hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 03:31:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
acf28ebd98 add a RegexExecution, and use it to track regular expressions to their uses in a nice way in rb/polynomial-redos 2023-01-18 09:31:04 +01:00
erik-krogh
6e33dd5df6 add failing test 2023-01-18 09:31:04 +01:00
Erik Krogh Kristensen
1a64393c4c Merge pull request #11893 from erik-krogh/csharpIndexFiles 
C#: add --working-dir=. to pre-finalize
 2023-01-18 09:05:29 +01:00
Paolo Tranquilli
2c4c2dfeb3 Swift: remove obsolete configuration fields 2023-01-18 08:55:59 +01:00
Michael Nebel
8e3e6505ad C#: Add change note. 2023-01-18 07:56:24 +01:00
github-actions[bot]
571942fb21 Add changed framework coverage reports 2023-01-18 00:17:19 +00:00
Jeroen Ketema
6cd52237c3 Merge pull request #11913 from jketema/test-fixes 
C++: Some minor test fixes
 2023-01-17 21:52:57 +01:00
erik-krogh
4b74dec18f expand what is parsed as the stem of a pathexpr 2023-01-17 21:28:21 +01:00
yoff
5a82012d03 Merge pull request #11854 from yoff/python/fix-tarslip-improv-bug 
Python: fix bug  in `py/tarslip-extended`
 2023-01-17 20:44:06 +01:00
Geoffrey White
a568d0af7f Swift: Remove unused variable. 2023-01-17 18:10:02 +00:00
Geoffrey White
b3d30bfc4f Swift: Add NumberLiteral sources as well. 2023-01-17 18:04:26 +00:00
Jeroen Ketema
ee19c3d80f C++: Rename identically named classes in syntax-zoo 
Conceptually the test that comprises the whole of `syntax-zoo` forms one
single binary. To this binary ODR applies. There were two class definitions
`Foo` in `syntax-zoo`, violating ODR. Rename those classes to have different
names.
 2023-01-17 19:02:40 +01:00
Jeroen Ketema
06767c6760 C++: Split bad_asts.cpp IR test into two files 
The statements from `errorExpr` - which does not parse correctly - affected the
tuples that were being generated for the other code in `bad_asts.cpp` due to
the way the front-end handles parse errors. This did not affect the test
results, but was also not the intention of the test. Split off `errorExpr` into
a separate file.
 2023-01-17 18:57:29 +01:00
Geoffrey White
d1cfdb97ee Swift: Model RNCryptor. 2023-01-17 17:55:52 +00:00
Sarita Iyer
c8298356dc Rename CONTRIBUTING.MD to CONTRIBUTING.md 2023-01-17 12:32:36 -05:00
Geoffrey White
a92e1c7ea0 Swift: Add tests for RNCryptor library. 2023-01-17 17:31:49 +00:00
Mathias Vorreiter Pedersen
39d44adbc5 Merge pull request #11896 from jketema/spurious-default-taint 
C++: Fix spurious results in default taint tracking
 2023-01-17 17:10:15 +00:00
Geoffrey White
5e5c4e9a8c Swift: Accept QL-for-QL recommendation. 2023-01-17 16:25:34 +00:00
Geoffrey White
9911dd53e1 Merge branch 'main' into coredata 2023-01-17 16:22:53 +00:00
Geoffrey White
ea06ad1933 Merge pull request #11529 from geoffw0/format 
Swift: Uncontrolled format string query
 2023-01-17 16:16:10 +00:00
Geoffrey White
3c55cdd5be Swift: Catch the last two test results as well. 2023-01-17 16:04:58 +00:00
Geoffrey White
d42848bb7e Swift: Upgrade the query from dataflow to taint tracking, so as to support more flows. 2023-01-17 16:04:58 +00:00
Geoffrey White
28a707a956 Swift: Model RNCryptor. 2023-01-17 16:04:58 +00:00
Geoffrey White
a8ef9cc987 Swift: Add tests for RNCryptor library. 2023-01-17 16:04:57 +00:00
Edward Minnix III
