hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 21:20:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
71,154 Commits 1,679 Branches 158 Tags
codeql-cli/v2.19.2
Commit Graph

71154 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
97ead6f462 Merge pull request #17560 from hvitved/codegen/remove-cached 
Codegen: Do not cache injectors/projectors in `Synth` module
 2024-09-27 13:17:02 +02:00
Ian Lynagh
2a5b48930a Kotlin: Fix the return type for lambda constructors 2024-09-27 11:21:40 +01:00
Ian Lynagh
08be35fc2c Kotlin: Add a test for constructors 2024-09-27 11:21:23 +01:00
Arthur Baars
7c6239b077 Merge branch 'main' into unreachable 2024-09-27 12:15:49 +02:00
Rasmus Lerchedahl Petersen
72530a8312 Python: use synthetic node for comprehension capture argument 
We used to use the CfgNode for the comprehension itself.
In cases where that is also an argument, say
```python
",".join([x for x in l])
```
that would be an argument to two different calls causing a dataflow consistency violation.
 2024-09-27 12:15:03 +02:00
Rasmus Lerchedahl Petersen
294092b671 Python: use comprehension function argument 
For a comprehension `[x for x in l]
- `l` is now a legal argument (in DataFlowPublic)
- `l` is the argument of the comprehension function (in DataFlowDispatch)
- the parameter of the comprehension function is being read rather than `l` (in IterableUnpacking)
Thus the read that used to cross callable boundaries is now split into a arg-param edge and a read from that param.
 2024-09-27 09:44:39 +02:00
Michael Nebel
0b39c5b982 C#/Java: Update model generator expected output. 2024-09-27 09:22:29 +02:00
Michael Nebel
80497f551e Shared: Only make unlifted models in case the API itself is relevant. 2024-09-27 09:22:25 +02:00
Michael Nebel
3d1a403655 C#: Add example of content based summary on private method. 2024-09-27 09:22:20 +02:00
Michael Nebel
ccadfa134e Shared: Update the model generator script to allow execution of the mixed model generator queries. 2024-09-27 09:22:15 +02:00
Michael Nebel
8310faa2e9 C#/Java: Add a query that uses both content based and non-content based model generation. 2024-09-27 09:22:11 +02:00
Owen Mansel-Chan
fdff209938 Merge pull request #17505 from owen-mc/go/inheritance-tests 
Go: Add tests for model inheritance and fix bug in promoted methods
 2024-09-26 16:42:25 +01:00
Calum Grant
8e85f24c95 Merge pull request #17553 from github/calumgrant/bmn/wrong-number-of-format-arguments 
C++: Remove FPs in cpp/wrong-number-format-arguments due to BMN
 2024-09-26 15:01:23 +01:00
Calum Grant
8967989c7b C++: Rename change-note 2024-09-26 13:39:46 +01:00
Tom Hvitved
7c473c38c0 Merge pull request #17585 from hvitved/shared/cfg-scope-no-first-consistency 
Shared: Add CFG consistency check for scopes with missing entry points
 2024-09-26 14:05:08 +02:00
Calum Grant
dcb75f490f Update cpp/ql/src/change-notes/2024-09-26-wrong-number-format-arguments 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2024-09-26 13:05:06 +01:00
Calum Grant
8045440d00 Update cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2024-09-26 13:04:52 +01:00
Rasmus Wriedt Larsen
7c32efc218 Merge pull request #17203 from RasmusWL/threat-models 
Python: Add support for threat models
 2024-09-26 13:15:46 +02:00
Rasmus Wriedt Larsen
381ea93ec3 Merge pull request #17424 from RasmusWL/active-threat-model-source 
Go/Java/C#: Rename `ThreatModelFlowSource` to `ActiveThreatModelSource`
