hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 16:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,689 Branches 159 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
b56869551d Python: Support more dictionary read/store steps 
The `setdefault` behavior is kinda strange, but no reason not to support
it.
 2023-04-21 14:18:50 +02:00
Rasmus Wriedt Larsen
6e31f64aaa Python: Add test for dictionary flow 2023-04-21 14:18:46 +02:00
Erik Krogh Kristensen
4bf03e7962 Merge pull request #12897 from github/dependabot/cargo/ql/regex-1.8.0 
Bump regex from 1.7.3 to 1.8.0 in /ql
 2023-04-21 12:57:33 +02:00
Asger F
f3b14e13b2 Merge pull request #12841 from asgerf/rb/api-graph-class-nodes 
Ruby: add API node representing a module/class object
 2023-04-21 10:59:51 +02:00
Harry Maclean
ac1d250596 Shared: fix language prefix in extractor 2023-04-21 15:07:47 +07:00
Paolo Tranquilli
55f23ffa6f Merge branch 'main' into redsun82/swift-logging-assertions-and-prints 2023-04-21 09:18:48 +02:00
Michael Nebel
239a763ef9 Merge pull request #12845 from michaelnebel/csharp/xssrefactor 
C#: Re-factor Xss to use the new data flow API.
 2023-04-21 08:55:07 +02:00
dependabot[bot]
149753c052 Bump regex from 1.7.3 to 1.8.0 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.7.3 to 1.8.0.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/commits)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-04-21 04:03:04 +00:00
Ed Minnix
64ea4833d9 Erase generics in typeAsModel 2023-04-20 17:09:36 -04:00
Jami Cogswell
85542638d7 Java: refactor CaptureModelsSpecific; resolve conflict for isInTestFile 2023-04-20 16:23:12 -04:00
Jami Cogswell
94f11029ee Java: refactor ExternalApi 2023-04-20 16:19:15 -04:00
Jami Cogswell
2ae4b646a0 Java: adjust genVsMan query test cases 2023-04-20 16:19:15 -04:00
Jami Cogswell
2ca8103a7e Java: remove isImplicitlyPublic predicate since not needed for this use-case 2023-04-20 16:19:15 -04:00
Jami Cogswell
5dbd11a584 Java: move veryPublic predicate 2023-04-20 16:19:15 -04:00
Jami Cogswell
fa1a6da60d Java: update genVsMan query test case 2023-04-20 16:19:15 -04:00
Jami Cogswell
7c72ece4a0 Java: update genVsMan coverage query to use ModelApi instead of DataFlowTargetApi 2023-04-20 16:19:15 -04:00
Jami Cogswell
9828ad0fc3 Java: add draft of class to represent callables we are interested in modeling 2023-04-20 16:19:15 -04:00
Jami Cogswell
2e76e12316 Java: add class and predicates to approximate an effectively public method 2023-04-20 16:19:15 -04:00
Geoffrey White
bfbd45a220 Swift: Fix CSV field sinks. 2023-04-20 18:14:34 +01:00
Geoffrey White
d317ad80e5 Swift: Convert to CSV sinks. 2023-04-20 17:53:00 +01:00
Nora Dimitrijević
1f861fda25 Merge pull request #12736 from d10c/swift/capture-flow 
Swift: Closure Capture Helper APIs
 2023-04-20 18:45:56 +02:00
Michael Nebel
0fdeeba46f C#: Re-refactor Xss to use the new API. 2023-04-20 18:38:15 +02:00
Geoffrey White
380bf21a38 Swift: Update InsecureTLSExtensions.ql sinks to not depend on AssignExpr. 2023-04-20 17:15:48 +01:00
Geoffrey White
c1a95d57bb Swift: Add some test cases. 2023-04-20 17:15:47 +01:00
Edward Minnix III
76f8d460e7 Merge pull request #12851 from egregius313/egregius313/mad/add-groovy-stubs-to-isInTestFile 
Java: Add `*/test/*` to model generator's list of ignored paths
 2023-04-20 11:06:38 -04:00
Paolo Tranquilli
00436828a9 Merge pull request #12883 from github/redsun82/swift-default-output-dir 
Swift: aggregate default output directories
 2023-04-20 16:58:31 +02:00
Alex Ford
9dc04f30ac Ruby: model sqlite3 2023-04-20 15:47:14 +01:00
Kasper Svendsen
b707c8162e Prevent Ruby join order regression 2023-04-20 15:52:32 +02:00
Paolo Tranquilli
c7378a1e5b Merge branch 'main' into redsun82/swift-default-output-dir 2023-04-20 15:12:07 +02:00
Arthur Baars
94e0828ab9 Merge pull request #12793 from aibaars/js-yaml-extractor 
JavaScript: switch to shared YamlPopulator
 2023-04-20 14:46:06 +02:00
Michael Nebel
aa8291e13f Merge pull request #12870 from michaelnebel/csharp/refactordataflow6 
C#: Re-factor data flow and taint tracking configurations to use the new API.
