hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 08:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,715 Branches 163 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
03ca244df2 Associate endpoints with their potential endpoint types and check these when determining candidates. 
This prevents us from associating a sink candidate with a source type and vice versa.

However, this does not fix the problem of negative characteristics for sink types excluding source candidates.
 2024-01-11 11:44:14 +00:00
Max Schaefer
a6d996b478 Add an example of a missed source candidate. 
`Files.list` has a taint step from its first argument to its result, so that first argument should not be considered a sink candidate (and it is not). However, due to a bug in `IsMaDTaintStepCharacteristic` it is also not considered a source candidate, which is wrong: as the example shows, if that argument is a call we do very much want to consider it as a source candidate.
 2024-01-11 11:27:34 +00:00
Max Schaefer
8e429bd399 Rename isSinkCandidate (and a related predicate) to isCandidate. 
This reflects the fact that these predicates also deal with source candidates.
 2024-01-11 11:20:51 +00:00
Tony Torralba
05b487e3a6 Go: Recognize unsafe candidate selection in go/insecure-randomness 2024-01-11 11:58:12 +01:00
Max Schaefer
dba2e06a1d Merge pull request #15283 from github/max-schaefer/release-automodel-query-pack 
Release automodel extraction queries v0.0.12.
 2024-01-11 10:28:55 +00:00
Tony Torralba
8ccacafb59 Merge pull request #15289 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-01-11 10:15:34 +01:00
Michael Nebel
1770beea25 C#: Update QL doc for getRuntimeArgumentForParameter. 2024-01-11 09:07:15 +01:00
Michael Nebel
4c1e84b992 C#: Address review comments. 2024-01-11 09:07:15 +01:00
Michael Nebel
4dedc454ae C#: Add change-note. 2024-01-11 09:07:15 +01:00
Michael Nebel
e18534e748 C#: Force population of compiler generated delegates used for lambdas. 2024-01-11 09:07:15 +01:00
Michael Nebel
9a64e2a9b0 C#: Add test for lambda default parameters. 2024-01-11 09:07:15 +01:00
Michael Nebel
71c996a0be C#: Update lambdaArgument expected output. 2024-01-11 09:07:14 +01:00
Michael Nebel
b2faf3618c C#: Add support for params parameters in getRuntimeArgumentForParameter. 2024-01-11 09:07:14 +01:00
Michael Nebel
f0852c89bc C#: Add test for lambda arguments. 2024-01-11 09:07:14 +01:00
Paolo Tranquilli
482b5f3b29 Merge pull request #15265 from github/redsun82/def-to-non-header-include-exceptions 
C++: add `.def` to exceptions to AV rule 32
 2024-01-11 08:34:43 +01:00
github-actions[bot]
7db46b6ab6 Add changed framework coverage reports 2024-01-11 00:16:44 +00:00
Andrew Eisenberg
2f190d6552 Update docs/query-metadata-style-guide.md 
Co-authored-by: Angela P Wen <angelapwen@github.com>
 2024-01-10 14:27:00 -08:00
Owen Mansel-Chan
3767348dec Update test expectations 2024-01-10 22:25:08 +00:00
Owen Mansel-Chan
7824e60acd Manual neutral summaries should block generated summaries 2024-01-10 22:25:06 +00:00
Owen Mansel-Chan
52563b01b7 Factor logic out into interpretNeutral 2024-01-10 22:25:04 +00:00
Owen Mansel-Chan
370a32da8b Test summary models and neutral models, manual and generated 2024-01-10 22:25:02 +00:00
Andrew Eisenberg
303272d0d4 Update query-metadata-style-guide.md clarify problem.severity 2024-01-10 13:47:35 -08:00
Erik Krogh Kristensen
51fe477ed1 Merge pull request #15271 from erik-krogh/fastTS 
JS: faster TypeScript extraction
 2024-01-10 21:02:34 +01:00
Owen Mansel-Chan
9e2e01ff89 Update Top JDK APIs test expectation 2024-01-10 17:07:33 +00:00
Ian Lynagh
5d3166cfef Kotlin: Tweak code formatting 2024-01-10 16:39:49 +00:00
Ian Lynagh
80163c5aac Kotlin 2: Just accept the remaining comment differences for now 2024-01-10 16:39:47 +00:00
Ian Lynagh
ce4253c17f Kotlin 2: Remove an expected diagnostic match 
It is only generated when using the PSI comment extractor.
