hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 20:21:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,527 Commits 1,690 Branches 160 Tags
codeql-cli/v2.16.0
Commit Graph

62527 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
bbe95367d6 C++: Simplify SslContextCallMake 2023-03-20 14:00:03 +01:00
Geoffrey White
a19579d21b Merge pull request #12587 from geoffw0/finishbitwise 
Swift: Remove special case for bitwise operations
 2023-03-20 12:59:31 +00:00
Stephan Brandauer
116108851f Update MaD Declarations after Triage 2023-03-20 13:45:39 +01:00
Jeroen Ketema
2968c12e12 Merge pull request #12583 from jketema/move-print 
C++: Move SsaConsistency to its own file
 2023-03-20 13:41:29 +01:00
Jeroen Ketema
9997326804 C++: Refactor BoostorgAsio to use DataFlow::ConfigSig 2023-03-20 13:37:18 +01:00
Rasmus Lerchedahl Petersen
5f438e433d python: exclude nonlocals from query 2023-03-20 13:34:39 +01:00
Kasper Svendsen
1d2f1b6ae6 Address comments 2023-03-20 13:34:14 +01:00
Ed Minnix
83b0d073f0 Fix typo in QLDoc 2023-03-20 08:11:01 -04:00
Ed Minnix
1c661fd3ac Add missing QLDocs 2023-03-20 08:10:07 -04:00
Kasper Svendsen
e0e3a1d621 Dataflow: remove revFlowApAlias trick 2023-03-20 13:04:13 +01:00
Rasmus Lerchedahl Petersen
9b7a20f4ad python: add example showing FP 2023-03-20 13:03:26 +01:00
Ed Minnix
84fd5f7ee0 Fix naming of ZipSlip configuration 2023-03-20 07:55:23 -04:00
Ian Lynagh
fcf1f6a6f9 Kotlin: Don't use distutils in build script 
We were getting
    DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives
during the build.
 2023-03-20 11:49:54 +00:00
Ed Minnix
60a4a79537 Make the Config module of public Flow modules public 
This is to make things easier for the CodeML/ATM team once these
configurations are moved from `src/` to `lib/`.
 2023-03-20 07:47:55 -04:00
Edward Minnix III
9aa83d78e1 Merge pull request #12575 from egregius313/egregius313/ql/dataflow-naming-convention-check 
QL: add a check to enforce naming convention for new `DataFlow::ConfigSig` modules
 2023-03-20 07:26:01 -04:00
Edward Minnix III
1c06afffe5 Merge pull request #12578 from egregius313/egregius313/conform-dataflow-configs-to-config-naming-convention 
Conform dataflow config modules to follow `*Config` naming convention
 2023-03-20 07:25:10 -04:00
Geoffrey White
166902bfa0 Swift: Remove the special case for bitwise operations in the XXE query (but upgrade that bit of the query to taint flow as appears to be intended). 2023-03-20 11:18:17 +00:00
erik-krogh
ef498020c2 PY: dont depend on codeql/util in src/ now that its added to lib/ 2023-03-20 12:11:06 +01:00
Geoffrey White
1f8a165611 Swift: Add a couple of extra test cases. 2023-03-20 10:58:58 +00:00
Paolo Tranquilli
029d924e6d Merge pull request #12580 from github/redsun82/swift-more-precise-successfully-extracted-query 
Swift: make `SuccessfullyExtractedFiles.ql` more precise
 2023-03-20 11:05:54 +01:00
Erik Krogh Kristensen
2270d6fa61 fix typo 
Co-authored-by: Taus <tausbn@github.com>
 2023-03-20 10:56:30 +01:00
Alex Ford
4b1171ce64 Merge branch 'main' into maikypedia/ruby-ssti 2023-03-20 09:55:53 +00:00
Tony Torralba
27fc14236f Add change note 2023-03-20 10:48:56 +01:00
Tony Torralba
bff8bbfe33 Apply suggestions from code review 2023-03-20 10:43:46 +01:00
Jeroen Ketema
91b069603d C++: Move SsaConsistency to its own file 
This removes the import of the `Print` library in places that are used in
production and not just debugging.
