hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-13 11:06:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,711 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
490f81437b Merge pull request #17804 from github/aibaars/local-defs-1 
Rust: add ide-contextual-queries/localDefinitions.ql
 2024-10-21 15:30:44 +02:00
Tom Hvitved
f72af4f1f3 Rust: Use Callable to define CfgScope 2024-10-21 15:22:04 +02:00
Tom Hvitved
c4c936d6fa Rust: Speedup SummaryStats.ql 2024-10-21 15:21:13 +02:00
Michael Nebel
dec2c61e5d Java: Update LdapInjection expected test output. 2024-10-21 15:19:46 +02:00
Michael Nebel
d59df1f938 Java: Re-generate JDK 17 models. 2024-10-21 15:19:45 +02:00
Michael Nebel
23d285c698 Java: Update model generator expected output. 2024-10-21 15:19:44 +02:00
Michael Nebel
786d04e939 Java: Add the clone method to the model generation exclusions. 2024-10-21 15:19:43 +02:00
Michael Nebel
7919dcfb12 Java: Add modelgenerator clone example. 2024-10-21 15:19:42 +02:00
Michael Nebel
e2ada2536b Java: Update java.net expected output. 2024-10-21 15:19:41 +02:00
Michael Nebel
97f0037a7b Java: Manually model InetSocketAddress as the model generator doesn't correctly taint the hostname. 2024-10-21 15:19:40 +02:00
Michael Nebel
0a931aa69f Java: Add change note. 2024-10-21 15:19:38 +02:00
Michael Nebel
9a44eec04c Java: Add manual models for FileReader (they would also have disappeared if models were re-generated without using mixed mode). 2024-10-21 15:19:37 +02:00
Michael Nebel
b356c3cd48 Java: Manually model ZipFile (due to CWE-522 compression bombs test failure). 2024-10-21 15:19:36 +02:00
Michael Nebel
f537e04532 Java: Update LdapInjection expected test output. 2024-10-21 15:19:35 +02:00
Michael Nebel
f7b38a8955 Java: Add some less precise models for BasicAttributes to get the models to work with search sink and re-generate SDK models. 2024-10-21 15:19:34 +02:00
Michael Nebel
e94cacd449 Java: Update test expected output where the query results are not affected. 2024-10-21 15:19:33 +02:00
Michael Nebel
24d1e9927b Java: Update expected test output for the model editor tests. 2024-10-21 15:19:32 +02:00
Michael Nebel
ea14547643 Java: Update TopJdkApisTest expected output. 2024-10-21 15:19:31 +02:00
Michael Nebel
cbd9cc6dae Java: Update request forgery expected output. 2024-10-21 15:19:30 +02:00
Michael Nebel
3b6f39931b Java: Re-add generated (mixed) summaries and neutrals for the Java SDK 17. 2024-10-21 15:19:28 +02:00
Michael Nebel
f50734f0ee Java: Delete all generated Java JDK models. 2024-10-21 15:19:27 +02:00
Tom Hvitved
e9adbf231f Merge pull request #17816 from hvitved/rust/expr-trees-module 
Rust: Move all expression CFG trees inside an `ExprTrees` module
 2024-10-21 15:12:51 +02:00
Tom Hvitved
d2623cf4c3 Merge pull request #17814 from hvitved/rust/fix-bad-join 
Rust: Fix bad join
 2024-10-21 15:01:31 +02:00
Tom Hvitved
a6a68ef8be Apply suggestions from code review 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2024-10-21 14:43:22 +02:00
Taus
d01593e571 Python: Add test for string encoding dataset check 
Note that this test checks that the current setup creates dataset check
violations. A later commit will fix this (and flip the negation in the
test).
