hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-02 09:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,360 Commits 1,673 Branches 157 Tags
codeql-cli/v2.14.2
Commit Graph

57360 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
d41d2bc29e Merge pull request #13699 from MathiasVP/final-config-to-invalid-pointer-deref 
C++: Handle call-contexts mismatches in `cpp/invalid-pointer-deref`
 2023-07-18 13:08:21 +01:00
Geoffrey White
efea11fd0f Swift: getFullName. 2023-07-18 12:53:45 +01:00
Alex Ford
e803e98ee4 Merge pull request #13585 from alexrford/rb/rack-env-query-string 
Ruby: add rack `env['QUERY_STRING']` as a remote flow input
 2023-07-18 12:44:07 +01:00
yoff
a1aa16f901 Merge pull request #13745 from GeekMasher/py-mad-xss 
Python - Add Models as Data support for Reflected XSS Query
 2023-07-18 13:39:17 +02:00
Paul Hodgkinson
c7084b6d8e Merge branch 'main' into java/experimental/command-injection 2023-07-18 11:38:44 +01:00
Geoffrey White
1deacf40ca Merge pull request #13660 from geoffw0/regexinjection 
Swift: Query for regular expression injection
 2023-07-18 10:25:30 +01:00
Geoffrey White
96dece3c88 Swift: ReDoS query result changes. 2023-07-18 10:11:22 +01:00
Jeroen Ketema
5d8b203112 Merge pull request #13758 from jketema/val-cat-tests 
C++: Add more IR tests
 2023-07-18 11:02:27 +02:00
Geoffrey White
86c6960e2a Swift: Add RegexUseFlow and modify the role of StringLiteralUseFlow. 2023-07-18 09:49:47 +01:00
Geoffrey White
c76d85df1b Swift: Create a model for RegexCreation. 2023-07-18 09:49:47 +01:00
Geoffrey White
734a00d616 Swift: Rename so that different data flows will be clear. 2023-07-18 09:49:47 +01:00
Geoffrey White
f243e854ae Swift: Move regex dataflow code into a RegexTracking library (similar to the layout in Ruby and Python). 2023-07-18 09:49:36 +01:00
Anders Schack-Mulligen
e72366194b Merge pull request #13754 from aschackmull/java/remotesource-inbarrier 
Java: Exclude source-to-source flow in 5 queries.
 2023-07-18 10:33:44 +02:00
Geoffrey White
b5a8a8d431 Merge pull request #13715 from geoffw0/parsemode 
Swift: Recognize regular expression parse mode flags
 2023-07-18 09:09:56 +01:00
Jeroen Ketema
e2de94b233 C++: Add more IR tests 
These show the value categories for more static member calls, and show that
a load occurs when a `volatile` variable is being used in an empty context.
 2023-07-18 08:40:54 +02:00
Jeroen Ketema
a426010b06 Merge pull request #13621 from MathiasVP/deprecate-ast-dataflow 
C++: Deprecate AST dataflow
 2023-07-18 08:13:47 +02:00
Robert Marsh
81a25b23ba Swift: fix tests for array concatenation 2023-07-17 19:10:46 +00:00
Robert Marsh
d4b635d674 Swift: add ArrayContent summary support 2023-07-17 19:09:05 +00:00
Robert Marsh
169326ffe5 Swift: support array keypath reads in dataflow 2023-07-17 18:05:06 +00:00
Robert Marsh
0b35be284e Swift: additional dataflow tests for arrays 2023-07-17 18:03:20 +00:00
Owen Mansel-Chan
a7469ce4f1 Use Origin() 2023-07-17 16:11:25 +01:00
Geoffrey White
ddb499071c Swift: Pragmatic fix for CustomUrlSchemes.qll. 2023-07-17 16:10:37 +01:00
Mathias Vorreiter Pedersen
d63ead55dc C++: Remove barrier that's no longer needed. 2023-07-17 15:59:35 +01:00
Geoffrey White
05cb429635 Swift: Add CfgConsistency.expected. 2023-07-17 15:59:18 +01:00
Robert Marsh
ef9376d39c Swift: more ArrayContent tests 2023-07-17 14:58:40 +00:00
Mathew Payne
6ef55aa14f Update python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-07-17 15:44:38 +01:00
Geoffrey White
70a9fe3974 Swift: Change note. 2023-07-17 15:42:56 +01:00
Geoffrey White
eca2c21af5 Swift: Model referrerURL. 2023-07-17 15:42:51 +01:00
Geoffrey White
bc4724b1fb Swift: Test the customurlschemes fields that inherit taint. 2023-07-17 15:39:02 +01:00
Ian Lynagh
8a0286ec34 Java: Improve the diagnostics consistency query 
Diagnostics can be easier to read if you see them in the order in which
they were generated. By selecting the compilation and indexes, they get
sorted by the testsuite driver.

