hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 22:21:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,816 Commits 1,690 Branches 160 Tags
codeql-cli/v2.12.4
Commit Graph

50816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Lynagh
0a470b0864 Kotlin: Handle /!unknown-binary-location/... paths specially on Windows 
The standard code wants to normalise it to C:/!unknown-binary-location/...
which is particularly annoying for cross-platform test output.
 2022-10-26 19:20:32 +01:00
Henry Mercer
c1984ea35f Go: Update expected output 2022-10-26 19:11:21 +01:00
Daniel Santos
64da2cec50 removed unnecessary getACall and fixed formatting 2022-10-26 12:02:55 -05:00
Rasmus Wriedt Larsen
5e9897d150 InlineExpectationsTest: sync 2022-10-26 18:21:13 +02:00
Rasmus Wriedt Larsen
76e84ef63a InlineExpectationsTest: Fail if missing getARelevantTag 2022-10-26 18:20:37 +02:00
Rasmus Wriedt Larsen
bfe9aa1225 InlineExpectationsTest: Add test showing what happens if you leave out getARelevantTag 2022-10-26 18:00:03 +02:00
Rasmus Wriedt Larsen
b3f29b0a53 Python: Add failing ESSA use-use test 
I initially created this as a dataflow test, but then realized it could
just be an ESSA test. I cound't find any existing ESSA tests though :|
so created a new dir for it.
 2022-10-26 17:49:33 +02:00
Geoffrey White
a32b08f56a Swift: remove redundant line. 2022-10-26 16:39:33 +01:00
Geoffrey White
e981a28b0f Swift: autoformat test. 2022-10-26 16:32:52 +01:00
Henry Mercer
b0b321a16f Go: Standardise formatting 2022-10-26 16:31:08 +01:00
Henry Mercer
4bc8529490 Go: Extract locations of successfully extracted files 
Switch the successfully extracted files query to the `location, message` results format so that we get rich location information when exporting the results of this query to SARIF.  Previously the query used the `message` results format, which meant the interpreted results lacked a location.
 2022-10-26 16:28:02 +01:00
Geoffrey White
0b3408b1f6 Swift: Fix typo. 2022-10-26 16:24:25 +01:00
Geoffrey White
5d21c51deb Swift: use hasQualifiedName in UnsafeWebViewFetch.ql. 2022-10-26 16:12:29 +01:00
Geoffrey White
0d41d4e90c Swift: for consistancy, lets have a simple hasName function as well. 2022-10-26 16:11:01 +01:00
Geoffrey White
b24a27d4ae Swift: Add hasQualifiedName methods and tests. 2022-10-26 16:03:49 +01:00
Karim Ali
420c35d4a2 add a query that detects the use of constant salts 2022-10-26 15:32:59 +02:00
Chris Smowton
fac383a3ac Merge pull request #10974 from smowton/smowton/fix/dont-translate-tochar 
Kotlin: don't try to call nonexistent `j.l.Number.toChar`
 2022-10-26 14:18:03 +01:00
Tamas Vajk
9cc7a30a75 Kotlin: do not report on unused object extension parameters 2022-10-26 15:06:51 +02:00
Tamas Vajk
fbcf7ea669 Kotlin: Add test case for unused extension parameters 2022-10-26 15:05:59 +02:00
Asger F
c9dfba344a Merge pull request #10925 from asgerf/ql/navigate-doc 
Docs: Mention new navigation commands
 2022-10-26 14:29:42 +02:00
Ian Lynagh
37c40c58d2 Merge pull request #10959 from igfoo/igfoo/diags 
Java/Kotlin: Add a diagnostics consistency query
 2022-10-26 13:07:01 +01:00
Paolo Tranquilli
521e6235b5 Swift: use std::filesystem and picoSHA2 
This replaces usages of `llvm::fs` and string manipulation with
`std::filesystem`, also replacing `std::string` with
`std::filesystem::path` where it made sense.

Moreover MD5 hashing used in macOS file remapping was replaced by
SHA256 hashing using a small header-only SHA256 C++ library with an
MIT license, https://github.com/okdshin/PicoSHA2.

