hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-01 07:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,684 Branches 159 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jami Cogswell
7e6913af62 Java: update provenance to 'hq-manual' 2023-05-26 18:55:13 -04:00
Jami Cogswell
60b07083c3 Java: add 'sink' kind 2023-05-26 18:55:13 -04:00
Jami Cogswell
65dd7eb8e7 Java: add neutral models discovered with path-inj and ssrf heuristics 2023-05-26 18:55:13 -04:00
Mathias Vorreiter Pedersen
9828af45a1 C++: Change separator from ':' to '|'. 2023-05-26 15:23:48 -07:00
Mathias Vorreiter Pedersen
0f08642653 C++: Fix join in 'pointerArithOverflow0'. 2023-05-26 11:16:44 -07:00
Robert Marsh
d18fb646d1 C++: handle cast arrays properly in off-by-one query 2023-05-26 13:16:21 -04:00
Robert Marsh
5bc844c4c6 Merge pull request #13207 from MathiasVP/use-equiv-class-in-getInstruction 
C++: Reduce memory pressure from `getInstruction`
 2023-05-26 13:13:57 -04:00
Robert Marsh
6e230e10f8 C++: include stack-allocated arrays in off-by-one query 2023-05-26 13:04:51 -04:00
Robert Marsh
b2fb2aa0d1 Merge pull request #13045 from rdmarsh2/rdmarsh2/cpp/improve-constant-off-by-one 
C++: stitch paths and ignore cast arrays in constant off-by-one query
 2023-05-26 12:47:08 -04:00
Maiky
dfbf259e2d typo 2023-05-26 18:14:49 +02:00
Maiky
9ab6eabd15 add filterTaintStep, qhelp file and test files 2023-05-26 18:13:58 +02:00
Philip Ginsbach
ded98c5a5f Merge pull request #13304 from github/ginsbach/SmallSpecificationFixes 
two small QL specification fixes
 2023-05-26 16:18:36 +01:00
Taus
227c5fab40 Java: Get location ordering without toString 2023-05-26 14:52:08 +00:00
Paolo Tranquilli
ddf45b27ca Merge pull request #13300 from github/redsun82/swift-fix-autobuild-corner-case 
Swift: exclude unknown type targets ending in `Tests` or `Test` from autobuilding
 2023-05-26 16:49:01 +02:00
Philip Ginsbach
47a0d4b774 more explicit mentioning of QLL files 2023-05-26 15:03:34 +01:00
Philip Ginsbach
ba51ded516 bindingset is not really a pragma 2023-05-26 15:03:34 +01:00
Geoffrey White
32c113bc38 Swift: Fix following merge with main. 2023-05-26 14:41:48 +01:00
Geoffrey White
68354c09bf Merge branch 'main' into sqlpathinject 2023-05-26 14:33:05 +01:00
Paolo Tranquilli
15047368e8 Swift: add a warning to unmangled types 2023-05-26 15:12:21 +02:00
Paolo Tranquilli
3f7c4dec25 Swift: add a header comment to SwiftMangler 2023-05-26 15:05:40 +02:00
Asger F
3831dc7785 Merge pull request #13288 from asgerf/rb/super-and-flow-through 
Ruby: two bug fixes
 2023-05-26 15:04:52 +02:00
Paolo Tranquilli
d81dc274f6 Swift: make a TODO more assertive as there is a draft PR already 2023-05-26 14:45:29 +02:00
Asger F
cfaa27ab5d Ruby: change note 2023-05-26 14:44:00 +02:00
Paolo Tranquilli
05ed66ad8f Swift: remove debugging print 2023-05-26 14:42:02 +02:00
Paolo Tranquilli
c5cee0d419 Swift: exclude targets ending in Tests or Test from autobuilding 2023-05-26 14:19:07 +02:00
Stephan Brandauer
efe539eb32 Java: better sampling of negative examples 2023-05-26 14:15:32 +02:00
Asger F
c637b6f59a JS: Update test for RegExpAlwaysMatches 2023-05-26 14:10:26 +02:00
Asger F
9df9ca2916 JS: Update test and expectations for MissingRegExpAnchor 2023-05-26 14:07:34 +02:00
Asger F
40daa9c906 JS: Update RegExpInjection test and expectations 2023-05-26 14:05:36 +02:00
Rasmus Lerchedahl Petersen
9cb83fcdc9 python: add summaries for 
copy, pop, get, getitem, setdefault

Also add read steps to taint tracking.

