hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 18:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,691 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
484f761c6d Merge pull request #12316 from MathiasVP/no-taint-indirect-direct-conflation 
C++: Remove indirect -> direct taint-flow
 2023-02-28 13:43:04 +00:00
Anders Schack-Mulligen
5469a82efb Go,Java,Python: Fix some tests. 2023-02-28 14:31:00 +01:00
Michael Nebel
734001b7c4 Merge pull request #12334 from michaelnebel/csharp/staticinitialisers 
C#: Update query to handle static field writes from properties.
 2023-02-28 14:10:46 +01:00
Geoffrey White
d5952a174e Merge pull request #12329 from geoffw0/network 
Swift: Modernize the cleartext-* queries
 2023-02-28 13:04:10 +00:00
Michael Nebel
51746627d2 C#: Address review comments. 2023-02-28 13:38:34 +01:00
Felicity Chapman
aba7440293 Update docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2023-02-28 12:29:16 +00:00
Felicity Chapman
832dc27b08 Update docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2023-02-28 12:22:26 +00:00
Michael Nebel
4ef866b3a3 C#: Add change note. 2023-02-28 13:21:31 +01:00
Michael Nebel
baea74fa1b C#: Add new testexamples and update expected testoutput. 2023-02-28 13:21:31 +01:00
Michael Nebel
621674e82e C#: Update cs/static/field-written-by-instance to handle properties. 2023-02-28 13:21:30 +01:00
Chris Smowton
687f3c6b2e Merge pull request #12330 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-02-28 11:27:00 +00:00
Felicity Chapman
0af529ed7b Apply suggestions from code review 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2023-02-28 11:12:29 +00:00
Kasper Svendsen
86925646f3 ReflectedXss: Prevent bad join order 2023-02-28 12:06:27 +01:00
Mathias Vorreiter Pedersen
d93d22ba3e C++: Fix FPs in 'cpp/non-constant-format'. 2023-02-28 10:05:05 +00:00
Michael Nebel
2db3694015 C#: Add code comment explaining the exclusion of the declared accessibility extraction for file scoped types. 2023-02-28 11:02:38 +01:00
Mathias Vorreiter Pedersen
1e5b235f4b C++: Accept test changes in 'cpp/non-constant-format'. These are actually FPs. 2023-02-28 10:02:32 +00:00
Felicity Chapman
b21253732b Update for review feedback 2023-02-28 09:58:51 +00:00
Mathias Vorreiter Pedersen
85c7116e8f C++: Fix the following join (I canceled it mid-way): 
```
Tuple counts for SsaInternals#7b362d2f::getAPriorDefinition#1#ff/2@bfabfc7o after 11.4s:
  1000      ~4%     {2} r1 = SCAN Ssa#da392372::Make#SsaInternals#7b362d2f::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.1, In.0
  474321529 ~0%     {4} r2 = JOIN r1 WITH SsaInternals#7b362d2f::DefOrUse::hasIndexInBlock#3#dispred#ffff_3012#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.2, Rhs.3, Rhs.1
  0         ~0%     {2} r3 = JOIN r2 WITH SsaInternals#7b362d2f::SsaCached::lastRefRedef#4#ffff ON FIRST 3 OUTPUT Lhs.3, Rhs.3
  0         ~0%     {2} r4 = JOIN r3 WITH SsaInternals#7b362d2f::nodeToDefOrUse#3#fff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1 'result'
  0         ~0%     {2} r5 = JOIN r4 WITH SsaInternals#7b362d2f::ssaDefinition#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'defOrUse', Lhs.1 'result'
                    return r5
```
 2023-02-28 09:53:37 +00:00
Anders Schack-Mulligen
64c60d59b1 Go: Fix compilation. 2023-02-28 09:57:22 +01:00
github-actions[bot]
b6f81fc938 Add changed framework coverage reports 2023-02-28 00:17:14 +00:00
Mathias Vorreiter Pedersen
04b84320c9 C++: Accept more query-test changes. 2023-02-28 00:06:35 +00:00
Geoffrey White
5110cf1e02 Swift: Convert some fiddly GRDB database sinks to CSV. 2023-02-27 23:31:48 +00:00
