hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-12 18:46:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,712 Branches 162 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
faf1eeeb0d Rust: introduce typed labels 2024-09-13 13:57:14 +02:00
Paolo Tranquilli
23dd572d5e Rust: add CODEQL_ base env layer 2024-09-13 13:39:39 +02:00
Arthur Baars
d73d90dba2 Avoid use of plain 'None' in tests 
For some reason the parser resolves the ambiguity between None as a PathPat or IdentPat
differently on the Action runners vs local machine.
 2024-09-13 12:48:58 +02:00
Simon Friis Vindum
61aad2ec68 Rust: Sort CFG trees and add scope for closures 2024-09-13 11:57:31 +02:00
Simon Friis Vindum
1a85dfd9ce Rust: Loops propagate CFG return completions but captures continue and break 2024-09-13 11:51:16 +02:00
Arthur Baars
e68229892e Add some more QL docs 2024-09-13 11:48:36 +02:00
Arthur Baars
5c02fb4a2e Fix CFG library 2024-09-13 11:41:21 +02:00
Simon Friis Vindum
b979df61ea Rust: Handle functions correctly through scope in CFG 2024-09-13 11:40:26 +02:00
Florin Coada
194c2fa9c4 Add changedocs for 2.18.4 2024-09-13 10:18:04 +01:00
Arthur Baars
e46ad61bb8 Update test data 2024-09-13 11:16:25 +02:00
Arthur Baars
d99c2031ac Workaround nameclash in dbscheme generator 2024-09-13 11:07:02 +02:00
Geoffrey White
587ebbffba Rust: Edit test slightly to avoid DBCheck failure. 2024-09-13 10:02:28 +01:00
Arthur Baars
b0939cfffa Update extractor 2024-09-13 10:58:01 +02:00
Arthur Baars
fa9cfc1104 Regenerate code 2024-09-13 10:52:43 +02:00
Arthur Baars
8dcf93d065 Make class names match rust.ungram 
811905fce8/crates/syntax/rust.ungram
 2024-09-13 10:51:11 +02:00
Arthur Baars
452424a0d2 Fix tests for Path and TypeRef 2024-09-13 10:25:36 +02:00
Arthur Baars
085aad3b3c Update test data 2024-09-13 10:22:01 +02:00
Arthur Baars
c634b0a000 Don't extract non-source crates 2024-09-13 10:16:53 +02:00
Arthur Baars
197fb04184 Improve docs 2024-09-13 10:16:34 +02:00
Tamas Vajk
549b294a05 C#: Add VSCode launch.json 2024-09-13 09:42:55 +02:00
Kevin Stubbings
c30332818f Reorder and rename 2024-09-13 00:41:55 -07:00
Kevin Stubbings
03f375e436 missed some 2024-09-13 00:21:33 -07:00
Paolo Tranquilli
403cc3df90 Rust: avoid cli flag defaults overriding env settings 2024-09-13 06:50:12 +02:00
Kevin Stubbings
7657b3e115 Fix tests 2024-09-12 21:30:32 -07:00
Kevin Stubbings
831d522025 First round feedback 2024-09-12 20:49:10 -07:00
Arthur Baars
c825ae4eab Add some examples for some of the unimplemented nodes 2024-09-12 22:18:02 +02:00
Arthur Baars
8e378d86df Update test data 2024-09-12 22:18:00 +02:00
Arthur Baars
7572546efa Improve handling of unimplemented nodes 2024-09-12 22:17:39 +02:00
Arthur Baars
69761a2942 Rust: AST: add docs with examples for qltest 2024-09-12 19:54:37 +02:00
Arthur Baars
292c6b6159 Clear out unused comments 2024-09-12 17:58:17 +02:00
Arthur Baars
2a88086544 Rust: AST: add docs with examples for qltest 2024-09-12 17:58:15 +02:00
Simon Friis Vindum
f73680ba21 Rust: Handle short-circuiting logical binary operators 2024-09-12 17:30:05 +02:00
Geoffrey White
7907cbeae1 Rust: Add query suites (identical to the Swift ones apart from their names). 2024-09-12 15:55:06 +01:00
Paolo Tranquilli
0b850a2dff Rust: add missing doc 2024-09-12 16:51:52 +02:00
Simon Friis Vindum
c821ec21bb Rust: CFG edge for return in functions 2024-09-12 16:25:43 +02:00
Paolo Tranquilli
beb27bf5e3 Rust: fix QL compilation and schema includes ordering 2024-09-12 15:05:30 +02:00
Simon Friis Vindum
e1f2fa8c7e Rust: Support break and continue in loops 2024-09-12 14:07:43 +02:00
Geoffrey White
f77c79593e Rust: Updated expected for changes on main. 2024-09-12 12:46:04 +01:00
Asger F
1df69ec1d2 JS: Actually don't propagate into array element 0 
Preserving tainted-url-suffix into array element 0 seemed like a good idea, but didn't work out so well.
 2024-09-12 13:42:36 +02:00
Asger F
0e4e0f4fdd JS: Preverse tainted-url-suffix when stepping into prefix 
A URL of form https://example.com?evil#bar will contain '?evil' after splitting out the '#' suffix, and vice versa.
 2024-09-12 13:42:28 +02:00
Asger F
74ab346348 JS: Do not include taint steps in TaintedUrlSuffix::step 
TaintedUrlSuffix is currently only used in TaintTracking configs meaning it is already propagated
by taint steps. The inclusion of these taint steps here however meant that implicit reads could appear prior to any of these steps.

This was is problematic for PropRead steps as an expression like x[0] could spuriously read from array element 1 via the path:

x [element 1]
x [empty access path] (after implicit read)
x[0] (taint step through PropRead)
 2024-09-12 13:42:25 +02:00
Asger F
2712bf821a JS: Fix a bug in isSafeClientSideUrlProperty 2024-09-12 13:42:23 +02:00
Asger F
bc04131c72 JS: Disallow implicit reads before an optional step 2024-09-12 13:42:22 +02:00
Asger F
e1bed42481 JS: Add inline expectation test specifically for TaintedUrlSuffix 2024-09-12 13:42:20 +02:00
Asger F
cf90c83604 JS: Accept changes to nodes/edges results 2024-09-12 13:42:19 +02:00
Asger F
3b09bc548e JS: Add taint step for shift() 2024-09-12 13:42:17 +02:00
Asger F
3ea1134cc1 JS: Add inline test for .shift() method 2024-09-12 13:42:16 +02:00
Asger F
3fcf4ef7a1 JS: More precise model of .shift() 
Array.prototype.shift only returns the first array element.

The mutation of Argument[this] is not yet modelled, and is better handled when we have use-use flow.
 2024-09-12 13:42:15 +02:00
Asger F
e4f7560bcd JS: Add missing qldoc 2024-09-12 13:42:14 +02:00
Asger F
15fc450a9e JS: Add reminder to update ClientSideUrlRedirect 2024-09-12 13:42:13 +02:00