hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 11:11:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,820 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.6
Commit Graph

51820 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
6106edd5e2 Swift: add INTERNAL doc marker to ql.internal classes 2023-01-17 10:30:59 +01:00
Paolo Tranquilli
b22da25e05 Swift: remove ql.internal classes from global import 2023-01-17 10:18:03 +01:00
Paolo Tranquilli
48825442c3 Swift: add ql.internal pragma in schema definitions 2023-01-17 10:10:35 +01:00
Paolo Tranquilli
cdc99b5240 Swift: simplify pragma definition 2023-01-17 10:10:02 +01:00
Geoffrey White
449ebb8a12 Swift: Add tests for RNCryptor library. 2023-01-17 09:03:07 +00:00
Paolo Tranquilli
e3502e2e5f Merge branch 'main' into redsun82/swift-open-redirection 2023-01-17 09:43:00 +01:00
Alex Denisov
63b4e5ef5c Swift: do not trace lsregister 2023-01-17 09:26:31 +01:00
Erik Krogh Kristensen
51bd1ef1e1 Merge pull request #11884 from erik-krogh/qlWin 
QL/Ryby: fix qltest on Windows
 2023-01-16 21:57:01 +01:00
Antoine Taillefer
660e6d7085 Fix partial path traversal Java example 
The Java recommendation example for the "Partial path traversal vulnerability from remote" query doesn't seem right to me. Indeed, the following statement doesn't compile, since `dir.getCanonicalPath()` returns a String:
```
dir.getCanonicalPath().toPath()
```
Maybe the author wanted to state `dir.getCanonicalFile().toPath()`, which would compile, but is useless compared to `dir.getCanonicalPath()`.

Moreover, `parent.getCanonicalFile().toPath()` or `parent.getCanonicalPath()` will **not** be slash-terminated, contrary to what the description says.
From what I can see (and test), the correct fix is to concatenate `File.separator` to the parent canonical path.
 2023-01-16 21:14:29 +01:00
Rasmus Wriedt Larsen
690a09d9b6 Python: new-call-graph: pragma[noinline] => pragma[nomagic] 
As suggested by @tausbn. Obviously, this needs to be performance tested.
 2023-01-16 20:45:44 +01:00
Rasmus Wriedt Larsen
a3b7273844 Python: Fix duplicated meta query id 2023-01-16 20:33:28 +01:00
Rasmus Wriedt Larsen
3fcb8f3f4b Python: Accept suggestions from code-review 2023-01-16 20:33:28 +01:00
Jeroen Ketema
a892ae8764 C++: Fix spurious results in default taint tracking 2023-01-16 19:10:10 +01:00
erik-krogh
dcc1c3d487 add --working-dir=. to pre-finalize for c# 2023-01-16 18:09:00 +01:00
Ian Lynagh
17de5c120a Kotlin: Make a couple of functions private 2023-01-16 15:29:14 +00:00
Tony Torralba
bd5619147d Merge pull request #11590 from atorralba/atorralba/swift/sensitive-info-logs 
Swift: Add Cleartext Logging query
 2023-01-16 16:22:20 +01:00
erik-krogh
713599963b add --working-dir to Ruby qltest.cmd to fix Windows 2023-01-16 15:37:35 +01:00
erik-krogh
9e153cfb0d change the Ruby-build test such that Windows fails 2023-01-16 15:37:35 +01:00
erik-krogh
587adea809 QL: add --working-dir to qltest.cmd to fix qltest 2023-01-16 15:37:14 +01:00
erik-krogh
2c1ecb507d fix windows 2023-01-16 15:36:57 +01:00
erik-krogh
1de65131fe add compilation cache to QL-for-QL tests 2023-01-16 15:36:57 +01:00
erik-krogh
0685732e3f delete ql/ specific format step now that we have an all-languages format check 2023-01-16 15:36:57 +01:00
erik-krogh
1d62751e15 test QL-for-QL on mac/win 2023-01-16 15:36:55 +01:00
Tony Torralba
0017461e2d Update swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-01-16 15:35:58 +01:00
Tony Torralba
cca6a13fbb Update java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.qhelp 2023-01-16 14:21:03 +01:00
Rasmus Wriedt Larsen
a1513cc1d3 Python: Minor QLDoc fix 2023-01-16 14:07:11 +01:00
Rasmus Wriedt Larsen
dfbb744a7a Python: Add comment on *args argument handling 2023-01-16 14:04:25 +01:00
Rasmus Wriedt Larsen
e5e5d84361 Python: Add change-note 2023-01-16 13:44:24 +01:00
Michael Nebel
8981d4c06b C#: Add change note. 2023-01-16 13:43:26 +01:00
Rasmus Wriedt Larsen
61151d4aa7 Merge branch 'main' into call-graph-code 2023-01-16 13:39:15 +01:00
Michael Nebel
2f602a629f C#: Add upgrade and downgrade scripts. 2023-01-16 13:27:37 +01:00
Erik Krogh Kristensen
8ccc384043 Merge pull request #11858 from erik-krogh/moreSpawn 
JS: track shell:true more in js/shell-command-constructed-from-input
 2023-01-16 13:24:50 +01:00
Erik Krogh Kristensen
59a8b21851 Merge pull request #10862 from erik-krogh/unsafeCodeConstruction 
Rb: Add an `unsafe-code-construction` query
 2023-01-16 13:22:58 +01:00
Michael Nebel
3552a41552 C#: Add test case for static abstract and static virtual interface members. 2023-01-16 13:07:50 +01:00
Michael Nebel
dc50b6bad3 C#: Support for operators in implements relations. 2023-01-16 13:07:50 +01:00
Michael Nebel
8c2931cbb8 C#: Operators are now allowed to be declared virtual. 2023-01-16 13:07:50 +01:00
erik-krogh
d072ed969e update clap to 3.0 in QL-for-QL 2023-01-16 12:34:56 +01:00
Paolo Tranquilli
874fe2b8f9 Swift: introduce an in-memory file hash cache 
File hashing is now done internally in `SwiftFileInterception` (and
exported as a `getHashOfRealFile` function for future use in linkage
awareness), and using a per-process in-memory cache. The persistent
caching of paths is removed, so the solution is now robust against input
file changes during the build.

