hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-17 16:34:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,679 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
2eb8d13439 C++: Accept test changes. 2024-03-01 09:25:25 +00:00
Rasmus Wriedt Larsen
bbe8c6dcaa Python: Remove synth postupdate nodes from tt-consistency 2024-03-01 10:23:50 +01:00
Rasmus Wriedt Larsen
9f01ea68f7 Python: Add type-tracking consistency query 
For now I'm only ignoring stdlib nodes, so it's easy for reviewer to see
why we need to have more excludes :)
 2024-03-01 10:19:49 +01:00
Florin Coada
a8816a6d1c Update java/ql/src/change-notes/released/0.8.9.md 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-03-01 09:18:22 +00:00
Florin Coada
d54e3d73ab Update java/ql/src/CHANGELOG.md 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-03-01 09:18:14 +00:00
Rasmus Wriedt Larsen
d182eae868 Python: Add consistency check for PhaseDependentFlow 
This would have found the problem in
https://github.com/github/codeql/pull/15755.

As highlighted in the comment in the code, it's not a perfect solution
since we don't have an automatic way to ensure we don't introduce a new
PhaseDependentFlow use with a new step relation and forget to add it to
this consistency check... but I think this consistency check still adds
value!
 2024-03-01 10:01:08 +01:00
Tony Torralba
664dac6b28 Merge pull request #15773 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-03-01 09:22:47 +01:00
Tony Torralba
dd1dbdf4ec Java: Fix provenance of Map.Entry.copyOf models 2024-03-01 09:00:13 +01:00
github-actions[bot]
148bc26b09 Add changed framework coverage reports 2024-03-01 00:17:57 +00:00
Owen Mansel-Chan
54031a8187 Merge pull request #15767 from owen-mc/java/add-summary-models 
Java: add a few summary models
 2024-02-29 21:21:23 +00:00
Tom Hvitved
a8468a6178 C#: Better handle multiple global.json files 2024-02-29 20:27:52 +01:00
Mathias Vorreiter Pedersen
1466f11a92 C++: Add change note. 2024-02-29 18:39:59 +00:00
Geoffrey White
a499919239 Shared: More helpful QLDoc for simpleLocalFlowStep. 2024-02-29 17:13:40 +00:00
Paolo Tranquilli
6d90877c52 Merge pull request #15536 from github/redsun82/bazel-cmake 
Bazel/CMake: auto detect all `cc_binary`/`cc_test` targets
 2024-02-29 18:13:40 +01:00
Geoffrey White
f834768720 Shared: Improve QLDoc for forceHighPrecision. 2024-02-29 17:09:31 +00:00
Geoffrey White
9d2dc7a3cc Shared: Format. 2024-02-29 17:09:16 +00:00
Ed Minnix
f488f23a48 Add LocalFlowSource back to UncontrolledFormatString 2024-02-29 12:06:59 -05:00
Geoffrey White
88e3bc6865 Update shared/dataflow/codeql/dataflow/DataFlow.qll 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-02-29 17:03:30 +00:00
Edward Minnix III
89bdb7f437 Remove discussion of local flow in change note 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2024-02-29 12:03:19 -05:00
Ed Minnix
86ceeebd89 Change handling of LocalSource in queries 
1. Change `LocalSource` to extend `DataFlow::Node`, thus removed from
   the definiton of `Source`
2. Add a private class `AddLocalSource` which extends `Source`. This
   allows us to currently preserve the inclusion of local sources, while
   making it easier to remove it in the future.
 2024-02-29 12:03:17 -05:00
Ed Minnix
3563c7ef03 Modify deprecated RemoteSource classes to extend DataFlow::Node directly. 
Since `ThreatModelFlowSource` contains `RemoteFlowSource` by default, we
can safely remove the `RemoteSource` from the default of the queries.
 2024-02-29 12:03:16 -05:00
Ed Minnix
e64826db1b Add threat-model configuration for UncontrolledFormatString test 2024-02-29 12:03:14 -05:00
Ed Minnix
af749e221b Remove commented out code 2024-02-29 12:03:13 -05:00
Ed Minnix
f237d2aeda Refactor to use ThreatModelFlowSource 2024-02-29 12:03:12 -05:00
Ed Minnix
5198f52351 Add references to changed queries in change note 2024-02-29 12:03:11 -05:00
Ed Minnix
22e8da2928 Update change note date 2024-02-29 12:03:09 -05:00
Ed Minnix
eb81946adc Change note changes to mention local sources as well 2024-02-29 12:03:08 -05:00
Ed Minnix
b4dabee770 Remove unnecessary flowsources.Remote imports 
Since `FlowSources` now re-exports `Remote`, these can be safely removed.
 2024-02-29 12:03:07 -05:00
Ed Minnix
434fa20646 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:05 -05:00
Ed Minnix
1086abca63 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:04 -05:00
Ed Minnix
b76795fd28 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:03 -05:00
Ed Minnix
fd3738b10e Refactor to using SourceNode::getSourceType 2024-02-29 12:03:01 -05:00
Ed Minnix
31d4d0ca57 Move getSourceType to SourceNode 2024-02-29 12:03:00 -05:00
Ed Minnix
75772664f2 Change note 2024-02-29 12:02:58 -05:00
Ed Minnix
f388a0f10c Deprecate direct uses of RemoteFlowSource and replace with ThreatModelFlowSource 2024-02-29 12:02:57 -05:00
Ed Minnix
bd0137a721 Deprecated direct use of RemoteFlowSource and use ThreatModelFlowSource instead 2024-02-29 12:02:55 -05:00
Chris Smowton
051d63a5a9 Merge pull request #15740 from smowton/smowton/feature/call-and-type-telemetry 
Java: add extraction quality telemetry; improve stringification of some erroneous expressions
 2024-02-29 16:51:51 +00:00
Tony Torralba
47bf556223 Merge pull request #15709 from atorralba/atorralba/java/enable-widget-taint-steps 
Java: Re-enable Widget.qll flow steps
 2024-02-29 17:33:05 +01:00
Owen Mansel-Chan
7b5f51b1e2 Change summary models to neutral models for javax.crypto.Cipher 2024-02-29 16:22:27 +00:00
Geoffrey White
445b82b4e1 Shared: Explain 'guard'. 2024-02-29 16:07:20 +00:00
Geoffrey White
70465b22c7 Shared: Remove @ annotations. 2024-02-29 16:00:43 +00:00
Geoffrey White
98289b52d6 Shared: Explain SsaPhiNode a bit more. 2024-02-29 15:45:43 +00:00
Geoffrey White
8151f3024d Shared: Pinch better doc for isEquality from a related Guards class in csharp. 2024-02-29 15:41:51 +00:00
Chris Smowton
ef9544cbef Adjust test expectations now signature type-accesses are named 2024-02-29 15:33:29 +00:00
Chris Smowton
903e4f59f0 Exclude error types from contradictory-type-check query 2024-02-29 14:59:46 +00:00
Chris Smowton
140c3189e3 Adjust test expectations 2024-02-29 14:59:46 +00:00
Chris Smowton
3bd0c3b2c2 Switch test to using a qlref to the real telemetry query 2024-02-29 14:59:46 +00:00
Chris Smowton
ef82ea7541 Add change note 2024-02-29 14:59:46 +00:00
Chris Smowton
551006c15e Make predicate private 2024-02-29 14:59:46 +00:00
Chris Smowton
ffa998eb4a Autoformat 2024-02-29 14:59:45 +00:00