hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 12:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,688 Branches 160 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
ec0ce56269 C++: Model getaddrinfo as flow source 2022-12-08 19:20:11 +01:00
Jeroen Ketema
89cd4790d5 Merge pull request #11610 from jketema/scanf 
C++: Model `scanf` and `fscanf` as flow sources
 2022-12-08 19:14:39 +01:00
Chris Smowton
4ea795baf4 Autoformat docs ql files 2022-12-08 17:36:59 +00:00
Chris Smowton
f4f4de392f Outdent river answer files 2022-12-08 17:36:59 +00:00
Jami Cogswell
29046e7960 Java: update ExternalApi characteristic predicate to include not isUninteresting 2022-12-08 12:31:46 -05:00
Geoffrey White
f373b7fe7c Merge pull request #11596 from geoffw0/cleartextbufferwrite 
C++: Performance fix for cpp/cleartext-storage-buffer
 2022-12-08 17:18:10 +00:00
Geoffrey White
52881385bf Merge pull request #11597 from geoffw0/stats2 
Swift: Add taint reach to SummaryStats.ql.
 2022-12-08 17:11:56 +00:00
Paolo Tranquilli
7645d4d928 Swift: remove ModuleDecl from PrintAst test 2022-12-08 17:31:48 +01:00
Chris Smowton
f50a4ddf5f Merge pull request #11617 from github/smowton/admin/docs-river-example-codeql-style 
Docs: Make river-crossing example comply with the CodeQL style guide
 2022-12-08 16:17:54 +00:00
Paolo Tranquilli
26ae8f177b Swift: accept test changes 
Downgrading the emit object action to a type check one has some
unexpected side effects, that seem however acceptable:
* experimental false static assertions do not make compilation fail in
  type check mode
* the implicit module loading of `SwiftOnoneSupport` is not happening.
  That module contains some "pre-specializations", it does not seem
  really relevant for analysis
 2022-12-08 17:13:00 +01:00
Paolo Tranquilli
935e264f24 Swift: add empty directory marker 2022-12-08 17:04:56 +01:00
Robert Marsh
f235b991db Merge pull request #11374 from MathiasVP/indirect-outnodes-are-post-update-nodes 
C++: Field flow through reference-returning functions
 2022-12-08 10:46:19 -05:00
Henry Mercer
d196704a2d Merge pull request #11574 from github/henrymercer/check-query-ids 
Add a PR check to ensure query IDs are unique
 2022-12-08 15:31:26 +00:00
Tom Hvitved
2ab05a81d1 Merge pull request #11621 from hvitved/ruby/library-callable-get-param 
Ruby: Add `SummarizedCallable::getParameter`
 2022-12-08 16:20:44 +01:00
Jeroen Ketema
8f9a73ee09 C++: Address review comments 2022-12-08 16:14:12 +01:00
Paolo Tranquilli
d03b82c8c5 Merge branch 'main' into redsun82/swift-fix-parent-paths 2022-12-08 16:11:54 +01:00
Paolo Tranquilli
d35c5e90ee Swift: remove fishhook 2022-12-08 16:10:44 +01:00
Paolo Tranquilli
bf1b32f210 Swift: rework file redirection 
The hash map mechanism that was already in use for reading swiftmodule
files on macOS is now in use also on Linux. The output replacing
mechanism has been also reworked so that:
* frontend module emission modes have the remapping done directly in
  the internal frontend options instead of painstakingly modifying input
  flags (this requires a patch on the swift headers though)
* object emission mode is silenced to be just a type checking pass,
  thus producing no output files
* all other passes but some debugging and version related ones become
  noops

The open file read redirection uses a global weak pointer instance to
maximize robustness in the face of possibly multi-threaded calls to open
happening while `main` is exiting. Possibly overkill, but better safe
than sorry.
 2022-12-08 16:10:44 +01:00
Paolo Tranquilli
944adfe727 Swift: allow modifying frontend outputs 2022-12-08 16:10:25 +01:00
Paolo Tranquilli
219ed64b74 Swift: reorganize bazel third party dependencies 2022-12-08 16:10:25 +01:00
dependabot[bot]
8600d2d12d Bump Newtonsoft.Json in /csharp/autobuilder/Semmle.Autobuild.CSharp 
Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) from 13.0.1 to 13.0.2.
