hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 10:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,527 Commits 1,690 Branches 160 Tags
codeql-cli/v2.16.0
Commit Graph

62527 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
5a82454710 add change-note 2023-05-17 12:02:21 +02:00
Jeroen Ketema
b83aaf9594 C++: Use range analysis-based hasSize predicate in cpp/invalid-pointer-deref 
This is copied from `cpp/overrun-write`.
 2023-05-17 11:39:41 +02:00
Alex Denisov
7e15386376 Swift: bump all versions to 0.1.0 2023-05-17 11:28:28 +02:00
Jeroen Ketema
31ae513f8c C++: Implement the subpaths query predicate for cpp/invalid-pointer-deref 2023-05-17 11:27:37 +02:00
Jeroen Ketema
883ec7a0e9 C++: Add forgotten private specifiers in product flow 2023-05-17 11:24:46 +02:00
Jeroen Ketema
b1c1513a10 C++: Add forgotten test annotation in for cpp/invalid-pointer-deref test 2023-05-17 11:21:09 +02:00
erik-krogh
cbd7601a41 implement isShellInterpreted on ExecActionsCall 2023-05-17 11:07:48 +02:00
erik-krogh
3293a55e8f require arguments to be shell interpreted to be flagged by indirect-command-injection 2023-05-17 11:07:45 +02:00
Tom Hvitved
b46983a381 Merge pull request #13068 from hvitved/ruby/type-tracking-flow-through 
Ruby: Include `self` parameters in type tracking flow-through logic
 2023-05-17 10:59:01 +02:00
Asger F
9ec6c7daea JS: Avoid using global vars in documentation examples 2023-05-17 10:47:25 +02:00
Asger F
f47acfb083 JS: Trim whitespace 2023-05-17 10:37:19 +02:00
Stephan Brandauer
a5ef738bb0 add extra parameters in query-messages 2023-05-17 08:37:18 +00:00
Asger F
f94fdc6348 JS: Remove mention of TrackedNode in docs 2023-05-17 10:37:12 +02:00
erik-krogh
480e71fd69 avoid contractions 2023-05-17 08:42:45 +02:00
Tom Hvitved
867bdcf74d Merge pull request #13183 from hvitved/csharp/ilogger-extension-methods 
C#: Include arguments to `ILogger` extension method calls in `LogMessageSink`
 2023-05-17 08:20:57 +02:00
Óscar San José
c599460a52 Change regexp to include released change-notes pattern 2023-05-16 21:53:09 +02:00
Jami Cogswell
003bb2f6f5 JS: add change note 2023-05-16 15:45:55 -04:00
Jami Cogswell
359f6ffd1e JS: update 'credentials[%]' sink kind to 'credentials-%' 2023-05-16 15:45:55 -04:00
Jami Cogswell
7880e9e92c JS: update 'command-line-injection' sink kind to 'command-injection' 2023-05-16 15:45:55 -04:00
Jeroen Ketema
2dcdc71e45 Merge pull request #13142 from MathiasVP/precompute-states-in-overrun-write 
C++: Restrict flow-state space of `cpp/overrun-write`
 2023-05-16 21:31:56 +02:00
Alexandre Boulgakov
060a48571a Swift: Emit diagnostics on assertion/expectation violations. 2023-05-16 19:40:00 +01:00
Michael B. Gale
f5b04ab859 Merge pull request #13187 from github/mbg/java/fix-java-version-too-old-more 
Java: Use empty toolchains.xml for the `java-version-too-old` test
 2023-05-16 19:26:07 +01:00
Jami Cogswell
588a62c3a4 C#: update CaptureSinkModels test case 2023-05-16 14:07:20 -04:00
Jami Cogswell
06a28f6221 C#: update 'remote' sink kind to 'file-content-store' 2023-05-16 14:07:20 -04:00
Jami Cogswell
d3da5a7b28 C#: update cwe-sink.csv file 2023-05-16 14:07:20 -04:00
Jami Cogswell
74cd2407fb C#: update 'xss' sink kind to 'js-injection' 2023-05-16 14:07:20 -04:00
Jami Cogswell
a0b502fa44 C#: update 'html' sink kind to 'html-injection' 2023-05-16 14:07:20 -04:00
Jami Cogswell
f76563d6e9 C#: update some test cases 2023-05-16 14:07:19 -04:00
Jami Cogswell
b6d011b187 C#: update 'sql' sink kind to 'sql-injection' 2023-05-16 14:07:19 -04:00
Jami Cogswell
613077c7a9 C#: update 'code' sink kind to 'code-injection' 2023-05-16 14:07:19 -04:00
Mathias Vorreiter Pedersen
402212bab9 C++: Accept query test changes. 2023-05-16 18:35:05 +01:00
Alexandre Boulgakov
7ada125299 Swift: Support fmtlib for assertions/expectations. 
