hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 00:31:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,687 Branches 159 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
402212bab9 C++: Accept query test changes. 2023-05-16 18:35:05 +01:00
Alexandre Boulgakov
7ada125299 Swift: Support fmtlib for assertions/expectations. 
Specifically, this adds custom formatters using `path::operator string()` and `error_code::message()` and dereferences a (non-empty) optional. `fmtlib` provides formatters for these standard library types in `fmt/std.h`, but that file also requires RTTI (which we disable) for `std::exception` so we can't use it without either patching `fmtlib` (which they're open to: https://github.com/fmtlib/fmt/issues/3170) or enabling RTTI (which will require some consideration).
 2023-05-16 18:33:28 +01:00
Mathias Vorreiter Pedersen
a5632a21d1 Merge branch 'main' into precompute-states-in-overrun-write 2023-05-16 18:09:16 +01:00
Mathias Vorreiter Pedersen
99545420d5 Merge pull request #13177 from MathiasVP/recommend-secure-randomness 
Swift: Recommend a proper source of randomness in `swift/hardcoded-key`
 2023-05-16 18:04:13 +01:00
Mathias Vorreiter Pedersen
9def3dd440 Update swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-05-16 17:42:34 +01:00
Geoffrey White
3bd16fa1d8 Merge pull request #13184 from geoffw0/docconsistency 
Swift: Mirror changes made in the tutorial docs.
 2023-05-16 17:42:03 +01:00
Mathias Vorreiter Pedersen
c93a051243 C++: Accept test changes. 2023-05-16 17:41:41 +01:00
Mathias Vorreiter Pedersen
150d4f341a C++: Fix looping flow that goes from the output argument node and back into the function argument. 2023-05-16 17:39:59 +01:00
Mathias Vorreiter Pedersen
35e91bafa7 C++: Introduce 'indirect_sink' in dataflow tests. 2023-05-16 17:39:53 +01:00
Mathias Vorreiter Pedersen
f5be8cfe58 Merge pull request #13167 from geoffw0/sensitivefps 
Swift: Fix some FPs from the sensitive data library
 2023-05-16 17:12:47 +01:00
Mathias Vorreiter Pedersen
afd1a120ff Merge pull request #13182 from MathiasVP/add-conflation-in-dataflow 
C++: Add example with conflation in dataflow
 2023-05-16 17:11:18 +01:00
Michael B. Gale
2d80302108 Use empty toolchains.xml for java-version-too-old 2023-05-16 16:54:19 +01:00
Paolo Tranquilli
42d40900d3 Swift: reword TSP diagnostics after doc team review 2023-05-16 17:52:02 +02:00
Mathias Vorreiter Pedersen
c45032844e C++: Add example with conflation in dataflow. 2023-05-16 16:34:20 +01:00
Stephan Brandauer
2cd8a879a5 use asParameter().getName() instead of toString() 
Co-authored-by: Taus <tausbn@github.com>
 2023-05-16 17:28:02 +02:00
Paolo Tranquilli
fc9fe13278 Merge pull request #13181 from github/redsun82/swift-diagnostics-enable-warnings 
Swift: turn internal error into a TSP warning
 2023-05-16 17:20:46 +02:00
Tom Hvitved
406acbe6a4 Update csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2023-05-16 17:13:21 +02:00
Stephan Brandauer
9845887452 automodel java fix: export method name as 'name' metadata parameter; export parameter name as 'parameterName' parameter 2023-05-16 15:07:14 +00:00
Arthur Baars
2911a6cc30 JS: remove unused tables 2023-05-16 17:03:41 +02:00
Arthur Baars
fef0e1f1c8 JS: sync shared dbscheme fragments 2023-05-16 17:03:41 +02:00
Arthur Baars
7225ef09ba Script for detecting out-of-sync dbscheme fragments 2023-05-16 17:03:41 +02:00
Tom Hvitved
c412bfde68 Add change note 2023-05-16 16:54:59 +02:00
Paolo Tranquilli
7e61e99e4a Swift: make help links optional argument more explicit 2023-05-16 16:52:22 +02:00
Michael B. Gale
ed79113c7f Merge pull request #13180 from github/mbg/java/fix-java-version-too-old 
Java: Hide GHA variables in `java-version-too-old` test
 2023-05-16 15:49:38 +01:00
Tom Hvitved
3027ed2ca8 C#: Include arguments to ILogger extension method calls in LogMessageSink 2023-05-16 16:04:58 +02:00
Geoffrey White
35b35ec377 Swift: Mirror changes made in the docs. 2023-05-16 14:26:16 +01:00
Michael B. Gale
9660b47879 Hide GHA variables in java-version-too-old test 2023-05-16 14:20:17 +01:00
Alexandre Boulgakov
9e9be4fc5e Merge pull request #13169 from github/sashabu/swift-tests 
Swift: Use `...` to find and run all Bazel tests instead of having list them.