- [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases)
- [Commits](https://github.com/JamesNK/Newtonsoft.Json/compare/13.0.1...13.0.2)

---
updated-dependencies:
- dependency-name: Newtonsoft.Json
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-08 15:01:05 +00:00
Tom Hvitved
cbf722dad0 Ruby: Add SummarizedCallable::getParameter 2022-12-08 15:59:41 +01:00
Paolo Tranquilli
1ba8b6d35a Swift: fix extraction of sources from .. 2022-12-08 15:57:57 +01:00
Chris Smowton
d0a2c1c9b6 Accept test changes 2022-12-08 14:44:43 +00:00
erik-krogh
1a6e16f292 Merge branch 'main' into kernelLoad 2022-12-08 15:41:48 +01:00
Chris Smowton
a79126268c Override modality when needed 
In particular when generating an implementation based on an abstract prototype, the result is final, and an interface forwarder is open / Java's default modality.
 2022-12-08 14:39:57 +00:00
Asger F
6fa2fe6c86 Merge pull request #11608 from asgerf/docs/sphinx-python2 
Docs: Update README to mention Python 2 requirement
 2022-12-08 15:36:17 +01:00
erik-krogh
f09e10f61f delete redundant cast 2022-12-08 15:34:26 +01:00
Mathias Vorreiter Pedersen
7c6918de98 Merge pull request #11543 from MathiasVP/refactor-isdef-isuse 
C++: Refactor `isDef` and `isUse` in preparation for iterator flow
 2022-12-08 14:31:36 +00:00
Jeroen Ketema
33fa76f911 C++: Add change note 2022-12-08 15:22:42 +01:00
Jeroen Ketema
b216c79992 C++: Accept test changes 2022-12-08 15:22:41 +01:00
Jeroen Ketema
f35b7f8fe8 C++: Model scanf and fscanf as flow sources 2022-12-08 15:22:41 +01:00
Anders Schack-Mulligen
d157e13318 Java: Switch DispatchFlow to typetracking. 2022-12-08 14:58:44 +01:00
Anders Schack-Mulligen
ae1373c2d6 Shared: Bugfix typetracking source-sink hasFlow. 2022-12-08 14:58:05 +01:00
Chris Smowton
85ee4e6ca1 Merge pull request #11578 from retanoj/MybatisSqli 
Java: Add MyBatis Sql Injection no @Param case
 2022-12-08 13:53:44 +00:00
Chris Smowton
37b2b0a128 Use set literal instead of disjunction 2022-12-08 13:49:53 +00:00
Mathias Vorreiter Pedersen
f814ce7f10 Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into refactor-isdef-isuse 2022-12-08 13:25:20 +00:00
Mathias Vorreiter Pedersen
0a1097d735 C++: Accept test changes to 'sources-and-sinks.cpp'. 2022-12-08 13:17:35 +00:00
Mathias Vorreiter Pedersen
4fd6ac5657 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-08 13:10:18 +00:00
Geoffrey White
24ce1c27bc Swift: Autoformat. 2022-12-08 13:09:37 +00:00
Henry Mercer
3036b15af2 Merge branch 'main' into henrymercer/check-query-ids 2022-12-08 13:05:46 +00:00
Henry Mercer
280bb6864f Merge pull request #11604 from github/codeql-ci/atm/release-0.4.3 
JS: Bump version numbers of ML-powered packs after 0.4.3 release
 2022-12-08 13:04:16 +00:00
Henry Mercer
5674251839 Python: Disable TarSlipImprov qhelp 2022-12-08 13:03:31 +00:00
Geoffrey White
e288b07099 Update swift/ql/src/queries/Summary/SummaryStats.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-12-08 13:02:58 +00:00
Mathias Vorreiter Pedersen
6897b20722 Merge pull request #11601 from MathiasVP/keep-std-string-iterator 2022-12-08 12:59:33 +00:00
Michael Nebel
670ae6c84c Merge pull request #11593 from michaelnebel/csharp/patternmatchspan 
C#: Pattern match Span<char> and ReadOnlySpan<char> against a constant string.
 2022-12-08 13:53:00 +01:00
Michael Nebel
5883957a67 Merge pull request #11589 from michaelnebel/csharp/numericintptr 
C#: nint/System.IntPtr and nuint/System.UIntPtr are indistinguishable…
 2022-12-08 13:52:44 +01:00
Chris Smowton
8789dfb655 Make river-crossing example comply with the CodeQL style guide 2022-12-08 12:33:42 +00:00
Mathias Vorreiter Pedersen
36d0903733 C++: Simplify 'getSourceVariable'. 2022-12-08 12:29:15 +00:00
Chris Smowton
81110b19e7 Merge pull request #11612 from smowton/smowton/admin/merge-rc38-into-main 
Merge rc/3.8 into main
 2022-12-08 12:25:59 +00:00