hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,697 Branches 161 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
ff9a4d02f0 Merge pull request #18592 from MathiasVP/fix-enclosing-callable-cpp 
C++: Don't generate dataflow nodes for functions with summaries
 2025-01-28 16:57:44 +00:00
Geoffrey White
919e7978cd Rust: Add PrettyPrintModels.ql to the test. I gather this stabilized the output MaD IDs. 2025-01-28 16:23:20 +00:00
Geoffrey White
df8a92cb62 Merge pull request #6 from hvitved/expect 
Rust: Fix data flow through callbacks passed to library functions
 2025-01-28 16:12:17 +00:00
Mathias Vorreiter Pedersen
202a5e86da C++: Add change note. 2025-01-28 16:07:09 +00:00
Chuan-kai Lin
b9b9394259 AlertFiltering: allow multiple filtering predicates 
This commit rephrases the documentation for the restrictAlertsTo
predicate and renames the predicate columns for clarity. The new
documentation should be equivalent to the old documentation, except
allowing for the possibility that there may be multiple alert filtering
predicates.
 2025-01-28 07:51:45 -08:00
Mathias Vorreiter Pedersen
c9a3cf4bd0 C++: Accept test changes. 2025-01-28 15:48:11 +00:00
Mathias Vorreiter Pedersen
d6054c9a51 C++: Infer larger buffer sizes for non-static member variables. 2025-01-28 15:48:04 +00:00
Mathias Vorreiter Pedersen
1643a66183 C++: Add 'cpp/overflow-buffer' FP tests. 2025-01-28 15:44:53 +00:00
Andrew Eisenberg
4e7d364f4d Delete .github/pull_request_template.md 
The template is not useful.
 2025-01-28 07:40:56 -08:00
Owen Mansel-Chan
2d76466405 Add change note 2025-01-28 15:35:28 +00:00
Owen Mansel-Chan
0ccf4cecb8 Fix XSS FPs when content type is safe 2025-01-28 15:32:30 +00:00
Arthur Baars
8d96c87abe Rust: add UseTree::is_star 2025-01-28 16:12:25 +01:00
Simon Friis Vindum
13e0829d19 Shared: Generalize the number of columns in a generated MaD row 2025-01-28 15:36:09 +01:00
Mathias Vorreiter Pedersen
38b66e5a8e C++: Fix a few type errors. 2025-01-28 14:08:12 +00:00
Calum Grant
cc35ec49e4 C++: Remove linker-awareness FPs 2025-01-28 14:06:38 +00:00
Calum Grant
6df8fdc233 C++: Add test for cpp/wrong-type-format-argument 2025-01-28 14:04:33 +00:00
Mathias Vorreiter Pedersen
d40322f9eb C++: (Bugfix 3) Don't conflate summarized callables and source callables in 'nodeGetEnclosingCallable'. 2025-01-28 13:59:19 +00:00
Mathias Vorreiter Pedersen
06bc8add9d C++: (Bugfix 2) Don't remap isParameterOf. 2025-01-28 13:59:17 +00:00
Mathias Vorreiter Pedersen
662e74924b C++: (Bugfix 1) There should be a callable representing the source code even if there is a summarized version. 2025-01-28 13:59:16 +00:00
Mathias Vorreiter Pedersen
01d7ab93e2 C++: Add consistency check to the MaD folder. 2025-01-28 13:59:14 +00:00
Jonas Jensen
865073a75a QL spec: result of looking through float 
I searched for `float` everywhere in the QL language reference and
considered whether each occurrence should be generalised to cover
`BigInt`.
 2025-01-28 13:58:17 +01:00
Tom Hvitved
8b82eaa633 Rust: Fix data flow through callbacks passed to library functions 2025-01-28 13:44:27 +01:00
Erik Krogh Kristensen
f0755bfb5d Merge pull request #18601 from erik-krogh/del-deps-jan-2025 
All: delete outdated deprecations
 2025-01-28 13:31:41 +01:00
Geoffrey White
f2564c351f Rust: Changes to other tests - mostly MaD IDs :(. 2025-01-28 09:22:30 +00:00
Geoffrey White
6337f5a08b Merge pull request #18586 from geoffw0/floatguards 
C++: Test and (perhaps) fix an issue with guards on floating point comparisons.
