codeql

mirror of https://github.com/github/codeql.git synced 2026-02-09 11:41:06 +01:00

Author	SHA1	Message	Date
Tony Torralba	ce191e1f9f	Fix InsecureLdapAuth tags	2023-03-28 17:10:33 +02:00
Edward Minnix III	b00104ebe3	Merge pull request #12458 from egregius313/egregius313/promote-insecure-ldap-authentication Java: Promote LDAP Authentication Query	2023-03-28 10:39:17 -04:00
Edward Minnix III	97ec808a6f	Make configuration public Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-03-28 10:28:15 -04:00
Erik Krogh Kristensen	13c0effbd2	change to minor change	2023-03-28 15:27:16 +02:00
erik-krogh	4b3a419509	just use quoteWithBackticks	2023-03-28 15:23:15 +02:00
Erik Krogh Kristensen	451f6f01bb	Merge pull request #12633 from erik-krogh/more-global-flow JS: better callgraph support for global variables	2023-03-28 15:19:50 +02:00
Nora Dimitrijević	94614320b5	Swift: refactor OptionalSomeDecl -> OptionalSomeContentSet	2023-03-28 15:15:16 +02:00
Anders Schack-Mulligen	7c74fd07e9	Merge pull request #12684 from aschackmull/dataflow/remove-footgun Dataflow: Remove accidentally exposed predicates.	2023-03-28 15:14:58 +02:00
Michael Nebel	9966e09fd7	C#: Add operator dataflow test case with checked and unchecked examples.	2023-03-28 15:05:48 +02:00
Michael Nebel	50c3c159a9	C#: Make checked and unchecked as a local flow step.	2023-03-28 15:03:33 +02:00
Nora Dimitrijević	ea9e8e7ddb	Swift: fix bad join order in Pattern.getImmediateMatchingExpr On Signal-iOS, this snippet: ```codeql class Pattern extends Generated::Pattern { ... Expr getImmediateMatchingExpr() { ... exists(PatternBindingDecl v, int i \| v.getPattern(i) = this and result = v.getInit(i) ) ... } ... } ``` Had the following join order: ``` 33926 ~0% {3} r8 = SCAN PatternBindingDecl#ab5153b9::Generated::PatternBindingDecl::getImmediateInit#1#dispred#fff OUTPUT In.1, In.0, In.2 2565045964 ~0% {4} r9 = JOIN r8 WITH pattern_binding_decl_patterns_102#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Rhs.2 33926 ~0% {2} r10 = JOIN r9 WITH Synth#5f134a93::Synth::convertPatternBindingDeclToRaw#1#ff ON FIRST 2 OUTPUT Lhs.3, Lhs.2 33926 ~2% {2} r11 = JOIN r10 WITH Synth#5f134a93::Synth::convertPatternFromRaw#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 33926 ~1% {2} r12 = JOIN r11 WITH Element#e67432df::Generated::Element::resolve#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1 33926 ~4% {2} r13 = JOIN r12 WITH Element#e67432df::Generated::Element::resolve#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1 ``` After applying `pragma[only_bind_out]` to `this`: ``` 198815 ~1% {2} r4 = SCAN Synth#5f134a93::Synth::TPattern#f OUTPUT In.0, In.0 198815 ~0% {2} r5 = JOIN r4 WITH Element#e67432df::Generated::Element::resolve#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 75626 ~0% {3} r6 = JOIN r5 WITH PatternBindingDecl#ab5153b9::Generated::PatternBindingDecl::getImmediatePattern#1#dispred#fff_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.1 33926 ~1% {2} r7 = JOIN r6 WITH PatternBindingDecl#ab5153b9::Generated::PatternBindingDecl::getImmediateInit#1#dispred#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.2 33926 ~4% {2} r8 = JOIN r7 WITH Element#e67432df::Generated::Element::resolve#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1 ```	2023-03-28 14:57:05 +02:00
Jeroen Ketema	3b8ad087eb	Make imports of `codeql.util.Unit` private	2023-03-28 14:14:13 +02:00
Michael Nebel	042e53aa4a	Merge pull request #12688 from michaelnebel/csharp/documentation C#: Claim support for C# 11 / .NET 7 in external documentation.	2023-03-28 14:02:51 +02:00
Anders Schack-Mulligen	3b0095725c	Java: Adjust test expectation.	2023-03-28 14:00:25 +02:00
Anders Schack-Mulligen	47e7aa9566	Dataflow: Add change note.	2023-03-28 13:17:48 +02:00
Michael Nebel	e38196a3a8	C#: Claim support for C# 11 / .NET 7 in external documentation.	2023-03-28 13:04:30 +02:00
Asger F	61a7ee9387	JS: Use getABoundFunctionValue instead of type-tracking	2023-03-28 12:56:03 +02:00
erik-krogh	70dfa6e15c	use StringUtil.quoteWithBackticks instead of manually quoting with a single backtick	2023-03-28 12:34:44 +02:00
Asger F	02da09c7d8	Update docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2023-03-28 11:36:24 +02:00
