hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-05 17:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,689 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephan Brandauer
4761c3a328 remove duplicates 2023-03-20 17:09:48 +01:00
Stephan Brandauer
bd21dc9460 remove nonexploitable sinks 2023-03-20 17:09:48 +01:00
Stephan Brandauer
b7ce0c2d96 fix: taint flow of ctor goes to Argument[-1], instead of ReturnValue 2023-03-20 17:09:48 +01:00
Stephan Brandauer
2236db43ec sort the changed MaD declarations 2023-03-20 17:09:46 +01:00
Stephan Brandauer
74e261738f remove predicate 2023-03-20 17:06:40 +01:00
Stephan Brandauer
ec1762e015 Update MaD Declarations after Triage 2023-03-20 17:06:37 +01:00
Tony Torralba
fa60fa0ae2 Merge pull request #12572 from github/java/update-mad-decls-after-triage-2023-03-17T15-01-35 
Java: Update MaD Declarations after Triage
 2023-03-20 17:02:27 +01:00
Paolo Tranquilli
aaea976cf2 Swift: remove labels from function type printing 2023-03-20 16:43:34 +01:00
Anders Schack-Mulligen
3876e4335f Merge pull request #12420 from kaspersv/kaspersv/dataflow-remove-alias-preds 
Dataflow: Remove revFlowAlias and revFlowApAlias predicates
 2023-03-20 16:30:15 +01:00
Alex Ford
be163cfc38 Merge pull request #12311 from maikypedia/maikypedia/ruby-ssti 
Ruby: Add Server Side Template Injection query
 2023-03-20 15:26:27 +00:00
Michael Nebel
17b3383043 Merge pull request #12556 from michaelnebel/java/argumentthis 
Java: Argument[-1] -> Argument[this]
 2023-03-20 15:59:59 +01:00
Erik Krogh Kristensen
a9d40d39d9 Merge pull request #12550 from erik-krogh/useNumberUtil 
Java/Python: use Number.qll to parse hex numbers in regex parsing
 2023-03-20 15:50:31 +01:00
Erik Krogh Kristensen
0f813ce2e8 Merge pull request #12543 from erik-krogh/reg-perf 
ReDoS: restrict the edges considered in polynomial-redos for complex regular expressions
 2023-03-20 15:48:35 +01:00
Rasmus Wriedt Larsen
2ee09cc5d1 Merge branch 'main' into import-refined 2023-03-20 15:42:01 +01:00
Rasmus Wriedt Larsen
93c9f59e86 Python: Extract version specific coverage/classes.py tests 
Since we can analyze operator.py from Python3, but not in Python 2
(since it's implemented in C), we get a difference for the index tests.

note: `operator.length_hint` is only available in Python 3.4 and later,
so would always fail under Python 2.
 2023-03-20 15:39:20 +01:00
Jeroen Ketema
c56c1cbb62 Merge pull request #12588 from jketema/boost-config 
C++: Refactor `BoostorgAsio` to use `DataFlow::ConfigSig`
 2023-03-20 15:31:35 +01:00
yoff
6639e5a97b Merge pull request #12590 from yoff/python/patch-uninitialized-local 
Python: Patch uninitialized local query
 2023-03-20 15:11:14 +01:00
Rasmus Lerchedahl Petersen
6a5db750c4 python: add test to validation (and fix it) 2023-03-20 15:07:46 +01:00
yoff
17c9ba9872 Merge pull request #12464 from yoff/python/add-test-captured-in-collection 
python: add test for captured variables in lists
 2023-03-20 15:01:58 +01:00
Rasmus Lerchedahl Petersen
ed15cce31f python: add change note 2023-03-20 14:22:58 +01:00
Chuan-kai Lin
8c738b77a3 Merge pull request #12574 from cklin/document-upgrade-query-predicates 
Document upgrade query predicates
 2023-03-20 06:16:34 -07:00
Rasmus Lerchedahl Petersen
b042c60ca3 python: remove outdated comment 2023-03-20 14:13:48 +01:00
Stephan Brandauer
39726a54ec fix suggestion 2023-03-20 14:12:46 +01:00
Rasmus Lerchedahl Petersen