 2024-09-26 13:08:17 +02:00
Michael Nebel
a128383760 C#/Java: Add some dfc-generated test cases. 2024-09-26 13:01:01 +02:00
Michael Nebel
2a5dc204fb Shared: Add dfc as a valid model origin. 2024-09-26 13:00:57 +02:00
Michael Nebel
9a923d62ad C#/Java: Updated expected test output. 2024-09-26 13:00:52 +02:00
Michael Nebel
e70297a7bc Shared: Content based models is now printed with dfc-generated provenance. 2024-09-26 13:00:39 +02:00
Arthur Baars
d7fb7ab551 Merge pull request #17592 from github/aibaars/cargo-fmt 
Rust: run cargo fmt
 2024-09-26 12:57:15 +02:00
Michael Nebel
53c20ccaeb Shared: Some model generator re-factoring. 2024-09-26 12:55:01 +02:00
Michael Nebel
0cd4ccb790 C#/Java: Update model generator expected test output. 2024-09-26 12:49:18 +02:00
Michael Nebel
b041829569 Shared: steps in synthetic path chains should just mention the same synthetic fields. 2024-09-26 12:49:07 +02:00
Arthur Baars
6777a34dfb Rust: run cargo fmt 2024-09-26 12:40:25 +02:00
Geoffrey White
caca4950e6 Rust: Revert the change to FileSystem.qll. 2024-09-26 11:10:32 +01:00
Geoffrey White
7b3960844d Merge pull request #17589 from geoffw0/missing2 
Rust: Repair rust/diagnostics/unextracted-elements
 2024-09-26 11:03:03 +01:00
Michael Nebel
aae8660acc C#/Java: Add some examples of missing synthetic field element flow. 2024-09-26 12:00:29 +02:00
Michael Nebel
58513cadbf C#/Java: Add model generator test examples. 2024-09-26 12:00:25 +02:00
Michael Nebel
6cd548f410 Shared: Only exclude API and parameter combinations where we could get more than three summaries. 2024-09-26 12:00:04 +02:00
Rasmus Wriedt Larsen
431a1af628 Merge branch 'main' into threat-models 2024-09-26 11:44:24 +02:00
Chris Smowton
76914c40c9 Merge pull request #17591 from github/smowton/admin/java-23-change-note 
Add change note for Java 23 support
 2024-09-26 10:14:21 +01:00
Tom Hvitved
f389a889ad Exclude consistency output from .gitignore files 2024-09-26 11:09:54 +02:00
Tom Hvitved
24f39ccae2 Rust: Weaken scopeNoFirst check 2024-09-26 11:09:52 +02:00
Tom Hvitved
a3ad6f5697 Ruby: Weaken scopeNoFirst check 2024-09-26 11:07:15 +02:00
Michael Nebel
dd993c3900 Merge pull request #17509 from michaelnebel/modelgen/parammodule 
C#/Java: Re-factor the model generator to be a parameterized module.
 2024-09-26 10:57:16 +02:00
Calum Grant
9b5c9af489 C++: Add change note 2024-09-26 09:31:45 +01:00
Calum Grant
7f2d485ae9 C++: Update comment 2024-09-26 09:31:43 +01:00
Calum Grant
c2871f4def Update cpp/ql/lib/semmle/code/cpp/Function.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2024-09-26 09:31:42 +01:00
Calum Grant
4a14a3cacb Update cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2024-09-26 09:31:40 +01:00
Calum Grant
0ad2e193e5 C++: Update test case 2024-09-26 09:31:18 +01:00
Calum Grant
31684d2548 C++: Remove FPs in cpp/wrong-number-format-arguments due to BMN 2024-09-26 09:27:59 +01:00
Calum Grant
6a0212ea44 C++: Add regression test 2024-09-26 09:27:51 +01:00
Michael Nebel
297d32180c Merge pull request #17582 from michaelnebel/csharp/attributecollectionsinks 
C#: `AttributeCollection` is no longer considered a HTML sink.
 2024-09-26 09:17:31 +02:00
Chris Smowton
ba5be80814 Typo 2024-09-25 21:32:52 +01:00
Chris Smowton
2c9488e475 Add change note for Java 23 support 2024-09-25 21:32:24 +01:00
Geoffrey White
f8ce11b3a7 Rust: Improve File.getNumberOfLinesOfCode(). 2024-09-25 16:42:29 +01:00