hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 18:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,820 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.6
Commit Graph

51820 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
e48c93a3b5 Merge pull request #12003 from MathiasVP/positive-formulated-sanitizer-nonconst-format 
C++: Positively phrased sanitizer in `cpp/non-constant-format`
 2023-01-27 13:58:04 +00:00
alexet
1b0952c512 Use Java 11 for some integration tests 2023-01-27 13:51:44 +00:00
Chad Bentz
4fee536e6d table spacing 2023-01-27 08:19:43 -05:00
Sim4n6
18d8bbc9a4 Updated the expected results accordingly 2023-01-27 14:05:25 +01:00
Chad Bentz
3ef4d3118c Add link to codeql metadata article for problem.severity 2023-01-27 08:01:07 -05:00
Sim4n6
e41042418a Update the import relative to the dataflow config 2023-01-27 13:46:57 +01:00
Sim4n6
5f0bf1053a Update the dataflow test query and the expected results 2023-01-27 13:42:57 +01:00
Sim4n6
bca053f855 Move the config query to the parent directory 2023-01-27 13:42:14 +01:00
Mathias Vorreiter Pedersen
2b47e150c6 C++: Accept test changes. 2023-01-27 11:44:17 +00:00
Mathias Vorreiter Pedersen
ec7b406cc9 C++: Generate flow out of parameters whose enclosing function is missing a return statement. 2023-01-27 11:44:04 +00:00
Rasmus Wriedt Larsen
02b3a1b515 Python: At most one **kwargs ParameterNode per callable 
Similar to the Ruby changes from
https://github.com/github/codeql/pull/11461

I feel the change to `DataFlowFunciton.getParameter` where we use
`not exists(func.getArgByName(_))` is not very great, but I was not allowed
to use `not exists(this.getParameter(any(ParameterPosition _).isKeyword(_)))`
because of negative recursion.
 2023-01-27 11:14:42 +01:00
Mathias Vorreiter Pedersen
e8db563e98 C++: Reformulate the sanitizer in 'NonConstantFormat.ql'. It should no longer incorrectly sanitize indirect nodes for which there is no result for 'asIndirectExpr'. 2023-01-27 10:04:48 +00:00
Robert Marsh
6a91e85981 C++: fix UseImpl after merge conflict 2023-01-26 16:01:37 -05:00
Sim4n6
998f1bf215 Some reformatting 2023-01-26 18:54:36 +01:00
Robert Marsh
3648f26cca Merge remote-tracking branch 'origin/mathiasvp/replace-ast-with-ir-use-usedataflow' into global-flow 
Resolved trivial conflicts.
 2023-01-26 11:58:53 -05:00
Ian Lynagh
75562e7fb5 Kotlin: Remove legacy trap-locking support 2023-01-26 16:58:51 +00:00
Mathias Vorreiter Pedersen
ee62f2a223 C++: Fix global variable exclusion in DTT. 2023-01-26 16:49:58 +00:00
Mathias Vorreiter Pedersen
8c224429b3 C++: Better 'getType' for global variable nodes. 2023-01-26 16:49:49 +00:00
Nora
5993b60980 Update copy 2023-01-26 17:37:15 +01:00
Sim4n6
1a211485a4 Restrain the source and add two steps. 2023-01-26 17:07:59 +01:00
Michael B. Gale
f192191e8c Merge pull request #11997 from github/smowton/fix/deperrors-conditional 
Go: Fix DepErrors test
 2023-01-26 14:52:27 +00:00
Sim4n6
51b11de44a Add a Django Upload examples 2023-01-26 15:16:24 +01:00
Mathias Vorreiter Pedersen
bfe9ae22ad Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-26 13:03:49 +00:00
Mathias Vorreiter Pedersen
508027e0e5 Merge pull request #11998 from MathiasVP/fix-iterator-test 2023-01-26 12:35:12 +00:00
Sim4n6
54cc4d6498 Opt for any source from RemoteFlowSource. 2023-01-26 12:51:55 +01:00
Mathias Vorreiter Pedersen
13baa5b60b C++: Add iterator typedefs to properly instantiate 'int_iterator_by_trait' and 'insert_iterator_by_trait'. 2023-01-26 11:43:33 +00:00
Chris Smowton
7921de243a Fix DepErrors test 
This was likely harmlessly causing `go get` reruns, since most (all?) real dependency errors cause `go list` to exit with a nonzero return code in any case.
 2023-01-26 11:37:41 +00:00
dependabot[bot]
295152cd32 Merge pull request #11992 from github/dependabot/cargo/ruby/serde-1.0.152 2023-01-26 10:17:56 +00:00
dependabot[bot]
bf02340a6a Merge pull request #11982 from github/dependabot/cargo/ruby/num_cpus-1.14.0 2023-01-26 10:13:09 +00:00
Sim4n6
aaa0040612 Seperate the dataflow config from the query 2023-01-26 08:53:47 +01:00
dependabot[bot]
6e69acdd7e Bump serde from 1.0.131 to 1.0.152 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.131 to 1.0.152.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.131...v1.0.152)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-26 03:08:58 +00:00
Sim4n6
9464940214 Add expected results for argparse source 2023-01-26 01:00:19 +01:00
Sim4n6
2e4cb63049 Optimize the Argparse filename as a source. 2023-01-26 01:00:01 +01:00
Sim4n6
f867c9008f Commit the expected results 2023-01-26 00:08:54 +01:00
Sim4n6
9b5b0c60b8 Handle the download of a tarball using wget pkg. 2023-01-26 00:02:20 +01:00
Sim4n6
22af6f5182 Restrict download_file() to boto3 lib 2023-01-25 23:00:00 +01:00
Harry Maclean
07a7a213b3 Merge pull request #11871 from hmac/rack 2023-01-26 08:40:30 +13:00
Sim4n6
2d38993075 Add a missing "and" 2023-01-25 19:46:13 +01:00
Sim4n6
0ed480855a Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql 
Yes, definitely

Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-25 19:44:28 +01:00
Sim4n6
10d6ebf95b Use of inline tests for dataflow queries 2023-01-25 19:28:05 +01:00
Sim4n6
b5a6f6e165 Merge pull request #1 from github/main 
Sync with the upstream
 2023-01-25 19:13:35 +01:00
Rasmus Wriedt Larsen
1fcfae2464 Merge pull request #11987 from RasmusWL/suite-lists 
Misc: Add `security-experimental` to `generate-code-scanning-query-list.py`
 2023-01-25 17:29:36 +01:00
Geoffrey White
e92a5eb467 Merge pull request #11911 from geoffw0/rncrypt2 
Swift: Add RNCryptor sinks to swift/hardcoded-key
 2023-01-25 15:11:16 +00:00
Rasmus Wriedt Larsen
e8714c9edb Misc: Add Swift to generate-code-scanning-query-list.py 2023-01-25 15:22:20 +01:00
Rasmus Wriedt Larsen
b220c2f51d Misc: Add security-experimental to generate-code-scanning-query-list.py 
Since not all experimental queries is part of this new suite, it's nice
to be able to list them explicitly without having to replicate the logic
from the .qls file.
 2023-01-25 15:20:49 +01:00
Geoffrey White
f6fe627f4b Merge pull request #11914 from geoffw0/rncrypt3 
Swift: Add RNCryptor sinks to swift/constant-salt
 2023-01-25 13:05:33 +00:00
Alex Ford
3dd9392f5e Merge pull request #11869 from alexrford/rails/render_locals_shared 
Ruby: Rails - generalize rails flow step for accessing render locals hash in view
 2023-01-25 12:07:26 +00:00
Erik Krogh Kristensen
39e9eaf2bc Merge pull request #11986 from erik-krogh/redosNote2 
RB: add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS
 2023-01-25 11:56:04 +01:00
Paolo Tranquilli
f4cb920624 Merge pull request #11932 from github/redsun82/swift-docs 
Swift: add and fix some `schema.py` documentation
 2023-01-25 10:52:00 +01:00
Geoffrey White
fe13137b48 Swift: Make default implementations private. 2023-01-25 09:29:03 +00:00