For the same reason, the hash to artifact mapping have the symlinks
reversed now. The artifacts themselves are stored using the hash as
filenames, and the original paths of the artifacts are reacreated in the
scratch dir with symlinks mostly for debugging purposes (to understand
what artifact each hash corresponds to, and to follow what was built by
the extractor).
 2023-01-16 12:05:36 +01:00
Tony Torralba
fdb3b65bce Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-01-16 11:57:37 +01:00
Tony Torralba
7f880a24df Merge pull request #11886 from jelaiw/jelaiw-patch-1 
Fix small typo in good/bad code sample.
 2023-01-16 09:43:23 +01:00
Paolo Tranquilli
738412260f Merge branch 'main' into redsun82/swift-open-redirection 2023-01-16 09:09:10 +01:00
jelaiw
cf7189bb28 Fix small typo in good/bad code sample. 2023-01-13 19:16:11 -06:00
Geoffrey White
1a416884d4 C++: Do something similar with the other three cases. 2023-01-14 00:09:01 +00:00
Geoffrey White
316117f5c9 C++: Reduce number of regexps. 2023-01-13 18:50:41 +00:00
Geoffrey White
2f09f0e2c1 C++: Turn the huge list into a predicate. 2023-01-13 18:47:18 +00:00
Geoffrey White
13ae15b867 C++: Add tests for more edge cases. 2023-01-13 18:38:29 +00:00
Jami Cogswell
fb6725ddaa Java: add WithoutElement comment for clear methods 2023-01-13 13:20:45 -05:00
Mathias Vorreiter Pedersen
2dbacbc302 Merge pull request #11841 from MathiasVP/swift-add-integral-types 
Swift: Add integral type classes
 2023-01-13 17:30:57 +00:00
Robert Marsh
601b43ac0a Merge branch 'main' into rdmarsh2/parameterize-range-analysis 
Conflicting change to boundedPhiInp copied to RangeAnalysisStage.qll
 2023-01-13 12:06:21 -05:00
Geoffrey White
c9a0067705 Swift: Remove flow in cases with multiple variables. 2023-01-13 16:37:23 +00:00