Geoffrey White
f289811473 Swift: Fix and autoformat. 2023-02-27 23:01:05 +00:00
Geoffrey White
ea4c2e4321 Swift: Add CSV extension points. 2023-02-27 23:01:05 +00:00
Geoffrey White
c533334470 Swift: Implementation classes should be private. 2023-02-27 23:01:04 +00:00
Geoffrey White
c21ec1c3f5 Swift: Standardize the taint sources, sinks, sanitizers. 2023-02-27 23:01:04 +00:00
Geoffrey White
6928e62d8b Swift: Split the three sensitive exprs queries into separate QL and QLL files. 2023-02-27 23:01:04 +00:00
Geoffrey White
59a2aa817c Merge branch 'main' into nsstring 2023-02-27 22:34:04 +00:00
Geoffrey White
bb55456885 Merge branch 'main' into taintplusequals2 2023-02-27 22:33:26 +00:00
Ahmed Farid
6a578c62b0 Update TimingAttack.qll 2023-02-27 22:16:09 +01:00
Mathias Vorreiter Pedersen
3906a1923b Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into no-taint-indirect-direct-conflation 2023-02-27 18:40:04 +00:00
Mathias Vorreiter Pedersen
f9c724d9a3 Merge pull request #12325 from MathiasVP/gets-return-deref 
C++: Make `gets` indirect output a LocalFlowSource
 2023-02-27 18:39:36 +00:00
Arthur Baars
6c57823232 Merge branch 'main' into diagnostics-2 2023-02-27 19:00:03 +01:00
Jeroen Ketema
9c202f508f Merge pull request #12324 from jketema/taint-fix 
C++: Use correct DataFlow import in new TaintTracking.qll
 2023-02-27 18:37:46 +01:00
Geoffrey White
36a33bc718 Swift: Delete file that was resurrected by the merge. 2023-02-27 17:33:21 +00:00
Nick Rolfe
0f4df0da99 Merge pull request #12326 from RasmusWL/python-fix-expected 
Python: Fix expected of call-graph after merge
 2023-02-27 17:30:10 +00:00
erik-krogh
b0797a2559 Merge branch 'main' into more-shell-taint 2023-02-27 18:27:09 +01:00
Geoffrey White
296093ded6 Merge branch 'main' into nsstring 2023-02-27 17:26:57 +00:00
Mathias Vorreiter Pedersen
7bb806563f Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into no-taint-indirect-direct-conflation 2023-02-27 17:19:36 +00:00
Mathias Vorreiter Pedersen
d90d895944 Merge pull request #12323 from MathiasVP/fix-enclosing-callable 
C++: Fix missing enclosing callables
 2023-02-27 17:19:06 +00:00
Erik Krogh Kristensen
50aa5e072a Merge pull request #12177 from erik-krogh/alias-html 
JS: More precise type-test sanitizer guards in unsafe-html-construction
 2023-02-27 18:16:11 +01:00
Mathias Vorreiter Pedersen
2a9133aae0 C++: Accept query-test changes. 2023-02-27 17:15:53 +00:00
Mathias Vorreiter Pedersen
d628905156 C++: Accept more test changes. 2023-02-27 17:13:23 +00:00
Felicity Chapman
1d13811e46 Revise troubleshooting article 2023-02-27 16:42:07 +00:00
Rasmus Wriedt Larsen
d198b91c82 Python: Fix expected of call-graph after merge 
Since the import resolution was fixed, but tests not rerun, these
expectations were not updated to reflect that we now handle them
properly 💪
 2023-02-27 17:38:28 +01:00
Edward Minnix III
7f607fb46b Merge pull request #12032 from egregius313/egregius313/promote-hardcoded-jwt-credential 
Java: Promote Hardcoded JWT credential query
 2023-02-27 11:33:53 -05:00
Mathias Vorreiter Pedersen
a4c075f03b C++: The data pointed to by 'gets' is also a source of user input. 2023-02-27 16:25:32 +00:00
Jeroen Ketema
b4f6d519db C++: Use correct DataFlow import in new TaintTracking.qll 
Using the IR version directly gives errors about conflicting imports if both
DataFlow and TaintTracking are imported.
 2023-02-27 17:22:12 +01:00
Felicity Chapman
8e4eb9ad46 Tweaks to mention variant analysis in related articles 2023-02-27 16:21:09 +00:00
erik-krogh
505168f24b fix upper-case .html.erb files 2023-02-27 17:19:43 +01:00