac/activesupport 
Ruby: Model some ActiveSupport methods
 2022-10-31 11:50:44 +13:00
erik-krogh
fc2112831c add second-order-command-injection query 2022-10-30 21:20:47 +01:00
Chris Smowton
b370497f96 Avoid split overrides 2022-10-29 18:23:45 +01:00
Chris Smowton
3573e211cc Correct test expectations 2022-10-29 11:40:58 +01:00
Chris Smowton
b6e4f472d1 Remove unnecessary import 2022-10-29 11:40:57 +01:00
Chris Smowton
6d321e0151 Add change note 2022-10-29 11:40:57 +01:00
Chris Smowton
5c66d87ed6 gofmt 2022-10-29 11:40:57 +01:00
Chris Smowton
0c6c135967 Go: exclude protobuf read steps from cleartext-logging query 
This query already treats structs differently to usual: it includes field -> whole struct taint steps, but explicitly excludes struct -> field steps. This means that a logging framework sinking an entire struct with a tainted field yields an alert, but we don't get FPs caused by writing field `x` but then reading field `y`.

However, protobuf messages have a special treatment, with taint usually associated with the whole struct and getter methods propagating that taint out. Suppressing these getter method steps specifically for the cleartext-logging query mirrors its treatment of structs in general and avoids this sort of field-mismatch FP.

On the downside we will miss same-field propagation like `m.field = password; Log(m.GetField())` if we don't have source code for the implementation of `m`. However this is hopefully unusual since the typical use of protobufs is to serialize and deserialize, rather than using the struct as a general-purpose datastructure.
 2022-10-29 11:40:57 +01:00
Chris Smowton
8266a22332 Kotlin: fix method types when an inherited method implements a collection type 
In this circumstance the compiler seems to generate a specialised version of the implementing function with its argument type replaced by the interface-implementing child class' type parameter. However it stores a back-pointer to the real declared function, which we should use as the call target.
 2022-10-29 11:29:04 +01:00
Dave Bartolomeo
85790fcade Merge pull request #10964 from smowton/smowton/admin/modernise-qlpacks 
qlpacks: libraryPathDependencies -> dependencies
 2022-10-28 16:44:22 -04:00
Chris Smowton
d9744c81b7 Merge pull request #11017 from smowton/smowton/fix/kotlin-wildcard-suppression-annotation 
Kotlin: fix wildcard suppression where the annotation applies to a parent type/argument.
 2022-10-28 18:33:07 +01:00
Ian Lynagh
84427e132e Kotlin: Move the logs test to all-platforms 2022-10-28 17:56:41 +01:00
Geoffrey White
840b74dbb5 Swift: Add and use ApplyExpr.getArgumentByParamName. 2022-10-28 17:55:11 +01:00
Geoffrey White
f122005aaf Swift: Simplify out some variables. 2022-10-28 17:26:17 +01:00
Tony Torralba
2402504a4c Add missing SummaryPostUpdateNode 2022-10-28 18:24:17 +02:00
Geoffrey White
b4d939a620 Swift: Correct a comment. 2022-10-28 17:11:24 +01:00
Chris Smowton
f9e811bddf Legacy support qlpacks: continue using libraryPathDependencies; add a comment noting this is obsolete. 2022-10-28 16:47:30 +01:00
Chris Smowton
1914a114a2 Merge pull request #11018 from smowton/smowton/fix/kotlin-extension-specialisation 
Kotlin: specialise extension receivers the same as other function parameters
 2022-10-28 16:15:41 +01:00
Chris Smowton
d6e2f5f4a8 Use ?.not() to negate a nullable boolean 2022-10-28 16:13:55 +01:00
Chris Smowton
1e1c9f639c Avoid Kotlin 1.5+ function firstNotNullOfOrNull 2022-10-28 16:13:55 +01:00
Chris Smowton
24f87ac963 Kotlin: fix wildcard suppression where the annotation applies to a parent type/argument. 
In the process I also fix the missed case where suppression can be switched off using a parameterized annotation.
 2022-10-28 16:13:55 +01:00
Ian Lynagh
2796d60d79 Merge pull request #11019 from igfoo/igfoo/win_integ 
Kotlin: Get some integration tests running on Windows
 2022-10-28 16:12:15 +01:00
Chris Smowton
5ad5cdce47 Swift integration-test runner: use --additional-packs 2022-10-28 16:07:38 +01:00
Chris Smowton
ee63e60bb7 qlpacks: libraryPathDependencies -> dependencies 2022-10-28 16:07:36 +01:00
Geoffrey White
648c2d09f9 Swift: Simplify InsecureTLS.ql. 2022-10-28 15:56:03 +01:00
Tony Torralba
baf7986cfa Rework types exported through JSContext 
Better model the JSExport protocol logic
 2022-10-28 15:56:05 +02:00
Rasmus Wriedt Larsen
a04c78ab94 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-10-28 15:31:42 +02:00
Asger F
06ec03de74 Ruby: add convenience-accessors for ConstantValue 2022-10-28 15:16:14 +02:00
Asger F
046e669c78 Ruby: add getAncestorExpr 2022-10-28 15:16:14 +02:00
Asger F
77d1788619 Ruby: add data flow versions of ArrayLiteral, HashLiteral, Pair 2022-10-28 15:16:14 +02:00
Asger F
2546d09fe2 Ruby: add SetterCallNode 2022-10-28 15:16:14 +02:00
Asger F
515b8366d2 Ruby: add getAnAncestor, getADescendent 2022-10-28 15:16:14 +02:00
Asger F
c8f7519cee Ruby: add Module.getNamespaceOrTopLevel 2022-10-28 15:16:14 +02:00
Asger F
1f644a9c1d Ruby: add getEnclosingToplevel 2022-10-28 15:16:14 +02:00
Asger F
436cc60138 Ruby: update some uses of getConstantValue() 2022-10-28 15:16:14 +02:00
Asger F
156964bfc9 Ruby: add getEnclosingModule and getNestedModule 2022-10-28 15:16:14 +02:00
Asger F
67772bbc43 Ruby: Accessors for attributes and elements 2022-10-28 15:16:14 +02:00
Asger F
8976ba5583 Ruby: Add CallableNode, MethodNode, and accessors 2022-10-28 15:16:13 +02:00
Ian Lynagh
49425e6c2a Kotlin: Integration tests: Make a couple more posix-only for now 2022-10-28 13:59:36 +01:00
Geoffrey White
cf9c3afc86 Swift: Add and use AbstractFunctionDecl.hasGlobalName predicate. 2022-10-28 13:57:24 +01:00