72e97918e9 python: format 2023-03-20 14:11:10 +01:00
Jeroen Ketema
bbe95367d6 C++: Simplify SslContextCallMake 2023-03-20 14:00:03 +01:00
Geoffrey White
a19579d21b Merge pull request #12587 from geoffw0/finishbitwise 
Swift: Remove special case for bitwise operations
 2023-03-20 12:59:31 +00:00
Stephan Brandauer
116108851f Update MaD Declarations after Triage 2023-03-20 13:45:39 +01:00
Jeroen Ketema
2968c12e12 Merge pull request #12583 from jketema/move-print 
C++: Move SsaConsistency to its own file
 2023-03-20 13:41:29 +01:00
Jeroen Ketema
9997326804 C++: Refactor BoostorgAsio to use DataFlow::ConfigSig 2023-03-20 13:37:18 +01:00
Rasmus Lerchedahl Petersen
5f438e433d python: exclude nonlocals from query 2023-03-20 13:34:39 +01:00
Kasper Svendsen
1d2f1b6ae6 Address comments 2023-03-20 13:34:14 +01:00
Ed Minnix
83b0d073f0 Fix typo in QLDoc 2023-03-20 08:11:01 -04:00
Ed Minnix
1c661fd3ac Add missing QLDocs 2023-03-20 08:10:07 -04:00
Kasper Svendsen
e0e3a1d621 Dataflow: remove revFlowApAlias trick 2023-03-20 13:04:13 +01:00
Rasmus Lerchedahl Petersen
9b7a20f4ad python: add example showing FP 2023-03-20 13:03:26 +01:00
Ed Minnix
84fd5f7ee0 Fix naming of ZipSlip configuration 2023-03-20 07:55:23 -04:00
Ian Lynagh
fcf1f6a6f9 Kotlin: Don't use distutils in build script 
We were getting
    DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives
during the build.
 2023-03-20 11:49:54 +00:00
Ed Minnix
60a4a79537 Make the Config module of public Flow modules public 
This is to make things easier for the CodeML/ATM team once these
configurations are moved from `src/` to `lib/`.
 2023-03-20 07:47:55 -04:00
Edward Minnix III
9aa83d78e1 Merge pull request #12575 from egregius313/egregius313/ql/dataflow-naming-convention-check 
QL: add a check to enforce naming convention for new `DataFlow::ConfigSig` modules
 2023-03-20 07:26:01 -04:00
Edward Minnix III
1c06afffe5 Merge pull request #12578 from egregius313/egregius313/conform-dataflow-configs-to-config-naming-convention 
Conform dataflow config modules to follow `*Config` naming convention
 2023-03-20 07:25:10 -04:00
Geoffrey White
166902bfa0 Swift: Remove the special case for bitwise operations in the XXE query (but upgrade that bit of the query to taint flow as appears to be intended). 2023-03-20 11:18:17 +00:00
erik-krogh
ef498020c2 PY: dont depend on codeql/util in src/ now that its added to lib/ 2023-03-20 12:11:06 +01:00
Geoffrey White
1f8a165611 Swift: Add a couple of extra test cases. 2023-03-20 10:58:58 +00:00
Paolo Tranquilli
029d924e6d Merge pull request #12580 from github/redsun82/swift-more-precise-successfully-extracted-query 
Swift: make `SuccessfullyExtractedFiles.ql` more precise
 2023-03-20 11:05:54 +01:00
Erik Krogh Kristensen
2270d6fa61 fix typo 
Co-authored-by: Taus <tausbn@github.com>
 2023-03-20 10:56:30 +01:00
Alex Ford
4b1171ce64 Merge branch 'main' into maikypedia/ruby-ssti 2023-03-20 09:55:53 +00:00
Tony Torralba
27fc14236f Add change note 2023-03-20 10:48:56 +01:00
Tony Torralba
bff8bbfe33 Apply suggestions from code review 2023-03-20 10:43:46 +01:00
Jeroen Ketema
91b069603d C++: Move SsaConsistency to its own file 
This removes the import of the `Print` library in places that are used in
production and not just debugging.
 2023-03-20 10:31:33 +01:00
Michael Nebel
01ade878ea Java: Update test comments to use this instead of -1. 2023-03-20 10:14:20 +01:00