hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-26 09:18:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,718 Branches 163 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
ff4c63f696 C++: Add change note. 2023-11-28 09:16:49 +00:00
Mathias Vorreiter Pedersen
e10caa68f6 C++: Add tests. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
e94cde9b4b C++: Move the use-after-free tests to subdirectory. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
71ad7696c3 C++: Add qhelp. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
204acbacc5 C++: Add a new query for detecting calls to 'c_str' on temporary objects. 2023-11-28 09:06:24 +00:00
dependabot[bot]
d2cad03e28 Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).

- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-28 03:58:15 +00:00
Mathias Vorreiter Pedersen
22a91d18b8 C++: Make the sequence container classes public. 2023-11-27 21:32:49 +00:00
Eric Bickle
aab7ff919e Java: Improve Gson parse, get, and stream models 2023-11-27 12:26:28 -08:00
Tom Hvitved
ccb9d9b8fa C#: Strengthen call-back heuristics by considering body-less methods 2023-11-27 21:15:06 +01:00
Geoffrey White
09998a9f35 Swift: Formatting. 2023-11-27 19:53:32 +00:00
Geoffrey White
f1f5745ed1 Swift: Change note. 2023-11-27 19:43:15 +00:00
Geoffrey White
f19c6f337d Swift: Add imprecise append/insert models. 2023-11-27 19:43:15 +00:00
Geoffrey White
6e5c285346 Swift: Add imprecise init(data:) model. 2023-11-27 19:23:40 +00:00
Geoffrey White
99aa754b50 Swift: Add tests for UIImage. 2023-11-27 19:19:12 +00:00
Geoffrey White
da648b1014 Swift: Convert ui.swift test to use source labels. 2023-11-27 19:06:52 +00:00
Geoffrey White
4b87dd54fb Swift: Add tests for custom append/insert. 2023-11-27 19:02:45 +00:00
Maiky
6a3cdc90e2 Add change-node 2023-11-27 20:58:47 +02:00
Maiky
3bcb411d1a Using Express::RouteSetup 2023-11-27 20:31:19 +02:00
Maiky
f623db461a Change qldoc 2023-11-27 19:51:13 +02:00
Maiky
bb6ef72e67 getArgument returns Cors::Cors 2023-11-27 19:36:49 +02:00
Alex Eyers-Taylor
9eb5b23f54 CPP: Fix query formatting 2023-11-27 15:55:44 +00:00
Maiky
aa24ce5532 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-11-27 17:48:21 +02:00
Taus
ad1a86879e Python: Add change note 2023-11-27 14:39:32 +00:00
Harry Maclean
bd575db254 Ruby: Add test for FrameworkModeEndpoints query 2023-11-27 14:18:18 +00:00
Taus
95e9284d08 Python: Add support for extraction filters 
Adds support for extraction filters as defined in
https://peps.python.org/pep-0706/
and implemented in Python 3.12.

By my reading, setting the filter to `'data'` or `'tar'` is probably
safe, whereas `'fully_trusted'` or the default (which is the same as
`None`) is not.

