hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 09:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,679 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
963e0a730d C++: Fix some off-by-one mistakes in the test. 2024-01-18 17:38:32 +00:00
Pierre
4922b7fd11 Regenerate 2.16.0 changelog with fixed changenote 2024-01-18 18:08:50 +01:00
Tony Torralba
716c6cd519 Merge pull request #15375 from atorralba/atorralba/docs/amend-change-note 
Fix change note category for clarity
 2024-01-18 17:49:00 +01:00
Benjamin Rodes
833ef9d6d6 Further reorg of libraries and predicates to allow for more reusable and consistent libraries. 2024-01-18 11:17:24 -05:00
Tony Torralba
736df6fb05 Fix change note category for clarity 2024-01-18 17:09:34 +01:00
Geoffrey White
42571069bf C++: Autoformat. 2024-01-18 16:01:06 +00:00
Geoffrey White
017369c6f2 C++: Remove redundant import (identified by QL-for-QL). 2024-01-18 15:59:32 +00:00
Benjamin Rodes
967526b285 Separating out use after free logic into a library and a ql so the query can be expanded easily. 2024-01-18 10:59:17 -05:00
Benjamin Rodes
8bd682b3f2 Deallocation.qll formatting. 2024-01-18 10:49:23 -05:00
Benjamin Rodes
7e70b30772 Adding missing windows library free functions to deallocation set 2024-01-18 09:59:28 -05:00
Alex Ford
9536fb5cae Merge pull request #15372 from github/rb/docs-ruby-3-3 
Ruby: update supported version to 3.3
 2024-01-18 14:47:15 +00:00
Tony Torralba
1d7dbec719 Go: Add flow sources for AWS Lambda function handlers 2024-01-18 15:17:21 +01:00
Michael B. Gale
d8eef2716b Merge pull request #15360 from github/mbg/csharp/redefine-successfully-extracted-files 2024-01-18 14:09:20 +00:00
Geoffrey White
cc2b61186e C++: Document TReturnKind, NormalReturnKind and IndirectReturnKind better. 2024-01-18 13:24:57 +00:00
Geoffrey White
dd27ef7d3c C++: Add MAD source definitions for the new taint sources and update the (real) test. 2024-01-18 13:24:57 +00:00
Geoffrey White
833165f86c C++: Update the (synthetic) test. 2024-01-18 13:24:57 +00:00
Geoffrey White
c85262cfd0 C++: Add the shared MAD pack to CPP. 2024-01-18 13:24:57 +00:00
Geoffrey White
a8863e44db C++: Port implementation to CPP. 2024-01-18 13:24:57 +00:00
Geoffrey White
3aacc5ffde C++: Copy FlowSummaryImpl.qll from Swift. 2024-01-18 13:01:16 +00:00
Geoffrey White
fbf9545338 C++: Copy ExternalFlow.qll from Swift. 2024-01-18 13:01:16 +00:00
Geoffrey White
303882350b C++: Add some test cases for new (real) taint sources to be defined using models-as-data. 2024-01-18 13:01:16 +00:00
Geoffrey White
9611e4ce19 C++: Add tests for (synthetic) models-as-data sources and sinks. 2024-01-18 13:01:16 +00:00
Michael Nebel
43350b0664 C#: Add change note. 2024-01-18 13:55:18 +01:00
Rasmus Wriedt Larsen
f20d4e22fe Handle only exclude 2024-01-18 13:54:45 +01:00
Michael Nebel
9e9b5292f2 C#: Add change note. 2024-01-18 13:50:52 +01:00
Michael B. Gale
d0003ce7be C#: Rename query to ExtractedFiles 2024-01-18 12:47:11 +00:00
Michael Nebel
337ab611c9 C#: Update expected test output. 2024-01-18 12:53:48 +01:00
Michael Nebel
9460c91c8c C#: Also consider nullable simple types (and datetime) as simple type sanitizers. 2024-01-18 12:53:29 +01:00
Michael Nebel
559842071a C#: Add example of log forging alert for simple nullable types and updated expected test output. 2024-01-18 12:50:40 +01:00
Michael Nebel
f8f95e6a19 C#: Add models as data test for inline arrays. 2024-01-18 12:23:26 +01:00
Michael Nebel
1d88ca2388 C#: Add more InlineArray test cases. 2024-01-18 12:23:26 +01:00
Rasmus Wriedt Larsen
54c7c5e8be Tree sitter extractor: Proper handling of LGTM_INDEX_FILTERS 
If someone had used `LGTM_INDEX_FILTERS=exclude:**/*\ninclude:*.rb`
before, we would have mistakenly excluded all files :|
(LGTM_INDEX_FILTERS is a prioritized list where later matches take
priority over earlier ones)

