hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-02 01:08:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,239 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.2
Commit Graph

60239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael B. Gale
82a1b15d11 Make AllocationSizeOverflow use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:44 +01:00
Tom Hvitved
5a6ce293cc Merge pull request #13942 from hvitved/dataflow/variable-capture-consistency-fix 2023-08-10 16:20:28 +02:00
Brandon Stewart
01577dac32 format document 2023-08-10 13:59:47 +00:00
Tom Hvitved
9b38028e25 Data flow: Fix localWriteStep consistency query 2023-08-10 15:31:04 +02:00
Brandon Stewart
b899b648e5 Update ruby/ql/src/experimental/cwe-208/UnsafeHmacComparison.ql 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-10 09:21:16 -04:00
Brandon Stewart
7882cf0bf0 Update ruby/ql/src/experimental/cwe-208/UnsafeHmacComparison.ql 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-10 09:21:02 -04:00
Mathias Vorreiter Pedersen
9aae174942 C++: Move conjunct below comment. 2023-08-10 13:58:07 +01:00
Michael Nebel
f6aca58dbb Merge pull request #13885 from michaelnebel/csharp/linqforeach 
C#: LINQ recommendation queries.
 2023-08-10 14:55:11 +02:00
Rasmus Lerchedahl Petersen
eac44e89d9 Python: test nice locations 
there are errors both on lines 2 and 3 due to
locations being computed wrongly.
 2023-08-10 14:21:16 +02:00
Mathias Vorreiter Pedersen
6d949cbd39 C++: Rename 'getAFlowStateForNode' to 'getASizeAddend'. 2023-08-10 13:19:28 +01:00
Mathias Vorreiter Pedersen
a2b8eb924e C++: Remove the '+ 1' in 'getAFlowStateForNode'. 2023-08-10 13:17:47 +01:00
Mathias Vorreiter Pedersen
f9fc79b16f Merge pull request #13930 from geoffw0/uitextinput 
Swift: Flow sources for UITextInput
 2023-08-10 13:05:47 +01:00
Tom Hvitved
f19232f800 Ruby: Fix another bug in isCapturedAccess 2023-08-10 14:02:58 +02:00
erik-krogh
5ffce86768 change the defaults in the qhelp for missing-rate-limit to something more reasonable 2023-08-10 13:40:17 +02:00
Harry Maclean
b365ff095a Ruby: Fix SynthSplatParameterElementNode 
Make this class into a proper subclass of `ParameterNodeImpl`, to
prevent some consistency test failures.
 2023-08-10 12:35:12 +01:00
Tom Hvitved
77fca277fe Ruby: Improve desugaring of for loops 2023-08-10 13:22:01 +02:00
Ian Lynagh
f377d25c23 Merge pull request #13919 from igfoo/igfoo/useFunction 
Kotlin: useFunction might return null
 2023-08-10 12:17:20 +01:00
Tom Hvitved
4e954c29a2 Merge pull request #13936 from hvitved/ruby/captured-access-fix 
Ruby: Fix bug in `isCapturedAccess`
 2023-08-10 13:15:48 +02:00
Tom Hvitved
b99b6b85ba Merge pull request #13927 from hvitved/csharp/fix-bad-join 
C#: Fix bad join order
 2023-08-10 13:04:16 +02:00
Harry Maclean
5fff9fa8da More precise flow into splat parameters 
We now precisely track flow from positional arguments to splat
parameters, provided that splat arguments are not used and there are no
positional parameters after the splat parameter. For example, in this
case:

    def f(x, y, *z); end

    f(a, b, c, d)

we get flow from `c` to `z[0]` and `d` to `z[1]`.

We get false flow if there are positional parameters after the splat
parameter. For example in this case:

    def g(x, y, *z, w); end

    g(a, b, c, d)

we get flow from `d` to `z[0]` instead of `w`.

