hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-13 19:16:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,708 Branches 162 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cornelius Riemenschneider
62219fae60 Bazel: switch to a 7.4.0 prerelease. 2024-08-27 12:27:53 +02:00
Henry Mercer
e0013eec1b Merge pull request #17294 from github/codeql-cli-2.18.3 
Merge `codeql-cli-2.18.3` back into `rc/3.15`
 2024-08-27 10:46:05 +01:00
Asger F
f65879eef1 JS: Update a test that no longer fails 2024-08-27 11:35:37 +02:00
Asger F
cb5dbb919d JS: Update test to reflect implicit read flow has been fixed 
Shows the effect of https://github.com/github/codeql/pull/17262
 2024-08-27 11:35:36 +02:00
Asger F
a2d53c261b JS: Update test output and add related TODO in model of 'async' 2024-08-27 11:35:35 +02:00
Asger F
837a8be1b8 JS: Update test output and add related TODO in 'markdown-table' model 2024-08-27 11:35:34 +02:00
Asger F
2e2181be2c JS: Update test output that only affects nodes/edges/subpaths 2024-08-27 11:35:33 +02:00
Asger F
3e196f83f1 JS: Update Promises/flow2 test 2024-08-27 11:35:32 +02:00
Asger F
aa8bd332bf JS: Add a few more tests 2024-08-27 11:35:31 +02:00
Asger F
371f7ef551 JS: Add implicit taint read of array elements 2024-08-27 11:35:31 +02:00
Asger F
df42e7c527 JS: Add test showing lack of implicit reads for ArrayElement 2024-08-27 11:35:30 +02:00
Asger F
4e7bd9ddd8 JS: Update Arrays test now that array elements do not taint the whole array 2024-08-27 11:35:29 +02:00
Asger F
4389b5c999 JS: Fix issue for .apply() calls 2024-08-27 11:35:28 +02:00
Asger F
34e6864fa3 JS: Note issue with .apply() calls 2024-08-27 11:35:27 +02:00
Asger F
ac1dd1850e JS: Remove taint step from array element to whole array 2024-08-27 11:35:26 +02:00
Asger F
5084d0260f Update tests.expected 
The 'arguments' node is only materialised for functions that use 'arguments
 2024-08-27 11:35:25 +02:00
Asger F
895cb872ad JS: Add taint into dynamic argument array 2024-08-27 11:35:24 +02:00
Asger F
079a622cf9 JS: Add tests showing missing taint flow 
When the spread argument itself is tained and not
inside any content, the read steps currently fail
to propagate the data.
 2024-08-27 11:35:23 +02:00
Asger F
6a083136d7 JS: Hide some nodes 2024-08-27 11:35:22 +02:00
Asger F
acdc896c04 JS: Support for dynamic args to flow summaries 2024-08-27 11:35:21 +02:00
Asger F
53a2a66dd0 Add new nodes to early stage 2024-08-27 11:35:20 +02:00
Asger F
5c7e623c47 JS: Add some tests for missing handling of dynamic args in flow summaries 2024-08-27 11:35:19 +02:00
Asger F
c04f0beb8a Update DataFlowConsistency.expected 2024-08-27 11:35:18 +02:00
Asger F
60c3d077b2 Update DataFlowImplConsistency.qll 2024-08-27 11:35:17 +02:00
Asger F
bbb1c8c374 Remove old arguments-array position 2024-08-27 11:35:16 +02:00
Asger F
ed33a6e91b JS: Add explicit model of .join() 2024-08-27 11:35:15 +02:00
Asger F
fa7ad03068 JS: Add store/load steps for the new argument arrays 2024-08-27 11:35:15 +02:00
Asger F
623dbda77d Do not pass regular positional args into the rest parameter 2024-08-27 11:35:14 +02:00
Asger F
a72f79576a JS: Add corresponding argument positions 2024-08-27 11:35:13 +02:00
Asger F
6c7d745a2b JS: Add nodes for static/dynamic argument/parameter arrays 2024-08-27 11:35:12 +02:00
Asger F
5d77c336fc Test case for spread and rest args/params 2024-08-27 11:35:11 +02:00
Asger F
4cdaccd22e JS: Add InlineFlowTest 2024-08-27 11:35:10 +02:00
Michael Nebel
287857c5db Merge pull request #17301 from michaelnebel/shared/contentflowbadjoin 
Shared: Fix bad join in content flow.
 2024-08-27 10:17:04 +02:00
Paolo Tranquilli
b79be718e1 Merge pull request #17306 from github/redsun82/bazel-lfs 
Bazel: fix logging bug in `git_lfs_probe.py`
 2024-08-27 09:42:39 +02:00
Anders Schack-Mulligen
b3fa4f3d9e Merge pull request #17289 from aschackmull/dataflow/summaryctx 
Dataflow: Simplify using a SummaryCtx type.
 2024-08-27 09:32:43 +02:00
Paolo Tranquilli
0738e01e7e Bazel: fix logging bug in git_lfs_probe.py 
The case of an `HTTPError` was printed to stdout (and therefore globbed
by bazel).

While I'm at it, I also introduced a timeout to `urlopen` and improved
the `no endpoints found` error message.
 2024-08-27 09:12:37 +02:00
Kevin Stubbings
c60f459530 Grammar 2024-08-26 23:57:19 -07:00
Asger F
2adaf0f935 Merge pull request #17261 from asgerf/jss/dynamic-import-step 
JS: Port step for dynamic imports
 2024-08-27 08:27:16 +02:00
Kevin Stubbings
812abea0de change-notes 2024-08-26 22:25:00 -07:00
Kevin Stubbings
0420d25c13 refactor 2024-08-26 22:09:24 -07:00
Kevin Stubbings
1db7865d49 Corrections 2024-08-26 22:06:12 -07:00
Kevin Stubbings
8bf8893307 Add support for vulnerable CORS middlewares 2024-08-26 21:30:48 -07:00
Andrew Eisenberg
d19102c399 Separate into two groups 2024-08-26 14:38:32 -07:00
Michael Nebel
e81fdc951a Merge pull request #17246 from michaelnebel/modelgendebug 
C#/Java: Add some model generator summary debugging queries.
 2024-08-26 16:13:03 +02:00
Michael Nebel
77bfe39ca7 Shared: Address review comments. 2024-08-26 15:24:56 +02:00
Michael Nebel
4381bae5d1 Shared: Fix bad join. 2024-08-26 15:24:54 +02:00
Asger F
47c519fc0a JS: Add test for flow through dynamic imports 2024-08-26 15:15:49 +02:00
Anders Schack-Mulligen
d8c8bcd386 Dataflow: Tweak qldoc. 2024-08-26 15:12:37 +02:00
Anders Schack-Mulligen
cbb58d0041 Dataflow: Add a getLocation rootdef. 2024-08-26 15:05:30 +02:00
Michael Nebel
34d83a6b0d C#/Java: Address review comments. 2024-08-26 15:02:27 +02:00