This change is needed to support adding `exclude:**/*` as the first
filter if `paths` include a glob, which currently causes bad behavior in
the Python extractor. However, we can first introduce that change once
this PR has been merged.

I realize this change can cause more folders and files to be traversed
(since they are not just skipped with --exclude). We plan to make a
better long term fix which should bring back the previous performance.
 2024-01-18 11:44:31 +01:00
Michael Nebel
70e7c92774 C#: Also check the namespace of the InlineArrayAttribute. 2024-01-18 11:09:01 +01:00
Michael Nebel
674838e698 C#: Add flow test for inline arrays. 2024-01-18 11:09:01 +01:00
Michael Nebel
f14b3265ab C#: Move static methods in CollectionFlow as these impact result line numbers. 2024-01-18 11:09:00 +01:00
Michael Nebel
47505b3bfa C#: Add array access test for an inline array. 2024-01-18 11:09:00 +01:00
Michael Nebel
0453bb86e0 C#: Update test output of existing expressions tests. 2024-01-18 11:09:00 +01:00
Michael Nebel
ae52779cf6 C#: Add inline array test to expressions. 2024-01-18 11:09:00 +01:00
Michael Nebel
de831d188f C#: Add inline type array test. 2024-01-18 11:09:00 +01:00
Michael Nebel
8a97c8c28e C#: Add QL support for InlineArrayType. 2024-01-18 11:09:00 +01:00
Erik Krogh Kristensen
cda2ef4db5 Merge pull request #15364 from github/dependabot/cargo/ql/rayon-1.8.1 
Bump rayon from 1.8.0 to 1.8.1 in /ql
 2024-01-18 09:24:30 +01:00
dependabot[bot]
7b574bb07a Bump rayon from 1.8.0 to 1.8.1 in /ql 
Bumps [rayon](https://github.com/rayon-rs/rayon) from 1.8.0 to 1.8.1.
- [Changelog](https://github.com/rayon-rs/rayon/blob/master/RELEASES.md)
- [Commits](https://github.com/rayon-rs/rayon/compare/rayon-core-v1.8.0...rayon-core-v1.8.1)

---
updated-dependencies:
- dependency-name: rayon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-18 03:16:14 +00:00
Michael B. Gale
a30791833d C#: Report any extracted file as successfully extracted 2024-01-17 20:57:39 +00:00
Michael B. Gale
4a71ddd8b6 Merge pull request #15355 from github/mbg/go/increase-test-robustness 
Go: Improve robustness of integration tests
 2024-01-17 16:45:30 +00:00
Ben Rodes
67e43ecc44 Merge branch 'main' into 38-cpp-generalize-use-after-free-libraries 2024-01-17 08:05:41 -08:00
Michael B. Gale
783f006d62 Go: Update go clean -modcache comment 2024-01-17 16:04:13 +00:00
Sid Shankar
2d71294f61 Merge pull request #15256 from sidshank/change/adjust-extracted-files-diagnostics 
Js/Py/Rb: Report any extracted file as successfully extracted
 2024-01-17 11:04:06 -05:00
Mathias Vorreiter Pedersen
39dafd6f6a C++: Suggestions to #15343 (#39) 
* C++: Change the interface of 'FlowAfterFree' so that the module it takes
a single module as a parameter.

* C++: Add another predicate to the module signature.

* C++: Convert the use-after-free and double-free libraries to use new interface.

* C++: Accept test changes.
 2024-01-17 11:02:46 -05:00
Max Schaefer
7bc03040ec Make tags for positive and negative examples more precise. 2024-01-17 15:57:27 +00:00
Max Schaefer
3ae484868a Merge pull request #15326 from github/max-schaefer/automodel-negative-sink-models 
Automodel: Apply negative characteristics only to endpoints of the right kind.
 2024-01-17 15:54:28 +00:00