Reading from a tainted collection can be done in two situations:
1. There is an acces path
    In this case a read step (possibly from a flow summary)
    gives rise to a taint step.
2. There is no access path
    In this case an explicit taint step (possibly via a flow
    summary) should exist.
 2023-05-26 14:04:15 +02:00
Jami
6867e94ed5 Merge pull request #13158 from jcogs33/jcogs33/update-csharp-sink-kinds 
C#: update MaD sink kinds
 2023-05-26 08:03:21 -04:00
yoff
af1f4c30fb Merge pull request #13299 from asgerf/rb/meta-query-summarised-callable-sites 
Ruby/Python: add meta-queries for calls to summarised callables
 2023-05-26 13:27:56 +02:00
Rasmus Lerchedahl Petersen
144df9a39e python: remove explicit dataflow steps 2023-05-26 13:24:22 +02:00
Rasmus Lerchedahl Petersen
8d4f9447b1 python: remove explicit steps 
copy, pop, get, popitem
 2023-05-26 13:22:54 +02:00
Stephan Brandauer
a89378d86d Java: add extra known frameworks and sample negative samples to manage sarif file sizes 2023-05-26 13:20:04 +02:00
Arthur Baars
e0466900ad Merge pull request #12992 from Sim4n6/ruby-UBV 
[Ruby] Add Unicode Bypass Validation query, test and help file
 2023-05-26 13:00:21 +02:00
Tony Torralba
4dfc9b13cd Java: Fix performance issue in the stub generator 2023-05-26 12:44:53 +02:00
Tony Torralba
8e16a0d144 Add tests and stubs for the summaries 2023-05-26 12:43:58 +02:00
Alex Ford
baabd2d1fa Merge pull request #12832 from maikypedia/maikypedia/pg-sqli 
Ruby: Add SQL Injection Sinks
 2023-05-26 11:36:17 +01:00
Michael Nebel
915042a881 Minor cleanup and sync files. 2023-05-26 12:25:00 +02:00
Michael Nebel
783d560e7d Swift: Re-factor getComponent. 2023-05-26 12:25:00 +02:00
Michael Nebel
58fcbc136c Ruby: Re-factor getComponent. 2023-05-26 12:25:00 +02:00
Michael Nebel
811eee1f0d Python: Re-factor getComponent. 2023-05-26 12:24:59 +02:00
Michael Nebel
b794627335 Go: Re-factor getComponent. 2023-05-26 12:24:59 +02:00
Michael Nebel
b7a8660375 Java: Re-factor getComponent. 2023-05-26 12:24:59 +02:00
Michael Nebel
066554cee6 C#: Re-factor getComponent. 2023-05-26 12:24:59 +02:00
Paolo Tranquilli
a6e21dac8f Merge pull request #13284 from github/redsun82/swift-remove-property-wrapper-inconsistencies 
Swift: remove some AST and CFG inconsistencies
 2023-05-26 12:22:56 +02:00
Geoffrey White
57d6505ee3 Swift: Move change note. 2023-05-26 11:10:29 +01:00
Asger F
2629ec1b1d JS: Be more conservative about flagging "search" call arguments as regex 2023-05-26 11:55:53 +02:00
Asger F
75fd20b3b8 Python: add meta-query for calls to summarized callables 2023-05-26 11:40:58 +02:00