hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 08:06:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,361 Commits 1,673 Branches 157 Tags
codeql-cli/v2.14.6
Commit Graph

58361 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
e219281016 C#: Speed up ForwarderAssertMethod 
Avoids the following bad predicate

```
[2023-08-29 10:03:13] (252s) Tuple counts for _Callable#f85cebf6::Callable::getBody#0#dispred#ff_Variable#afb43847::Variable::getAnAccess#0#dispre__#join_rhs/5@43feb6tl after 4m0s:
                      4416261    ~203%     {4} r1 = JOIN _Callable#f85cebf6::Callable::getAParameter#0#dispred#ff_10#join_rhs_Variable#afb43847::Variable::ge__#shared WITH Callable#f85cebf6::Callable::getBody#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1 'arg1', Lhs.2 'arg2', Lhs.0 'arg3', Rhs.1 'arg4'
                      1189565718 ~152%     {5} r2 = JOIN r1 WITH Variable#afb43847::Variable::getAnAccess#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.0 'arg1', Lhs.1 'arg2', Lhs.2 'arg3', Lhs.3 'arg4'
                                           return r2
```
 2023-08-29 11:25:20 +02:00
Michael Nebel
946854bd17 C#: Base the EmptyBlock test on stubs. 2023-08-29 11:24:10 +02:00
Tom Hvitved
1ac9d2ee5b CFG: Compute splitsToString using concat, and exclude partial split sets 2023-08-29 11:23:56 +02:00
Michael Nebel
7068da25f0 C#: Base the Documentation tests on stubs. 2023-08-29 11:22:51 +02:00
Michael Nebel
dd274422d1 Merge pull request #14079 from bgrainger/fix-unsynchronized-static-access-docs 
Delete thin space from documentation
 2023-08-29 11:17:52 +02:00
Michael Nebel
f2bf540209 C#: Base the Dead Code tests on stubs. 2023-08-29 11:15:43 +02:00
Rasmus Wriedt Larsen
49d510018d Python: Add change-note 2023-08-29 11:11:32 +02:00
Rasmus Wriedt Larsen
0b2458d065 Python: Improve modeling of Flask jsonify 
I also tested whether `Flask.jsonify` or `Flask().jsonify` worked, but
they do not.
 2023-08-29 11:11:32 +02:00
Rasmus Wriedt Larsen
26319bfc04 Python: Fix Flask jsonify XSS regression 
The reason the result was found before, is that `jsonify(data)` was
modeled as TWO separate subclasses of `Http::Server::HttpResponse`, one
because of the implicit construction in return
(FlaskRouteHandlerReturn), and one from the `jsonify` call
(FlaskJsonifyCall). Due to the QL evaluation, we got a combination from
the two, meaning mime-type from FlaskRouteHandlerReturn and body from
FlaskJsonifyCall...
 2023-08-29 11:11:32 +02:00
Jean Helie
de76c0749a Java: Automodel Framework Mode: Add Candidates for Regression Testing 2023-08-29 09:53:55 +01:00
Mathias Vorreiter Pedersen
d14ad92dbd Merge pull request #14006 from MathiasVP/promote-invalid-pointer-deref-out-of-experimental 
C++: Promote `cpp/invalid-pointer-deref` out of experimental
 2023-08-29 09:38:56 +01:00
Rasmus Wriedt Larsen
b36fd9fdab Python: Add jsonify XSS regression example 2023-08-29 10:38:49 +02:00
Mathias Vorreiter Pedersen
f3a77c6006 Merge pull request #14060 from MathiasVP/fix-compare-where-assign-meant-fp 
C++: Fix FP in `cpp/compare-where-assign-meant`
 2023-08-29 09:38:39 +01:00
Mathias Vorreiter Pedersen
dbdb433957 Merge pull request #14058 from alexet/delete-or-delete-array 
CPP: Add parent class for delete and delete[]
 2023-08-29 09:38:07 +01:00
Michael Nebel
d3ba7e6b3c C#: Re-factor using statements order in autobuilder. 2023-08-29 10:10:30 +02:00
Michael Nebel
5f4861f72e Merge pull request #14069 from michaelnebel/csharp/nugetexe 
C#: Download `nuget.exe` in the dependency manager (if not present).
 2023-08-29 10:04:50 +02:00
Michael Nebel
5de8d9181d C#: Address review comments. 2023-08-29 09:33:11 +02:00
Jeroen Ketema
0d1fd88729 Merge pull request #14050 from jketema/inline-6 
Consolidate all `InlineFlowTest` libraries in the dataflow qlpack
 2023-08-29 09:30:35 +02:00
Tom Hvitved
bce47fe344 C#: Bump all dependencies 2023-08-29 09:24:39 +02:00
Kevin Stubbings
29e14f7d8d Feedback, Format, Add Change Notes 2023-08-28 14:15:21 -07:00
Bradley Grainger
d10597f69d Delete thin space from documentation. 
