hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-29 11:48:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,723 Branches 164 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
32070abb27 JS: Implicitly treat array steps as taint steps 2023-10-13 12:42:40 +02:00
Asger F
60101f5e6a JS: Instantiate flow summary library 2023-10-13 12:42:40 +02:00
Asger F
8dc0800526 JS: Add the shared FlowSummaryImpl.qll file 2023-10-13 12:42:40 +02:00
Asger F
f316da78d2 JS: Add FunctionSelfReferenceNode 2023-10-13 12:42:40 +02:00
Asger F
760873c01c JS: Basic instantiation of shared library 2023-10-13 12:42:40 +02:00
Asger F
3455463e71 JS: Add instantiation boilerplate 
Note that this commit won't compile on its own, but putting the boilerplate in its own commit
 2023-10-13 12:42:40 +02:00
Asger F
c839822eb9 JS: Add PostUpdateNode 2023-10-13 12:42:40 +02:00
Asger F
01952f17bf JS: Add some missing getContainer() predicates 2023-10-13 12:42:40 +02:00
Asger F
21300eef4c JS:Add ConstructorThisArgumentNode 2023-10-13 12:42:40 +02:00
Asger F
b499c6075a JS: Add Contents.qll 2023-10-13 12:42:40 +02:00
Asger F
79e7aae9f6 JS: Add TEarlyStageNode 2023-10-13 12:42:39 +02:00
Asger F
51ef0e5836 JS: Move TNode into a cached module 2023-10-13 12:42:39 +02:00
Asger F
60b179bda2 Shared: add DeduplicatePathGraph 
Note that there is a separate PR open with this library
 2023-10-13 12:42:39 +02:00
Harry Maclean
1297acf5b1 Merge pull request #14216 from hmac/hmac-graphql-enum 
Ruby: Restrict GraphQL remote flow sources
 2023-10-13 11:31:50 +01:00
erik-krogh
9080e84fc9 add support for extracting .jsp files 2023-10-13 12:09:27 +02:00
Tamas Vajk
791a6422b3 C#: Fix params attribute argument extraction 2023-10-13 11:30:02 +02:00
Tamas Vajk
e730815f41 C#: Add test case for params arguments in attributes 2023-10-13 11:29:32 +02:00
Tony Torralba
5e921784fb Merge pull request #14399 from ebickle/fix/thread-resource-arithmetic 
Java: Flow taint through arithmetic expressions for java/thread-resource-abuse experimental query
 2023-10-13 10:06:33 +02:00
Erik Krogh Kristensen
b1ad61e27d Merge pull request #14481 from erik-krogh/proper-codepoints 
ReDoS: use the new codePointAt and codePointCount methods instead of regex hacks
 2023-10-13 09:35:55 +02:00
Felicity Chapman
2ddcd1d9cc Merge pull request #14489 from github/felicitymay-typo-fix 
Fix typo in link
 2023-10-12 21:45:30 +01:00
Felicity Chapman
8f70b55158 Fix typo in link 2023-10-12 20:53:44 +01:00
Ian Lynagh
2edc70da79 Merge pull request #14390 from igfoo/igfoo/compr 
Kotlin: Improve support for TRAP compression options
 2023-10-12 20:22:10 +01:00
Robert Marsh
dd71204128 Swift: update test expectations for for-in locations 2023-10-12 18:59:36 +00:00
Geoffrey White
fe57cd0784 Merge pull request #14488 from geoffw0/strlentest 
Swift: Additional test cases for `swift\string-length-conflation`
 2023-10-12 19:39:43 +01:00
AlexDenisov
6ab2de10e3 Merge pull request #14437 from github/alexdenisov/ignore-unavailable-declarations 
Swift: skip declarations marked as unavailable
 2023-10-12 20:08:18 +02:00
Ian Lynagh
ed9502fd0b Kotlin: Enhance the TRAP compression test 2023-10-12 18:13:07 +01:00
Ian Lynagh
adb47399c7 Kotlin: Improve support for TRAP compression options 
While you could control compression with
    CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION
before, most TRAP files used gzip regardless for compatibility with the
Java extractor. Now Java understands the option too we can use it for
shared TRAP files.
 2023-10-12 18:13:06 +01:00
Mathias Vorreiter Pedersen
3c34638438 Merge pull request #14486 from MathiasVP/simplify-overrun-write 
C++: Remove unnecessary `FlowState` from `cpp/overrun-write`
 2023-10-12 17:48:52 +01:00
Geoffrey White
9f683b8630 Swift: Remove duplicate results. 2023-10-12 17:38:58 +01:00
Geoffrey White
cf7f355fc4 Swift: Additional test cases. 2023-10-12 17:11:56 +01:00
Stephan Brandauer
bcde466d6c use of characteristics 2023-10-12 17:22:05 +02:00
Stephan Brandauer
1bbf88f208 Java: basic version of automodel extraction queries 2023-10-12 17:07:46 +02:00
Ed Minnix
31c04b50f7 Change note 2023-10-12 09:58:09 -04:00
Ed Minnix
4eeaf84133 Sync NumericCastTaintedQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
ec84f072eb Sync ArithmeticTaintedLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
da933fb77a Sync ExternallyControlledFormatStringLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
f1886320e5 Sync ImproperValidationOfArrayIndexLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
69531b9f7c Sync ResponseSplittingLocalQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
ef282955fd Sync SqlTaintedLocalQuery with SqlInjectionQuery 2023-10-12 09:58:08 -04:00
Ed Minnix
e4f567979a Sync XSS Local 2023-10-12 09:58:08 -04:00
Mathias Vorreiter Pedersen
64fa6c8bbd C++: Remove the hacky flow state since this is no longer needed after #13717. 2023-10-12 13:58:36 +01:00
Geoffrey White
5c0085880f Swift: Change note. 2023-10-12 13:24:10 +01:00
Geoffrey White
e2a8569940 Swift: Clean up indentation. 2023-10-12 13:05:20 +01:00
Geoffrey White
8f852f2e7d Swift: Turn sink models into flow summary models, where appropriate. 2023-10-12 12:57:05 +01:00
erik-krogh
fa1e8ee426 add getACodepoint to the shared Strings library, and use it in NfaUtils 2023-10-12 13:38:19 +02:00
erik-krogh
822ba2ae59 add documentation for the new string methods in ql-language-specification.rst 2023-10-12 13:38:19 +02:00
erik-krogh
116025c569 use the new codePointAt and codePointCount methods instead of regex hacks 2023-10-12 13:38:19 +02:00
Arthur Baars
a4d0ef6350 Add changenote 2023-10-12 13:04:00 +02:00
Arthur Baars
a9a21aa313 Rename DynamicImportExpr::getImport{Attributes => Options} 2023-10-12 13:00:39 +02:00
Arthur Baars
1f4fcf1f31 Rename test files 2023-10-12 13:00:39 +02:00