hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 09:11:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,689 Branches 159 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
803b9d38cc Add missing tests and models for json-patch 2023-04-12 14:19:02 +01:00
Chris Smowton
5e74930881 Add missing tests and models for go-pg/pg/orm.Formatter 2023-04-12 14:19:02 +01:00
Chris Smowton
3c8182b521 Format and reorder 2023-04-12 14:19:02 +01:00
Chris Smowton
9e38e8d675 Restore model of builtin copy function. 
This is another with no real signature type.
 2023-04-12 14:19:01 +01:00
Chris Smowton
0249669299 Accept test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
c752777022 Accept test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
c011e013e1 fixup restoration of variadic models 2023-04-12 14:19:01 +01:00
Chris Smowton
7c8db6eace Restore QL modelling for the built-in append function. 2023-04-12 14:19:01 +01:00
Chris Smowton
a796ddb95b Accept paths-only test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
77b8103cc1 Adapt tests not to depend on TaintTracking::FunctionModel 2023-04-12 14:19:01 +01:00
Chris Smowton
2e70fada8d Bump Go version on test referencing go 1.20 methods 
This turned out not to matter for the extractor, but it means we can check the build using `go build`.
 2023-04-12 14:19:01 +01:00
Chris Smowton
a673610e18 Adapt query not to depend on TaintTracking::FunctionModel 2023-04-12 14:19:01 +01:00
Chris Smowton
c8407ba323 Revert variadic functions to use non-MaD models 2023-04-12 14:19:01 +01:00
Chris Smowton
16e3acf592 Restore old-style taint models for the unsafe package 
These functions don't have proper signature types, so are not suited to MaD models
 2023-04-12 14:19:00 +01:00
Chris Smowton
2c65e68c5f Adapt HTTP response body association to MaD models 2023-04-12 14:19:00 +01:00
Chris Smowton
2677a945f3 Autoformat 2023-04-12 14:19:00 +01:00
Chris Smowton
53723479c8 Enable model inheritence by subinterfaces 
Previously only a concrete (non-interface) method could inherit such a model
 2023-04-12 14:19:00 +01:00
Chris Smowton
9c45192a4e Remove spurious duplicate models 2023-04-12 14:19:00 +01:00
Chris Smowton
c242c28af9 Use $ANYVERSION to allow applying a model to all versions of a given package 2023-04-12 14:19:00 +01:00
Chris Smowton
f36a2143f5 Accept more test changes; add some missing models 2023-04-12 14:19:00 +01:00
Chris Smowton
bfc8db90af Accept test changes 
This is 1x path changes without result changes, and 1x expected change since the Encode function is no longer modelled using TaintTracking::FunctionModel
 2023-04-12 14:19:00 +01:00
Chris Smowton
d49840ee8e Restore mistakenly-deleted models 2023-04-12 14:19:00 +01:00
Chris Smowton
11b457d5bf Allow - character in Go package names 2023-04-12 14:19:00 +01:00
Chris Smowton
e98c70c482 Restore mistakenly deleted model 2023-04-12 14:19:00 +01:00
Chris Smowton
1b7f529949 Restore reverse-flow models 2023-04-12 14:19:00 +01:00
Chris Smowton
de0caf2445 Go: mass-convert taint-flow models to models-as-data format 2023-04-12 14:18:44 +01:00
Chris Smowton
51ebc0bef2 Amend test now that DataFlowCallable != Callable 2023-04-12 14:15:54 +01:00
Chris Smowton
a5e5a5780d Use FlowSummaryImpl::Private::summaryParameterNodeRange 2023-04-12 14:15:54 +01:00
Chris Smowton
4ea4e0dcca Go: seperate real and synthetic callables 
This means that when a function has a real body and a summary (usually because it has a real definition in source, and implements an interface that has a model), two callables are created and dispatch considers both possible paths.

This specifically overcomes the difficulty with ParameterNodes when the real callable, if any, may or may not define an SsaNode, either because the real parameter is unused or because it is anonymous. Now the synthetic callable will always have parameter nodes, while the real one may or may not depending on whether a definition is present and
whether or not it names or uses its parameter.
 2023-04-12 14:15:54 +01:00
Erik Krogh Kristensen
cfb273ae01 Merge pull request #12799 from erik-krogh/oneColumn 
JS: use 1-based column locations for diagnostics
 2023-04-12 14:48:20 +02:00
Alexandre Boulgakov
f4b79ea07d Merge pull request #12784 from github/sashabu/keypaths 
Swift: Extract structured keypath components.
 2023-04-12 13:12:22 +01:00
Asger F
b819f55203 Merge pull request #12792 from asgerf/js/redux-model-perf 
JS: add getForwardingFunction and use to sharpen useSelector model
 2023-04-12 14:09:59 +02:00
Taus
beae3e9187 Python: Clarify version data 2023-04-12 11:53:16 +00:00
Alexandre Boulgakov
b890e2ef96 Swift: Use camelCase in KeyPathComponent predicates. 2023-04-12 12:50:50 +01:00
erik-krogh
d3cc1d6991 update expected output of diagnostics test 2023-04-12 13:42:05 +02:00
erik-krogh
b1957623c1 add browser history as XSS sink 2023-04-12 13:38:18 +02:00
Erik Krogh Kristensen
8cb54b748b Merge pull request #12787 from tyage/add-router-sink 
JS: Add New XSS sink - Next.js router.push/replace
 2023-04-12 13:30:21 +02:00
Alexandre Boulgakov
64443dfdcf Swift: Add named predicates for known KeyPathComponent kinds. 2023-04-12 12:06:14 +01:00
Mathias Vorreiter Pedersen
d1e3c1b407 C++: Fix joins in 'select' of 'cpp/constant-array-overflow'. 2023-04-12 11:39:35 +01:00
Mathias Vorreiter Pedersen
ab70f5722e C++: More QLDoc. 2023-04-12 11:22:31 +01:00
Michael Nebel
c787bb2ff9 C#: Re-factor the callablereturnarg tests. 2023-04-12 11:47:42 +02:00
Michael Nebel
9c5b8e2894 C#: Update expected output of tests using the inline flow test framework. 2023-04-12 11:15:15 +02:00
Michael Nebel
5c586c3afd C#: Re-factor the InlineFlowTest framework. 2023-04-12 11:15:15 +02:00
Michael Nebel
61b8f97b75 C#: Re-factor the flowsources test. 2023-04-12 11:15:15 +02:00
Michael Nebel
f00c97810a C#: Re-factor the NHibernate test. 2023-04-12 11:15:14 +02:00
Michael Nebel
9c60c4b3d9 C#: Re-factor the JsonNet test. 2023-04-12 11:15:14 +02:00
Michael Nebel
1f0fbfaef0 C#: Re-factor the EntityFramework test. 2023-04-12 11:15:14 +02:00
Michael Nebel
4023cd3b4c C#: Re-factor the dataflow/global tests. 2023-04-12 11:15:14 +02:00
Michael Nebel
a2c7388282 C#: Re-factor the ExternalFlow test. 2023-04-12 11:15:14 +02:00
Michael Nebel
bd886202f6 C#: Re-factor the Async test. 2023-04-12 11:15:14 +02:00