hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-15 20:16:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,708 Branches 162 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
ef8532982c C++: Sync identical files. 2024-07-04 12:11:56 +01:00
Mathias Vorreiter Pedersen
72679c82a9 C++: Add a new opcode and instruction. 2024-07-04 12:11:54 +01:00
Mathias Vorreiter Pedersen
4953e7e7fa C++: Add tests. 2024-07-04 12:11:50 +01:00
Alvaro Muñoz
966a9b1652 Bump qlpack versions 2024-07-04 13:05:27 +02:00
Alvaro Muñoz
7d58beba67 Better control check support 2024-07-04 13:04:59 +02:00
Erik Krogh Kristensen
1c0c51faaf Merge pull request #16904 from igfoo/igfoo/shouldExtract 
JS: Remove call to shouldExtract
 2024-07-04 12:44:54 +02:00
Tom Hvitved
d675304703 Merge pull request #16875 from hvitved/csharp/ssa-param-def 
C#: Move implicit entry definitions inside method bodies in SSA construction
 2024-07-04 10:51:06 +02:00
Tamás Vajk
456c649c7d Merge pull request #16895 from tamasvajk/feature/fix-glob-pattern-processing 
C#: Fix glob pattern processing: allow `**/` to match empty string
 2024-07-04 10:46:36 +02:00
Ian Lynagh
95a418aa14 JS: Remove call to shouldExtract 
It always returns true nowadays.
 2024-07-04 09:42:07 +01:00
Mathias Vorreiter Pedersen
8e18e7d4e6 Merge pull request #16791 from MathiasVP/collection-content-2 
C++: Add support for `Element` content
 2024-07-04 08:52:33 +01:00
Tom Hvitved
da0909c080 Merge pull request #16896 from hvitved/ssa/dataflow-integration-prep 
SSA: Add `BasicBlock.{getNode/1,length/0}` to the input signature
 2024-07-03 19:56:35 +02:00
Mathias Vorreiter Pedersen
356d928544 C++: Accept test changes. 2024-07-03 18:16:20 +01:00
Mathias Vorreiter Pedersen
af28dd8eb4 C++: Add bsl models for 'array::front' and 'array::back'. 2024-07-03 18:14:10 +01:00
Mathias Vorreiter Pedersen
f9d6c63cbb C++: Add more 'Argument[-1]' to 'ReturnValue' flow. 2024-07-03 17:27:22 +01:00
Mathias Vorreiter Pedersen
246f3fd3e2 C++: Fix 'emplace_after' model in bsl. 2024-07-03 17:21:10 +01:00
Ian Lynagh
ea16f72c6f Java: Add changenote for dropping $SEMMLE_DIST support 2024-07-03 17:12:04 +01:00
Ian Lynagh
3260966e3b Kotlin: Remove unused SEMMLE_DIST 2024-07-03 17:10:41 +01:00
Mathias Vorreiter Pedersen
5351c2734f C++: Fix 'assign' models. 2024-07-03 17:01:43 +01:00
Mathias Vorreiter Pedersen
6d05324724 C++: Make sure the 'emplace' functions that return iterators are modeled via Element content. 2024-07-03 16:47:18 +01:00
Mathias Vorreiter Pedersen
e03f8084e6 C++: Fix yml file name. 2024-07-03 16:04:14 +01:00
Mathias Vorreiter Pedersen
c4dabb94d6 C++: Add models for 'array::front' and 'array::back'. 2024-07-03 16:03:25 +01:00
Porcupiney Hairs
808af28618 Python : Arbitrary codde execution due to Js2Py 
Js2Py is a Javascript to Python translation library written in Python. It allows users to invoke JavaScript code directly from Python.
The Js2Py interpreter by default exposes the entire standard library to it's users. This can lead to security issues if a malicious input were directly.

This PR includes a CodeQL query along with a qhelp and testcases to detect cases where an untrusted input flows to an Js2Py eval call.

This query successfully detects CVE-2023-0297 in `pyload/pyload`along with it's fix.
The databases can be downloaded from the links bellow.
