hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,239 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.2
Commit Graph

60239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
0a73ebdbee Ruby: configsig rb/tainted-format-string 2023-09-03 17:20:05 +01:00
Alex Ford
f5e433940f Ruby: renames for rb/stored-xss 2023-09-03 17:20:05 +01:00
Alex Ford
030aae5693 Ruby: configsig rb/stack-trace-exposure 2023-09-03 17:20:05 +01:00
Alex Ford
bf1cb33be3 Ruby: configsig rb/sql-injection 2023-09-03 17:20:05 +01:00
Alex Ford
ba8ff0710d Ruby: configsig rb/request-forgery 2023-09-03 17:20:05 +01:00
Alex Ford
df9173502e Ruby: configsig rb/sensitive-get-query 2023-09-03 17:20:05 +01:00
Alex Ford
593d9a48d4 Ruby: configsig rb/reflected-xss 2023-09-03 17:20:05 +01:00
Alex Ford
ad2bbfb265 Ruby: configsig rb/path-injection 2023-09-03 17:20:05 +01:00
Alex Ford
867e47bcdd Ruby: renames for rb/log-injection 2023-09-03 17:20:04 +01:00
Alex Ford
eb34bbbfd2 Ruby: renames for rb/ldap-injection 2023-09-03 17:20:04 +01:00
Alex Ford
d46eceb5f4 Ruby: configsig rb/kernel-open 2023-09-03 17:20:04 +01:00
Alex Ford
a8ad0d8ff5 Ruby: renames for rb/insecure-download 2023-09-03 17:20:04 +01:00
Alex Ford
c973fc1274 Ruby: configsig rb/http-to-file-access 2023-09-03 17:20:04 +01:00
Alex Ford
2536f1a0cd Ruby: configsig rb/user-controlled-bypass 2023-09-03 17:20:04 +01:00
Alex Ford
377570f361 Ruby: configsig rb/command-line-injection 2023-09-03 17:20:04 +01:00
Alex Ford
b1a49ddb0d Ruby: configsig rb/code-injection 2023-09-03 17:20:04 +01:00
Alex Ford
6fa267a820 Ruby: configsig rb/clear-text-storage-sensitive-data 2023-09-03 17:20:04 +01:00
Alex Ford
2a2f21d3a9 Ruby: configsig rb/clear-text-logging-sensitive-data 2023-09-03 17:20:04 +01:00
amammad
f3ea72c234 proper tests with depstubber, remove Duplicates :( 2023-09-03 04:51:05 +10:00
Mathias Vorreiter Pedersen
20f501d1c7 C++: Change queries to use 'asExpr' instead of 'asConvertedExpr'. 2023-09-01 15:01:32 +01:00
Mathias Vorreiter Pedersen
cca6052026 C++: Use 'operandNode' to generate the string for indirect operands. 2023-09-01 14:04:54 +01:00
Mathias Vorreiter Pedersen
f1c4fa2345 C++: When we generate a string for the node we avoid multiple results by only using the 0'th result from the 'asExpr' predicate. However, when we want to convert between nodes and expressions we don't care about which one we get. 2023-09-01 14:04:52 +01:00
Mathias Vorreiter Pedersen
d2bb73ba1f C++: Use the index to to get the 'most converted' and 'least converted' instruction in a bunch of places. 2023-09-01 13:47:06 +01:00
Mathias Vorreiter Pedersen
4dfaf9225c C++: Index 'getConvertedResultExpression' by an integer. 2023-09-01 13:32:29 +01:00
Mathias Vorreiter Pedersen
16d62186c0 C++: Use this new predicate everywhere we need to convert an instruction to an expression. 2023-09-01 13:32:25 +01:00
Mathias Vorreiter Pedersen
60819ad7f2 Add a single predicate that should be used to convert an instruction to an expression. 2023-09-01 13:06:25 +01:00
Ian Lynagh
181594badb Kotlin: Add packageFqName and IrSymbolInternals compatibility 
In master, we need to switch to these, but for building for older
versions we need to add our own support.

