hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-05 09:41:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,527 Commits 1,691 Branches 159 Tags
codeql-cli/v2.16.0
Commit Graph

62527 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
3831dc7785 Merge pull request #13288 from asgerf/rb/super-and-flow-through 
Ruby: two bug fixes
 2023-05-26 15:04:52 +02:00
Paolo Tranquilli
d81dc274f6 Swift: make a TODO more assertive as there is a draft PR already 2023-05-26 14:45:29 +02:00
Asger F
cfaa27ab5d Ruby: change note 2023-05-26 14:44:00 +02:00
Paolo Tranquilli
05ed66ad8f Swift: remove debugging print 2023-05-26 14:42:02 +02:00
Paolo Tranquilli
c5cee0d419 Swift: exclude targets ending in Tests or Test from autobuilding 2023-05-26 14:19:07 +02:00
Stephan Brandauer
efe539eb32 Java: better sampling of negative examples 2023-05-26 14:15:32 +02:00
Asger F
c637b6f59a JS: Update test for RegExpAlwaysMatches 2023-05-26 14:10:26 +02:00
Asger F
9df9ca2916 JS: Update test and expectations for MissingRegExpAnchor 2023-05-26 14:07:34 +02:00
Asger F
40daa9c906 JS: Update RegExpInjection test and expectations 2023-05-26 14:05:36 +02:00
Rasmus Lerchedahl Petersen
9cb83fcdc9 python: add summaries for 
copy, pop, get, getitem, setdefault

Also add read steps to taint tracking.