 2023-03-20 10:31:33 +01:00
Michael Nebel
01ade878ea Java: Update test comments to use this instead of -1. 2023-03-20 10:14:20 +01:00
Michael Nebel
ba711ab849 Java: Update expected test-output (different sorting). 2023-03-20 10:14:20 +01:00
Michael Nebel
ae12510d8d Java: Add change-note. 2023-03-20 10:14:20 +01:00
Michael Nebel
9039a468cb Java: Update models that uses -1 in a range. 2023-03-20 10:14:20 +01:00
Michael Nebel
e86f1e4961 Java: Replace Argument[-1] with Argument[this]. 2023-03-20 10:14:20 +01:00
Tom Hvitved
a9ef3f95a2 Ruby: Introduce ContentSet::isElementOfType[OrUnknown]/1 2023-03-20 10:03:15 +01:00
Michael Nebel
e78af3e66c C#: Introduce Argument and Parameter index validation for models. 2023-03-20 09:38:40 +01:00
Michael Nebel
37484a415f Sync files. 2023-03-20 09:38:40 +01:00
Michael Nebel
0ec56203f9 Java: Introduce index validation. 2023-03-20 09:38:40 +01:00
Michael Nebel
9a3c2d3fbe Java: Update summary parsing to use this instead of -1 and adjust the model generator. 2023-03-20 09:38:40 +01:00
Michael Nebel
abd9f673e1 Java: Update the java internal documentation for models. 2023-03-20 09:38:39 +01:00
Michael Nebel
352bb5a29a C#: Update internal documentation for this parameter in models. 2023-03-20 09:38:39 +01:00
Tony Torralba
8457d45edc Merge pull request #12577 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-03-20 09:26:18 +01:00
Kasper Svendsen
9630feb5e4 Dataflow: Remove revFlowAlias trick 2023-03-20 09:04:35 +01:00
Erik Krogh Kristensen
540542ceb5 Merge pull request #12518 from erik-krogh/more-express-sources 
JS: recognize more express URL related sources
 2023-03-20 08:49:11 +01:00
Erik Krogh Kristensen
af98ceb3c3 Merge pull request #11478 from erik-krogh/more-shell-taint 
Rb: more taint-steps for shell-command-construction
 2023-03-20 08:41:22 +01:00
Paolo Tranquilli
a131966066 Swift: make SuccessfullyExtractedFiles.ql more precise 
This is done by adding a `isSuccessfullyExtracted` predicate that is
filled for primary files at the very end of the extractor invocation if
the frontend was performed successfully. If for example the extractor
crashes this will therefore not be filled.

The upgrade script is written so that `SuccessfullyExtractedFiles.ql`
on an upgraded script will give exactly the same results as before it.
 2023-03-20 08:34:34 +01:00
Erik Krogh Kristensen
5f14af5db0 Merge pull request #12579 from github/dependabot/cargo/ql/serde-1.0.157 
Bump serde from 1.0.156 to 1.0.157 in /ql
 2023-03-20 08:02:23 +01:00
dependabot[bot]
9b3b6632fc Bump serde from 1.0.156 to 1.0.157 in /ql 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.156 to 1.0.157.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.156...v1.0.157)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-20 04:09:27 +00:00
github-actions[bot]
0d36a5a733 Add changed framework coverage reports 2023-03-20 00:17:11 +00:00
Ed Minnix
c852d3a541 Rename configurations from "Conf" to "Config" 2023-03-19 17:55:53 -04:00
Ed Minnix
2d5944fb0e Refactor DataFlow configurations to use "Config" naming convention 2023-03-19 17:44:07 -04:00
Ed Minnix
d743b31ab6 Fix typo in QLdoc 2023-03-19 13:45:46 -04:00
Mathias Vorreiter Pedersen
b0f803759c Merge pull request #11928 from rdmarsh2/rdmarsh2/stageify-range-analysis 2023-03-18 12:42:49 +00:00
Ed Minnix
00267637eb Implementation of check for DataFlow naming convention 2023-03-17 15:47:15 -04:00