codeql

mirror of https://github.com/github/codeql.git synced 2026-03-21 15:06:46 +01:00

Author	SHA1	Message	Date
Alvaro Muñoz	839d16cde5	Treat If's values as expression no matter the delimiters	2024-03-13 18:41:17 +01:00
Jeroen Ketema	67b3670d06	Merge pull request #15901 from jketema/destructors11 C++: Introduce re-use expressions in the database scheme	2024-03-13 18:27:28 +01:00
Geoffrey White	8d3fc735ea	C++: Fix compilation issue in UseAfterFree.qll.	2024-03-13 17:03:00 +00:00
Geoffrey White	f52b6e0449	C++: Add more test cases for taint through qualifier fields.	2024-03-13 16:20:12 +00:00
Geoffrey White	6019a38266	C++: Add more test cases for indirection (4).	2024-03-13 16:20:08 +00:00
Geoffrey White	23da0c16c7	C++: Add more test cases for indirection (3).	2024-03-13 16:20:04 +00:00
Geoffrey White	7c4927c2e3	C++: Add more test cases for indirection (2).	2024-03-13 16:19:58 +00:00
Tony Torralba	039bea1625	Java: Add more neutral JDK models This is similar to https://github.com/github/codeql/pull/15766, in the sense that it adds neutral models to prevent the model generator from generating summaries for them. These models were spotted while evaluating https://github.com/github/codeql/pull/14919.	2024-03-13 16:59:38 +01:00
Geoffrey White	fcda0c9819	C++: Add more test cases for indirection (1).	2024-03-13 15:35:28 +00:00
Geoffrey White	c17a36ec07	C++: Add more test cases for taint through qualifiers.	2024-03-13 15:30:13 +00:00
Mathias Vorreiter Pedersen	b638d4d0ba	Merge pull request #15900 from MathiasVP/glib-alloc-and-dealloc C++: Add models for `GLib` allocation and deallocation	2024-03-13 15:29:46 +00:00
Geoffrey White	92d57ab504	C++: Correct some existing cases that are in fact indirect.	2024-03-13 15:26:21 +00:00
Erik Krogh Kristensen	bd121b98ae	Merge pull request #15893 from erik-krogh/more-filter-taint JS: allow more flow through .filter()	2024-03-13 16:19:28 +01:00
Alvaro Muñoz	1bf2431c99	Improve UntrustedCheckout query Account for more events, more triggers and heuristics to detect git checkouts	2024-03-13 15:41:57 +01:00
Rasmus Lerchedahl Petersen	533b63743b	Python: test MaD syntax for keyword argument use the combined positional/keyword syntax as that is what we will probably mostly use.	2024-03-13 15:28:34 +01:00
Asger F	ddf6eb3a04	JS: Quick fix to make DeduplicatePathGraph compile There's an open PR for this where a real fix should be written	2024-03-13 15:24:53 +01:00
Asger F	8ecdb5cefe	Update VariableCapture.qll	2024-03-13 15:24:20 +01:00
Asger F	82abd867a0	JS: Update uses of AccessPathSyntax This doesn't yet migrate to the FlowSummaryImpl.qll in a qlpack, just trying to make things compile first	2024-03-13 15:17:58 +01:00
Asger F	e5bc8db2f0	JS: Fix conflicting default for visbleImplInCallContext	2024-03-13 15:17:08 +01:00
Asger F	bb1f729a3f	Update VariableCapture.qll	2024-03-13 15:16:37 +01:00
Asger F	97567f412e	JS: Update VariableCapture.qll after changes to API	2024-03-13 14:53:00 +01:00
Tom Hvitved	6c0ed28e6b	Python: Implement new data flow interface	2024-03-13 14:41:57 +01:00