 2023-05-16 14:20:03 +01:00
Paolo Tranquilli
8291b2229a Swift: turn internal error into a TSP warning 2023-05-16 15:18:29 +02:00
Geoffrey White
94b4ebe38b Update swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-05-16 14:16:30 +01:00
Alvaro Muñoz
d17199a9e1 add gson models 2023-05-16 15:00:26 +02:00
Rasmus Lerchedahl Petersen
5d68473d12 python: elide nodes without location from basic 2023-05-16 14:38:51 +02:00
Rasmus Lerchedahl Petersen
5b4f98d6c4 python: Add summaries for container constructors 
Also:
- turn on flow summaries for taint
- do not restrict node type
  (as now we need summary nodes)
 2023-05-16 14:38:51 +02:00
Jeroen Ketema
e8423f858f Merge pull request #13149 from MathiasVP/barrier-out-on-phi-back-edges 
C++: Block flow through back-edges in `cpp/overrun-write`
 2023-05-16 14:22:55 +02:00
Mathias Vorreiter Pedersen
03ef18b286 Swift: Recommend a proper source of randomness in 'swift/hardcoded-key'. 2023-05-16 11:59:41 +01:00
Kasper Svendsen
843640c486 Merge pull request #13173 from kaspersv/kaspersv/enable-implicit-this-warnings-shared-packs 
Enable implicit this warnings for shared packs
 2023-05-16 10:50:28 +02:00
Rasmus Lerchedahl Petersen
145eaf3947 python: remove steps for container constructors 2023-05-16 10:35:10 +02:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Kasper Svendsen
bfb098c3d6 Enable implicit this warnings for shared packs 2023-05-16 09:22:29 +02:00
Tony Torralba
ac1df4de91 Merge pull request #13166 from atorralba/atorralba/java/xpath-xxe-sink 
Java: Add `XPath.evaluate` as XXE sink
 2023-05-16 09:14:56 +02:00
Erik Krogh Kristensen
57858afbd9 Merge pull request #13165 from erik-krogh/proto-assign-qhelp 
JS: fixup in the qhelp for `js/prototype-polluting-assignment`
 2023-05-16 08:52:52 +02:00
Owen Mansel-Chan
1a9bd9ccde Merge pull request #13135 from owen-mc/go/fix-unit-test 
Go: fix unit test
 2023-05-16 07:50:50 +01:00
Alexandre Boulgakov
8db945a11e Swift: Use ... to find and run all Bazel tests instead of having to list them. 2023-05-15 20:51:31 +01:00
Geoffrey White
5019d3befa Swift: Update test annotations. 2023-05-15 18:23:48 +01:00
Geoffrey White
3f206cce00 Swift: Simplify out toLowerCase(). 2023-05-15 18:23:33 +01:00
Geoffrey White
047494dc95 Swift: Bank account numbers are a credential now, I guess they don't need to be private data as well. 2023-05-15 18:22:55 +01:00
Geoffrey White
252b72b573 Swift: Add some special cases to preserve (for now) result quality. 2023-05-15 18:22:50 +01:00
Geoffrey White
245e8fbc92 Swift: Use SensitiveDataHeuristics.qll in SensitiveCredential. 2023-05-15 18:14:52 +01:00
Geoffrey White
a91c45049e Swift: Add some special cases to preserve (for now) result quality. 2023-05-15 18:06:33 +01:00
Geoffrey White
e2080c5d00 Swift: SensitiveDataHeuristics.qll expects function names without an (argument:list:). 2023-05-15 17:45:56 +01:00