File contents hashing was relocated to the newly created `file` library
for later planned reuse.
 2022-10-26 13:23:44 +02:00
Ian Lynagh
dd7ec499df Kotlin: Ignore tags when comparing versions 
We thought that 1.7.20-Beta > 1.7.20, and so tried to use 1.7.0's
extractor with 1.7.20.
 2022-10-26 12:21:55 +01:00
erik-krogh
0f9b4334cc remove some FPs in js/password-in-configuration-file 2022-10-26 11:51:56 +02:00
Paolo Tranquilli
e422a4eef9 Swift: move TargetFile to a separate lib 2022-10-26 10:54:51 +02:00
erik-krogh
21e7e27e1f push more context into load/store steps from the exploratory flow-analysis 2022-10-26 10:52:47 +02:00
Erik Krogh Kristensen
52cd200ca0 Merge pull request #10985 from asgerf/js/reaches-return-escape 
JS: Do not track returned values out of the enclosing function
 2022-10-26 10:52:11 +02:00
Tony Torralba
924995d9e1 Merge pull request #10977 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-10-26 09:51:17 +02:00
Asger F
414bd40c41 JS: Do not track returned values out of the enclosing function 2022-10-26 09:29:49 +02:00
Paolo Tranquilli
a3234503b8 Merge pull request #10983 from github/redsun82/swift-third-party 
Swift: move libraries from `tools` to `third_party`
 2022-10-26 08:59:50 +02:00
Mathias Vorreiter Pedersen
58b6c45d27 Merge pull request #10958 from geoffw0/comma 
C++: Fix performance issue on cpp/comma-before-misleading-indentation
 2022-10-26 08:29:18 +02:00
tyage
7a19744cf2 add change note 2022-10-26 15:17:50 +09:00
tyage
95dca7c3ed update comment 2022-10-26 15:13:59 +09:00
tyage
09f8ca8cc0 add query in comment 2022-10-26 15:13:03 +09:00
tyage
232893aafa make query parameters in ServerSideProps and next/router 
as a RemoteFlowSource
 2022-10-26 14:41:07 +09:00
Paolo Tranquilli
c8788bb5cd Swift: move libraries from tools to third_party 2022-10-26 07:05:56 +02:00
tyage
1f4fc7fc2d add params, query to test 2022-10-26 10:53:11 +09:00
tyage
06925681b0 add test for context.params 2022-10-26 10:53:11 +09:00
github-actions[bot]
5454f9a738 Add changed framework coverage reports 2022-10-26 00:20:29 +00:00
Jami Cogswell
1e80fa118c add modules 2022-10-25 18:26:00 -04:00
Daniel Santos
f7ace6f801 Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-25 14:27:03 -05:00
Geoffrey White
1e8b4bdd6f Merge pull request #10973 from geoffw0/comment 
Swift: Fix UrlRemoteFlowSource name clash
 2022-10-25 18:51:51 +01:00
thiggy1342
9c1fbfd330 Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new 2022-10-25 13:09:17 -04:00
Chris Smowton
004f4be5fb Kotlin: don't try to call nonexistent j.l.Number.toChar 
Previously we thought this could be callable because Kotlin's view of `j.l.Integer` inherits `k.Number` which defines `toChar`.
 2022-10-25 17:09:05 +01:00
Geoffrey White
53fa91f8ba Swift: Add comment. 2022-10-25 16:51:57 +01:00
Daniel Santos
feece6f7b4 Merge branch 'github:main' into main 2022-10-25 10:43:20 -05:00
Geoffrey White
a67bd4d903 Swift: Fix name clash. 2022-10-25 16:40:27 +01:00
Ian Lynagh
4050801a17 Kotlin: Autoformat query 2022-10-25 16:26:12 +01:00
Ian Lynagh
52cfc33576 Kotlin: Accept test changes 2022-10-25 16:26:12 +01:00
Ian Lynagh
63b64e4daa Kotlin: Test tweaks for the diags consistency query 2022-10-25 16:26:11 +01:00