hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,239 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.2
Commit Graph

60239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
f47e59dff1 C#: Move dependency related files into a new project. 2023-08-18 11:42:12 +02:00
Michael Nebel
b48567f6a5 C#: Add shared dependency fetching project. 2023-08-18 11:42:12 +02:00
Michael Nebel
15dd130d31 C#: Remove unused parameter in DownloadMissingPackages. 2023-08-18 11:42:11 +02:00
Rasmus Wriedt Larsen
b579ab0694 Python: Accept .expected change 2023-08-18 11:12:55 +02:00
Tom Hvitved
81ed72c96a Data flow: Revert join order changes 2023-08-18 10:49:33 +02:00
Stephan Brandauer
480e3bf506 Java: update model exclusions logic to cope with new automodel test location 2023-08-18 10:28:51 +02:00
Rasmus Wriedt Larsen
38577e6a5c Python: Remove duplicated SSTI tests 
Besides the Cheetah tests, which were missing from the query tests.
 2023-08-18 10:20:16 +02:00
Rasmus Wriedt Larsen
33f8998c2e Python: Minor fix in test 2023-08-18 10:19:44 +02:00
Paolo Tranquilli
3c4e755233 Swift: fix macOS not having std::ranges::sized_range 2023-08-18 10:18:53 +02:00
Rasmus Wriedt Larsen
843f2681bb Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-08-18 10:09:45 +02:00
Paolo Tranquilli
8b3e32fa97 Swift: add missing include 2023-08-18 09:10:44 +02:00
Paolo Tranquilli
53ed39065c Swift: tweak location extractor using new concept 2023-08-18 06:45:11 +02:00
Paolo Tranquilli
eb8997dc7a Swift: fix print_unextracted 2023-08-18 06:44:42 +02:00
Tom Hvitved
4d951d8df1 Address review comments 2023-08-17 21:04:58 +02:00
Geoffrey White
86a73fa0e7 Swift: Accept fixed spurious test results. 2023-08-17 19:41:21 +01:00
Geoffrey White
0fd4f6180f Swift: Allow subscript content reads from collections. 2023-08-17 19:37:55 +01:00
Geoffrey White
1ac9d2c618 Swift: Update models with CollectionElement, value flow. 2023-08-17 18:49:19 +01:00
Michael B. Gale
9082fd218e Add taint flow tests for clear 2023-08-17 18:39:32 +01:00
Edward Minnix III
8d88af1af0 Apply docs review suggestions 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-08-17 13:05:38 -04:00
Ed Minnix
4eb1035dfe Documentation fixes 2023-08-17 13:05:38 -04:00
Ed Minnix
655a98452a Remove escapeHTML models 2023-08-17 13:05:37 -04:00
Ed Minnix
f53496b2a7 Added documentation for trust-boundary-violation sink 2023-08-17 13:05:37 -04:00
Ed Minnix
d468ea9e90 Add default sanitizers 2023-08-17 13:05:37 -04:00
Ed Minnix
b305962c9a Use more appropriate description 2023-08-17 13:05:37 -04:00
Ed Minnix
a36c12ff1f Add trust-boundary-violation sink kind 2023-08-17 13:05:37 -04:00
Ed Minnix
60642c52aa Use non-extending subtype 2023-08-17 13:05:37 -04:00
Ed Minnix
e22a67e7fe Remove unnecessary methods 2023-08-17 13:05:37 -04:00
Ed Minnix
a3a4c31911 Replace servlet source node with RemoteFlowSource 2023-08-17 13:05:37 -04:00
Edward Minnix III
929090a847 Typos and style fixes 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-08-17 13:05:37 -04:00
Ed Minnix
52ebf9fff6 Java: Add trust boundary change note 2023-08-17 13:05:37 -04:00
Ed Minnix
172b8a6967 Documentation fixes 2023-08-17 13:05:37 -04:00
Ed Minnix
b567ec875a Documentation 2023-08-17 13:05:37 -04:00
Ed Minnix
55fae2daaa Added ESAPI sanitizer 2023-08-17 13:05:37 -04:00
Ed Minnix
97d6e82869 Stubs for org.owasp.esapi 2023-08-17 13:05:37 -04:00
Ed Minnix
f58590c6a9 Trust Boundary Work 2023-08-17 13:05:37 -04:00
Ed Minnix
2aba425464 TrustBoundary test ql file 2023-08-17 13:05:36 -04:00
Ed Minnix
ab9f0240d3 Add taint steps for HTML encoding methods 2023-08-17 13:05:36 -04:00
Ed Minnix
b9f2da7875 Comments and import fixes 2023-08-17 13:05:36 -04:00
Ed Minnix
3e7444cd66 Style fixes 2023-08-17 13:05:36 -04:00
Ed Minnix
15370506b8 Add missing security severity 2023-08-17 13:05:36 -04:00
Ed Minnix
a8b7e70d01 Convert trust boundary models to MaD 2023-08-17 13:05:36 -04:00
Ed Minnix
76438f13b6 Trust Boundary Query 2023-08-17 13:05:36 -04:00
Edward Minnix III
41a527cf72 Merge pull request #13934 from egregius313/egregius313/add-dashes-to-sha-algorithms 
Java: Add dashes to SHA algorithm names in `Encryption.qll`
 2023-08-17 13:03:15 -04:00
Michael B. Gale
109b96f038 Add comment explaining TaintStep test 2023-08-17 17:50:41 +01:00
Michael B. Gale
e65269be69 Add DefaultTaintSanitizer for clear 2023-08-17 17:49:46 +01:00
Geoffrey White
59e2b0482c Merge branch 'main' into closuremodels 2023-08-17 17:16:44 +01:00
Paolo Tranquilli
3de7b75853 Swift: remove uneeded include 2023-08-17 17:36:36 +02:00
Paolo Tranquilli
970b3d06be Swift: upgrade clang-formatting to 15.0.7 2023-08-17 17:24:42 +02:00
Paolo Tranquilli
7c764f3b50 Swift: use C++20 constraints and concepts to simplify code 
This simplifies several instances of metaprogramming by leveraging
[constraints and concepts from C++20][1]. This:
* gets rid of `std::enable_if` by usage of `requires`, making it more
  readable and yield better compiler messages.
* uses `requires` instead of `static_assert` to enforce `TrapLabel`
  typing
* simplifies all compile-time tests for validity of a given expression
* uses some standard library concepts where possible
* generalizes and simplifies `SwiftLocationExtractor`

Notice that in order to use the `std::derived_from` concept, `virtual`
inheritance had to be added to the label tags, because diamond
inheritance is a problem otherwise. That's because
`std::derived_from<T, U>` requires that `T*` be convertible to `U*`,
which is false if there are multiple non-virtual inheritance paths from
`U` to `T`. As tags never get actually instantiated, there is no runtime
performance penalty in using `virtual` inheritance.

[1]: https://en.cppreference.com/w/cpp/language/constraints
 2023-08-17 17:24:42 +02:00
Rasmus Wriedt Larsen
cf54d3f4ca Python: Move paramiko tests to own folder 2023-08-17 15:45:28 +02:00