hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,785 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.1
Commit Graph

59785 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
61bfc4ec09 Merge pull request #14204 from hvitved/ruby/simplify-viable-callable 
Ruby: Simplify `viableSourceCallableNonInit`
 2023-09-14 15:36:47 +02:00
Robert Marsh
dd01da4938 Swift: AST and CFG tests for nil coalescing 2023-09-14 13:26:41 +00:00
Ian Lynagh
52d924924b Kotlin: Extract LighterAST comments as well as PSI comments 2023-09-14 14:24:52 +01:00
Mathias Vorreiter Pedersen
6ce7a56b41 Merge pull request #14190 from github/alexdenisov/await-inconsistencies 
Swift: fix CFG for identity expressions (await, dot_self, parent)
 2023-09-14 14:15:31 +01:00
Harry Maclean
5411123b8a Ruby: Fix GraphQL test 2023-09-14 14:14:26 +01:00
Robert Marsh
62953cb250 Swift: document "ArrayElement" case in MaD 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-09-14 09:11:35 -04:00
Robert Marsh
6ad78eba05 Swift: ArrayContent aliased to CollectionContent 2023-09-14 13:08:36 +00:00
Mathias Vorreiter Pedersen
b0566af938 C++: Accept test changes. 2023-09-14 14:04:12 +01:00
Mathias Vorreiter Pedersen
36b7b6cffe C++: Fix phi-phi flow. 2023-09-14 14:02:03 +01:00
Mathias Vorreiter Pedersen
2a55034e55 C++: Add failing test. 2023-09-14 14:01:48 +01:00
Michael Nebel
e577fb68bd C#: Add integration test for dotnet dotnet. 2023-09-14 14:59:49 +02:00
Michael Nebel
8768b9e3dd C#: Fix tracer issue with dotnet dotnet. 2023-09-14 14:49:57 +02:00
Erik Krogh Kristensen
7e7852eff6 Merge pull request #13641 from erik-krogh/multi-char 
JS/RB: write qhelp for `incomplete-multi-character-sanitization`
 2023-09-14 14:48:30 +02:00
Harry Maclean
57ae1ee3e9 Ruby: Add test for GraphQL remote flow sources 2023-09-14 13:46:52 +01:00
Harry Maclean
1526fff085 Ruby: Add missing doc comments 2023-09-14 13:46:37 +01:00
Alex Eyers-Taylor
d79a2c7674 CPP:Make __is_trivial a builtin operation. 2023-09-14 12:50:36 +01:00
Harry Maclean
20f1a74202 Ruby: Restrict GraphQL remote flow sources 
Previously we considered any splat parameter in a graphql resolver to be
a remote flow source. Now we limit that to reads of the parameter which
yield scalar types (e.g. String), as defined by the GraphQL schema.

This should reduce GraphQL false positives.
 2023-09-14 12:14:56 +01:00
Harry Maclean
4168245fc0 Ruby: Fix doc comments 2023-09-14 10:02:27 +01:00
Harry Maclean
29a8a82e92 Ruby: add more docs for splat flow 2023-09-14 09:26:42 +01:00
Tom Hvitved
97ed5b8afb Ruby: Improvments to splat flow 
- Only step through a `SynthSplatParameterElementNode` when there is a splat parameter
  at index > 0.
- Model read+stores via `SynthSplatArgumentElementNode` as a single read-store
  step in type tracking.
 2023-09-14 09:26:42 +01:00
Harry Maclean
bf51cbad88 Ruby: Update test fixture 2023-09-14 09:26:38 +01:00
Tom Hvitved
e11a4b63e9 Ruby: Remove SynthSplatArgParameterNode 2023-09-14 09:26:38 +01:00
Harry Maclean
5a6a52b767 Ruby: Use fewer SynthSplatArgumentElementNodes 
In cases such as

    def f(x, *y); end

    f(*[1, 2])

we don't need any `SynthSplatArgumentElementNodes`. We get flow from the
splat argument to a `SynthSplatParameterNode` via `parameterMatch`, then
from element 0 of the synth splat to the positional param `x` via a
read step.

