hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli/v2.20.1
Commit Graph

12735 Commits

Author SHA1 Message Date
github-actions[bot]
88b6f1e79a Release preparation for version 2.20.1 2025-01-07 20:50:36 +00:00
Dave Bartolomeo
72a53c4b23 Revert "Release preparation for version 2.20.1" 2025-01-07 13:32:23 -05:00
github-actions[bot]
fbf9f2fff8 Release preparation for version 2.20.1 2025-01-07 17:20:13 +00:00
Dave Bartolomeo
22e030584c Revert "Release preparation for version 2.20.1" 2025-01-07 12:14:27 -05:00
github-actions[bot]
a121c5a5d0 Release preparation for version 2.20.1 2025-01-06 18:20:22 +00:00
Asger F
be939dca29 Merge pull request #14350 from asgerf/shared/deduplicate-path-graph 
Shared: Add DataFlow::DeduplicatePathGraph
 2024-12-18 14:04:29 +01:00
Asger F
8340841d54 Shared: Fix propagation of call bit 2024-12-17 11:16:04 +01:00
Asger F
950ae44d03 Shared: Show test failures 2024-12-17 11:15:57 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Asger F
f2968f4e14 Shared: Ensure subpath-induced edges are handled properly 
Argument-passing and flow-through edges are present in 'edges' in addition to 'subpaths', but the implementation didn't take this into account.
 2024-12-16 13:21:43 +01:00
Michael Nebel
0bfc1b6ea8 Also move the postprocessing queries to the library pack. 2024-12-12 15:03:03 +01:00
Michael Nebel
941b0abbf6 Move modules to the library packs. 2024-12-12 15:03:01 +01:00
Owen Mansel-Chan
8703e21f62 Merge pull request #17996 from owen-mc/java/lightweight-IR-layer-classes 
Java: Make separate classes for different control flow node kinds
 2024-12-12 13:36:54 +00:00
Owen Mansel-Chan
8e11789186 Restore asStmt, asExpr and asCall to Node 
It doesn't really make sense to define them in terms of dispatch.
 2024-12-12 12:30:01 +00:00
Michael Nebel
0a1d2d0bbb Java: Update all test util paths to point to the new location. 2024-12-12 13:21:25 +01:00
Michael Nebel
91cfb30513 Java: Move test utilities to the java query pack. 2024-12-12 13:21:22 +01:00
Owen Mansel-Chan
066db766ef Merge pull request #18153 from owen-mc/java/resttemplate-getforobject 
Java: add SSRF sink model for the third parameter of `RestTemplate.getForObject`
 2024-12-11 16:37:35 +00:00
Jami
538dee81b6 Merge pull request #18214 from jcogs33/jcogs33/java/file-getname-path-sanitizer 
Java: add File.getName as a path injection sanitizer
 2024-12-11 10:18:02 -05:00
Owen Mansel-Chan
1420bce36a Move import statement in SpringWebClient.qll 2024-12-11 14:19:24 +00:00
Anders Schack-Mulligen
066cfa31d2 Merge pull request #18258 from aschackmull/dataflow/simplify-apapprox3 
Dataflow: Simplify references to access paths from prior stage.
 2024-12-11 14:23:31 +01:00
Asger F
889100a243 Java: update test output with provenance 2024-12-11 13:19:47 +01:00
Asger F
afdbf2c3c6 Java: update test to account for key,val 2024-12-11 13:19:36 +01:00
Asger F
736388809d Java: MethodAccess -> MethodCall 2024-12-11 13:19:25 +01:00
Owen Mansel-Chan
aaa4361120 Rearrange member predicates in ControlFlow::Node 
Put all the ones which might need to be overrridden by subclasses
together for ease of reading.
 2024-12-11 10:34:18 +00:00
Owen Mansel-Chan
79f4f78fc2 Make separate classes for control flow node kinds 
This puts all the logic of a particular control flow node kind into one
place and makes it easier to add new kinds.
 2024-12-11 10:34:16 +00:00
Asger F
5aa1242117 Shared: use a call bit when tracking reachability to/from a discriminator 2024-12-11 11:29:14 +01:00
Asger F
0eb543e0a9 Java: add test for spurious flow from path graph deduplication 2024-12-11 11:29:13 +01:00
Cornelius Riemenschneider
f0971684e3 Merge pull request #18257 from github/criemen/bazel-8-00 
Upgrade bazel to 8.0.0.
 2024-12-11 11:14:41 +01:00
Owen Mansel-Chan
5b575113c3 Update test-kotlin2 2024-12-10 15:56:15 +00:00
Owen Mansel-Chan
4978a6eb37 Fix getasuccessor kotlin 
The change in results shows that there are now fewer control flow nodes.
We have removed precisely those with no successor or predecessor.
 2024-12-10 15:26:20 +00:00
Owen Mansel-Chan
5e0c3ab715 Fix kotlin tests 2024-12-10 15:26:19 +00:00
Owen Mansel-Chan
3f5886ef7a Accept another review suggestion 2024-12-10 15:26:17 +00:00
Owen Mansel-Chan
2da9bfb1a6 Finish renaming getCFGNode to getCfgNode 2024-12-10 15:26:16 +00:00
Owen Mansel-Chan
274281f61e Apply all suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-12-10 15:26:14 +00:00
Owen Mansel-Chan
d06dfe0ca3 Add change note 2024-12-10 15:26:13 +00:00
Owen Mansel-Chan
0f3dd6d8f1 Java: IPA the CFG 2024-12-10 15:26:11 +00:00
Anders Schack-Mulligen
da179705c3 Java: Accept expected file changes. 2024-12-10 14:52:06 +01:00
Cornelius Riemenschneider
53ca5083a9 Upgrade bazel to 8.0.0. 
Previously, we were using 8.0.0rc1.
In particular, this upgrade means we need to explicitly
import more rules, as they've been moved out of the core bazel repo.
 2024-12-10 12:05:37 +01:00
Jami Cogswell
214da9e9ad Java: add change note 2024-12-06 19:59:40 -05:00
Owen Mansel-Chan
347fd575a2 Refactor to avoid duplicated logic 2024-12-05 11:15:43 +00:00
Owen Mansel-Chan
b20b7c7572 Remove escaped "{" and "}" before counting placeholders 2024-12-05 10:43:13 +00:00
Anders Schack-Mulligen
4bf63fedc9 Merge pull request #18179 from aschackmull/dataflow/accesspath-notypes 
Dataflow: Remove tracked types from Access Paths, track tainted object type, and tweak type pruning.
 2024-12-05 09:58:36 +01:00
Jami Cogswell
121780c55a Java: add File.getName as a path injection sanitizer 2024-12-04 18:57:51 -05:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Jeroen Ketema
10592bb1c4 Merge pull request #18192 from jketema/inline-rm 
Remove deprecated `InlineExpectationsTest` class-based API
 2024-12-04 11:34:39 +01:00
Anders Schack-Mulligen
03fdceb0fd Merge pull request #18191 from aschackmull/dataflow/remove-deprecated-lib 
Dataflow: Delete the old configuration-class based api.
 2024-12-04 11:31:46 +01:00
Anders Schack-Mulligen
5042753b29 C#/Java: Add change notes. 2024-12-04 10:20:43 +01:00
Anders Schack-Mulligen
f38602e9fe Java: Update references to deleted aliases. 2024-12-03 20:08:45 +01:00