hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 22:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,929 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.3
Commit Graph

60929 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
032572b924 C++: Fix 'strtok' model. 2023-10-25 09:39:36 +01:00
Mathias Vorreiter Pedersen
f54379d096 C++: Add failing test. 2023-10-25 09:38:49 +01:00
Paolo Tranquilli
9196939384 Swift: canonicalize all VarDecls 2023-10-25 10:38:17 +02:00
Tony Torralba
4920c7f8b0 Merge pull request #14585 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-10-25 10:02:50 +02:00
Stephan Brandauer
cffcc7334d Java: automodel extraction docs: add two intro sentences 2023-10-25 09:45:00 +02:00
Stephan Brandauer
0f2db1bcdb Java: automodel extraction docs: use markdown footnote 2023-10-25 09:32:59 +02:00
Stephan Brandauer
3eeb6ffec4 Java: automodel extraction docs: spell out positive and negative 2023-10-25 09:05:22 +02:00
Stephan Brandauer
44c87561b3 Java: review suggestion from adityasharad 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-10-25 09:00:28 +02:00
Stephan Brandauer
c240c1b3f5 Java: review suggestions from aeisenberg 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2023-10-25 08:59:21 +02:00
github-actions[bot]
6cbadece0e Add changed framework coverage reports 2023-10-25 00:15:35 +00:00
Marcono1234
bf20b8e5a5 Kotlin: Mention Literal::getLiteral() difference from source code 
It appears the Kotlin extractor does not have access to the actual
string representation in the source code, and for most literal types
uses simply the represented value also as `getLiteral` result, see
https://github.com/github/codeql/blob/codeql-cli/v2.15.1/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt#L4443
 2023-10-25 02:04:54 +02:00
Geoffrey White
8a5f3e4825 Swift: Fix an issue with RegexTracking.qll using PotentialRegexEval rather than RegexEval. 2023-10-24 22:49:19 +01:00
Jami
7c053ed428 CI: add .strip() to comment/ID file read 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-10-24 17:48:38 -04:00
Geoffrey White
021ed88a0a Swift: Add a test revealing unevaluated regexs. 2023-10-24 22:42:15 +01:00
Chris Smowton
12d0f1a84b Merge pull request #14575 from github/smowton/feature/more-intuitive-java-class-names 
Java: Replace MethodAccess, LValue, RValue with more intuitive names. Introduce NewClassExpr.
 2023-10-24 19:01:37 +01:00
Dave Bartolomeo
33f10d8d19 Better handling of all threat model without too many binding sets 2023-10-24 13:59:15 -04:00
Cornelius Riemenschneider
790615fbc2 Merge pull request #14552 from github/criemen/bazel-js 
Javascript extractor: Bazel-based build
 2023-10-24 19:36:39 +02:00
Dave Bartolomeo
5fd56ce866 Alternate threat model implementation 2023-10-24 13:12:37 -04:00
Jami Cogswell
121fd0896b Java: exclude internal packages in general from models 2023-10-24 12:49:49 -04:00
Geoffrey White
42a2ec9891 Merge branch 'main' into substring 2023-10-24 17:03:00 +01:00
Geoffrey White
06b1cd939c Merge pull request #14502 from geoffw0/xmlquery 
Swift: Model RawRepresentable
 2023-10-24 16:25:15 +01:00
Geoffrey White
d2d70cc782 Swift: Change note. 2023-10-24 16:17:21 +01:00
Geoffrey White
79f675cdb7 Swift: Fix a model. 2023-10-24 16:17:21 +01:00
Geoffrey White
a5206028b0 Swift: Expand a test to explore why it fails (lack of pointer models and closure capture flow). 2023-10-24 16:17:21 +01:00
Chris Smowton
30610c9a3f Temporarily de-deprecate SuperMethodAccess to accommodate private tests 2023-10-24 16:05:52 +01:00
Geoffrey White
3bcee63980 Update README.md 
Change the Warning to a Note and rephrase.
 2023-10-24 15:46:32 +01:00
Mathias Vorreiter Pedersen
862de152a1 Swift: Add required qldoc. 2023-10-24 15:45:17 +01:00
Mathias Vorreiter Pedersen
6f37d7c374 Swift: Accept changes in paths. 2023-10-24 15:39:19 +01:00
Mathias Vorreiter Pedersen
9652679c6f Merge pull request #14568 from alexet/alexet/add-fn-tests 
CPP: Add test demonstrating use-after-free false negatives.
 2023-10-24 15:38:01 +01:00
Stephan Brandauer
e97456f5fc Java: automodel extraction docs: note on packaging and backwards compatibility 2023-10-24 16:30:59 +02:00
Mathias Vorreiter Pedersen
56b49a4de3 Swift: Add a closure flow step from the right-hand side of variable declarations to the underlying pattern. 2023-10-24 15:28:28 +01:00
Mathias Vorreiter Pedersen
3d5098aaeb Swift: Add failing test. 2023-10-24 15:28:25 +01:00
Mathias Vorreiter Pedersen
1c298e6001 Swift: Fix 'parameter' -> 'argument' flow into closures. 2023-10-24 15:28:01 +01:00
Mathias Vorreiter Pedersen
310ebe47b3 Swift: Clean up test file. 2023-10-24 15:27:59 +01:00
Cornelius Riemenschneider
42c343e820 Address review 2023-10-24 16:03:35 +02:00
Chris Smowton
92d3d9d83f Update integration test expectations 2023-10-24 14:47:19 +01:00
Chris Smowton
4205f1bd03 Temporarily un-deprecate MethodAccess to decouple from private tests 2023-10-24 14:03:26 +01:00
Chris Smowton
b849a66c97 Update test expectations 2023-10-24 14:02:30 +01:00
Nora Dimitrijević
9dbf7e818d Swift: align definition of InputSig slightly closer to Java version 
Though there is a regression in the tests, so more work is needed.
 2023-10-24 13:56:31 +01:00
Nora Dimitrijević
9de3cc703a Swift: add CapturePostUpdateNode 
However, this doesn't change any of the test results.
 2023-10-24 13:56:31 +01:00
Nora Dimitrijević
5418d39a0d Swift: add and accept a few new simple test cases 2023-10-24 13:56:31 +01:00
Nora Dimitrijević
af49a3aa64 Swift: accept new results in old tests 2023-10-24 13:56:31 +01:00
Nora Dimitrijević
8115774a7a Swift: Add the capture flow step as part of the normal data flow relation 
TODO: see if we need to exclude duplicate SSA steps
 2023-10-24 13:56:31 +01:00
Nora Dimitrijević
4e1b44a059 Swift: port simpleAstFlowStep/hasAliasedAccess 2023-10-24 13:56:31 +01:00
Nora Dimitrijević
21a369de13 Swift: Add closure content read-write steps 2023-10-24 13:56:31 +01:00
Nora Dimitrijević
c04654d8f9 Swift: getImmediateBasicBlockDominator/2 should use immediatelyDominates/0. 2023-10-24 13:56:31 +01:00
Nora Dimitrijević
95a7d6559c Swift: initial version of a swift port of most of the java code 2023-10-24 13:56:31 +01:00
Nora Dimitrijević
3253c0425c Swift: s/getName/getShortName/ in InlineFlowTest.qll 2023-10-24 13:56:31 +01:00
Nora Dimitrijević
050b8e682f Swift: add failing inline expectation test based on closure AST tests. 2023-10-24 13:56:31 +01:00
Jeroen Ketema
ba67217b44 Merge pull request #14571 from MathiasVP/fix-indirect-taint 
C++: Fix indirect taint
 2023-10-24 14:47:43 +02:00