hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 08:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,715 Branches 163 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
37a21ec548 Java: Address review comments. 2024-01-12 13:36:23 +01:00
Michael Nebel
74cdcab6d8 Java: Update expected test output. 2024-01-12 13:36:23 +01:00
Michael Nebel
6af0bca777 Java: Avoid generating contradicting summary and neutral summary models. 2024-01-12 13:36:23 +01:00
Michael Nebel
03d4025b99 Java: Add a testcase where both a neutral summary and summary is being generated. 2024-01-12 13:36:23 +01:00
Michael Nebel
c7045fbb99 C#: Add some test cases for excluding methods for model generation. 2024-01-12 13:35:23 +01:00
Michael Nebel
8702293878 C#: Update expected test output for type based model generator. 2024-01-12 13:35:23 +01:00
Michael Nebel
81de9d35af C#/Java: Don't generate models if there exist a manual summary or neutral summary. 2024-01-12 13:35:22 +01:00
Max Schaefer
ea26e21454 Extend negative characteristics for exceptions to source models. 2024-01-12 12:20:22 +00:00
Max Schaefer
06ba5ea9f8 Eliminate GetCallable modules and use getCallable instead. 2024-01-12 12:03:49 +00:00
Max Schaefer
76b84301e3 Share some code. 2024-01-12 12:03:49 +00:00
Max Schaefer
9f443d4f83 Make Unexploitable*Characteristic more precise. 2024-01-12 12:03:41 +00:00
Alex Denisov
28dd2e979b Revert "Swift: separate installation of dependencies and autobuilding" 
This reverts commit dd13ea3d0a.
 2024-01-12 12:34:13 +01:00
Mathias Vorreiter Pedersen
6bd31deb00 Merge pull request #15282 from MathiasVP/fix-duplicate-final-global-value 
C++: Fix duplicate "final global value" nodes
 2024-01-12 11:05:19 +00:00
Max Schaefer
a8336328fd Merge pull request #15176 from github/max-schaefer/py-url-redirection-qhelp 
Python: Mention more sanitisation options in py/url-redirection qhelp.
 2024-01-12 10:50:33 +00:00
Michael Nebel
c68f9b05cd C#: Address review comments. 2024-01-12 11:24:37 +01:00
Mathias Vorreiter Pedersen
8f36584bd9 C++: Fix Code Scanning errors. 2024-01-12 10:20:20 +00:00
Jeroen Ketema
b209ea6735 Merge pull request #15304 from MathiasVP/revert-12125 
C++: Revert "Merge pull request #12125 from jketema/unique-function"
 2024-01-12 11:20:00 +01:00
Mathias Vorreiter Pedersen
34980bfe20 C++: Add more QLDoc. 2024-01-12 10:12:34 +00:00
Tony Torralba
448439e76b Merge pull request #15294 from atorralba/atorralba/go/insecure-randomness-index-flowstep 
Go: Recognize unsafe candidate selection in `go/insecure-randomness`
 2024-01-12 11:08:56 +01:00
Owen Mansel-Chan
6945289afc Merge pull request #15246 from owen-mc/java/manual-neutral-overrides-generated 
C#/Java: Manual neutral summaries should block generated summaries
 2024-01-12 10:05:18 +00:00
Owen Mansel-Chan
ed4843f397 Merge pull request #15302 from github/dependabot/go_modules/go/extractor/extractor-dependencies-159a68acba 
Bump the extractor-dependencies group in /go/extractor with 1 update
 2024-01-12 10:03:58 +00:00
Michael Nebel
9f14c7c408 Merge pull request #15297 from michaelnebel/csharp/typealias 
C# 12: Type alias [Test only]
 2024-01-12 11:03:25 +01:00
Mathias Vorreiter Pedersen
fe2c806c2d C++: Undo some of the reverting. 2024-01-12 09:35:50 +00:00
Mathias Vorreiter Pedersen
84d08b0417 Revert "Merge pull request #12125 from jketema/unique-function" 
This reverts commit 9c039c4a08, reversing
changes made to ecd2003c14.
 2024-01-12 09:29:17 +00:00
Felicity Chapman
e408078eaa Merge pull request #15235 from github/docs-11486-security-severity 
Replace blog link with link to GitHub user docs
 2024-01-12 09:21:08 +00:00
Tony Torralba
87c6a3e38c Merge pull request #15301 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-01-12 09:31:27 +01:00
Tony Torralba
31c11add85 Updated change note 2024-01-12 08:55:24 +01:00
dependabot[bot]
dd08c31dc5 Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.16.1 to 0.17.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.16.1...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 03:24:29 +00:00
github-actions[bot]
add9c4e489 Add changed framework coverage reports 2024-01-12 00:16:38 +00:00
Jeroen Ketema
1c9f5b8b74 Merge pull request #15300 from github/sashabu/uuidof 
C++: Add a test with `__uuidof` in a template.
 2024-01-12 00:05:49 +01:00
Felicity Chapman
f06cca8eff Merge branch 'main' into docs-11486-security-severity 2024-01-11 22:28:30 +00:00
Alexandre Boulgakov
3493252321 C++: Add a test with __uuidof in a template. 2024-01-11 22:11:50 +01:00
Andrew Eisenberg
42f6dbe0b1 Merge pull request #15288 from github/aeisenberg/problem.severity 
Update query-metadata-style-guide.md clarify problem.severity
 2024-01-11 12:53:13 -08:00
Asger F
59c9ac735a Merge pull request #15295 from asgerf/js/type-model-export 
JS: Include sink nodes as base-case when resolving types
 2024-01-11 20:47:32 +01:00
Tony Torralba
12c5b46a0a Reduce FPs 
* Restrict allowed types in the flow step

