hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 02:14:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,684 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
8218f80154 C#: Base all telemetry tests on stubs. 2023-12-13 11:57:44 +01:00
Michael Nebel
57d5d71d03 C#: Only count calls in source code. 2023-12-13 11:57:32 +01:00
Michael Nebel
16e86134f3 Merge pull request #15087 from michaelnebel/csharp/stubgenrefreadonly 
C#: Stub generator support for `ref readonly` parameters.
 2023-12-13 11:46:45 +01:00
Owen Mansel-Chan
56507c2709 Merge pull request #15084 from github/dependabot/go_modules/go/extractor/extractor-dependencies-88d2ef26ea 
Bump the extractor-dependencies group in /go/extractor with 1 update
 2023-12-13 10:21:32 +00:00
Michael Nebel
b023338ed7 Merge pull request #15086 from michaelnebel/csharp/testusemorestubs 
C#: Base more tests purely on stubs.
 2023-12-13 11:19:38 +01:00
Tony Torralba
66b54f03b7 Rename test 2023-12-13 11:15:27 +01:00
Tony Torralba
d955dce72a Improve source of randomness detection 
Also sanitize flow out of sinks to avoid overlapping paths
 2023-12-13 11:15:27 +01:00
Tony Torralba
fc45621ab1 Add pac4j JWT cryptographic key sinks 2023-12-13 11:15:27 +01:00
Tony Torralba
7bc907840c Fix tests 2023-12-13 11:15:27 +01:00
Tony Torralba
3a5d711711 Add cookie sinks 2023-12-13 11:15:27 +01:00
Tony Torralba
435d1f97a3 Add sink for OpenSAML's RequestType.setID 2023-12-13 11:15:27 +01:00
Michael Nebel
b7f4bfe719 C#: Add a unit test for stub generation of ref readonly parameters. 2023-12-13 11:09:57 +01:00
Michael Nebel
766baa9a50 C#: Add support for ref readonly parameters in the stub generator. 2023-12-13 11:09:57 +01:00
Tony Torralba
4cb53a76d6 Merge pull request #15082 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-12-13 10:35:49 +01:00
Michael Nebel
35a615cac3 C#: Base the remoteflowsource test on stubs and update line numbers in expected output. 2023-12-13 10:07:57 +01:00
Michael Nebel
94d81b501b C#: Base the CWE-614 tests purely on stubs. 2023-12-13 10:07:57 +01:00
Michael Nebel
4fc8762444 C#: Base the asp/basic tests on stubs only. 2023-12-13 10:07:57 +01:00
Michael Nebel
0b39f1155e C#: Base the remaning CWE-1004 tests purely on stubs. 2023-12-13 10:07:57 +01:00
Michael Nebel
cdf6b28e13 C#: Base the modelgenerator/dataflow tests on stubs. 2023-12-13 10:07:56 +01:00
masterofnow
e1b8fabf7f Use global instead of local taint tracking. 2023-12-13 13:50:34 +08:00
masterofnow
8538c12267 Merge branch 'github:main' into LoadClassNoSignatureCheck 2023-12-13 13:47:40 +08:00
dependabot[bot]
dae1a5c70e Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).

- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.16.0...v0.16.1)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-13 04:02:50 +00:00
github-actions[bot]
9b20665d75 Add changed framework coverage reports 2023-12-13 00:16:25 +00:00
Yunus AYDIN
a47ffc6833 Remove unnecessary rules 2023-12-13 01:52:06 +03:00
Yunus AYDIN
bb2083d10a Remove database directory and add WebCacheDeceptionLib.qll 2023-12-13 01:50:56 +03:00
Alexander Eyers-Taylor
236a6a1bce CPP: Apply suggestions from code review 
Fix spelling in query id

Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-12 17:22:46 +00:00
Tony Torralba
bd8f35bef7 Java: Fix FPs in Missing certificate pinning 
Local URIs should never require pinning
 2023-12-12 18:02:12 +01:00
Florin Coada
e637eb720b Merge pull request #15076 from github/changedocs/2.15.4 
Release change notes for 2.15.4
 2023-12-12 16:51:28 +00:00
Alex Eyers-Taylor
136a77b86e CPP: Add change note for cpp/use-of-uniwue-pointer-after-lifetime-ends 2023-12-12 16:47:55 +00:00
Alex Eyers-Taylor
e9bc5a54ea CPP: Add query for detecting invalid uses of temporary unique pointers. 2023-12-12 16:22:20 +00:00
Tony Torralba
27be5ba14b Merge pull request #15073 from atorralba/atorralba/java/remove-invalid-ognl-sinks 
Java: Remove invalid OGNL sinks
 2023-12-12 16:52:31 +01:00
Owen Mansel-Chan
5675df842e Merge pull request #15054 from owen-mc/go/find-more-callees-for-captured-variables 
Go: Also follow jump steps when looking for a callee source
 2023-12-12 15:49:15 +00:00
Geoffrey White
609f92c7ac Merge pull request #13870 from geoffw0/commoncrypto1 
Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query
 2023-12-12 15:26:02 +00:00
Mathew Payne
7a48152ea9 Add Go Stubs for LibXML2 2023-12-12 15:10:08 +00:00
Chad Bentz
2d33f86d41 Initial Push 
- Sample test  (test not compiling)
- Stubs not generating
 2023-12-12 15:00:00 +00:00
Edward Minnix III
4d6521fd7a Merge pull request #13608 from egregius313/egregius313/weak-randomness 
Java: Add Weak Randomness Query (CWE-330/338)
 2023-12-12 09:40:11 -05:00
Florin Coada
062a85e77b Removed local preview dox-out 2023-12-12 14:32:46 +00:00
Tony Torralba
fad53a25c0 Update java/ql/lib/ext/struts2.model.yml 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2023-12-12 14:58:47 +01:00
Mathias Vorreiter Pedersen
3dea467dcc Merge pull request #15047 from MathiasVP/add-puns-for-addresses-of-arguments 
C++: Add `PostUpdateNode`s for addresses of outgoing arguments
 2023-12-12 13:55:13 +00:00
Mathias Vorreiter Pedersen
412ea67ba0 Merge pull request #15075 from MathiasVP/print-data-flow-relevant-IR 
C++: Add a `PropertyProvider` for only showing dataflow-relevant IR
 2023-12-12 13:51:11 +00:00
Tom Hvitved
3c2336e40b Merge pull request #15074 from hvitved/dataflow/get-node-type-cached 
Data flow: Use cached `nodeDataFlowType` instead of `getNodeType`
 2023-12-12 14:49:41 +01:00
Florin Coada
c78dfea3db Release changenotes for 2.15.4 2023-12-12 13:46:32 +00:00
Mathias Vorreiter Pedersen
97f2be9b82 C++: Fix QLDoc. 2023-12-12 13:45:18 +00:00
yoff
a39eb5efc9 Merge pull request #15051 from yoff/python/slightly-improve-tarslip 
Python: slightly improve tarslip logic
 2023-12-12 14:43:43 +01:00
Mathias Vorreiter Pedersen
1ad0e6524e Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintDataFlowRelevantIR.qll 2023-12-12 13:15:36 +00:00
Mathias Vorreiter Pedersen
11386494b7 C++: Factor out the property provider which hides instructions and operands out of the 'LocalFlowPropertyProvider' class and into a separate class. 2023-12-12 13:04:31 +00:00
Tom Hvitved
a46964dfe8 Address review comments 2023-12-12 13:55:52 +01:00
Tom Hvitved
b3929e2375 Data flow: Use cached nodeDataFlowType instead of getNodeType 2023-12-12 13:46:39 +01:00
Tony Torralba
103110f9c2 Java: Remove invalid OGNL sinks 
Fixes #15053
 2023-12-12 13:39:51 +01:00
Alexander Eyers-Taylor
e87b3911dc Merge pull request #14910 from alexet/incorrect-scanf 
CPP: Add query for detecteing incorrect error checking for scanf
 2023-12-12 11:57:17 +00:00