hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 10:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,865 Commits 1,691 Branches 160 Tags
codeql-cli/v2.13.1
Commit Graph

53865 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ed Minnix
5f4e8e3e6a Add test cases relating to intents with the ACTION_INSTALL_PACKAGE action 2023-03-08 12:12:10 -05:00
Ed Minnix
f03e90f894 Remove http(s) literal sources 2023-03-08 12:12:10 -05:00
Edward Minnix III
839b88a4bc Formatting, capitalization, and typos 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-08 12:12:10 -05:00
Ed Minnix
b606271a61 Additional documentation 2023-03-08 12:12:10 -05:00
Ed Minnix
01b20b3a26 Added external storage test case 2023-03-08 12:12:10 -05:00
Ed Minnix
c448481bf7 Added test expectations 2023-03-08 12:12:10 -05:00
Ed Minnix
12f78dbed4 Add DataFlow::PathGraph import 2023-03-08 12:12:10 -05:00
Ed Minnix
cd5a46123e Add a change note 2023-03-08 12:12:10 -05:00
Ed Minnix
2d6cdff14b Add period to alert message 2023-03-08 12:12:10 -05:00
Ed Minnix
0ec4df28f5 Add query metadata 2023-03-08 12:12:10 -05:00
Ed Minnix
3f589722c2 Refactor query to change returned source 2023-03-08 12:12:10 -05:00
Ed Minnix
618b608962 Arbitrary APK Installation MVP 2023-03-08 12:12:10 -05:00
Owen Mansel-Chan
9fc119cc55 Rearrange diagnostic error message 
The context should come in the middle and the call to action should come
last.
 2023-03-08 17:09:52 +00:00
Robert Marsh
6bfa08c5cc Merge branch 'main' into rdmarsh2/swift/constructor-flow 2023-03-08 16:40:11 +00:00
Owen Mansel-Chan
63d3b3ff2a Fix diagnostic-limit-reached visibility and location 2023-03-08 16:34:29 +00:00
Owen Mansel-Chan
0d6f17ec90 Do not use field internal, which is deprecated 2023-03-08 16:34:01 +00:00
Robert Marsh
b941d54f1f C++ Move RangeAnalysis to work around shadowing 2023-03-08 11:32:37 -05:00
Robert Marsh
50fac3060c C++: split RA into constant and relative phases 2023-03-08 11:32:36 -05:00
Robert Marsh
3bf3876c14 Swift: fix FPs with inout params in inits 2023-03-08 16:20:39 +00:00
Owen Mansel-Chan
17c550bc88 Address review comments 2023-03-08 15:51:45 +00:00
Arthur Baars
7ab0f88f78 JS: add link to docs to parse error diagnostic 2023-03-08 16:47:43 +01:00
Arthur Baars
ebf0bb889b Ruby: add some integration tests for diagnostic messages 2023-03-08 16:35:43 +01:00
Arthur Baars
e5be8ab1e5 JS: add integration test for diagnostic messages 2023-03-08 16:04:49 +01:00
Jeroen Ketema
30cbc91092 C++: Update XXE XML query with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
6f2407412e C++: Update some dataflow tests to use DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
8253f2d343 C++: Update UnsafeDaclSecurityDescriptor with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
7fe1a9431c C++: Update PotentiallyExposedSystemData with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
53aa34bdd3 C++: Update UnsafeCreateProcessCall with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
af612a12de C++: Update TlsSettingsMisconfiguration with DataFlow::ConfigSig 2023-03-08 15:04:52 +01:00
Jeroen Ketema
4363a8ea30 C++: Update leap year queries with DataFlow::ConfigSig 2023-03-08 15:04:52 +01:00
Jeroen Ketema
e65ba13da4 C++: Update NonConstantFormat with DataFlow::ConfigSig 2023-03-08 15:04:52 +01:00
Jeroen Ketema
661160a98e C++: Update PrivateCleartextWrite with DataFlow::ConfigSig 2023-03-08 15:04:45 +01:00
Michael B. Gale
ce937e78c0 Merge pull request #12383 from github/mbg/csharp/fix/diag-filename 
C#: Append process id to diagnostics filename
 2023-03-08 14:04:29 +00:00
Arthur Baars
22c6c53993 Merge pull request #12434 from aibaars/diagnostics-links 
Ruby: add some links to diagnostic messages
 2023-03-08 14:41:46 +01:00
Mathias Vorreiter Pedersen
a247a8b3ea Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-08 13:35:35 +00:00
Mathias Vorreiter Pedersen
e68bb53a6b Merge pull request #12435 from jketema/more-config 
C++: Convert a number of data flow based queries to use `ConfigSig`
 2023-03-08 13:25:54 +00:00
Mathias Vorreiter Pedersen
619266d04b C++: Fix floating point imprecision. 2023-03-08 13:24:01 +00:00
Mathias Vorreiter Pedersen
ce0f2b1788 C++: Accept test changes. 2023-03-08 13:23:58 +00:00
Mathias Vorreiter Pedersen
b0cb65403b C++: Add range analysis for unary minus. 2023-03-08 13:23:18 +00:00
Mathias Vorreiter Pedersen
4cb5bea2c6 C++: Add simple negation test cases. 2023-03-08 13:23:05 +00:00
Michael Nebel
29ee1bda50 Merge pull request #12369 from michaelnebel/csharp/unsafestubs 
C#: .NET 7 Runtime and ASP.NET 7 stubs.
 2023-03-08 13:54:23 +01:00
Michael Nebel
6adc04eca0 Merge pull request #12370 from michaelnebel/csharp/unsafemember 
C#: Improve the `unsafe` predicate on Modifiable.
 2023-03-08 13:47:59 +01:00
Anders Schack-Mulligen
e7f85673e9 Java: Fix tests and make modules private 2023-03-08 13:35:25 +01:00
Michael B. Gale
71d0a2378b Append process id to diagnostics filename 2023-03-08 12:15:46 +00:00
Arthur Baars
2d6f3ed6c2 Address comments 2023-03-08 13:10:03 +01:00
Mathias Vorreiter Pedersen
c84d88f5aa Merge pull request #12429 from MathiasVP/actually-implement-language-specific-flow-into-call-node-cand1 
C++: Implement `getAdditionalFlowIntoCallNodeTerm`
 2023-03-08 11:58:56 +00:00
yoff
a45a0ee50d Merge pull request #12425 from RasmusWL/arg-passing-problem 
Python: Add test of keyword argument with same name as positional-only parameter
 2023-03-08 12:01:26 +01:00
Maiky
5a9a90d00b Move query to experimental 2023-03-08 11:50:04 +01:00
Mathias Vorreiter Pedersen
8308c661b4 Merge pull request #12432 from MathiasVP/fix-ir-uninitialized-node 
C++: Fix `asUninitialized`
 2023-03-08 10:03:46 +00:00
Chris Smowton
a63a4c29e2 Go: fix incorrect-integer-conversion sanitizer 
This was amended as part of https://github.com/github/codeql/pull/12186, but the conversion was inadequate because the new implementation didn't work when a sink (type conversion) led directly to a non-`localTaintStep` step, such as a store step or an interprocedural step. Here I move the sink back one step to the argument of the type
conversion and sanitize the result of the conversion instead, to ensure there is always a unique local successor to a sink.

This should eliminate unexpected extra results that resulted from https://github.com/github/codeql/pull/12186. Independently there are also *lost* results that stem from needing a higher `fieldFlowBranchLimit` that are not addressed in this PR, but raising that limit is a performance risk and so I will address this separately.
 2023-03-08 09:48:35 +00:00