```
https://file.io/qrMEjSJJoTq1
https://filetransfer.io/data-package/a02eab7V#link
```
 2024-07-03 19:06:34 +05:30
Taus
b779341ba6 Merge pull request #16885 from github/tausbn/python-fix-bad-join-in-function-resolution-type-tracker 
Python: Fix bad join in function resolution
 2024-07-03 13:59:13 +02:00
Tamas Vajk
6a036f4e84 Improve code quality 2024-07-03 12:45:47 +02:00
Alvaro Muñoz
69db192378 Bump qlpack versions 2024-07-03 12:40:48 +02:00
Mathias Vorreiter Pedersen
d7eac4d567 C++: Add change note. 2024-07-03 11:33:52 +01:00
Alvaro Muñoz
c70fb6e911 Consider toJson as a sanitizer for Code Injection in JS 2024-07-03 12:25:24 +02:00
Mathias Vorreiter Pedersen
b8c01e2901 C++: Accept test changes. 2024-07-03 11:18:21 +01:00
Mathias Vorreiter Pedersen
5be948533c C++: Replace 'Element[*@]' with 'Element[@]'. 2024-07-03 11:18:13 +01:00
Rasmus Wriedt Larsen
f9536e9a66 Merge pull request #16883 from github/tausbn/python-fix-bad-join-in-import-resolution 
Python: Fix bad join in `getImmediateModuleReference`
 2024-07-03 11:40:01 +02:00
Tom Hvitved
4ae8720930 SSA: Add BasicBlock.{getNode/1,length/0} to the input signature 2024-07-03 11:32:35 +02:00
Owen Mansel-Chan
dfc59a45c2 Merge pull request #16894 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-07-03 10:17:16 +01:00
Mathias Vorreiter Pedersen
640c842969 Merge pull request #16892 from MathiasVP/fix-qldoc-on-GuardCondition 
C++: Update QLDoc on `GuardCondition`
 2024-07-03 09:25:13 +01:00
Mathias Vorreiter Pedersen
284007dbff C++: Fix more QLDoc. 2024-07-03 09:14:06 +01:00
am0o0
7e5f2e2a48 experimentalSinkModel to sinkModel, remove one path injection sink that already exist before 2024-07-03 08:55:12 +02:00
Tamas Vajk
b36db5ad11 C#: Fix glob pattern processing: allow **/ to match empty string 2024-07-03 08:09:34 +02:00
github-actions[bot]
13bb93ea20 Add changed framework coverage reports 2024-07-03 00:17:59 +00:00
Alvaro Muñoz
7e0146d634 Bump qlpack versions 2024-07-02 23:52:01 +02:00
Alvaro Muñoz
4b01cd5be4 Support flow through fromJson 2024-07-02 23:51:19 +02:00
Alvaro Muñoz
45d51a4d00 Add more poisonable steps 2024-07-02 23:29:53 +02:00
Mathias Vorreiter Pedersen
4652003688 C++: Update QLDoc on 'GuardCondition' to reflect the fact that switch statements are supported. 2024-07-02 20:21:54 +01:00
Rasmus Wriedt Larsen
ce177c3450 Merge pull request #15655 from yoff/python/support-model-editor 
Python: Support model editor
 2024-07-02 16:28:58 +02:00
Tom Hvitved
8e8100fd34 Merge pull request #16887 from hvitved/ruby/local-flow-missing-steps 
Ruby: Add missing local flow steps
 2024-07-02 15:43:52 +02:00
Mathias Vorreiter Pedersen
6b025db824 C++: Add QLDoc to 'getParameterTypeName'. 2024-07-02 14:26:15 +01:00
Mathias Vorreiter Pedersen
c104a0a74c C++: Expand QLDoc on 'signatureMatches'. 2024-07-02 14:23:04 +01:00
Rasmus Wriedt Larsen
dc33f0de1d Python: Additional tests for model-editor 
We currently have some problems with these files, that we should fix
later down the line. See PR comment for more details.
 2024-07-02 14:28:46 +02:00
Tom Hvitved
19e910e1b5 Merge pull request #16801 from hvitved/ruby/element-reference-block 
Ruby: Handle element references with blocks
 2024-07-02 13:08:31 +02:00
Owen Mansel-Chan
c7ad0ad406 Merge pull request #16809 from owen-mc/go/mad-sources-beego 
Go: Convert Beego sources to MaD
 2024-07-02 09:36:48 +01:00
Michael Nebel
e05f835683 C#: Update model generator expected output. 2024-07-02 07:52:30 +01:00
Michael Nebel
5639ada3ed C#: Do not generate source models for Overriable callables that overrides or implements something. 2024-07-02 07:52:26 +01:00