hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-12 18:46:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,712 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
1259b7e8e7 JS: Post-processing query for inline test expectations 2024-10-29 13:35:38 +01:00
Tom Hvitved
e5f2bbb6ec Python: Post-processing query for inline test expectations 2024-10-29 13:35:37 +01:00
Tom Hvitved
4750b0de94 C++: Post-processing query for inline test expectations 2024-10-29 13:35:36 +01:00
Tom Hvitved
540b433f5a Go: Post-processing query for inline test expectations 2024-10-29 13:35:35 +01:00
Tom Hvitved
4561770db4 Swift: Post-processing query for inline test expectations 2024-10-29 13:35:34 +01:00
Tom Hvitved
5b5ca05e87 Ruby: Post-processing query for inline test expectations 2024-10-29 13:35:33 +01:00
Tom Hvitved
e2b614d18a Java: Post-processing query for inline test expectations 2024-10-29 13:35:32 +01:00
Tom Hvitved
8ba80fd022 C#: Post-processing query for inline test expectations 2024-10-29 13:35:31 +01:00
Tom Hvitved
e7a3e6bfed Shared: Post-processing query for inline test expectations 2024-10-29 13:35:29 +01:00
Tom Hvitved
b111194fbc Shared: Simplify PrettyPrintModels.ql 2024-10-29 13:35:28 +01:00
Tom Hvitved
c5d699cb6b Merge pull request #17857 from geoffw0/unreachable3 
Rust: Fix rust/dead-code
 2024-10-29 13:35:10 +01:00
Asger F
879cb7c365 Merge pull request #17864 from asgerf/js/vue-attribute-syntax 
JS: Fix parsing of special Vue attributes
 2024-10-29 13:23:47 +01:00
Ian Lynagh
251a8a34ed Java: Add up/downgrade scripts 2024-10-29 11:32:22 +00:00
Geoffrey White
6a110368a5 Rust: Rename predicates. 2024-10-29 11:32:22 +00:00
Ian Lynagh
6be2e98796 Java/Kotlin: Remove the erasure relation 
It's no longer used
 2024-10-29 11:32:20 +00:00
Ian Lynagh
8ab52dba83 Kotlin: Don't write the erasure relation 
It's no longer used
 2024-10-29 11:32:18 +00:00
Ian Lynagh
6c9739023d Java: Remove redundant getErasure overrides 
The root definition covers these cases already
 2024-10-29 11:32:16 +00:00
Alvaro Muñoz
31a9346d2d feat: show trigger event on query results 2024-10-29 11:59:59 +01:00
Rasmus Wriedt Larsen
7c7420a9a4 JS: Add change-note 2024-10-29 11:35:56 +01:00
Rasmus Wriedt Larsen
07bc1feb11 Docs: Threat-models supported in JS 
Capturing
- 7d3793e718
- e35c2b243a
- e11bfc27bd
 2024-10-29 11:33:02 +01:00
Rasmus Wriedt Larsen
84f6b89ced JS: Minor improvements to threat-model Concepts 
Mirroring what was done for Python
 2024-10-29 11:29:48 +01:00
Asger F
6aef571c17 JS: Bump extractor version string 2024-10-29 11:28:06 +01:00
Asger F
3cc6b11e6b JS: Expand attribute regex to include some Vue attributes 2024-10-29 11:19:01 +01:00
Asger F
560b3da851 JS: Add test with some special Vue attributes 2024-10-29 11:18:17 +01:00
Tom Hvitved
7ddc8f087d Merge pull request #17786 from paldepind/rust-saa-additions 
Rust: SSA additions
 2024-10-29 09:51:38 +01:00
Tom Hvitved
813ccb9c06 Merge pull request #17855 from hvitved/csharp/comments-mapped-locations 
C#: Take mapped locations into account in `Comments.qll`
 2024-10-29 08:58:38 +01:00
Anders Schack-Mulligen
1d3bad1358 UniversalFlow: More renaming. 2024-10-29 08:53:18 +01:00
Erik Krogh Kristensen
733158f8f2 Merge pull request #17860 from erik-krogh/fix-windows 
fix the RAM setting on Windows
 2024-10-29 08:34:09 +01:00
Asger F
2fb108419c JS: Only parameter-calls as lambda calls 2024-10-29 08:32:15 +01:00
Asger F
1e9e57e46e JS: Fix missing qldoc 2024-10-29 08:32:14 +01:00
Asger F
52ba91a7f8 JS: Updates to nodes/edges in tests 
Only changes to nodes/edges for various reasons, no actual result changes
 2024-10-29 08:32:13 +01:00
Asger F
1243188825 JS: Update CleartextLogging with fixed FP 2024-10-29 08:32:11 +01:00
Asger F
18b39460f5 JS: Add regained results in UnsafeJQueryPlugin 
These were marked as 'NOT OK' in the test file, but weren't previously flagged for some reason
 2024-10-29 08:32:10 +01:00
Asger F
d3e70c1e97 JS: Add in-barrier to XSS query 
This is a bit of a bandaid to cover issues with the push() method on next/router being
treated as an array push, which causes it to flow into other taint sources.
 2024-10-29 08:32:08 +01:00
Asger F
1b85feb1fa JS: Add imprecise post-update steps for when a captured var/this is not tracked precisely 
With the capture library we sometimes bails out of handling certain functions for scalability reasons.