d.getCompilationInfo(c, f, i) would be a bit more natural as
d = c.getDiagnostic(f, i), but currently we don't import Diagnostic into
the default ('import java') namespace, and I don't think it's worth
changing that for this.
 2023-07-17 15:37:05 +01:00
Geoffrey White
869ad2eb65 Apply suggestions from code review 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2023-07-17 15:17:24 +01:00
Max Schaefer
9432fec612 JavaScript: Improve qhelp for js/server-crash. 
The examples now use `fs.access` instead of the deprecated `fs.exists`. I have also rewritten the async/await example, since as of Node.js v15 the default behaviour for uncaught exceptions has changed to terminating the process instead of logging a warning, making the previous advice incorrect.
 2023-07-17 14:44:23 +01:00
Alex Ford
27ee72c265 Merge remote-tracking branch 'origin/main' into rb/rack-env-query-string 2023-07-17 14:11:25 +01:00
Alex Ford
06aefe01b8 Update ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-07-17 14:08:44 +01:00
Alex Ford
ab1f341aa6 Merge pull request #13566 from alexrford/rb/rack-params 
Ruby: add `Rack::Request` params and cookies as remote input sources
 2023-07-17 14:07:20 +01:00
Mathias Vorreiter Pedersen
11f2681904 Merge pull request #13740 from MathiasVP/unique-entry-point 
C++: Exclude invalid functions from new range analysis
 2023-07-17 13:32:50 +01:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Mathias Vorreiter Pedersen
be95d29589 Documentation: Update version number. 2023-07-17 11:08:40 +01:00
Mathew Payne
e3d75c488e Merge branch 'main' into py-mad-xss 2023-07-17 11:08:09 +01:00
Mathias Vorreiter Pedersen
8c21699040 C++: Accept test changes. 2023-07-17 10:51:42 +01:00
Mathias Vorreiter Pedersen
f9db6a9868 C++: Don't do range analysis on malformed IR. 2023-07-17 10:15:01 +01:00
Geoffrey White
69b98c769c Merge pull request #13354 from geoffw0/sharedsensitive2 
Swift: Improve SensitiveExprs.qll Heuristics
 2023-07-17 09:16:09 +01:00
Geoffrey White
4644b7184b Swift: # -> // 2023-07-17 09:12:01 +01:00
Alvaro Muñoz
eacecab689 remove PrepareContext 2023-07-17 09:16:32 +02:00
Anders Schack-Mulligen
6770d2a49b Java: Exclude source-to-source flow in 5 queries. 2023-07-17 09:06:49 +02:00
Owen Mansel-Chan
a2a2e93cfd Fix printing when one obj is nil 2023-07-15 07:06:16 +01:00
Owen Mansel-Chan
0b8353eb64 Merge pull request #13602 from pwntester/ruby/add_gqlgen_support 
Go: Add support for the gqlgen library
 2023-07-15 07:04:09 +01:00
Maiky
3f36d3244b Fix singleton set literal 2023-07-15 00:18:21 +02:00
Alvaro Muñoz
0ea0d54050 gofmt -w . 2023-07-14 22:15:40 +02:00
Maiky
378313332b Fix sink 2023-07-14 20:55:24 +02:00