Specifically, this adds custom formatters using `path::operator string()` and `error_code::message()` and dereferences a (non-empty) optional. `fmtlib` provides formatters for these standard library types in `fmt/std.h`, but that file also requires RTTI (which we disable) for `std::exception` so we can't use it without either patching `fmtlib` (which they're open to: https://github.com/fmtlib/fmt/issues/3170) or enabling RTTI (which will require some consideration).
 2023-05-16 18:33:28 +01:00
Mathias Vorreiter Pedersen
a5632a21d1 Merge branch 'main' into precompute-states-in-overrun-write 2023-05-16 18:09:16 +01:00
Mathias Vorreiter Pedersen
99545420d5 Merge pull request #13177 from MathiasVP/recommend-secure-randomness 
Swift: Recommend a proper source of randomness in `swift/hardcoded-key`
 2023-05-16 18:04:13 +01:00
Mathias Vorreiter Pedersen
9def3dd440 Update swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-05-16 17:42:34 +01:00
Geoffrey White
3bd16fa1d8 Merge pull request #13184 from geoffw0/docconsistency 
Swift: Mirror changes made in the tutorial docs.
 2023-05-16 17:42:03 +01:00
Mathias Vorreiter Pedersen
c93a051243 C++: Accept test changes. 2023-05-16 17:41:41 +01:00
Mathias Vorreiter Pedersen
150d4f341a C++: Fix looping flow that goes from the output argument node and back into the function argument. 2023-05-16 17:39:59 +01:00
Mathias Vorreiter Pedersen
35e91bafa7 C++: Introduce 'indirect_sink' in dataflow tests. 2023-05-16 17:39:53 +01:00
Mathias Vorreiter Pedersen
f5be8cfe58 Merge pull request #13167 from geoffw0/sensitivefps 
Swift: Fix some FPs from the sensitive data library
 2023-05-16 17:12:47 +01:00
Mathias Vorreiter Pedersen
afd1a120ff Merge pull request #13182 from MathiasVP/add-conflation-in-dataflow 
C++: Add example with conflation in dataflow
 2023-05-16 17:11:18 +01:00
Michael B. Gale
2d80302108 Use empty toolchains.xml for java-version-too-old 2023-05-16 16:54:19 +01:00
Paolo Tranquilli
42d40900d3 Swift: reword TSP diagnostics after doc team review 2023-05-16 17:52:02 +02:00
Mathias Vorreiter Pedersen
c45032844e C++: Add example with conflation in dataflow. 2023-05-16 16:34:20 +01:00
Stephan Brandauer
2cd8a879a5 use asParameter().getName() instead of toString() 
Co-authored-by: Taus <tausbn@github.com>
 2023-05-16 17:28:02 +02:00
Paolo Tranquilli
fc9fe13278 Merge pull request #13181 from github/redsun82/swift-diagnostics-enable-warnings 
Swift: turn internal error into a TSP warning
 2023-05-16 17:20:46 +02:00
Tom Hvitved
406acbe6a4 Update csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2023-05-16 17:13:21 +02:00
Stephan Brandauer
9845887452 automodel java fix: export method name as 'name' metadata parameter; export parameter name as 'parameterName' parameter 2023-05-16 15:07:14 +00:00
Arthur Baars
2911a6cc30 JS: remove unused tables 2023-05-16 17:03:41 +02:00
Arthur Baars
fef0e1f1c8 JS: sync shared dbscheme fragments 2023-05-16 17:03:41 +02:00