hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 03:42:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
61,599 Commits 1,686 Branches 158 Tags
codeql-cli/v2.15.5
Commit Graph

61599 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
64bf6cc62b Update existing test (extra nodes, no extra alerts) 2023-11-15 15:33:09 +00:00
Owen Mansel-Chan
1ac3a9e8d3 Add change note 2023-11-15 15:12:58 +00:00
Owen Mansel-Chan
e0879969c9 Update tests 2023-11-15 15:08:48 +00:00
Jeroen Ketema
f22979f4b6 Merge pull request #14561 from jketema/rewrite-uncontrolled-process-operation 
C++: Rewrite `cpp/uncontrolled-process-operation` to not use `DefaultTaintTracking`
 2023-11-15 16:03:58 +01:00
Owen Mansel-Chan
aaa8f9c41f Add read and store steps for SliceElementNode 2023-11-15 14:58:23 +00:00
Owen Mansel-Chan
2b897a9825 Add synthetic SliceElementNode 2023-11-15 14:58:21 +00:00
Owen Mansel-Chan
5af3e119a6 Test value flow through SliceExpr with array content 2023-11-15 14:57:53 +00:00
Geoffrey White
0b82f8a6e6 Swift: Make QL-for-QL happy. 2023-11-15 14:32:07 +00:00
Jeroen Ketema
46e6e72593 C++: Address review comments 2023-11-15 14:57:53 +01:00
Jeroen Ketema
92c18960c5 C++: Rewrite cpp/uncontrolled-process-operation to not use DefaultTaintTracking 2023-11-15 14:57:53 +01:00
Geoffrey White
4afcbb1bc4 Swift: Autoformat. 2023-11-15 13:38:07 +00:00
Rasmus Wriedt Larsen
e349891cff Python: Apply suggestions from code review 2023-11-15 14:35:52 +01:00
Geoffrey White
3a13759f10 Swift: Clean up the test. 2023-11-15 13:35:18 +00:00
Rasmus Wriedt Larsen
e02c32f3d4 Python: options file was not enough, split into 2/3 
I reckon this is due to the Python 3 version used by the Python 2 tests
is different from 3.12, so even with --lang=3 the tests are still using
an incompatible version :(
 2023-11-15 14:24:11 +01:00
Geoffrey White
17dd119545 Swift: Fix performance. 2023-11-15 13:18:09 +00:00
Yunus AYDIN
7877082869 fix tests code issues and expected file 2023-11-15 16:08:20 +03:00
Alex Denisov
7129ffc199 Swift: add database migration scripts 2023-11-15 14:07:45 +01:00
Alex Denisov
1f5be03137 Swift: add change note 2023-11-15 14:07:45 +01:00
Alex Denisov
423c85377b Swift: skip MacroExpansionExpr/MacroExpansionDecl 
They only appear in an intermediate AST and disappear as soon as the
macro is expanded.
The only way to get these in is to construct an "incorrect" AST, e.g.:

```
let x = #does_not_exist() // MacroExpansionExpr
struct S {
  #does_not_exist() // MacroExpansionDecl
}
```
 2023-11-15 14:07:45 +01:00
Alex Denisov
8b126fe51a Swift: extract MacroDecl 2023-11-15 14:07:45 +01:00
Yunus AYDIN
1ed4d2ada7 remove database 2023-11-15 15:49:31 +03:00
Yunus AYDIN
1e915720e9 fix the rule issues 2023-11-15 15:49:09 +03:00
Rasmus Wriedt Larsen
0f1dc9b2d9 Python: Add missing options file 2023-11-15 13:24:08 +01:00
Rasmus Wriedt Larsen
ae6c95ff95 Python: Fix asyncio.coroutine deprecation 
Was removed in 3.11, see https://docs.python.org/3.10/library/asyncio-task.html#asyncio.coroutine

I couldn't make the __awwait__ actually give the result to the agen function...

I also tried looking into
https://docs.python.org/3/library/types.html#types.coroutine, but also
failed to make that work.

