hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 18:34:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,683 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
911f1543e0 DataFlow: Adjust QLDoc. 2023-11-28 15:26:48 +00:00
Tom Hvitved
e79ad3b738 Merge pull request #14937 from hvitved/csharp/stubvisitor-recursion-guard 
C#: Prevent infinite recursion in `EqualsModuloTupleElementNames`
 2023-11-28 16:25:52 +01:00
Mathias Vorreiter Pedersen
339bf1363a DataFlow: s/flowThroughStepAllowed/validParameterAliasStep. 2023-11-28 14:32:23 +00:00
Mathias Vorreiter Pedersen
e47ad274ea C++: Add Schack's tests. 2023-11-28 14:32:21 +00:00
Mathias Vorreiter Pedersen
fb6329fbc1 C++: Fix test annotation 2023-11-28 14:27:15 +00:00
Mathias Vorreiter Pedersen
1771d77c23 C++: Accept test changes. 2023-11-28 14:27:15 +00:00
Mathias Vorreiter Pedersen
9049932f42 C++: Implement the new predicate. 2023-11-28 14:27:15 +00:00
Mathias Vorreiter Pedersen
064f68fdca DataFlow: Add a predicate for modifying which dataflow steps participate in flow-through summaries. 2023-11-28 14:27:15 +00:00
Mathias Vorreiter Pedersen
1753a7e146 C++: Add tests. 2023-11-28 14:27:15 +00:00
Owen Mansel-Chan
de87dd5dee Test no result if deferred function returns error 2023-11-28 14:23:37 +00:00
Owen Mansel-Chan
57dafd3732 Improve test for UnhandledCloseWritableHandle 
Now the different paths won't have the same two sources.
 2023-11-28 14:21:43 +00:00
Jeroen Ketema
28ac46a73f C++: Add change note 2023-11-28 14:57:02 +01:00
Taus
6e279183d9 Python: Remove unused unsafeFilter predicates 2023-11-28 13:54:17 +00:00
Taus
91643ad08f Python: Update hasUnsafeFilter to use API graph 
This will probably break the tests in the short run. I'll fix the remaining issues in a follow-up commit.

Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2023-11-28 14:48:26 +01:00
Rasmus Wriedt Larsen
2c10160ad4 Python: Highlight we actually want post-update nodes for *args and **kwargs arguments 2023-11-28 14:07:03 +01:00
Rasmus Wriedt Larsen
02f2031239 Python: Ensure other call for super().foo 2023-11-28 14:04:51 +01:00
Mathias Vorreiter Pedersen
2b36ba33f0 C++: Add support for 'data' in the query. 2023-11-28 12:57:59 +00:00
Michael B. Gale
e349611f86 Merge pull request #14932 from github/dependabot/go_modules/go/extractor/extractor-dependencies-29c4186f99 
Bump the extractor-dependencies group in /go/extractor with 1 update
 2023-11-28 12:57:24 +00:00
Alex Eyers-Taylor
3e9aeac004 CPP: Fix sscanf false positives in older linux repos 2023-11-28 12:07:05 +00:00
Geoffrey White
68a9154106 Swift: Merge the two PrintfFormat implementations. 2023-11-28 12:03:05 +00:00
Mathias Vorreiter Pedersen
7b8d164692 C++: Add more good test cases. 2023-11-28 11:58:33 +00:00
Mathias Vorreiter Pedersen
62c432f3c7 C++: Tabs -> Spaces. 2023-11-28 11:52:17 +00:00
Geoffrey White
5f4213004b Merge branch 'main' into logsinks 2023-11-28 11:51:56 +00:00
Tom Hvitved
fea2bf9217 C#: Prevent infinite recursion in EqualsModuloTupleElementNames 2023-11-28 11:45:09 +01:00
Rasmus Wriedt Larsen
c12053287e Merge pull request #14936 from RasmusWL/star-args-kwargs-missing-flow 
Python: Highlight missing post-update flow for `*args` and `**kwargs`
 2023-11-28 11:34:51 +01:00
Rasmus Wriedt Larsen
3c82653b63 Python: Highlight missing post-update flow for *args and **kwargs 2023-11-28 10:59:48 +01:00
Jeroen Ketema
7dec819151 C++: Expose whether a function was prototyped or not 2023-11-28 10:24:43 +01:00
Mathias Vorreiter Pedersen
ff4c63f696 C++: Add change note. 2023-11-28 09:16:49 +00:00
Mathias Vorreiter Pedersen
e10caa68f6 C++: Add tests. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
e94cde9b4b C++: Move the use-after-free tests to subdirectory. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
71ad7696c3 C++: Add qhelp. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
204acbacc5 C++: Add a new query for detecting calls to 'c_str' on temporary objects. 2023-11-28 09:06:24 +00:00
dependabot[bot]
d2cad03e28 Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).

- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-28 03:58:15 +00:00
Mathias Vorreiter Pedersen
22a91d18b8 C++: Make the sequence container classes public. 2023-11-27 21:32:49 +00:00
Eric Bickle
aab7ff919e Java: Improve Gson parse, get, and stream models 2023-11-27 12:26:28 -08:00
Tom Hvitved
ccb9d9b8fa C#: Strengthen call-back heuristics by considering body-less methods 2023-11-27 21:15:06 +01:00
Geoffrey White
09998a9f35 Swift: Formatting. 2023-11-27 19:53:32 +00:00
Geoffrey White
f1f5745ed1 Swift: Change note. 2023-11-27 19:43:15 +00:00
Geoffrey White
f19c6f337d Swift: Add imprecise append/insert models. 2023-11-27 19:43:15 +00:00
Geoffrey White
6e5c285346 Swift: Add imprecise init(data:) model. 2023-11-27 19:23:40 +00:00
Geoffrey White
99aa754b50 Swift: Add tests for UIImage. 2023-11-27 19:19:12 +00:00
Geoffrey White
da648b1014 Swift: Convert ui.swift test to use source labels. 2023-11-27 19:06:52 +00:00
Geoffrey White
4b87dd54fb Swift: Add tests for custom append/insert. 2023-11-27 19:02:45 +00:00
Alex Eyers-Taylor
9eb5b23f54 CPP: Fix query formatting 2023-11-27 15:55:44 +00:00
Taus
ad1a86879e Python: Add change note 2023-11-27 14:39:32 +00:00
Harry Maclean
bd575db254 Ruby: Add test for FrameworkModeEndpoints query 2023-11-27 14:18:18 +00:00
Taus
95e9284d08 Python: Add support for extraction filters 
Adds support for extraction filters as defined in
https://peps.python.org/pep-0706/
and implemented in Python 3.12.

By my reading, setting the filter to `'data'` or `'tar'` is probably
safe, whereas `'fully_trusted'` or the default (which is the same as
`None`) is not.

For now, I have just added this modelling to the tarslip query. We could
also share it with the modelling of `shutil.unpack_archive` (which has also
gained a `filter` argument), but it was unclear to me where we should put
this modelling in that case. Perhaps the best solution would be to merge
the experimental `py/tarslip-extended` query into the existing query (in
which case the current location is perhaps not too bad).
 2023-11-27 14:11:17 +00:00
Michael Nebel
f05c86239f Merge pull request #14878 from michaelnebel/csharp/pindotnetinintegrationtests 
C#: Pin integration tests to a specific .NET version.
 2023-11-27 13:22:02 +01:00
Ian Lynagh
7560573b89 Merge pull request #14906 from igfoo/igfoo/locs 
Kotlin 2: Accept some location changes in test-kotlin2/library-tests/stmts
 2023-11-27 11:42:47 +00:00
Harry Maclean
f40f2db3ab Ruby: Fix name of url-redirection sink model 2023-11-27 11:25:37 +00:00