4c018759c8 Merge pull request #11283 from egregius313/egregius313/webview-setAllowContentAccess 
Java: Android WebView Content Access Query
 2023-01-17 11:02:47 -05:00
Michael Nebel
62533501fe C#: Update CIL attributes test case and the expected output. 2023-01-17 17:00:01 +01:00
Geoffrey White
54b3262d9c Merge pull request #11891 from geoffw0/authbypass 
C++: Fix issue with cpp/user-controlled-bypass
 2023-01-17 15:43:08 +00:00
Jami
babdee36aa Merge pull request #11779 from jcogs33/jcogs33/model-more-top-jdk-apis 
Java: model top JDK APIs
 2023-01-17 10:20:32 -05:00
Geoffrey White
d628cc5ab8 Update cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-01-17 14:37:19 +00:00
erik-krogh
8251ad5e99 add unsafe-html-construction query 2023-01-17 15:35:17 +01:00
erik-krogh
8715790fe7 add explicit this 2023-01-17 15:17:48 +01:00
Geoffrey White
037b49b454 Update swift/ql/test/query-tests/Security/CWE-259/rncryptor.swift 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-01-17 14:16:52 +00:00
Paolo Tranquilli
6b43ff45a4 Merge pull request #11904 from github/redsun82/swift-extension-protocols 
Swift: extract `ExtensionDecl` protocols
 2023-01-17 15:16:20 +01:00
Paolo Tranquilli
d9bd41b8b1 Merge pull request #11571 from github/redsun82/swift-open-redirection 
Swift: generalize open redirection on both platforms and rework output rewriting
 2023-01-17 15:15:56 +01:00
Jami Cogswell
10f0975812 Java: remove models for System.[get|set]Property 2023-01-17 08:51:48 -05:00
erik-krogh
a562568522 add string concat as a sink for command-construction 2023-01-17 14:48:09 +01:00
erik-krogh
9d9de18bc9 add a generalized AddExprRoot into Operation.qll 2023-01-17 14:48:08 +01:00
erik-krogh
8fc3b268e8 add string concat as a sink for code-construction 2023-01-17 14:48:06 +01:00
Paolo Tranquilli
9e5db7c6ec Merge branch 'main' into redsun82/swift-extension-protocols 2023-01-17 14:39:09 +01:00
Rasmus Wriedt Larsen
b83fc3b6eb Python: Update QLDoc for clsArgumentTracker 2023-01-17 14:38:56 +01:00
Michael Nebel
5f57a097ab C#: CIL method attribute extraction. 2023-01-17 14:17:35 +01:00
Rasmus Wriedt Larsen
24892801ec Python: clsTracker => clsArgumentTracker 
Co-authored-by: Taus <tausbn@github.com>
 2023-01-17 14:16:56 +01:00
Rasmus Wriedt Larsen
1c8cc6a32a Python: Add QLDoc for TFunction 2023-01-17 14:14:05 +01:00
Michael Nebel
951f6362aa Merge pull request #11825 from michaelnebel/csharp/genericmathsupport 
C# 11: Support for static virtual and static abstract interface members.
 2023-01-17 14:14:02 +01:00
Rasmus Wriedt Larsen
a0b1c2ea79 DataFlow: Add uniqueParameterNodePositionExclude 2023-01-17 14:05:22 +01:00
Rasmus Wriedt Larsen
2b0a5fd5d1 DataFlow: Add uniqueParameterNodeAtPositionExclude 2023-01-17 14:05:17 +01:00
Rasmus Wriedt Larsen
dad6221b61 Python: Accept dataflow-consistency.expected changes for now 
As highlighted in the configuration file, there are some things to catch
up on, and we also need to apply the same fix as Ruby for **kwargs
handling.
 2023-01-17 13:58:40 +01:00
Rasmus Wriedt Larsen
749e81367d Python: Allow multiple **kwargs parameters outside our test code 2023-01-17 13:58:40 +01:00
Rasmus Wriedt Larsen
b6272b383d Python: Allow non-unique parameter positions for normal parameters 2023-01-17 13:58:40 +01:00
Rasmus Wriedt Larsen
a6fd5b6e59 DataFlow: Add uniqueParameterNodePositionExclude 2023-01-17 13:58:37 +01:00