hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,361 Commits 1,673 Branches 157 Tags
codeql-cli/v2.14.6
Commit Graph

58361 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael B. Gale
d189a15737 Exclude poly1305.mac.Write from TaintSteps 
Not available on arm64
 2023-08-11 11:33:52 +01:00
Tom Hvitved
c95b58673a Merge pull request #13939 from hvitved/ruby/captured-access-fix2 
Ruby: Fix another bug in `isCapturedAccess`
 2023-08-11 12:28:39 +02:00
Michael B. Gale
9f51f6f7ac Merge pull request #13948 from github/mbg/go/fix-compare-identical-values-arm64 
Make `CompareIdenticalValues` test work on arm64
 2023-08-11 11:22:49 +01:00
Michael B. Gale
a623733dfa Add location info to TaintSteps query 2023-08-11 11:10:39 +01:00
Michael B. Gale
ee0bfff9f4 Update expected test output for TaintStep 2023-08-11 10:57:11 +01:00
Michael B. Gale
bb56536bfa Update expected test output for LocalTaintStep 2023-08-11 10:57:10 +01:00
Michael B. Gale
14731e8fa3 Bump supported Go version to 1.21 2023-08-11 10:57:10 +01:00
Michael B. Gale
238049a870 Add Go 1.21 builtins 2023-08-11 10:57:10 +01:00
Michael B. Gale
4df4a0f51f Update expected test output for TypeParamType 2023-08-11 10:55:00 +01:00
Michael B. Gale
69589766ec Use Go 1.21 in CI 2023-08-11 10:55:00 +01:00
Michael B. Gale
48c35ce5e9 Use Go 1.21 for extractor 2023-08-11 10:55:00 +01:00
Michael B. Gale
13d4bd9c0a Make CompareIdenticalValues test work on arm64 2023-08-11 10:51:52 +01:00
Owen Mansel-Chan
c10d03e74e Merge pull request #13820 from owen-mc/go/refactor-data-flow-configurations 
Go: Make flow configurations use new data flow API
 2023-08-11 10:49:51 +01:00
Owen Mansel-Chan
35a300f894 Apply suggestions from code review 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2023-08-11 10:06:14 +01:00
Owen Mansel-Chan
b7dfa2347c Put QLDoc on data flow and taint tracking modules 
We preserve all old QLDocs, but move them from the
config to the Flow module. This makes more sense than
the Config module, which is often private, and is generally
not directly accessed.
 2023-08-11 10:06:12 +01:00
Rasmus Wriedt Larsen
ca93f4d223 Python: Accept .expected changes 2023-08-11 10:36:05 +02:00
Stephan Brandauer
a9906f6f7b Java: fix - add extra $@ 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-08-11 09:15:09 +02:00
Rasmus Lerchedahl Petersen
3457f23db5 Python: Add change note 2023-08-10 20:53:43 +02:00
Rasmus Lerchedahl Petersen
e5cd3e8f64 Python: nice locations for import aliases 
These were computed wrongly before.