We also track flow in this case

    def f(a, *b)
      sink b[0]
    end

    f(1, *[taint, 2])
 2023-08-10 12:02:47 +01:00
Harry Maclean
a58aa17c7a Merge pull request #13878 from hmac/splat-flow 
Ruby: Track flow from splat arguments to positional parameters
 2023-08-10 12:01:38 +01:00
Mathias Vorreiter Pedersen
1455e8bd4c C++: Convert all '<'s to '<='s. 2023-08-10 11:55:57 +01:00
Mathias Vorreiter Pedersen
dcc1429ed8 C++: Get rid of '+ 1' in comments. 2023-08-10 11:38:40 +01:00
Mathias Vorreiter Pedersen
b750016bc1 C++: Fix more comments. 2023-08-10 11:31:30 +01:00
Rasmus Wriedt Larsen
46af77c1af Python: Include all assignments in data flow paths 
Like Ruby did in https://github.com/github/codeql/pull/12566
 2023-08-10 11:45:29 +02:00
Rasmus Wriedt Larsen
9bd5694c3f Python: Add tests of path-graph for dataflow/taint-tracking 
Although this is actually using taint-tracking (so we can use the +=
statement), I would personally forget to check under the
dataflow/tainttracking folder to look for such a test, so I'm opting to
keep it under the dataflow/ folder.
 2023-08-10 11:44:17 +02:00
Jeroen Ketema
2e338cc7b4 Merge pull request #13929 from jketema/buffer 
C++: Only consider the maximum buffer size for badly bounded write
 2023-08-10 10:40:37 +02:00
Geoffrey White
376479325d Swift: Model LosslessStringConvertible. 2023-08-10 09:27:05 +01:00
Geoffrey White
effe3762b8 Swift: More robust OptionalSomePattern flow. 2023-08-10 08:49:46 +01:00
Tom Hvitved
e40f0a7350 Ruby: Fix bug in isCapturedAccess 2023-08-10 09:37:04 +02:00
Rasmus Lerchedahl Petersen
dbc60140e0 Python: move tests to data extensions 
For these tests, we cannot use the same mechanism, as we want the
data extensions to be available for both tests.

Instead, we create a ql-pack for the test directory and point to
the data entensions from there. This makes the extensions
available for all tests in the directory.
 2023-08-10 09:17:34 +02:00
Tom Hvitved
e7acf8c3a8 Ruby: Add test 2023-08-10 08:53:00 +02:00
Geoffrey White
aa2e79b6da Swift: Model numeric conversions. 2023-08-10 00:19:50 +01:00
Maiky
97f8d1fca9 add getValue() method 2023-08-10 00:39:35 +02:00
Maiky
e60fa6f1a7 Remove unnecesary } 2023-08-10 00:25:47 +02:00
Maiky
c5c2df4593 fix Singleton set literal 2023-08-10 00:13:02 +02:00
Geoffrey White
e86ccf8498 Swift: Test flow through various conversions. 2023-08-09 23:05:45 +01:00
Brandon Stewart
74567041a7 remove pathgraph 2023-08-09 19:51:07 +00:00
Brandon Stewart
cca4c35cf8 add pathgraph 2023-08-09 19:23:21 +00:00
Rasmus Lerchedahl Petersen
168a1e01a4 Python: move test to data extensions 
For this test, we can simply use the convention,
that a file called `[ql-file-stem].ext.yml` will be used
as data extensions exactly for the test represented by `ql-file`.
 2023-08-09 21:22:17 +02:00
Brandon Stewart
7f07422a5d Merge branch 'main' into add-cwe-208 2023-08-09 14:52:51 -04:00
Brandon Stewart
07d5beca34 run format document 2023-08-09 18:51:55 +00:00
github-actions[bot]
432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
Brandon Stewart
26401fec70 address PR comments 2023-08-09 18:44:42 +00:00
Mathias Vorreiter Pedersen
ce9b018789 C++: Move bounds checkout out of 'operandGuardChecks' for clarity. 2023-08-09 18:37:17 +01:00
Geoffrey White
c20a17e7b7 Swift: Update the consistency test .expecteted as well. 2023-08-09 15:47:28 +01:00
Rasmus Wriedt Larsen
51a05286fa Merge pull request #13731 from pwntester/py/aiohttp_improvements 
Python: Aiohttp improvements
 2023-08-09 16:37:20 +02:00
Geoffrey White
23f0dd5542 Swift: Support MAD tuple content flow. 2023-08-09 15:08:11 +01:00
Harry Maclean
b03f6efa60 Ruby: Refactor 2023-08-09 15:01:40 +01:00
Harry Maclean
142393b599 Ruby: Handle unknown content in splat flow 2023-08-09 15:01:40 +01:00