hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-12 18:46:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,712 Branches 162 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
da696817a3 JS: Convert 'split' taint step to legacy taint step 2024-09-12 13:42:05 +02:00
Asger F
133b016c7c JS: Remove old 'split' handling from TaintedUrlSuffix 2024-09-12 13:41:56 +02:00
Asger F
e87e543850 JS: Ensure optional steps/barriers are computed in the correct stage 2024-09-12 13:35:38 +02:00
Asger F
7790f68fe2 JS: Make the TaintedUrlSuffix library use optional steps/barriers 2024-09-12 13:35:36 +02:00
Asger F
3b34cd72f2 JS: Handle split() with '#' or '?' separator in a separate summary 
This summary uses the notion of optional steps/barriers so it becomes configurable whether there is flow into the zero'th array element.

Also makes sure we handle the second-argument version of split().
 2024-09-12 13:35:33 +02:00
Asger F
24983a5836 JS: Add OptionalStep and OptionalBarrier MaD tokens 
OptionalStep[foo] and OptionalBarrier[foo] contribute steps/barriers that are not active by default, but can be opted into by specific queries or for specific flow states.

(Will be used in the following commits)
 2024-09-12 13:30:39 +02:00
Geoffrey White
9d8b514b5c Merge remote-tracking branch 'upstream/main' into files 2024-09-12 12:29:44 +01:00
Paolo Tranquilli
b4b680775c Rust: integrate into standard files+location library 2024-09-12 13:17:10 +02:00
Tamás Vajk
9250c29bd5 Merge pull request #17439 from tamasvajk/feature/include-razor-files-in-fromSource 
C#: Include `.razor` files in `File::fromSource`
 2024-09-12 13:14:34 +02:00
Paolo Tranquilli
a4c1ec75db Merge pull request #17445 from github/redsun82/rust-qltest 
Rust: make ql tests extract files together
 2024-09-12 12:53:16 +02:00
Paolo Tranquilli
ed0370b715 Rust: update rust/tools/qltest.sh 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2024-09-12 12:28:22 +02:00
Alvaro Muñoz
3a39058299 Bump qlpack versions 2024-09-12 10:42:12 +02:00
Simon Friis Vindum
3dc517c82b Rust: Handle absence of else branch in if expression in CFG 2024-09-12 10:35:00 +02:00
Rasmus Wriedt Larsen
66b61ee25a Go/Java/C#: Add change-note 2024-09-12 10:16:55 +02:00
Rasmus Wriedt Larsen
8c10155eb7 mass rename to ActiveThreatModelSource 2024-09-12 10:16:55 +02:00
Alvaro Muñoz
69818c5bb5 Remove bindingset from DataFlow's compatibleTypes 2024-09-12 09:58:21 +02:00
Simon Friis Vindum
67a06cb772 Rust: Support loop in CFG 2024-09-12 09:29:19 +02:00
Paolo Tranquilli
aeae922ef3 Rust: make ql tests extract files together 
For the moment this removes the possibility to set custom flags or env
variables for the extractor via comments, but that can be added back
easily if needed with a different mechanism (like an `env` file).