Currently the v_1_9_255 files are nto used, but we will need them (in a
differently-named directory) for a future release.
 2023-09-01 11:20:58 +01:00
Ian Lynagh
72e08a9277 Kotlin: Tweak the build system 
You can now make a versions/* directory that the build system doesn't
know about. This can be used to add support for not-yet-supported
versions.
 2023-09-01 11:08:54 +01:00
Kasper Svendsen
4bc6ca3d84 Java: Delete java test query which fails to compile 2023-09-01 11:21:06 +02:00
Mathias Vorreiter Pedersen
67a0112fcb Merge pull request #14115 from MathiasVP/fix-incorrect-load-of-constant 
C++: Don't generate `Load`s for constant expressions
 2023-09-01 08:50:44 +01:00
Mathias Vorreiter Pedersen
72d9812fea C++: Accept more test changes. 2023-08-31 21:56:35 +01:00
Mathias Vorreiter Pedersen
dfefd62089 C++: Accept test changes. 2023-08-31 20:38:46 +01:00
Mathias Vorreiter Pedersen
aed14f2924 C++: Don't insert loads for constants. 2023-08-31 20:38:40 +01:00
Mathias Vorreiter Pedersen
b575747357 C++: Add testcase with invalid IR. 2023-08-31 20:35:33 +01:00
yoff
da64ea40b9 Merge pull request #13782 from jorgectf/jorgectf/shlex-quote 
Python: Add `shlex.quote` as `py/shell-command-constructed-from-input` sanitizer
 2023-08-31 21:08:58 +02:00
Ian Lynagh
eb59bc04cd Kotlin: Add missing imports 2023-08-31 19:28:05 +01:00
Ian Lynagh
3009f40814 Kotlin: Opt in to org.jetbrains.kotlin.ir.symbols.IrSymbolInternals 
Needed for upstream master.
 2023-08-31 19:28:05 +01:00
Ian Lynagh
1ec29bffbb Kotlin: Don't use deprecated createBlockBody 
The function that takes a list of statements is hidden in upstream
master.
 2023-08-31 19:28:05 +01:00
Ian Lynagh
d511d46cde Kotlin: Use packageFqName rather than fqName 
Upstream master says:
   error: using 'fqName: FqName' is an error. Please use `packageFqName` instead
 2023-08-31 19:28:05 +01:00
Alex Ford
ce35d6921f Ruby: configsig rb/hardcoded-data-interpreted-as-code 2023-08-31 16:20:18 +01:00
Mathias Vorreiter Pedersen
10548b57d7 Merge pull request #14103 from MathiasVP/non-certain-def-is-a-use 
C++: Non-certain definitions should always be uses
 2023-08-31 16:15:30 +01:00
Geoffrey White
0cb00c9091 Swift: Change note. 2023-08-31 15:50:54 +01:00
Geoffrey White
93c39c5fdd Swift: Add data flow through OpenExistentialExpr. 2023-08-31 15:50:32 +01:00
Geoffrey White
b8d29e8fc1 Swift: Add a more realistic test case as well. 2023-08-31 15:46:47 +01:00
Geoffrey White
aeeafd75bf Swift: Add a test for flow through OpenExistentialExpr. 2023-08-31 15:27:18 +01:00
Erik Krogh Kristensen
cd590d356d Merge pull request #14053 from erik-krogh/ts52 
JS: Add support for TypeScript 5.2
 2023-08-31 14:39:50 +02:00
Tamas Vajk
c1d8091891 C#: Exclude base type extraction of recursive generics 2023-08-31 14:15:38 +02:00
Tom Hvitved
89e9d25f02 Ruby: Hide desugared assignments from data flow path graph 2023-08-31 14:04:57 +02:00
erik-krogh
8dad4950a9 add sanitizer guard for url_has_allowed_host_and_scheme 2023-08-31 13:48:42 +02:00
Tom Hvitved
23857267db Merge pull request #14110 from hvitved/ruby/remove-emptiness-successor 
Ruby: Get rid of unused `EmptinessSuccessor`
 2023-08-31 13:41:25 +02:00