Tamas Vajk
5058727980
C#: Update (some) nuget dependencies
2024-06-25 15:24:08 +02:00
Anders Schack-Mulligen
1cc49af454
Dataflow: Address review comments.
2024-06-25 15:19:55 +02:00
Rasmus Lerchedahl Petersen
bc551174f9
Python: model copy.deepcopy as a value step
2024-06-25 14:53:06 +02:00
Rasmus Lerchedahl Petersen
501cda4e8c
Python: model fnmatch.filter
2024-06-25 14:44:39 +02:00
Asger F
6b35a766a6
Migrate to shared FlowSummary library
2024-06-25 14:43:29 +02:00
Rasmus Lerchedahl Petersen
2118f233b9
Python: model optparse.OptionParser.parse_arg
2024-06-25 14:40:23 +02:00
Rasmus Lerchedahl Petersen
b80a711b27
python: undo changes to qlpack
2024-06-25 14:13:59 +02:00
Rasmus Lerchedahl Petersen
1e97600c4a
Python: move models
2024-06-25 14:13:56 +02:00
Rasmus Lerchedahl Petersen
d410136852
python: compress models
2024-06-25 14:13:52 +02:00
Rasmus Lerchedahl Petersen
c004ffaca8
python: move model to Stdlib.yml
...
There is already a model there so we add to that one.
We did observe that this existing model was blocked by the external MaD model.
This is concerning and needs to be cleared up.
2024-06-25 14:13:48 +02:00
Rasmus Lerchedahl Petersen
281ac05868
python: add modelling for urlib.parse
...
- `quote` together with `re.compile` recover regex injection alerts on haiwen/seahub
- `quote_plus` recovers the URL redirection alert on DemocracyClub/EveryElection
- `unquote` recovers path injection alerts on `cloudera/hue`
- it was tedious finding justifications for the rest..
2024-06-25 14:13:44 +02:00
Rasmus Lerchedahl Petersen
df406b4fca
python: Start modelling using MaD
...
- empty models for now
- `summaryModel` of `codeql/python-all` will be added to shortly.
2024-06-25 14:13:41 +02:00
Alvaro Muñoz
1fd7c148a5
Bump qlpack versions
2024-06-25 13:58:25 +02:00
Asger F
dd7aff555d
Instantiate shared FlowSummary library
2024-06-25 13:35:49 +02:00
Asger F
f0d7c3a7f0
Remove bindingsets
2024-06-25 13:33:06 +02:00
Asger F
6e32f27652
Rename predicates to be consistent with qlpack
...
In preparation for migrating to the FlowSummary module in the qlpack,
rename predicates to be consistent with the qlpack.
2024-06-25 13:30:33 +02:00
Alvaro Muñoz
61797e9180
Add pull_request-comment-branch head_ref as a source
2024-06-25 13:27:08 +02:00
Asger F
6a3bb4dd28
Merge pull request #16834 from asgerf/shared/capture-this-location
...
Shared: add location for 'this' CaptureContainer
2024-06-25 13:18:41 +02:00
Mathias Vorreiter Pedersen
17edfdf801
Merge pull request #16833 from MathiasVP/simplify-incorrect-allocation-error-handling
...