This means we have a notion of "captured but imprecisely-tracked" variables and 'this'. In these cases we go back to propagating flow from a post-update node to the local source.
 2024-10-29 08:32:07 +01:00
Asger F
d557c7689c JS: Update a test that now has more precise output 2024-10-29 08:32:06 +01:00
Asger F
1efef2ca3c JS: Change rule for getPostUpdateForStore 
This causes less wobbles in test outputs
 2024-10-29 08:32:05 +01:00
Asger F
ad52b71922 JS: Update immutable.js test to clarify why it stopped working 
The Immutable model uses the 'd' and 'f' properties to model Map content, but the test doesn't actually mention those properties, so they were missing from the PropertyName class.

The flow was previously found spuriously by the regular Map model, which also adds flow through the  get/set calls. This flow is however no longer found since it relied on a step from post-update back to getALocalSource which is no longer present.
 2024-10-29 08:32:03 +01:00
Asger F
c0997c28cb JS: Reveal issue with immutable.js test 
Fixed in the next commit
 2024-10-29 08:32:02 +01:00
Asger F
4473e6d977 JS: Update test with some post-update consistency checks gone 
For a constructor call, the return value acts as the post-update node for the 'this' argument. The fact that constructor calls are sometimes PostUpdateNodes causes some of these harmless alerts.

The warnings have disappeared in some cases because we no longer target getALocalSource() so the target is no longer the constructor call.
 2024-10-29 08:32:01 +01:00
Asger F
cb874945bf Test updates from introduction of implicit 'this' 2024-10-29 08:31:59 +01:00
Asger F
bd94fe1574 JS: Explain false positive in test case 2024-10-29 08:31:58 +01:00
Asger F
e05e077b33 JS: Block jump steps through 'this' now that the capture lib handles 'this' 2024-10-29 08:31:57 +01:00
Asger F
16b08b74eb JS: Add test showing potential for FPs when handling refinement guards 2024-10-29 08:31:55 +01:00
erik-krogh
2ee88f6774 fix the RAM setting on Windows 2024-10-28 20:39:34 +01:00
Arthur Baars
c87f2c4eb1 Rust: remove unnecessary field 2024-10-28 18:56:20 +01:00
Paolo Tranquilli
2b386c422c Merge pull request #17839 from github/redsun82/rust-analysis 
Rust: add codeql analysis workflow
 2024-10-28 18:14:32 +01:00
Dave Bartolomeo
d4db759057 Merge pull request #17858 from github/dbartol/actions-placeholder 2024-10-28 11:57:20 -04:00
Dave Bartolomeo
609a6c38e4 Revert "Fix bash nit" 
This reverts commit 3228447544.
 2024-10-28 11:39:22 -04:00
Dave Bartolomeo
a70ce25144 Merge pull request #17850 from github/dbartol/actions-placeholder 
Implement Actions extractor and placeholder Actions QL packs
 2024-10-28 11:34:00 -04:00