 2025-01-28 09:05:13 +00:00
Asger F
16634e6dc9 Merge pull request #18540 from JarLob/bash 
Actions: Improve bash support
 2025-01-28 09:49:58 +01:00
Geoffrey White
dfd1865b96 Rust: Add some basic flow models. 2025-01-28 08:47:15 +00:00
Geoffrey White
9d42be8305 Rust: Alphabetize lang-core.model.yml. 2025-01-28 08:47:14 +00:00
Geoffrey White
c04d619a3c Rust: Add a couple of extra data flow test cases. 2025-01-28 08:47:13 +00:00
Geoffrey White
185a23b3c6 Rust: Allow implicit flow out of content at the test sinks, so that we see our results. 2025-01-28 08:43:06 +00:00
Geoffrey White
a1980d4d08 Rust: Make sources more accurate (Option / Result contents). 2025-01-28 08:43:05 +00:00
Geoffrey White
78d0c5c529 Merge pull request #18602 from geoffw0/reqwest2 
Rust: Additional models for Reqwest
 2025-01-28 08:40:38 +00:00
erik-krogh
c7fc164680 java: remove the 2 from SafeTransformerFactoryFlow, not that the previous naming conflict has been deleted 2025-01-28 09:13:59 +01:00
Nicolas Will
e027b0e9a0 WIP: add properties 2025-01-28 02:02:06 +01:00
Geoffrey White
fd9fb10bb9 Rust: Accept changes from fixing the ]. 2025-01-27 22:50:09 +00:00
Geoffrey White
494d8f2da0 Rust: Update MaD IDs for an unrelated test. :( 2025-01-27 22:22:41 +00:00
Geoffrey White
9d6a13cec2 Rust: Accept improved results for rust/sql-injection. Note that the lost annotations are only sources, not results, and I suspect will return when we have sufficient flow in these cases. 2025-01-27 22:22:38 +00:00
erik-krogh
a1afa20d4b add change-notes 2025-01-27 22:43:13 +01:00
erik-krogh
d46a2d4e80 ruby: delete the remainders of the old deprecated typetracking library 2025-01-27 22:38:07 +01:00
erik-krogh
90b403b40b py: delete the remainder of the deprecated TypeTracker libary 2025-01-27 22:17:18 +01:00
erik-krogh
e1b14cb0be ruby: delete now dead Ruby method 2025-01-27 22:17:13 +01:00
erik-krogh
0056e923ea js: revert the JS deprecations. The old dataflow library is not that old yet 2025-01-27 22:17:07 +01:00
erik-krogh
7b1b366d98 ruby: update ruby tests after deleting deprecated test predicates 2025-01-27 22:17:00 +01:00
erik-krogh
bd8ed1dc04 cpp: revert two cpp dataflow deprecations that take more work 2025-01-27 22:16:54 +01:00
erik-krogh
34f5f61a10 all: use my script to delete outdated deprecations 2025-01-27 22:16:48 +01:00
Geoffrey White
9ea9f3ae19 Update rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-01-27 21:09:21 +00:00
Geoffrey White
7cf872baad Rust: Adjust the tests to work around test processing of /. 2025-01-27 21:00:08 +00:00
Geoffrey White
23ac35e5ca Rust: Model more Reqwest methods (.await still doesn't work though). 2025-01-27 20:52:31 +00:00
Geoffrey White
9583a2a7d3 Rust: Additional test cases for reqwest sources. 2025-01-27 20:42:35 +00:00
Mathias Vorreiter Pedersen
4e44201ba8 C++: Remap calls to source functions to the summarized function. 2025-01-27 16:58:53 +00:00