C++: Simplify `cpp/incorrect-allocation-error-handling`
2024-06-25 12:16:21 +01:00
Asger F
6c8fb61f60
Js: Update FlowSummaryImpl.qll to make things compile
2024-06-25 13:10:24 +02:00
Asger F
64a9598b89
JS: Update interface for isUnreachableInCall
2024-06-25 13:01:23 +02:00
Asger F
505c532af7
JS: Implement totalorder()
2024-06-25 12:58:35 +02:00
Rasmus Lerchedahl Petersen
6524b8e25d
Python: consistent double quotes in examples
2024-06-25 12:11:52 +02:00
Rasmus Lerchedahl Petersen
09905ee228
Python: double back-tics
2024-06-25 12:05:38 +02:00
Rasmus Lerchedahl Petersen
6d4e993dea
Python: remove named parameter filename
2024-06-25 12:00:53 +02:00
Rasmus Lerchedahl Petersen
aa4fd1992e
Python: compact types in type models
2024-06-25 11:59:55 +02:00
Rasmus Lerchedahl Petersen
b902dd5680
Python: add change note
2024-06-25 11:54:30 +02:00
Asger F
102ca77acf
Switch to getLocation() in DataFlowCall
2024-06-25 11:49:19 +02:00
Asger F
ecf418b8f6
Merge branch 'main' into js/shared-dataflow
2024-06-25 11:48:41 +02:00
Arthur Baars
046a5f0881
Merge branch 'rc/3.14' into post-release-prep/codeql-cli-2.17.6
2024-06-25 11:43:38 +02:00
Arthur Baars
624c574559
Merge pull request #16831 from smowton/smowton/admin/backport-maven-regex-fix
...
Backport Maven regex fix to rc/3.14
2024-06-25 11:42:54 +02:00
Jeroen Ketema
e0e5bdec8a
Merge pull request #16818 from jketema/predef
...
C++: Update expected test results
2024-06-25 11:06:53 +02:00
Mathias Vorreiter Pedersen
921afb71e2
Update cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql
...
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com >
2024-06-25 10:03:53 +01:00
Owen Mansel-Chan
890da5377e
Merge pull request #16819 from owen-mc/go/remove-dataflowtype-optimizer-bug-workaround
...
Go: Make DataFlowType a singleton (remove workaround)
2024-06-25 10:03:08 +01:00
Asger F
551743e000
Shared: add location for 'this' CaptureContainer
...
Only has an effect for debugging purposes
2024-06-25 10:34:28 +02:00
Mathias Vorreiter Pedersen
982f845be7
C++: Accept test changes.
2024-06-25 09:31:00 +01:00
Asger F
bd3fccd1a8
JS: Update test output with provenance column
2024-06-25 10:30:56 +02:00
Mathias Vorreiter Pedersen
bb8b0d0bf5
C++: Use the unary version of 'comparesEq' to handle both disjuncts.
2024-06-25 09:30:53 +01:00
Asger F
20df5adbaa
JS: Bugfix in DeduplicatePathGraph
...
This was introduced after a quick fix to handle the addition of
provenance.
2024-06-25 10:30:14 +02:00
Chris Smowton
5608e0141c
Adjust and tolerate variability in test expectations
2024-06-25 09:02:58 +01:00
Tom Hvitved
25daaf9d47
Ruby: Add change note
2024-06-25 10:00:01 +02:00
Asger F
f43a189f06
JS: Make CaptureNode.toString() more explicit
2024-06-25 09:56:39 +02:00
GitHub Security Lab
795232e040
Merge pull request #47 from github/poisonable_config
...
Move configuration to MaD files
2024-06-25 09:48:06 +02:00
Alvaro Muñoz
fc8173239e
Move configuration to MaD files
2024-06-25 09:47:43 +02:00
Jeroen Ketema
285ed3630b
C++: Update expected test results
2024-06-25 09:16:05 +02:00
github-actions[bot]
fd385736e6
Post-release preparation for codeql-cli-2.17.6
2024-06-25 06:39:45 +00:00
Joe Farebrother
0901b3d0a6
Add change note
2024-06-24 21:43:09 +01:00
Owen Mansel-Chan
8458bde51e
Add comment that "reverse-dns" is an ungrouped threat model
2024-06-24 21:23:52 +01:00
Owen Mansel-Chan
9e25279cb8
Change category in change note to "majorAnalysis"
2024-06-24 21:23:51 +01:00
Owen Mansel-Chan
162245fb9a
Fix unrelated test using reverse DNS as source
2024-06-24 21:23:50 +01:00