 2024-09-12 09:13:35 +02:00
Paolo Tranquilli
5ae8824303 Rust: add context to parameter file expansion errors 2024-09-12 08:56:07 +02:00
Paolo Tranquilli
6adf88542e Rust: fix linting script 2024-09-12 08:53:08 +02:00
Paolo Tranquilli
0a8c0f5ab4 Rust: fix bazel build 2024-09-12 08:46:50 +02:00
Owen Mansel-Chan
076dd07cdc Merge pull request #17429 from owen-mc/go/fix/multiple-anonymous-type-parameters 
Go: fix multiple anonymous type parameters
 2024-09-12 00:38:56 +01:00
Chuan-kai Lin
ff78bebf19 Shared support for alert filtering 2024-09-11 13:18:26 -07:00
Geoffrey White
c2e86423b9 Rust: Test the successfully extracted files diagnostic. 2024-09-11 17:10:08 +01:00
Geoffrey White
f1d281ffcc Rust: Add test cases for diagnostics. 2024-09-11 17:10:07 +01:00
Alvaro Muñoz
48a0fd500d Bump qlpack versions 2024-09-11 18:09:05 +02:00
Alvaro Muñoz
370d3adbb2 Merge pull request #80 from github/list_files 
Add models for list-files actions
 2024-09-11 18:08:15 +02:00
Alvaro Muñoz
5fe81ddb08 Update tests 2024-09-11 18:07:25 +02:00
Paolo Tranquilli
5bfe2a9e18 Merge branch 'main' into redsun82/rust-cli-flags 2024-09-11 18:00:47 +02:00
Geoffrey White
a933f0d695 Rust: Add diagnostic query for successfully extracted files. 2024-09-11 16:45:33 +01:00
Paolo Tranquilli
f9e4c0af13 Merge pull request #17435 from github/rust-experiment 
Rust: merge current status of experimental extractor into main
 2024-09-11 17:31:24 +02:00
Paolo Tranquilli
1b3a5cdab1 Rust: make the cli flags override automatic 
This makes the clap flags overlay over `Config` entirely derived via an
attribute macro. Also, the `--intputs-file` option is replaced by a more
standard and versatile `@` parameter file mechanism.
 2024-09-11 17:28:59 +02:00
Tamas Vajk
da3c5f44f2 C#: Include .razor files in File::fromSource 2024-09-11 16:13:42 +02:00
Asger F
07bd854868 Merge pull request #17401 from pwntester/js/actions/secrets-in-artifacts 
Javascript: Query to detect GITHUB_TOKEN leaked in artifacts
 2024-09-11 15:54:36 +02:00
Andrew Eisenberg
15cdc7210e Merge pull request #17431 from github/aeisenberg/query-add-autofix 2024-09-11 06:34:08 -07:00
Owen Mansel-Chan
f46b4b344f Merge pull request #17277 from github/owen-mc-patch-1 
Docs: Give clearer example of multiple query predicates in one ql file
 2024-09-11 14:22:33 +01:00
Simon Friis Vindum
fea6017688 Merge pull request #17415 from paldepind/rust-control-flow-graph 
Rust: Basic control flow graph setup
 2024-09-11 15:08:33 +02:00
Paolo Tranquilli
43984212a5 Merge branch 'main' into rust-experiment 2024-09-11 13:52:38 +02:00
Sid Shankar
983eb1924f Merge pull request #17433 from github/sidshank/ts-5.6 2024-09-11 07:23:00 -04:00
Paolo Tranquilli
e4766b60c3 Rust: make QL test crates workspaces 2024-09-11 11:29:04 +02:00
Simon Friis Vindum
857edb791c Rust: Fix control flow tree for function and block expression 2024-09-11 11:18:56 +02:00
Paolo Tranquilli
8bf3c42213 Merge branch 'main' into rust-experiment 2024-09-11 11:06:24 +02:00
Paolo Tranquilli
d8db0e43da Ruby: update new cargo target directory in make and actions 2024-09-11 11:01:10 +02:00
Paolo Tranquilli
aa6726a401 Bazel: bump up rules_rust version 2024-09-11 10:43:49 +02:00
Alvaro Muñoz
15bb4d851d Add new test for flow through matrix 2024-09-11 10:25:31 +02:00
Alvaro Muñoz
b199fdc3e2 Add new models for file listing actions 2024-09-11 10:25:10 +02:00
Geoffrey White
d374935008 Merge pull request #17384 from microsoft/brodes/overflow-buffer-fixes-upstream 
Brodes/overflow buffer fixes upstream
 2024-09-11 09:12:22 +01:00
Paolo Tranquilli
f624a1b7a7 Ruby: fix extractor pack script after workspace root change 2024-09-11 09:40:44 +02:00
Simon Friis Vindum
809d040528 Make more classes private and final 2024-09-11 09:37:39 +02:00
Paolo Tranquilli
2a7533c441 Rust: add to `labeler.yml 2024-09-11 09:33:43 +02:00