 2023-08-10 20:27:06 +02:00
Tom Hvitved
b28f60ccd2 Ruby: Add test for documenting missing flow through destructured parameters 2023-08-10 20:22:11 +02:00
Robert Marsh
36bdadfc36 Merge pull request #13933 from geoffw0/madtuples 
Swift: Models-as-data support for tuple content
 2023-08-10 14:17:45 -04:00
Ian Lynagh
58da62e244 Kotlin: Handle null parent IDs in getFunctionLabel correctly 2023-08-10 18:49:10 +01:00
Erik Krogh Kristensen
3e2c6d69f9 Merge pull request #13940 from erik-krogh/rate-default 
JS: change the defaults in the qhelp for missing-rate-limit to something more reasonable
 2023-08-10 19:25:33 +02:00
Geoffrey White
94a5aa450c Swift: Edit the weak sensitive data hashing examples and qhelp to encourage use of HMAC and key derivation algorithms where appropriate. 2023-08-10 18:21:25 +01:00
Owen Mansel-Chan
08e1e8a120 Improve inaccurate deprecation comments 2023-08-10 15:50:08 +01:00
Owen Mansel-Chan
94c15f712a Remove unnecessary fieldFlowBranchLimit 2023-08-10 15:50:06 +01:00
Owen Mansel-Chan
0928fa6e1f Give MyFlowstate a less generic name 2023-08-10 15:50:05 +01:00
Owen Mansel-Chan
36b1a0dc54 Update for recent changes to DsnInjection 2023-08-10 15:50:03 +01:00
Owen Mansel-Chan
2578ef4786 Remove output from running query like a test 2023-08-10 15:50:02 +01:00
Owen Mansel-Chan
089ea010d7 Improve QLDoc for Config::FlowState in StringBreak 2023-08-10 15:50:01 +01:00
Owen Mansel-Chan
e33d303b48 Do not make unnecessary changes 2023-08-10 15:49:59 +01:00
Owen Mansel-Chan
e6c8a0b653 Use more descriptive names for merged path graphs 2023-08-10 15:49:58 +01:00
Owen Mansel-Chan
6b4bf12316 Revert edit to deprecated class 2023-08-10 15:49:57 +01:00
Owen Mansel-Chan
039925164d Keep newline at the end of identical-files.json 
VS Code's JSON formatter removed it automatically. It turns out
that the easiest way to keep it is to use the
`files.insertFinalNewline` setting, which the JSON formatter obeys.
 2023-08-10 15:49:55 +01:00
Owen Mansel-Chan
046e517c3f Remove unnecessary import 2023-08-10 15:49:54 +01:00
Owen Mansel-Chan
81d4149a17 Note deprecation in QLDoc for LogInjection 2023-08-10 15:49:52 +01:00
Owen Mansel-Chan
b6b7e1589c Make taint tracking tests use new API 2023-08-10 15:49:51 +01:00
Owen Mansel-Chan
c11da5bf67 Make taint tracking tests use InlineFlowTest 2023-08-10 15:49:50 +01:00
Owen Mansel-Chan
663fb2cc06 Make taint tracking tests use config from InlineFlowTest 2023-08-10 15:49:48 +01:00
Owen Mansel-Chan
8db3e4a9b4 Make IncorrectIntegerConversion use new API 2023-08-10 15:49:47 +01:00
Owen Mansel-Chan
6c0c8d6963 Make BadRedirectCheck use new API 2023-08-10 15:49:45 +01:00
Owen Mansel-Chan
442dfc1833 Make InsecureTLS use new API 2023-08-10 15:49:44 +01:00
Owen Mansel-Chan
b00e44725c Make CorsMisconfiguration use new API 2023-08-10 15:49:43 +01:00
Owen Mansel-Chan
9b19cde8ab Make SensitiveConditionBypass use new API 2023-08-10 15:49:42 +01:00
Owen Mansel-Chan
2d3d21d074 Make StackTraceExposure use new API 2023-08-10 15:49:40 +01:00
Owen Mansel-Chan
d9844bd4d6 Make WrongUsageOfUnsafe use new API 2023-08-10 15:49:39 +01:00
Owen Mansel-Chan
00ea023fdb Make ConditionalBypass use new API 2023-08-10 15:49:37 +01:00
Owen Mansel-Chan
1b4fef9c21 Make HTMLTemplateEscapingPassthrough use new API 
Removed edges and nodes are mostly duplicates. They were only there
originally due to multiple configurations being in scope.
`DataFlow::PathNode` has union semantics for configurations. Nodes are
only generated if they are reachable from a source, but this includes
sources from other configurations.

No alerts are lost.
 2023-08-10 15:49:36 +01:00
Owen Mansel-Chan
ea1f39683d Make DivideByZero use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:49:35 +01:00
Owen Mansel-Chan
045936b1fd Make PamAuthBypass use new API 2023-08-10 15:49:33 +01:00