hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 18:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,865 Commits 1,691 Branches 160 Tags
codeql-cli/v2.13.1
Commit Graph

53865 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
346086524b Python: Accept dataflow-consistency test changes 
To PRs must have had a conflict when merged separately
 2023-03-21 10:09:01 +01:00
Stephan Brandauer
3134ad859e Merge branch 'main' into java/update-mad-decls-after-triage-2023-03-20T12-45-37 2023-03-21 10:04:00 +01:00
Tony Torralba
1f991807d4 Merge pull request #12366 from github/java/update-mad-decls-after-triage-2023-03-02T12-08-59 
Java: Update MaD Declarations after Triage
 2023-03-21 09:40:03 +01:00
Jeroen Ketema
2fdfa0808a C++: Refactor experimental queries to use DataFlow::ConfigSig 2023-03-21 09:16:59 +01:00
Jeroen Ketema
1f75c3836e C++: Refactor dataflow examples to use DataFlow::ConfigSig 2023-03-21 09:16:58 +01:00
Jeroen Ketema
4e752369c5 Merge pull request #12598 from jketema/default-config 
C++: Adjust the internals of default taint tracking to use `DataFlow::ConfigSig`
 2023-03-21 08:59:27 +01:00
Erik Krogh Kristensen
cc46d7fef3 Merge pull request #12605 from github/dependabot/cargo/ql/serde-1.0.158 
Bump serde from 1.0.157 to 1.0.158 in /ql
 2023-03-21 08:20:13 +01:00
dependabot[bot]
7420e90a46 Bump serde from 1.0.157 to 1.0.158 in /ql 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.157 to 1.0.158.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.157...v1.0.158)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-21 04:06:18 +00:00
Raul Garcia
1400b4b520 Update UnsafeUsageOfClientSideEncryptionVersion.ql 
*  predicate `isUnsafeClientSideAzureStorageEncryptionViaObjectCreation` was not useful (it was meant to detect the SDK code, not its usage)
* fixed & simplified `isUnsafeClientSideAzureStorageEncryptionViaAttributes`, the original query was not finding the right code.
NOTE: tested with a real project: https://github.com/wastore/azure-storage-samples-for-python/tree/master/ClientSideEncryptionToServerSideEncryptionMigrationSamples/ClientSideEncryptionV1ToV2
 2023-03-20 18:52:58 -07:00
Raul Garcia
569c38c833 Cleanup main 
cleanup main
 2023-03-20 18:38:42 -07:00
Raul Garcia
c3cb3ad477 Cleaning up main branch 
Cleaning up main branch
 2023-03-20 18:32:37 -07:00
Raul Garcia
c169e8360e Merge branch 'github:main' into main 2023-03-20 17:44:37 -07:00
github-actions[bot]
6598cc44ee Add changed framework coverage reports 2023-03-21 00:15:33 +00:00
Jeroen Ketema
7cdd2b69c9 C++: Adjust the internals of default taint tracking to use DataFlow::ConfigSig 2023-03-20 18:58:16 +01:00
AlexDenisov
43b3f379e9 Merge pull request #12596 from github/redsun82/swift-do-not-print-labels-in-function-types 
Swift: remove labels from function type printing
 2023-03-20 18:01:02 +01:00
Gulshan Singh
bae1dfebb2 Address some review comments on RangeNode class 2023-03-20 09:46:03 -07:00
Gulshan Singh
e2fdfbb71f Add RangeNode class 2023-03-20 09:46:02 -07:00
Ed Minnix
b64ca5dcaa Remove "private" marker from configurations 2023-03-20 12:26:54 -04:00
Ed Minnix
c7816ea180 Conform Config modules to naming convention 2023-03-20 12:26:54 -04:00
Ed Minnix
8856730843 Refactor CWE-614/InsecureCookie 2023-03-20 12:26:54 -04:00
Ed Minnix
de6959c688 Refactor CWE-209/StackTraceExposure 2023-03-20 12:26:54 -04:00
Ed Minnix
73a17536f5 Refactor CWE-129 queries 2023-03-20 12:26:54 -04:00
Ed Minnix
ae57807359 Refactor CWE-089 Sql queries 2023-03-20 12:26:54 -04:00
Ed Minnix
