hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-16 12:36:55 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,713 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
4568967a76 JS: Do not use legacy taint steps in TaintedUrlSuffix 
Tainted URL suffix steps are added as configuration-specific additional
steps, which means implicit reads may occur before any of these steps.

These steps accidentally included the legacy taint steps which include
a step from 'arguments' to all positional parameters. Combined with the
implicit read, arguments could escape their array index and flow to
any parameter while in the tainted-url flow state.
 2024-08-29 13:48:30 +02:00
Asger F
65a36b0b3b JS: Add regression test for argument position confusion 2024-08-29 13:42:28 +02:00
Michael Nebel
0df0d8a51f Merge pull request #17236 from michaelnebel/java/viablecallableheuristic 
Java: Make more finegrained dataflow dispatch viable callable heuristic.
 2024-08-29 10:46:30 +02:00
Joe Farebrother
5494389c4b Update changenote 
Co-authored-by: Sid Shankar <sidshank@github.com>
 2024-08-29 09:44:23 +01:00
Simon Friis Vindum
e7f059ae55 C++: Tweak the bounded barrier 2024-08-29 10:32:31 +02:00
Michael Nebel
53b2471c9d Java: Update expected test output. 2024-08-29 09:03:46 +02:00
Cornelius Riemenschneider
047a655dec Merge pull request #17324 from github/criemen/move-swift-int-tests 
Swift: Move all integration tests.
 2024-08-28 21:27:26 +02:00
Simon Friis Vindum
edeefe5bb6 Merge pull request #17298 from paldepind/model-functions-that-dont-throw 
C++: Add basic modeling of functions that don't throw
 2024-08-28 19:50:31 +02:00
Tom Hvitved
49a4f3a82f Data flow: Reduce non-linear recursion in fwdFlow0 2024-08-28 17:29:23 +02:00
Paolo Tranquilli
f40901f391 Rust: archiving + skeleton def translator 2024-08-28 17:15:49 +02:00
Michael Nebel
fa5d6f12be Java: Update logging test expected output. 2024-08-28 16:16:16 +02:00
Michael Nebel
bd5529cefa Java: Update the Byte- and CharBuffer models and add models for set- and getParameters on LogRecord. 2024-08-28 16:15:09 +02:00
Michael Nebel
395656a1cf Java: Extend the logging test with a test case for parameters. 2024-08-28 16:13:32 +02:00
Cornelius Riemenschneider
123c375d84 Merge pull request #17322 from github/criemen/move-js-int-tests 
JS: Move all integration tests.
 2024-08-28 16:04:39 +02:00
Jeroen Ketema
40fe39c288 Merge pull request #17311 from jketema/builtins 
C++: Add support for more clang builtins
 2024-08-28 16:00:08 +02:00
Simon Friis Vindum
d1fecd869b C++: Make StringCchPrintf not extend NonThrowingFunction 2024-08-28 15:40:14 +02:00
Cornelius Riemenschneider
966c3a62dd Merge pull request #17309 from github/criemen/bazel-prerelease 
Bazel: switch to a 7.4.0 prerelease.
 2024-08-28 15:28:06 +02:00
Jeroen Ketema
2b571cf450 C++: Address review comments 2024-08-28 15:11:42 +02:00
Michael Nebel
e8595e28e9 Update java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-08-28 15:04:38 +02:00
Anders Schack-Mulligen
dd49fc932d Merge pull request #17325 from aschackmull/dataflow/state-in-summary 
Dataflow: Include FlowState in SummaryCtx.
 2024-08-28 15:03:18 +02:00
Cornelius Riemenschneider
ab56e63f96 Merge branch 'main' into criemen/pytest-java 2024-08-28 14:47:49 +02:00
Michael Nebel
6d346dbedd DataFlow: Bugfix in flow state for value preservation. 2024-08-28 14:40:04 +02:00
Anders Schack-Mulligen
6a9bd0de1d Dataflow: Include FlowState in SummaryCtx. 2024-08-28 14:13:28 +02:00
Jeroen Ketema
026969b6e9 C++: Add change note 2024-08-28 13:08:44 +02:00
Jeroen Ketema
9e861ce717 C++: Add support for more clang builtins 2024-08-28 13:08:42 +02:00
Tom Hvitved
7f8e6bf574 Merge pull request #16970 from hvitved/dataflow/local-big-step-stage 
Data flow: Compute local big step relation as stage output
 2024-08-28 12:28:16 +02:00
Tom Hvitved
27bc8ed6af Address review comment 2024-08-28 11:38:29 +02:00
Chris Smowton
464b552cad Merge pull request #17321 from github/criemen/move-go-int-tests 
Go: Move all integration tests.