Mathias Vorreiter Pedersen	4b2758f1b5	Merge branch 'main' into skip-safe-conversions-in-range-analysis	2023-03-28 10:32:13 +01:00
Tony Torralba	12b236f6f1	Merge pull request #12682 from github/workflow/coverage/update Update CSV framework coverage reports	2023-03-28 11:27:19 +02:00
erik-krogh	e5e20ab42c	add backticks around the concrete parse error	2023-03-28 10:57:13 +02:00
Asger F	d62b944b93	JS: Explain difference between type and member	2023-03-28 10:49:28 +02:00
Arthur Baars	cd53c77e23	Merge pull request #12670 from alexrford/mergeback-rc/3.9 Merge `rc/3.9` back into `main`	2023-03-28 10:49:08 +02:00
Asger F	aec82f6ef8	Update docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>	2023-03-28 10:12:38 +02:00
Asger F	04b28c5118	Merge branch 'main' into js/extension-docs	2023-03-28 10:12:22 +02:00
Rasmus Wriedt Larsen	8ea6b6f256	Python: Update `py/azure-storage/unsafe-client-side-encryption-in-use` to use datafow	2023-03-28 10:09:22 +02:00
Rasmus Wriedt Larsen	7a17cd2a9e	Python: Rewrite azure query to more idiomatic ql	2023-03-28 10:06:00 +02:00
Rasmus Wriedt Larsen	691ffcd3a4	Python: Add tests of `py/azure-storage/unsafe-client-side-encryption-in-use` Notice that it doesn't find the potentially unsafe version, or the vuln that spans calls.	2023-03-28 10:05:09 +02:00
Anders Schack-Mulligen	d406b051fc	Dataflow: Remove accidentally exposed predicates.	2023-03-28 10:04:21 +02:00
Asger F	a5b1677cca	Update docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>	2023-03-28 10:03:07 +02:00
Asger F	32bab0b8b2	Merge pull request #12654 from asgerf/rb/always-resolve-toplevel-namespace RB: always resolve toplevel namespaces to their locally qualified name	2023-03-28 09:54:59 +02:00
Anders Schack-Mulligen	b5c66c514e	Java: Support double-recursive range analysis bounds for addition.	2023-03-28 09:52:05 +02:00
yoff	a1a2eb356c	Merge pull request #11515 from yoff/py/port-comparison-using-is python: port `py/comparison-using-is`	2023-03-28 09:42:34 +02:00
Michael Nebel	730848cee8	Merge pull request #12648 from michaelnebel/csharp/cs-web-debug-binary C#: Improve cs/web/debug-binary to repect the RemoveAttributes transformation.	2023-03-28 09:40:46 +02:00
yoff	a034f89d9d	Merge pull request #12517 from yoff/python/fix-documentation-redirect-type-inference python: Fix link to type inference	2023-03-28 09:38:55 +02:00
Michael Nebel	7283002dfa	Merge pull request #12410 from michaelnebel/java/docs-models-as-data Java: Docs MaD using extensions.	2023-03-28 09:21:07 +02:00
Tom Hvitved	e3799adbe0	Merge pull request #12612 from hvitved/ruby/print-ast-desugar-reorder Ruby: Order synthetic children in PrintAST based on their index instead of location	2023-03-28 09:13:03 +02:00
Mathias Vorreiter Pedersen	58c7148669	Merge pull request #12655 from jketema/range-rem	2023-03-28 08:01:16 +01:00
github-actions[bot]	2573efa358	Add changed framework coverage reports	2023-03-28 00:17:02 +00:00
Jeroen Ketema	12da4f7814	C++: Address review comment	2023-03-28 00:33:46 +02:00
Jeroen Ketema	9303055013	C++: Address review comment	2023-03-28 00:33:46 +02:00
Jeroen Ketema	99c6111b05	C++: Add support for bounded modulus operations	2023-03-28 00:33:43 +02:00
Mathias Vorreiter Pedersen	724d97eabb	C++: Make sign analysis aware of unsigned'ness and accept test changes.	2023-03-27 23:08:12 +01:00
Nora Dimitrijević	239e14b71a	Swift: fix QLdoc check for EnumElementExpr.qll	2023-03-27 23:48:37 +02:00
Nora Dimitrijević	41b283c07c	Swift: add `.some` enum content to `init?` calls Again, this is hacky; we don't distinguish rigorously between an optional value and its content (similar to how it was before enum content flow).	2023-03-27 23:01:25 +02:00
Nora Dimitrijević	03122d76ce	Swift: fix a bunch of MISSING dataflow test cases Optional content flow through constructors remains.	2023-03-27 23:01:25 +02:00
Nora Dimitrijević	6a127264af	Swift: distinguish between Pattern.get(Immediate)IdentityPreservingEnclosingPattern	2023-03-27 23:01:25 +02:00
Nora Dimitrijević	7dc793855b	Swift: introduce Node.asPattern()	2023-03-27 23:01:24 +02:00
Nora Dimitrijević	a715ebe826	Swift: distinguish Pattern.get(Immediate)EnclosingPattern	2023-03-27 23:01:24 +02:00

... 194 195 196 197 198 ...

62527 Commits