* Discard more non-crypto-related TLS APIs
 2024-01-11 16:20:46 +01:00
Michael Nebel
0fa2067c3f C#: Update expected test output. 2024-01-11 16:19:24 +01:00
Michael Nebel
b03eecb5ab C#: Add support for named arguments in getRuntimeArgumentForParameter. 2024-01-11 16:19:24 +01:00
Michael Nebel
85f0ad623b C#: Add testexample of using named arguments when calling a delegate. 2024-01-11 16:19:24 +01:00
Michael Nebel
8b464fbc4a Merge pull request #15249 from michaelnebel/csharp/lambdadefaultparams 
C# 12: Support for lambda `param` parameter and parameter defaults.
 2024-01-11 16:18:03 +01:00
Owen Mansel-Chan
5e9ddd8c63 Apply suggestions from code review on change notes 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2024-01-11 15:15:21 +00:00
Michael Nebel
ef73fc3a6f C#: Add a test for type alias. 2024-01-11 16:13:35 +01:00
Owen Mansel-Chan
3c369f88bb Add change notes 2024-01-11 14:00:17 +00:00
Erik Krogh Kristensen
d782bd9b1f Merge pull request #13624 from jorgectf/seclab/dotjs 
JS: Add `dot.js` support
 2024-01-11 14:57:19 +01:00
Owen Mansel-Chan
def957e814 Accept review suggestion fixing a comment 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2024-01-11 13:56:27 +00:00
Tom Hvitved
a1036c81ee Merge pull request #15273 from hvitved/ruby/captured-yield 
Ruby: Handle captured `yield` calls
 2024-01-11 14:34:34 +01:00
Owen Mansel-Chan
2f01688319 Merge pull request #15280 from owen-mc/java/add-manual-models-for-df-generation 
Java: improve models for some important JDK methods
 2024-01-11 12:47:37 +00:00
Asger F
82cee61999 JS: Include sink nodes as base-case when resolving types 2024-01-11 13:41:21 +01:00
Max Schaefer
6e9c90a6bb Properly distinguish negative source and sink characteristics. 
In particular, `IsSanitizerCharacteristic` is a negative _source_ characteristic (not a negative sink characteristic), while `NeutralModelCharacteristic` is both.

This eliminates the erroneous test results.
 2024-01-11 12:36:48 +00:00
Max Schaefer
ff4555ac5b Get rid of negative sink types. 
Instead of positively implying the negative sink type, negative sink characteristics now negatively imply all sink types (but not source types). This is simpler and sice we will never have a huge number of sink types it doesn't impact performance either.

Changes to test results:

- The call to `createDirectories` at `Test.java:87` is now correctly classified as a source candidate, having previously been erroneously excluded by a negative _sink_ characteristic.
- The call to `compareTo` at `Test.java:48` is now erroneously classified as a source candidate; it should be suppressed by `IsSanitizerCharacteristic`, which is a negative sink characteristic, but should really be a negative source characteristic.
- In framework mode, several endpoints are now erroneously classified as source candidates even though they have neutral models, because `NeutralModelCharacteristic` is currently only a negative sink characteristic and not a negative source characteristic.
 2024-01-11 12:19:53 +00:00
Max Schaefer
bcf4f4febd Drop a conjunct which is now spurious. 2024-01-11 11:56:59 +00:00