 2023-04-20 14:31:20 +02:00
Kasper Svendsen
51b6da4183 Merge pull request #12875 from kaspersv/kaspersv/prevent-ruby-join-order-regression 
Prevent Ruby join order regression
 2023-04-20 13:50:40 +02:00
Kasper Svendsen
603a97faf9 Prevent Python join order regression 2023-04-20 13:44:30 +02:00
Luke Cartey
9dc1ea1216 Merge branch 'main' into mcafee-trojan-fp 2023-04-20 12:34:38 +01:00
Erik Krogh Kristensen
377aa68bb3 Merge pull request #12854 from natejohnson05/js-insecure-http-parser 
JS - NodeJS CWE-444 InsecureHTTPParser
 2023-04-20 13:09:45 +02:00
Luke Cartey
a47778c22e Update SimpleXmlRpcServer.ql to avoid av detection 
This file was being flagged by McAfee as an `Exploit-Generic.src`
trojan. We have attempted to report this to Mcafee without success so
far. This commit therefore adjusts the file to avoid detection.
 2023-04-20 11:59:18 +01:00
Asger F
1d0a0dec6f JS: Fix typo 2023-04-20 12:48:17 +02:00
Asger F
1acc0d2ddf JS: Update model of js-yaml 2023-04-20 12:47:13 +02:00
Michael Nebel
656d8d2451 Sync files. 2023-04-20 11:29:51 +02:00
Michael Nebel
c71278ceb7 C#: Introduce parameterized module for merging three path graphs. 2023-04-20 11:29:34 +02:00
Paolo Tranquilli
60c723e7cc Swift: aggregate default output directories 
In case the extractor is run in isolation for debugging/testing, this
will avoid littering the current working directory with artifacts, and
instead having a single `extractor-out` directory to inspect or clean
up.

Also extractor logs have been nested into a `swift` directory, as the
log directory provided by the `codeql` cli is actually shared between
languages.
 2023-04-20 09:20:11 +02:00
Harry Maclean
8091d57f03 Shared: Remove unused type 2023-04-20 08:07:40 +07:00
Harry Maclean
da9a49d6e4 QL: Use high level extractor API 2023-04-20 08:07:40 +07:00
Harry Maclean
c4d7658cc6 Shared: high level API for the shared extractor 
This API makes it easy to create an extractor for simple use cases.
 2023-04-20 08:07:40 +07:00
Jeroen Ketema
b6a7661c7e Merge pull request #12880 from MathiasVP/use-after-free-fps 
C++: Add some use-after-free FP tests
 2023-04-19 20:07:10 +02:00
smiddy007
bda0ef3a75 Merge branch 'github:main' into JS-Allow-Truncated-Hash-Forge-NonKeyCipher 2023-04-19 13:40:32 -04:00
smiddy007
4f7275f064 Reformat doc and move change note 2023-04-19 13:39:18 -04:00
Nate Johnson
88411ce439 Merge branch 'main' into js-insecure-http-parser 2023-04-19 13:36:24 -04:00
smiddy007
31b56bf966 Update javascript/ql/lib/change-notes/2023-04-13-Forge-truncated-sha512-hash 
Co-authored-by: Asger F <asgerf@github.com>
 2023-04-19 13:32:23 -04:00
Mathias Vorreiter Pedersen
533e1d818b C++: Add some use-after-free FPs. 2023-04-19 17:01:55 +01:00