 2024-01-10 16:39:04 +00:00
Ian Lynagh
20254fd71e Kotlin: Accept a location change 2024-01-10 16:39:04 +00:00
Ian Lynagh
b3f8167973 Kotlin: Don't warn if we can't find a label for a fake owner 
The fake owner probably just wasn't extracted
 2024-01-10 16:39:02 +00:00
Owen Mansel-Chan
33030417b4 Add change note 2024-01-10 15:48:28 +00:00
Tony Torralba
52d3e3da31 Merge pull request #15268 from atorralba/atorralba/go/cleartext-logging-src-and-sink-improvs 
Go: Adds sources and sinks to `go/clear-text-logging`
 2024-01-10 15:52:40 +01:00
Tom Hvitved
ad75562b55 CPP: Update expected test output 2024-01-10 15:27:22 +01:00
Ian Wright
3534bfca9c Merge pull request #15251 from github/z80coder/dry-run 
Support dry-run of publishing script
 2024-01-10 14:16:10 +00:00
Philip Ginsbach
a732199317 Merge pull request #15261 from github/ginsbach/WeakAliasesInLanguageReference 
document weak aliases in the language reference
 2024-01-10 13:55:10 +00:00
Ian Lynagh
f111fba4b7 Merge pull request #15269 from igfoo/igfoo/ktfmt 
Kotlin: Reformat code
 2024-01-10 13:35:35 +00:00
Tom Hvitved
295198744b Ruby: Handle captured yield calls 2024-01-10 14:25:15 +01:00
Tom Hvitved
55be4c39ef Ruby: Add data flow call sensitivity test 2024-01-10 14:25:12 +01:00
Paolo Tranquilli
1034c3d2f9 Merge pull request #15277 from github/redsun82/swift-fix-upgrade 
Swift: fix upgrade and downgrade scripts
 2024-01-10 14:19:25 +01:00
Tony Torralba
5e8c63c3aa Use arg position instead of arg as class field to reduce number of instances 2024-01-10 14:12:29 +01:00
Owen Mansel-Chan
28aa9b2b3c C#: Emulate that some methods don't have a body (so generated summaries will be applied) 2024-01-10 12:54:33 +00:00
erik-krogh
06c1fff770 address review comments 2024-01-10 13:53:54 +01:00
Tony Torralba
78c0cdfa2c Apply suggestions from code review 
co-authored-by: Owen Mansel-Chan <owen-mc@github.com>
 2024-01-10 13:33:41 +01:00
Tony Torralba
3534f692dc Fix test expectations 
Barrier-in addition removes an overlapping path
 2024-01-10 13:33:41 +01:00
Tony Torralba
80526e509e Go: Adds sources and sinks to go/clear-text-logging 2024-01-10 13:33:41 +01:00
Tony Torralba
ca0a1dc7ae Merge pull request #15267 from atorralba/atorralba/go/fmt-appenderorsprinter-mad 
Go: Migrate AppenderOrSprinter model to models-as-data
 2024-01-10 13:31:19 +01:00
Paolo Tranquilli
e64ce228bb Merge pull request #15276 from github/redsun82/cmake-drop-internal-transition 
Bazel/CMake: drop confusing `_INTERNAL_TRANSITION` suffix
 2024-01-10 13:18:33 +01:00
Pierre
78f0aa971b Fix historic changelogs (security coverage section) 2024-01-10 13:02:09 +01:00
Pierre
365cde36ae Create 2.15.5 changelog 2024-01-10 13:01:49 +01:00
Mathias Vorreiter Pedersen
7a0cbb4e5a C++: Accept test changes. 2024-01-10 11:55:53 +00:00
Mathias Vorreiter Pedersen
0c3ea6c5df C++: Fix conflation issue. 2024-01-10 11:55:39 +00:00