e6e974a752 Refactor CWE-079/SqlConcatenated 2023-03-20 12:26:54 -04:00
Ed Minnix
c1ee2dce61 Refactor CWE-078/ExecTaintedLocal 2023-03-20 12:26:54 -04:00
Edward Minnix III
ac58299d9e Merge pull request #12541 from egregius313/egregius313/refactor-queries-to-new-dataflow-api 
Java: Refactor more queries to the new DataFlow module API
 2023-03-20 12:24:26 -04:00
Tony Torralba
1258812428 Fix Argument[this] 2023-03-20 17:13:44 +01:00
Tony Torralba
f685b93379 Add change note 2023-03-20 17:09:48 +01:00
Tony Torralba
a66b7ed54a Fix incorrect model, add missing model 2023-03-20 17:09:48 +01:00
Stephan Brandauer
0cab45e4b9 update old data to current standard (stream creation arg is a sink) 2023-03-20 17:09:48 +01:00
Stephan Brandauer
8802fbdfe7 Update java/ql/lib/ext/java.nio.file.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-20 17:09:48 +01:00
Stephan Brandauer
bc227179c7 Update java/ql/lib/ext/org.geogebra.web.full.main.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-20 17:09:48 +01:00
Tony Torralba
bc99a44f3a Apply suggestions from code review 2023-03-20 17:09:48 +01:00
Stephan Brandauer
12bb0d98c0 move toFile back to its original location 2023-03-20 17:09:48 +01:00
Stephan Brandauer
4761c3a328 remove duplicates 2023-03-20 17:09:48 +01:00
Stephan Brandauer
bd21dc9460 remove nonexploitable sinks 2023-03-20 17:09:48 +01:00
Stephan Brandauer
b7ce0c2d96 fix: taint flow of ctor goes to Argument[-1], instead of ReturnValue 2023-03-20 17:09:48 +01:00
Stephan Brandauer
2236db43ec sort the changed MaD declarations 2023-03-20 17:09:46 +01:00
Stephan Brandauer
74e261738f remove predicate 2023-03-20 17:06:40 +01:00
Stephan Brandauer
ec1762e015 Update MaD Declarations after Triage 2023-03-20 17:06:37 +01:00
Tony Torralba
fa60fa0ae2 Merge pull request #12572 from github/java/update-mad-decls-after-triage-2023-03-17T15-01-35 
Java: Update MaD Declarations after Triage
 2023-03-20 17:02:27 +01:00
Paolo Tranquilli
aaea976cf2 Swift: remove labels from function type printing 2023-03-20 16:43:34 +01:00
Anders Schack-Mulligen
3876e4335f Merge pull request #12420 from kaspersv/kaspersv/dataflow-remove-alias-preds 
Dataflow: Remove revFlowAlias and revFlowApAlias predicates
 2023-03-20 16:30:15 +01:00
Alex Ford
be163cfc38 Merge pull request #12311 from maikypedia/maikypedia/ruby-ssti 
Ruby: Add Server Side Template Injection query
 2023-03-20 15:26:27 +00:00
Michael Nebel
17b3383043 Merge pull request #12556 from michaelnebel/java/argumentthis 
Java: Argument[-1] -> Argument[this]
 2023-03-20 15:59:59 +01:00
Erik Krogh Kristensen
a9d40d39d9 Merge pull request #12550 from erik-krogh/useNumberUtil 
Java/Python: use Number.qll to parse hex numbers in regex parsing
 2023-03-20 15:50:31 +01:00
Erik Krogh Kristensen
0f813ce2e8 Merge pull request #12543 from erik-krogh/reg-perf 
ReDoS: restrict the edges considered in polynomial-redos for complex regular expressions
 2023-03-20 15:48:35 +01:00
Rasmus Wriedt Larsen
2ee09cc5d1 Merge branch 'main' into import-refined 2023-03-20 15:42:01 +01:00
Rasmus Wriedt Larsen
93c9f59e86 Python: Extract version specific coverage/classes.py tests 
Since we can analyze operator.py from Python3, but not in Python 2
(since it's implemented in C), we get a difference for the index tests.

note: `operator.length_hint` is only available in Python 3.4 and later,
so would always fail under Python 2.
 2023-03-20 15:39:20 +01:00
Jeroen Ketema
c56c1cbb62 Merge pull request #12588 from jketema/boost-config 
C++: Refactor `BoostorgAsio` to use `DataFlow::ConfigSig`
 2023-03-20 15:31:35 +01:00