 2024-10-21 12:08:46 +00:00
Tom Hvitved
1f5e02f539 Rust: Move all expression CFG trees inside an ExprTrees module 2024-10-21 13:41:11 +02:00
Simon Friis Vindum
85e59c9920 Merge branch 'main' into rust-saa-additions 2024-10-21 13:30:02 +02:00
Alvaro Muñoz
6dbbfa9672 Bump qlpack versions 2024-10-21 12:12:37 +02:00
Michael Nebel
1217c55c36 C#: Add change note. 2024-10-21 12:08:03 +02:00
Michael Nebel
191658f637 C#: Update expected test output. 2024-10-21 12:04:31 +02:00
Michael Nebel
b2b1a3ea65 C#: Consider string.ReplaceLineEndings(string) as a sanitizer for log forging. 2024-10-21 12:03:59 +02:00
Michael Nebel
0b8e83dc87 C#: Add log forging false positive example using ReplaceLineEndings. 2024-10-21 11:55:09 +02:00
Cornelius Riemenschneider
ce53964edf Merge pull request #17812 from github/redsun82/rust-move-integration-tests 
Rust: move integration tests to where other languages have them
 2024-10-21 11:41:16 +02:00
Tom Hvitved
7e82595cae Rust: Fix bad join 
Before
```
Evaluated relational algebra for predicate MatchExprImpl::Impl::MatchExpr.getLastArm/0#dispred#24e5f4cf@9cf607tl with tuple counts:
            660677  ~0%    {4} r1 = SCAN `MatchExprImpl::Impl::MatchExpr.getArm/1#dispred#817de8a3` OUTPUT _, In.0, In.2, In.1
            660677  ~0%    {3}    | REWRITE WITH Tmp.0 := 1, Out.0 := (Tmp.0 + In.3) KEEPING 3
        5342095756  ~0%    {3}    | JOIN WITH `MatchArmList::Generated::MatchArmList.getNumberOfArms/0#dispred#9ad72f08_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2
             96597  ~3%    {2}    | JOIN WITH `MatchExpr::Generated::MatchExpr.getMatchArmList/0#dispred#11f1a73e` ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                           return r1
```

After
```
Evaluated relational algebra for predicate MatchExprImpl::Impl::MatchExpr.getLastArm/0#dispred#24e5f4cf@9d7a92pu with tuple counts:
        660677   ~0%    {5} r1 = JOIN `MatchExprImpl::Impl::MatchExpr.getArm/1#344daffc` WITH `MatchExprImpl::Impl::MatchExpr.getNumberOfArms/0#ab0d8732` ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, _, Rhs.1
                        {4}    | REWRITE WITH Tmp.3 := 1, Out.3 := (In.4 - Tmp.3), TEST Out.3 = InOut.1 KEEPING 4
         96597   ~3%    {2}    | SCAN OUTPUT In.0, In.2
                        return r1
```
 2024-10-21 11:40:13 +02:00
Alvaro Muñoz
229d42b515 Add sonar-scanner-action as a poisonable step 2024-10-21 11:05:06 +02:00
Simon Friis Vindum
5e4ce8f66d Merge pull request #17800 from paldepind/rust-cfg-fixes 
Rust: Various fixes to the CFG construction
 2024-10-21 10:39:27 +02:00
Chris Smowton
5ba37bd7a3 Rename change note 2024-10-21 09:36:07 +01:00
Simon Friis Vindum
a1ebf98552 Merge branch 'main' into rust-cfg-fixes 2024-10-21 10:12:07 +02:00
Simon Friis Vindum
3ae04752c4 Rust: Accept less CFG inconsistencies 2024-10-21 10:07:11 +02:00
Simon Friis Vindum
9c172f62a4 Rust: Fix dead end in CFG for match expressions with no arms 2024-10-21 09:59:23 +02:00
Paolo Tranquilli
7b870d30a4 Rust: move integration tests to where other languages have them 2024-10-21 09:29:37 +02:00
Simon Friis Vindum
381f061e7f Rust: Add CFG test for match with no arms 2024-10-21 09:29:28 +02:00
Simon Friis Vindum
e149071634 Merge pull request #17803 from paldepind/unreachable2 
Rust: More test cases for rust/dead-code
 2024-10-21 08:30:36 +02:00
Porcupiney Hairs
7ef2d79b3f Include changes from review 2024-10-21 03:28:19 +05:30
Alvaro Muñoz
fc5a6703b3 Add github.event.sender.login as an Actor source 2024-10-19 17:01:47 +02:00
Alvaro Muñoz
e03ba55812 Account for checkout path on Untrusted Checkout Critical 2024-10-19 17:01:29 +02:00
Kylie Stradley
2d5cd1a61a WIP. todo: modify help text in query to be helpful, write qlhelp file, find out how to not release to customers 2024-10-18 16:51:31 -04:00
Kylie Stradley
e5508343b1 update unpinned actions tag test 2024-10-18 15:21:33 -04:00
Calum Grant
c5a082fd8e C++: Fix CWE-022 2024-10-18 19:45:29 +01:00
Chris Smowton
241f951db1 Add change-note for Java buildless packaging its required Maven plugin 2024-10-18 17:43:18 +01:00