Reading from a tainted collection can be done in two situations:
1. There is an acces path
    In this case a read step (possibly from a flow summary)
    gives rise to a taint step.
2. There is no access path
    In this case an explicit taint step (possibly via a flow
    summary) should exist.
 2023-05-26 14:04:15 +02:00
Jami
6867e94ed5 Merge pull request #13158 from jcogs33/jcogs33/update-csharp-sink-kinds 
C#: update MaD sink kinds
 2023-05-26 08:03:21 -04:00
yoff
af1f4c30fb Merge pull request #13299 from asgerf/rb/meta-query-summarised-callable-sites 
Ruby/Python: add meta-queries for calls to summarised callables
 2023-05-26 13:27:56 +02:00
Rasmus Lerchedahl Petersen
144df9a39e python: remove explicit dataflow steps 2023-05-26 13:24:22 +02:00
Rasmus Lerchedahl Petersen
8d4f9447b1 python: remove explicit steps 
copy, pop, get, popitem
 2023-05-26 13:22:54 +02:00
Stephan Brandauer
a89378d86d Java: add extra known frameworks and sample negative samples to manage sarif file sizes 2023-05-26 13:20:04 +02:00
Arthur Baars
e0466900ad Merge pull request #12992 from Sim4n6/ruby-UBV 
[Ruby] Add Unicode Bypass Validation query, test and help file
 2023-05-26 13:00:21 +02:00
Tony Torralba
4dfc9b13cd Java: Fix performance issue in the stub generator 2023-05-26 12:44:53 +02:00
Tony Torralba
8e16a0d144 Add tests and stubs for the summaries 2023-05-26 12:43:58 +02:00
Alex Ford
baabd2d1fa Merge pull request #12832 from maikypedia/maikypedia/pg-sqli 
Ruby: Add SQL Injection Sinks
 2023-05-26 11:36:17 +01:00
Michael Nebel
915042a881 Minor cleanup and sync files. 2023-05-26 12:25:00 +02:00
Michael Nebel
783d560e7d Swift: Re-factor getComponent. 2023-05-26 12:25:00 +02:00
Michael Nebel
58fcbc136c Ruby: Re-factor getComponent. 2023-05-26 12:25:00 +02:00
Michael Nebel
811eee1f0d Python: Re-factor getComponent. 2023-05-26 12:24:59 +02:00
Michael Nebel
b794627335 Go: Re-factor getComponent. 2023-05-26 12:24:59 +02:00
Michael Nebel
b7a8660375 Java: Re-factor getComponent. 2023-05-26 12:24:59 +02:00
Michael Nebel
066554cee6 C#: Re-factor getComponent. 2023-05-26 12:24:59 +02:00
Paolo Tranquilli
a6e21dac8f Merge pull request #13284 from github/redsun82/swift-remove-property-wrapper-inconsistencies 
Swift: remove some AST and CFG inconsistencies
 2023-05-26 12:22:56 +02:00
Geoffrey White
57d6505ee3 Swift: Move change note. 2023-05-26 11:10:29 +01:00
Asger F
2629ec1b1d JS: Be more conservative about flagging "search" call arguments as regex 2023-05-26 11:55:53 +02:00
Asger F
75fd20b3b8 Python: add meta-query for calls to summarized callables 2023-05-26 11:40:58 +02:00
Jeroen Ketema
63657396c5 Merge pull request #13267 from MathiasVP/promote-overrun-write 
C++: Promote `cpp/overrun-write` out of experimental
 2023-05-26 11:34:26 +02:00
Asger F
1c7f6dc32e Ruby: add meta-query for calls to summarized callables 2023-05-26 11:34:23 +02:00
Michael B. Gale
631ba6584d Go: Update identify-environment JSON format 
The spec changed after this was implemented and merged
 2023-05-26 10:13:40 +01:00
Michael B. Gale
af803c8886 Go: include new scripts in Makefile 2023-05-26 10:13:40 +01:00
Michael B. Gale
e48fc66782 Swift: Add identify-environment script 2023-05-26 10:13:39 +01:00
Tony Torralba
903fdb0cb8 Java: Add models for the Play Framework 2023-05-26 10:23:43 +02:00
Tamas Vajk
918cfd6f44 Add integration test 2023-05-26 09:50:06 +02:00
Geoffrey White
736f2871f9 Swift: Tweak private info regexps to restore 'account_no' results. 2023-05-26 08:43:32 +01:00
Tamas Vajk
74a585222c C#: Extract source files generated by source generators 2023-05-26 09:13:41 +02:00
Paolo Tranquilli
5a2433244e Swift: remove now passing PrintAstConsistency check 2023-05-26 08:58:49 +02:00
Paolo Tranquilli
b0882a9e5f Merge branch 'main' into alexdenisov+redsun82/tuple-mangling 2023-05-26 08:40:16 +02:00
Paolo Tranquilli
192c0d5e83 Swift: simplify change note 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-05-26 08:20:58 +02:00
Esben Sparre Andreasen
081c069b3c Merge pull request #13295 from github/dependabot/cargo/ql/regex-1.8.3 
Bump regex from 1.8.2 to 1.8.3 in /ql
 2023-05-26 08:13:41 +02:00
dependabot[bot]
4ab389bf1a Bump regex from 1.8.2 to 1.8.3 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.2...1.8.3)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-26 04:02:31 +00:00
Mathias Vorreiter Pedersen
0d1d20c75b C++: Change range-analysis test to not use 'getAst'. This was creating confusing test expectation annotations. 2023-05-25 15:50:29 -07:00
Mathias Vorreiter Pedersen
960e6521a4 Revert "C++: Whitespace commit to make qhelp show up in diff." 
This reverts commit ec192d621c.
 2023-05-25 15:21:09 -07:00
Mathias Vorreiter Pedersen
c6275bfa28 Merge pull request #13293 from MathiasVP/fix-performance-of-dtt 
C++: Fix result duplication on `DefaultTaintTracking`
 2023-05-25 15:20:02 -07:00
Mathias Vorreiter Pedersen
e7f82a3571 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-05-25 13:56:01 -07:00
Geoffrey White
0e443da710 Swift: Remove id() categorization due to accuracy, and repair the old bank.?account case. 2023-05-25 21:51:27 +01:00
Maiky
026d94c457 Add LDAP Injection query (incomplete) 2023-05-25 22:51:25 +02:00