hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 15:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,239 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.2
Commit Graph

60239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
625e889c62 Merge pull request #14339 from erik-krogh/range-printing 
JS/PY/RB/Java: escape unicode chars in overly-large-range
 2023-10-09 14:22:38 +02:00
Geoffrey White
57e32b47b7 Merge pull request #14386 from geoffw0/swiftperf 
Swift: defaultImplicitTaintRead performance improvement
 2023-10-09 13:07:11 +01:00
Geoffrey White
62b0ebf2fe Merge pull request #14407 from geoffw0/grdbsinks 
Swift: Add sinks for the GRDB database library to swift/hardcoded-key
 2023-10-09 12:58:17 +01:00
erik-krogh
e1b2f81f43 Revert "update doc example to not use isBarrierGuard" 
This reverts commit 28f8c1cc11.
 2023-10-09 13:29:41 +02:00
erik-krogh
ef63d9dd47 use a bigger compilation cache in the compile-queries workflow 2023-10-09 13:21:37 +02:00
Michael Nebel
cf3a62d201 Java: Address review comments. 2023-10-09 13:06:59 +02:00
Anders Schack-Mulligen
4a0ab4a050 Merge pull request #14402 from Marcono1234/marcono1234/MemberRefExpr-getReceiverExpr 
Java: Add predicate `MemberRefExpr::getReceiverExpr`
 2023-10-09 13:01:36 +02:00
Anders Schack-Mulligen
8c6a1be070 Merge pull request #14401 from Marcono1234/marcono1234/ClassInstanceExpr-type-argument-doc 
Java: Adjust `ClassInstanceExpr` type argument predicates docs
 2023-10-09 13:01:18 +02:00
Robert
e38ba27a65 Merge pull request #14408 from github/robertbrignull/telemetryLevel-docs 
Update about-telemetry-in-codeql-for-visual-studio-code.rst to mention telemtry.telemetryLevel
 2023-10-09 11:38:33 +01:00
Robert
ada331588f Update about-telemetry-in-codeql-for-visual-studio-code.rst to mention telemtry.telemetryLevel 2023-10-09 11:04:52 +01:00
Jeroen Ketema
f7bd801e00 Merge pull request #11716 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-09 11:26:14 +02:00
Mathias Vorreiter Pedersen
a1d417d8b6 Merge pull request #14385 from alexet/ir-debug-perf 
CPP: Improve performance of IR debugging
 2023-10-09 11:21:03 +02:00
Tony Torralba
0258dd4fed Merge pull request #14379 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-10-09 10:06:22 +02:00
erik-krogh
a7ab9fd93b add change-notes 2023-10-09 09:43:06 +02:00
erik-krogh
f48b47c656 JavaScript: add import that populate the shared abstract classes 2023-10-09 09:14:55 +02:00
erik-krogh
57c757c0a6 Ruby: delete outdated deprecation in test code 2023-10-09 09:14:55 +02:00
erik-krogh
194f918c0b Python: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
erik-krogh
c2942b37a7 JS: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
erik-krogh
e0fefce2a3 Ruby: delete various deprecated predicates 2023-10-09 09:14:54 +02:00
erik-krogh
e3e8f3d7c4 Java: delete various outdated deprecations 2023-10-09 09:14:54 +02:00
erik-krogh
689eda4dae CPP: delete the deprecated AnalysedString class 2023-10-09 09:14:54 +02:00
erik-krogh
1c9f59e491 Python:delete deprecated files modelling web frameworks 2023-10-09 09:14:54 +02:00
erik-krogh
0d992a3d1f delete old deprecated aliases of various regex libraries 2023-10-09 09:14:54 +02:00
erik-krogh
28f8c1cc11 update doc example to not use isBarrierGuard 2023-10-09 09:14:51 +02:00
github-actions[bot]
7c332a31a8 Add changed framework coverage reports 2023-10-09 00:16:19 +00:00
Geoffrey White
8a7325268a Swift: Change note. 2023-10-07 23:19:24 +01:00
Geoffrey White
c492b5f2dd Swift: Model sinks. 2023-10-07 23:19:09 +01:00
Geoffrey White
8bf6fd67d1 Swift: Add a test for GRDB hardcoded key sinks. 2023-10-07 23:07:32 +01:00
erik-krogh
4bc4e0845d delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses 2023-10-07 21:48:49 +02:00
erik-krogh
d261cec3cd add change-note 2023-10-07 15:41:08 +02:00
Marcono1234
f3e5045259 Java: Add predicate MemberRefExpr::getReceiverExpr 2023-10-07 14:53:07 +02:00
erik-krogh
56e9eda2b9 fix performance by caching getArgument 2023-10-07 13:06:45 +02:00
Marcono1234
2c0dcd3a2d Java: Adjust ClassInstanceExpr type argument predicates docs 
The type arguments which these predicates have as result are for the
type of the created instance.

Previously the documentation said "provided to the constructor", which
is misleading / incorrect. Type arguments provided to the constructor
are specified directly after the `new` keyword:
```
class C {
    <T> C() {
    }
}

new <String> C();
```

And those are not part of the results of these predicates.
 2023-10-07 03:43:58 +02:00
Eric Bickle
4dca396106 Add change notes for ThreadResourceAbuse ArithExpr fix 2023-10-06 14:31:37 -07:00
Eric Bickle
000c1f7ec8 Java: Flow taint through ArithExpr for ThreadResourceAbuse 
Ensure that tainted values flow through arithmetic operations when
checking for ThreadResourceAbuse vulnerabilities.

For example, multiplying 'number of seconds' by 1000 as an input
to Thread.Sleep, which accepts milliseconds, is a common scenario.
 2023-10-06 14:24:37 -07:00
Robert Marsh
30a9656ebb Swift: change note for autoclosure cfg 2023-10-06 20:19:35 +00:00
Robert Marsh
cb749bd973 Swift: CFG for normal autoclosure exprs 2023-10-06 20:14:49 +00:00
Robert Marsh
661da76838 Swift: add function call autoclosure tests 2023-10-06 19:49:33 +00:00
erik-krogh
7ca0996912 add a taint-tracking tests for calls to tagged template strings 2023-10-06 21:39:42 +02:00
erik-krogh
9b6501787a add API-graph test for the new tagged template calls 2023-10-06 21:25:34 +02:00
Geoffrey White
0918e50b05 Swift: Switch pragma to inline_late. 2023-10-06 20:23:51 +01:00
erik-krogh
18e6a5491c recognize tagged templates as DataFlow::CallNode 2023-10-06 21:14:00 +02:00
erik-krogh
951ed01d6b combine the library-tests/CallGraphs/FullTest tests into one file 2023-10-06 20:57:09 +02:00
Geoffrey White
7c28528eac Swift: Change note. 2023-10-06 18:26:21 +01:00
Geoffrey White
676179620a Swift: Get sqlite3 C API results (model Data.withUnsafeBytes, Data.withUnsafeMutableBytes, permit flow out of collections at the query sink) 2023-10-06 18:26:20 +01:00
Geoffrey White
bc9d8cc40f Swift: Get another SQLite.swift result. 2023-10-06 18:26:20 +01:00
Geoffrey White
691665fca8 Swift: Add models for SQLite.swift. 2023-10-06 18:26:19 +01:00
Geoffrey White
bece2e8689 Swift: Add models for sqlite3 C API. 2023-10-06 18:26:19 +01:00
Geoffrey White
9a628d4165 Swift: Add test for sqlite3 C API. 2023-10-06 18:26:18 +01:00
Geoffrey White
8006996f46 Swift: Add test for SQLite.swift. 2023-10-06 18:26:18 +01:00