Update the MSDN link to avoid an unnecessary redirection and use the correct anchor.
 2023-08-28 11:02:38 -07:00
Dave Bartolomeo
3343b78015 Merge pull request #14074 from github/post-release-prep/codeql-cli-2.14.3 
Post-release preparation for codeql-cli-2.14.3
 2023-08-28 13:34:10 -04:00
github-actions[bot]
3eba77421a Post-release preparation for codeql-cli-2.14.3 2023-08-28 15:53:49 +00:00
Mathias Vorreiter Pedersen
f65fe34513 C++: Add false positive caused by flowing back into a function after doing reverse reads. 2023-08-28 14:45:16 +01:00
Asger F
d4cfa8c2b8 Java: autoformatting changes 2023-08-28 15:35:06 +02:00
Asger F
d2fe4d235a Java: Inline VariableWrite.getSource() 2023-08-28 15:34:48 +02:00
Michael Nebel
e19c7758ed C#: Cleanup NugetPackages.cs. 2023-08-28 15:19:16 +02:00
Michael Nebel
6e4865ddd9 C#: Download nuget.exe to the source directory in case it is not installed. 2023-08-28 15:14:13 +02:00
Michael Nebel
b6c2ea520b C#: Some re-factoring of NugetPackages and logic for file downloading. 2023-08-28 15:14:13 +02:00
yoff
2e981e330b Merge pull request #14059 from RasmusWL/fix-loginjection-tests 
Python: Fix stdlib sinks in LogInjection query
 2023-08-28 14:44:51 +02:00
yoff
6e05246daa Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
Rasmus Wriedt Larsen
c807ab4216 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-08-28 14:04:22 +02:00
yoff
826b8e6aa5 Merge pull request #14067 from RasmusWL/modern-dataflowquerytests 
Python: Adopt tests to new `DataflowQueryTest`
 2023-08-28 13:54:34 +02:00
erik-krogh
78487d437f add test for await using in TypeScript 2023-08-28 13:30:35 +02:00
erik-krogh
1e3387f2c5 Merge branch 'main' into ts52 2023-08-28 13:22:56 +02:00
Michael Nebel
e7dbe9f289 Merge pull request #14028 from michaelnebel/csharp/dependencygetfiles 
C#: Improve GetFiles in the Dependency Manager.
 2023-08-28 12:53:28 +02:00
Rasmus Wriedt Larsen
38b78128c0 Merge pull request #13990 from RasmusWL/experimental-cleanup 
Python: Port old experimental points-to based queries
 2023-08-28 12:11:17 +02:00
Rasmus Wriedt Larsen
889cb7a95b Python: Adopt tests to new DataflowQueryTest 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:44:01 +02:00
Rasmus Wriedt Larsen
9c44235782 Python: Modernize DataflowQueryTest.qll 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:40:41 +02:00
Rasmus Wriedt Larsen
7cba6cd1d8 Python: Update .expected files 
Due to change in path-graph, and including LHS of assignments
 2023-08-28 11:33:44 +02:00
Rasmus Wriedt Larsen
0f242475f2 Merge branch 'main' into experimental-cleanup 2023-08-28 11:01:22 +02:00
Rasmus Wriedt Larsen
0dca8a5d86 Python: Remove old points-to modeling file 
Since all of this was ported already
 2023-08-28 10:40:45 +02:00
Rasmus Wriedt Larsen
39e2b133e9 Python: Fix naming 2023-08-28 10:40:33 +02:00
erik-krogh
be2712698b add support for await using in the JS parser 2023-08-28 09:34:13 +02:00
erik-krogh
1cbee6a8a4 delete leftover todo comment that was implemented 2023-08-28 08:40:35 +02:00
Mathias Vorreiter Pedersen
bb1712b489 Merge branch 'main' into reuse-even-more-nodes 2023-08-26 18:08:58 +01:00
Alex Ford
9957e2683b Merge pull request #13313 from maikypedia/maikypedia/ldap-improper-auth 
Ruby: Add Improper LDAP Authentication query (CWE-287)
 2023-08-25 20:52:34 +01:00
Alexander Eyers-Taylor
ea2140dc7d Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-08-25 17:15:08 +01:00
Alex Eyers-Taylor
8badf10a53 CPP: Add change notes for changes to DeleteExpr/DeleteArrayExpr 2023-08-25 17:13:34 +01:00
Alex Ford
ae635c609f Ruby: autoformat 2023-08-25 17:11:07 +01:00