Tom Hvitved	02ae2d1520	Java: Implement new data flow interface	2024-03-13 14:41:57 +01:00
Tom Hvitved	e4a4c18166	Go: Implement new data flow interface	2024-03-13 14:41:57 +01:00
Asger F	5e7d1d5c2c	Merge branch 'main' into js/shared-dataflow-merged	2024-03-13 14:27:16 +01:00
Michael Nebel	560b355e0c	C#: Remove hard-coded local sources from the uncontrolled-format-string query.	2024-03-13 14:26:30 +01:00
Erik Krogh Kristensen	53502a8662	Merge pull request #15510 from yoff/ts-54 JS: Add support for TS 5.4	2024-03-13 14:22:24 +01:00
Alvaro Muñoz	aa62603899	Merge pull request #29 from GitHubSecurityLab/clean fix: clean debug lefovers	2024-03-13 13:50:11 +01:00
Alvaro Muñoz	0b71d02407	fix: clean debug lefovers	2024-03-13 13:49:50 +01:00
Jeroen Ketema	8d5eab401d	C++: Introduce re-use expressions in the database scheme	2024-03-13 13:28:27 +01:00
Tom Hvitved	16cef92106	JS: Add `DataFlow::Node.getLocation`	2024-03-13 13:06:16 +01:00
Mathias Vorreiter Pedersen	8d504d8b32	Merge pull request #15899 from jketema/destructors10 C++: Add IR tests for the destruction of temporaries	2024-03-13 11:56:04 +00:00
Mathias Vorreiter Pedersen	465c3c18e3	C++: Add change note.	2024-03-13 11:49:26 +00:00
Asger F	c5a02dae2b	Merge pull request #15768 from asgerf/js/amd-pseudo-deps JS: Do not treat AMD pseudo-dependencies as imports	2024-03-13 12:49:17 +01:00
Mathias Vorreiter Pedersen	3ea39a2553	C++: Add some query tests.	2024-03-13 11:39:34 +00:00
Mathias Vorreiter Pedersen	bcd36b1994	C++: Recognize glib allocations and deallocations.	2024-03-13 11:39:15 +00:00
Geoffrey White	9aad43f649	C++: Add indirect test models.	2024-03-13 11:34:36 +00:00
Ian Lynagh	adefdfd59f	Merge pull request #15889 from igfoo/igfoo/k2exprs Kotlin 2: Accept more changes in the exprs test	2024-03-13 11:34:10 +00:00
Asger F	fa8933eb41	JS: Reduce duplication in UnsafeDynamicMethodAccessQuery	2024-03-13 12:30:05 +01:00
Asger F	ea4bc9cdbb	JS: Comment about manually applying taint steps	2024-03-13 12:30:05 +01:00
erik-krogh	129286aa1c	allow more flow through .filter()	2024-03-13 12:03:00 +01:00
Jeroen Ketema	3ef1ab49ea	C++: Add IR tests for the destruction of temporaries	2024-03-13 12:00:02 +01:00
erik-krogh	013ed7adb3	Java: update the url-redirection in the same style as the C# qhelp	2024-03-13 11:58:16 +01:00
Asger F	406b080ce3	JS: Add comment about allowImplicitRead in PostMessageStar	2024-03-13 11:30:52 +01:00
Asger F	0a2050bc42	JS: Deduplicate predicate in HostHeaderPoisoningQuery	2024-03-13 11:27:18 +01:00
Asger F	11983faccf	JS: Remove out-commented code	2024-03-13 11:26:56 +01:00
yoff	b5c0fbb827	Merge pull request #15776 from RasmusWL/tt-consistency Python: Add type-tracking consistency query	2024-03-13 11:11:07 +01:00
Asger F	b31f20a64e	JS: Explain why ObjetWrapperFlowLabel is deprecated	2024-03-13 11:08:25 +01:00
Asger F	e0aae53ac7	JS: Remove unnecessary BarrierGuardLegacy class	2024-03-13 11:05:23 +01:00
Asger F	fce2be0af3	JS: Use BarrierGuardLegacy in TaintedPath	2024-03-13 11:02:09 +01:00

... 380 381 382 383 384 ...

84550 Commits