We add a read step from element 1 to `SynthSplatParameterElementNode(1)`.
From there we get flow to element 0 of `*y` via an existing store step.
 2023-09-14 09:26:38 +01:00
Harry Maclean
4c1beea465 Ruby: Address review comments 2023-09-14 09:26:33 +01:00
Paolo Tranquilli
168aca0af4 Swift: add release notes 2023-09-14 10:25:16 +02:00
Paolo Tranquilli
fc51f4a80e Swift: add update/downgrade scripts 2023-09-14 10:22:59 +02:00
Paolo Tranquilli
270c6407f0 Swift: accept test changes 2023-09-14 10:18:41 +02:00
Paolo Tranquilli
8d02bcc3cb Swift: change non-generated TypeDecl.ql 2023-09-14 10:18:24 +02:00
Michael Nebel
b9acf1a4ee Merge pull request #14111 from michaelnebel/csharp/reduceprojectrestore 
C#: Avoid explicitly restoring projects in solution files.
 2023-09-14 10:06:49 +02:00
Paolo Tranquilli
cf1667c325 Swift: update extractor after schema changes 2023-09-14 10:05:17 +02:00
Paolo Tranquilli
4d3aecfff6 Swift: rename base_types to syntactic_base_types in TypeDecl 2023-09-14 10:03:52 +02:00
Harry Maclean
3c8683428b Ruby: Model more splat flow (alternative approach) 2023-09-14 08:55:59 +01:00
Harry Maclean
9ccd8cd248 Ruby: Update documentation 2023-09-14 08:54:49 +01:00
Harry Maclean
ef63ea8399 Ruby: Update fixture 2023-09-14 08:54:48 +01:00
Harry Maclean
7ebd51163e Ruby: Handle more splat arg flow 
Allow flow from a splat argument to a positional parameter in cases
where there are positional arguments left of the splat. For example:

    def foo(x, y, z); end

    foo(1, *[2, 3])
 2023-09-14 08:54:48 +01:00
Tom Hvitved
e258324960 Ruby: Allow for implicit array reads at all sinks during taint tracking 2023-09-14 09:40:05 +02:00
Chuan-kai Lin
d8fb875bbb Merge pull request #14214 from github/cklin/pick-js-fix-2.14.5 
Cherry pick "fix out of bounds string access in isUsingDecl" into 2.14.5
codeql-cli/v2.14.5 		2023-09-13 14:21:47 -07:00
erik-krogh
cc3a76f7f5 fix out of bounds string access in isUsingDecl 2023-09-13 14:16:02 -07:00
Erik Krogh Kristensen
111227e763 Merge pull request #14211 from erik-krogh/usingOutOfBounds 
JS: fix out of bounds string access in isUsingDecl
 2023-09-13 22:23:15 +02:00
Erik Krogh Kristensen
b019fb3e91 Merge pull request #14212 from erik-krogh/usingOutOfBounds-hotfix 
JS: fix out of bounds string access in isUsingDecl
 2023-09-13 22:23:13 +02:00
Robert Marsh
e0fae764f1 Swift: move IteratorProtocol model to its own file 2023-09-13 20:09:17 +00:00
erik-krogh
c6b8c444d0 fix out of bounds string access in isUsingDecl 2023-09-13 21:53:49 +02:00
Robert Marsh
20de4c625c Swift: autoformat DataFlowPrivate 2023-09-13 18:57:27 +00:00
Robert Marsh
86bd2168ec Swift: breaking change note for array content removal 2023-09-13 18:34:30 +00:00
Robert Marsh
0b66be5f07 Swift: restore ArrayElement as an alias for CollectionElement 2023-09-13 18:29:03 +00:00
Robert Marsh
43ca192ceb Swift: remove ArrayContent in UnsafeJsEvalQuery 2023-09-13 18:26:06 +00:00
erik-krogh
fdd349c1a3 fix out of bounds string access in isUsingDecl 2023-09-13 20:11:21 +02:00
Geoffrey White
6aa8daeeb6 Swift: Fix inline expectations. 2023-09-13 19:06:54 +01:00
Geoffrey White
535a69cd8b Merge branch 'main' into logfix 2023-09-13 19:01:52 +01:00
Geoffrey White
e109892388 Merge pull request #14189 from geoffw0/protocol2 
Swift: Consistent additional taint steps between the cleartext-* queries
 2023-09-13 18:44:20 +01:00