 2024-08-28 10:30:55 +01:00
Cornelius Riemenschneider
d349ddba57 Merge pull request #17323 from github/criemen/move-ruby-int-tests 
Ruby: Move all integration tests.
 2024-08-28 11:18:05 +02:00
Simon Friis Vindum
d6049cd98b C++: Add additional implementations of NonThrowingFunction and make minor fixes to docs 2024-08-28 10:54:16 +02:00
Cornelius Riemenschneider
a92a845719 Swift: Move all integration tests. 
We are no longer bound to the platform-specific directories,
so simplify the test organization.
If you don't want this change, just skip merging this PR. It's purely optional.
 2024-08-28 10:47:17 +02:00
Cornelius Riemenschneider
3326bc417c Ruby: Move all integration tests. 
We no longer need the platform-specific directories, so simplify the test organization.
If you don't want this change, just skip merging this PR. It's purely optional.
 2024-08-28 10:45:05 +02:00
Cornelius Riemenschneider
b7b475d13b JS: Move all integration tests. 
We no longer need the platform-specific directories, so simplify the test organization.
If you don't want this change, just skip merging this PR.
It's purely optional.

The PR also deletes a spurious qlpack.yml that I missed when converting the tests to pytest.
 2024-08-28 10:43:08 +02:00
Cornelius Riemenschneider
bfc6fee828 Go: Move all integration tests. 
We no longer need the platform-specific directories,
so simplify the test organization.
If you want to retain the `linux` directory for two tests,
or not do this at all, just skip merging this PR.
It's purely optional.
 2024-08-28 10:37:59 +02:00
Joe Farebrother
a8591c79c5 Update test 2024-08-28 09:11:34 +01:00
Joe Farebrother
f3dea1d647 Add changenote 2024-08-28 09:04:01 +01:00
Tom Hvitved
22e1921391 Merge pull request #17313 from hvitved/dataflow/to-normal-sink-node-ex 
Data flow: Move `toNormalSinkNodeEx` into `PathNodeMid`
 2024-08-28 09:06:41 +02:00
Henry Mercer
ea1870fbbd Merge pull request #17318 from github/post-release-prep/codeql-cli-2.18.3 
Post-release preparation for codeql-cli-2.18.3
 2024-08-27 20:34:55 +01:00
Henry Mercer
21a0109ca2 Merge branch 'rc/3.15' into post-release-prep/codeql-cli-2.18.3 2024-08-27 19:53:46 +01:00
github-actions[bot]
3e774476c6 Post-release preparation for codeql-cli-2.18.3 2024-08-27 18:52:31 +00:00
Henry Mercer
f348b6cbf7 Merge pull request #17317 from github/release-prep/2.18.3 
Release preparation for version 2.18.3
codeql-cli/v2.18.3 		2024-08-27 18:53:04 +01:00
Henry Mercer
3d8c402b6f C#: Add spaces around em dash in changelog note 2024-08-27 18:51:40 +01:00
github-actions[bot]
0db6379602 Release preparation for version 2.18.3 2024-08-27 17:50:22 +00:00
Henry Mercer
cf1f290b61 Merge pull request #17316 from github/revert-17279-release-prep/2.18.3 
Revert "Release preparation for version 2.18.3"
 2024-08-27 18:47:55 +01:00
Henry Mercer
0f44cd3f62 Revert "Release preparation for version 2.18.3" 2024-08-27 18:19:25 +01:00
Paolo Tranquilli
2a2b79e6df Rust: skeleton trap file emission code 2024-08-27 17:50:53 +02:00
Paolo Tranquilli
927710017e Rust: add some configuration and logging 2024-08-27 17:07:23 +02:00
Tom Hvitved
b589fcad11 Data flow: Tweak join-order in toNormalSinkNodeEx 2024-08-27 15:42:24 +02:00
Tom Hvitved
80b6135a64 Data flow: Move toNormalSinkNodeEx into PathNodeMid 2024-08-27 15:42:13 +02:00
Joe Farebrother
fc24ca304d Update tests 2024-08-27 14:18:50 +01:00