Without the Future, such as doing `yield SOURCE` inside `__await__` it
complains `RuntimeError: Task got bad yield: 'source'`
 2023-11-15 13:24:08 +01:00
Yunus AYDIN
d5f254781e Update go/ql/src/experimental/CWE-525/WebCacheDeception.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-11-15 15:11:02 +03:00
Yunus AYDIN
fa1fa0d19d Update go/ql/src/experimental/CWE-525/WebCacheDeception.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-11-15 15:08:29 +03:00
Yunus AYDIN
74f1344ac5 Update go/ql/src/experimental/CWE-525/WebCacheDeception.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-11-15 15:08:14 +03:00
Mathias Vorreiter Pedersen
bae7e10e46 C++: Also add MSVC-related 'alloca'-like functions. 2023-11-15 12:07:17 +00:00
Mathias Vorreiter Pedersen
ec63099c54 C++: Add change note. 2023-11-15 11:57:09 +00:00
Mathias Vorreiter Pedersen
2b8b5cf1b8 C++: Accept test changes. 2023-11-15 11:52:14 +00:00
Mathias Vorreiter Pedersen
6730f57d5c C++: Also flag up 'alloca' and friends. 2023-11-15 11:51:57 +00:00
Mathias Vorreiter Pedersen
118d50236f C++: Add failing tests. 2023-11-15 11:48:37 +00:00
Max Schaefer
a46a7fadb2 Java: Improve QHelp for java/path-injection to mention less disruptive fixes. 2023-11-15 11:25:13 +00:00
Tamas Vajk
7a001f4905 C#: Fix assembly attribute extraction in standalone mode 2023-11-15 12:21:03 +01:00
Owen Mansel-Chan
803ed20962 Merge pull request #14778 from owen-mc/go/improve-value-flow-through-arrays 
Go: improve value flow through arrays
 2023-11-15 11:13:15 +00:00
Rasmus Wriedt Larsen
4256fbf11a Python: Accept changes from Python 3.12 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
f3dd002ba9 Python: Copy tests to Python 3 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
f9e9ae91f7 Python: Move tests that would change under Python 3.12 to lang specific directory 
This moves the tests to Python 2, next we copy them to Python 3.
 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
23419ee634 Python: Update .expected to support Python 3.12 
You might wonder why the number of lines changed, but it's due to `tty`
module receiving its' first update since 2001, so the actual number of
lines DID change :phew:

https://github.com/python/cpython/commits/3.12/Lib/tty.py

Since there is now a difference between Python 2 and Python 3, we need to restrict the lines of code test to only run as Python 3.
 2023-11-15 11:42:38 +01:00
Mathias Vorreiter Pedersen
b8f0f85840 Merge pull request #14784 from MathiasVP/no-dtt-in-tainted-arithmetic 
C++: Rewrite `cpp/tainted-arithmetic` away from `DefaultTaintTracking`
 2023-11-15 10:19:25 +00:00
Rasmus Wriedt Larsen
69453aa144 Python: Fix missing newline in .expected 2023-11-15 10:10:23 +01:00
Rasmus Wriedt Larsen
55f5b26ba6 Python: Accept new ordering of query predicates in .expected 2023-11-15 10:09:54 +01:00
Rasmus Wriedt Larsen
721bde1ce8 Python: Delete orphaned .expected files 2023-11-15 09:59:26 +01:00
Rasmus Wriedt Larsen
2e9d548083 Merge pull request #14706 from RasmusWL/class-attribute-flow 
Python: Add basic flow for class attributes
 2023-11-15 09:06:25 +01:00
Yunus AYDIN
fdefcd6a84 Merge branch 'main' of github.com:aydinnyunus/codeql 2023-11-15 09:34:06 +03:00
Yunus AYDIN
9178cec0e6 fix test errors 2023-11-15 09:33:52 +03:00
Owen Mansel-Chan
83d1fc33e1 Add change note 2023-11-14 23:16:32 +00:00
Erik Krogh Kristensen
14e51627c5 Merge pull request #14419 from rvermeulen/rvermeulen/javascript-adjust-security-severity 
JavaScript: Adjust XSS and log injection query severities
 2023-11-14 21:34:25 +01:00
Yunus AYDIN
b1702ab87e Merge branch 'main' into main 2023-11-14 23:17:49 +03:00
Remco Vermeulen
52540b42fc Merge branch 'main' into rvermeulen/javascript-adjust-security-severity 2023-11-14 11:21:38 -08:00