For now, I have just added this modelling to the tarslip query. We could
also share it with the modelling of `shutil.unpack_archive` (which has also
gained a `filter` argument), but it was unclear to me where we should put
this modelling in that case. Perhaps the best solution would be to merge
the experimental `py/tarslip-extended` query into the existing query (in
which case the current location is perhaps not too bad).
 2023-11-27 14:11:17 +00:00
Michael Nebel
f05c86239f Merge pull request #14878 from michaelnebel/csharp/pindotnetinintegrationtests 
C#: Pin integration tests to a specific .NET version.
 2023-11-27 13:22:02 +01:00
Ian Lynagh
7560573b89 Merge pull request #14906 from igfoo/igfoo/locs 
Kotlin 2: Accept some location changes in test-kotlin2/library-tests/stmts
 2023-11-27 11:42:47 +00:00
Harry Maclean
f40f2db3ab Ruby: Fix name of url-redirection sink model 2023-11-27 11:25:37 +00:00
Mathias Vorreiter Pedersen
70e0b33ce6 Merge pull request #14807 from geoffw0/formatsinks 
Swift: More sinks for swift/uncontrolled-format-string
 2023-11-27 11:10:04 +00:00
Harry Maclean
6a38223127 Ruby: QL4QL fix 2023-11-27 10:17:31 +00:00
Michael Nebel
d1c4e772f0 C#: Pin integration tests to a specific .NET version. 2023-11-27 10:51:04 +01:00
Harry Maclean
e9277a56a9 Ruby: Add sinks from external models 2023-11-27 09:18:00 +00:00
Harry Maclean
ad608341ab Ruby: Handle alternative gemspec names 
Gemspecs are sometimes named via the first argument to
`Gem::Specification.new`:

```rb
Gem::Specification.new 'sinatra' do |s|
  # ...
end
```
 2023-11-27 09:18:00 +00:00
Harry Maclean
9b998a39b4 Ruby: Add tags to GenerateModel query 
This allows the model editor to find this query in a more robust way
than by file path.
 2023-11-27 09:18:00 +00:00
Harry Maclean
b9d15bacba Ruby: Don't classify our test files as test files 
For model editing purposes.
 2023-11-27 09:17:59 +00:00
Harry Maclean
064b10a5cb Ruby: Handle missing gemspec in model query 2023-11-27 09:17:59 +00:00
Harry Maclean
9dcc424f8c Ruby: Include keyword parameters endpoint query 2023-11-27 09:17:59 +00:00
Harry Maclean
5dcc3d43ca Ruby: Recognise modeled source/sink methods 2023-11-27 09:17:59 +00:00
Harry Maclean
766e68aa36 Ruby: Handle multiple gemspecs in endpoints query 2023-11-27 09:17:59 +00:00
Harry Maclean
c54743c3fd Ruby: Include class methods in model editor query 2023-11-27 09:17:59 +00:00
Harry Maclean
78125a701d Ruby: Model Editor support 
Add experimental support for the CodeQL Model Editor.
 2023-11-27 09:17:59 +00:00
Stephan Brandauer
68a7734e08 Merge pull request #14849 from github/kaeluka/automodel-extraction-skip-primitive-types-candidates 
Java Automodel extraction: remove primitives in framework mode
 2023-11-27 09:52:48 +01:00
AlexDenisov
59ee3e16b4 Merge pull request #14800 from github/alexdenisov/more-extractions 
Swift: final 5.8/5.9 extractions
 2023-11-27 08:41:37 +01:00
amammad
ffe2e398c9 fix tests, add support for Response.BodyWriter() Thanks to @owen-mc 2023-11-25 15:36:37 +01:00
amammad
accc09fd8c Lists of strings should be in alphabetical order. In a QLDoc, there should be a full stop at the end of each sentence. shorter model summary. change target from getACall() to getACall().getResult(.). better tests 2023-11-25 13:36:06 +01:00
Mathias Vorreiter Pedersen
865cbab242 Merge pull request #14911 from MathiasVP/remove-duplication-workaround-in-sources 2023-11-24 20:00:57 +00:00
Geoffrey White
dfdc502525 Merge pull request #14908 from geoffw0/setmodels 
Swift: Flow models for Set
 2023-11-24 19:16:16 +00:00
Geoffrey White
4c2a6231e9 Swift: Add tests for array append/insert. 2023-11-24 18:33:25 +00:00
Geoffrey White
2e93c1d7b6 Merge pull request #14879 from geoffw0/contentsof 
Swift: "contentsOf" sources
 2023-11-24 17:47:57 +00:00
Jeroen Ketema
c02a732632 C++: Remove DefaultTaintTracking library 2023-11-24 18:35:19 +01:00