hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,712 Branches 163 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
cfed2d4ce0 Split queries 2024-03-14 16:30:23 +01:00
Tamás Vajk
945121de1b Merge pull request #15922 from tamasvajk/buildless/namespace-extraction 
C#: Handle namespace resolution error more gracefully
 2024-03-14 16:19:48 +01:00
Alvaro Muñoz
8e5eeb2ea3 Merge branch 'untrusted_co' 2024-03-14 16:15:53 +01:00
Alvaro Muñoz
5130135df0 fix(stepsExpression): allow steps from a composite action to communicate 2024-03-14 16:14:55 +01:00
Michael Nebel
2280469564 Merge pull request #15902 from michaelnebel/csharp/uncontrolledformatstring 
C#: Remove hard-coded local sources from the uncontrolled-format-string query.
 2024-03-14 15:21:31 +01:00
Alvaro Muñoz
a3ccc2eba3 Merge pull request #30 from GitHubSecurityLab/untrusted_co 
Improve UntrustedCheckout query
 2024-03-14 14:52:39 +01:00
Alvaro Muñoz
778d8978b0 DF support for untrusted checkout query 2024-03-14 13:55:10 +01:00
Alvaro Muñoz
22d0600da8 Support more PR head checkouts 2024-03-14 13:28:39 +01:00
Alvaro Muñoz
d12b24886f Merge branch 'untrusted_co' of https://github.com/GitHubSecurityLab/codeql-actions into untrusted_co 2024-03-14 12:58:56 +01:00
Alvaro Muñoz
35df9519e1 Support more untrusted checkout cases 2024-03-14 12:58:47 +01:00
Alvaro Muñoz
9ca1ac5bb9 Fix expression regexp 2024-03-14 12:58:02 +01:00
Mathias Vorreiter Pedersen
7fdea27d33 C++: Rename 'IndirectTemporaryExpr' to 'IndirectOperandExprNode'. 2024-03-14 11:46:15 +00:00
Owen Mansel-Chan
2bd08838d4 Add manual neutral models for java.lang.ClassLoader 2024-03-14 11:40:06 +00:00
Owen Mansel-Chan
5b734c76b6 Add manual neutral models for java.util.Locale and its subclasses 2024-03-14 11:39:59 +00:00
Alvaro Muñoz
3150f24d3f Update tests and fix regexp 2024-03-14 12:21:16 +01:00
Alvaro Muñoz
7160f08222 Update ql/test/query-tests/Security/CWE-829/.github/workflows/auto_ci.yml 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 12:03:40 +01:00
Alvaro Muñoz
03277cc24b Add test for self-referencing jobs 2024-03-14 11:58:44 +01:00
Alvaro Muñoz
8e2c1a4f4e Expose predicates to check local flow 2024-03-14 11:58:07 +01:00
Alvaro Muñoz
3e2dffce8b Rename ContextExpression to SimpleReferenceExpression 2024-03-14 11:57:43 +01:00
Tony Torralba
20691e409c Add change note 2024-03-14 11:56:43 +01:00
Mathias Vorreiter Pedersen
9aefdca7a7 Merge pull request #15875 from MathiasVP/bring-back-type-barriers-in-non-constant-format 
C++: Clean up `cpp/non-constant-format`
 2024-03-14 10:51:23 +00:00
Tony Torralba
30d906d42a Merge pull request #15906 from atorralba/atorralba/java/jdk-neutrals 
Java: Add more neutral JDK models
 2024-03-14 11:07:06 +01:00
Geoffrey White
19cc620f18 C++: Effect of 'Fix dataflow node <> expression problem on prvalues' from main. 2024-03-14 09:47:38 +00:00
Rasmus Wriedt Larsen
7a3ee0f5f8 Python: Make IterableSequenceNode LocalSourceNode 
We do this to remove the inconsistencies, and to be ready for a future
where type-tracking support content tracker of depth > 1.

It works because targets of loadSteps needs to be LocalSourceNodes

predicate loadStep(Node nodeFrom, LocalSourceNode nodeTo, Content content) {
 2024-03-14 10:46:29 +01:00
Geoffrey White
f208594067 Merge branch 'main' into mad 2024-03-14 09:44:45 +00:00
Rasmus Wriedt Larsen
6ffaad1bc8 Python: Expand type-tracking tests with nested tuples 
I was initially surprised to see that this didn't work, until I
remembered that type-tracking only works with content of depth 1.
 2024-03-14 10:44:25 +01:00
Rasmus Wriedt Larsen
af8cef5b53 Python: Fixup deprecated type-tracker API 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
2b09b084e0 Python: Add change-note 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
7de304bf16 Python: Add proper type-tracking tests for content 
Instead of just relying on the call-graph tests
 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
fa0c4e18fc Python: Expand dict-content tt test even more 
While it might be useful to track content to any lookup, it's not
something we do right now.
 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
4d78762ba8 Python: Ignore consistency failure 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
8a7ffac19c Python: Accept consistency failure 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
92729dbbd6 Python: Support iterable unpacking in type-tracking 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
0cf3fe4a4c Python: Expand dict update tests 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
dac2b57bb0 Python: type-track through dict-updates 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
73fe596753 Python: type-tracking through dictionary construction 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
ece8245a4b Python: type-track through tuple content 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
a95bb7c86b Python: Expand function reference in content test 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
7721fb3331 Python: Setup shared read/store steps 2024-03-14 10:42:37 +01:00
Rasmus Wriedt Larsen
636cf611ae Python: Allow general content in type-tracker 
This should not result in many changes, since store/load steps are still
only implemented for attributes.
 2024-03-14 10:42:37 +01:00
Rasmus Wriedt Larsen
fc8caa66c8 Python: Prepare for general content in type-tracker 
Due to the char-pred of Content, this change should keep exactly the
same behavior as before.
 2024-03-14 10:42:37 +01:00
Mathias Vorreiter Pedersen
dacf7d73d9 Merge pull request #15918 from MathiasVP/fix-as-expr-for-temps 
C++: Fix dataflow node <> expression problem on prvalues
 2024-03-14 09:38:46 +00:00
Tony Torralba
87b2dcc892 Adjust test expectations 2024-03-14 10:25:04 +01:00
Mathias Vorreiter Pedersen
a24432bacc Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 2024-03-14 09:23:33 +00:00
Mathias Vorreiter Pedersen
c375497fa5 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 2024-03-14 09:16:04 +00:00
Tony Torralba
d8c0ab8e1f Go: Consider more strings as hardcoded credentials 2024-03-14 10:11:39 +01:00
Tony Torralba
9d44045e6f Adjust test expectations 2024-03-14 09:41:34 +01:00
Alvaro Muñoz
e726f9fff1 Apply suggestions from code review 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 09:24:32 +01:00
Alvaro Muñoz
aa37339deb Apply suggestions from code review 2024-03-14 09:22:40 +01:00
Alvaro Muñoz
fe1bf58ae5 Apply suggestions from code review 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 09:22:05 +01:00