hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-01 07:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,684 Branches 159 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
63657396c5 Merge pull request #13267 from MathiasVP/promote-overrun-write 
C++: Promote `cpp/overrun-write` out of experimental
 2023-05-26 11:34:26 +02:00
Asger F
1c7f6dc32e Ruby: add meta-query for calls to summarized callables 2023-05-26 11:34:23 +02:00
Michael B. Gale
631ba6584d Go: Update identify-environment JSON format 
The spec changed after this was implemented and merged
 2023-05-26 10:13:40 +01:00
Michael B. Gale
af803c8886 Go: include new scripts in Makefile 2023-05-26 10:13:40 +01:00
Michael B. Gale
e48fc66782 Swift: Add identify-environment script 2023-05-26 10:13:39 +01:00
Tony Torralba
903fdb0cb8 Java: Add models for the Play Framework 2023-05-26 10:23:43 +02:00
Tamas Vajk
918cfd6f44 Add integration test 2023-05-26 09:50:06 +02:00
Geoffrey White
736f2871f9 Swift: Tweak private info regexps to restore 'account_no' results. 2023-05-26 08:43:32 +01:00
Tamas Vajk
74a585222c C#: Extract source files generated by source generators 2023-05-26 09:13:41 +02:00
Paolo Tranquilli
5a2433244e Swift: remove now passing PrintAstConsistency check 2023-05-26 08:58:49 +02:00
Paolo Tranquilli
b0882a9e5f Merge branch 'main' into alexdenisov+redsun82/tuple-mangling 2023-05-26 08:40:16 +02:00
Paolo Tranquilli
192c0d5e83 Swift: simplify change note 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-05-26 08:20:58 +02:00
Esben Sparre Andreasen
081c069b3c Merge pull request #13295 from github/dependabot/cargo/ql/regex-1.8.3 
Bump regex from 1.8.2 to 1.8.3 in /ql
 2023-05-26 08:13:41 +02:00
dependabot[bot]
4ab389bf1a Bump regex from 1.8.2 to 1.8.3 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.2...1.8.3)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-26 04:02:31 +00:00
Mathias Vorreiter Pedersen
0d1d20c75b C++: Change range-analysis test to not use 'getAst'. This was creating confusing test expectation annotations. 2023-05-25 15:50:29 -07:00
Mathias Vorreiter Pedersen
960e6521a4 Revert "C++: Whitespace commit to make qhelp show up in diff." 
This reverts commit ec192d621c.
 2023-05-25 15:21:09 -07:00
Mathias Vorreiter Pedersen
c6275bfa28 Merge pull request #13293 from MathiasVP/fix-performance-of-dtt 
C++: Fix result duplication on `DefaultTaintTracking`
 2023-05-25 15:20:02 -07:00
Mathias Vorreiter Pedersen
e7f82a3571 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-05-25 13:56:01 -07:00
Geoffrey White
0e443da710 Swift: Remove id() categorization due to accuracy, and repair the old bank.?account case. 2023-05-25 21:51:27 +01:00
Maiky
026d94c457 Add LDAP Injection query (incomplete) 2023-05-25 22:51:25 +02:00
Mathias Vorreiter Pedersen
384ca0c31f C++: Respond to review comments. 2023-05-25 13:50:35 -07:00
Mathias Vorreiter Pedersen
c3fdc83af6 C++: Also add an out barrier on all sinks. 2023-05-25 12:23:50 -07:00
Mathias Vorreiter Pedersen
7361ad977a Merge pull request #13291 from geoffw0/correction 
Swift: Promote some Data models to DataProtocol
 2023-05-25 11:28:42 -07:00
Mathias Vorreiter Pedersen
a7252e625e C++: Fix result duplication on 'cpp/unbounded-write' on 'kirxkirx/vast'. 2023-05-25 11:12:01 -07:00
Alex Ford
609319da20 ruby: update TaintStep.ql test output 2023-05-25 17:53:01 +01:00
Geoffrey White
3f3a5d39e5 Swift: Fix the SQL injection test. 2023-05-25 17:13:51 +01:00
Geoffrey White
85a1ab0264 Swift: Undo autocorrect. 2023-05-25 16:10:31 +01:00
Stephan Brandauer
5ca2221097 remove some of the biggest frameworks from application mode consideration 2023-05-25 17:06:02 +02:00
Geoffrey White
98e5f0fc4f Swift: Add change note. 2023-05-25 16:04:18 +01:00
Geoffrey White
51321a218b Swift: Correct models in Data.qll. 2023-05-25 15:55:45 +01:00
Geoffrey White
5dfb07ce37 Swift: Test DataProtocol. 2023-05-25 15:51:21 +01:00
Stephan Brandauer
db77c6b9a3 Java: mark functional expressions as likely not sinks 2023-05-25 16:39:27 +02:00
Stephan Brandauer
76d731a61d improve CannotBeTaintedCharacteristic 2023-05-25 16:28:07 +02:00
Paolo Tranquilli
cc271d682e Codegen: ignore synth properties in cppgen 2023-05-25 16:05:25 +02:00
Paolo Tranquilli
b09386a2c8 Codegen: ignore synth properties in Raw.qll 2023-05-25 16:05:12 +02:00
Paolo Tranquilli
00fb796f3b Codegen: ignore synth properties in dbschemegen 2023-05-25 16:05:12 +02:00
Paolo Tranquilli
d2c9847a79 Codegen: parse synth property modifier 2023-05-25 16:05:12 +02:00
Paolo Tranquilli
165ac3eeaa Codegen: define and propagate synth property flag 2023-05-25 16:05:12 +02:00
Paolo Tranquilli
242d263e8a Codegen: move ipa info from ql.Class to ql.Property 2023-05-25 16:05:11 +02:00
Asger F
9e8cef5e1b Ruby: fix type-tracking flow-through for new->initialize calls 2023-05-25 15:03:38 +02:00
Asger F
93678e5d36 Ruby: fix name of super calls in singleton methods 2023-05-25 15:03:34 +02:00
Geoffrey White
791ba81403 Swift: Add change note. 2023-05-25 13:27:23 +01:00
Stephan Brandauer
9a041243ff Java: fine-tune characteristics 2023-05-25 14:16:32 +02:00
Stephan Brandauer
f224a40dec Java: use containing call as call context, not argument 2023-05-25 14:16:23 +02:00
Stephan Brandauer
33fdb0fc52 Java: remove superfluous characteristic 2023-05-25 14:16:23 +02:00
Taus
2000f22533 Java: Port over characteristics from codex branch 2023-05-25 14:16:23 +02:00
Taus
11ab7e2e71 Java: Share argument indexing logic 
Adds a utility predicate for turning integer indices into the desired string representation.
 2023-05-25 14:16:23 +02:00
Taus
04b8bf35d4 Java: Avoid overlapping import 
Importing `AutomodelEndpointTypes` inside `AutomodelSharedUtil` non-privately made it overlap with the imports in the candidate extraction queries.
 2023-05-25 14:16:23 +02:00
Stephan Brandauer
db61a2d099 Java: share isKnownKind between modes 2023-05-25 14:16:16 +02:00
Stephan Brandauer
d93ad9b398 Java: remove unneeded abstract metadata extractor classes and fix some names 2023-05-25 14:16:11 +02:00