hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-16 20:46:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,714 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cornelius Riemenschneider
d84e745ce9 Make ripunzip installer accessible from outside this repo. 
* The relative path to misc doesn't work when running from another repo
* The buildifier dependency is not available from other repos,
  therefore we can't pull in //misc/bazel without further refactoring.

Therefore, inline the runfiles snippet here.
 2024-08-23 14:24:51 +02:00
Anders Schack-Mulligen
65189e09f5 Dataflow: Simplify using a SummaryCtx type. 2024-08-23 14:18:46 +02:00
Tom Hvitved
ea6092ad3f Revert "C#: Add support for flow through side-effects on static fields" 
This reverts commit 1bcac50db1.
 2024-08-23 14:10:56 +02:00
Asger F
8df7fbf6d6 Swift: update test output 
The 'first' field is seen as a TaintInheritingContent, which means any read step for 'first' becomes a taint step too.
This type of taint step does not permit an implicit read before it, because it wasn't contributed by a configuration.
So there is no way for the taint to get out of the collection content before the taint step through '.first'.
The test previously passed because an implicit read at once of the earlier sinks could follow use-use flow down to the receiver of .first,
allowing it to escape the collection content.
 2024-08-23 11:30:50 +02:00
Asger F
d27b28d371 C++: update test output 
This reveals that some tests were passing for the wrong reasons.
See https://github.com/github/codeql/pull/17275
 2024-08-23 11:29:24 +02:00
Asger F
9703f67794 Test output updates that only affect nodes/edges 2024-08-23 11:03:26 +02:00
Asger F
6bc8407bd6 Java: Update test output 2024-08-23 11:02:29 +02:00
Asger F
c3b36325b2 Shared: prevent use-use flow through implicit reads (part 1) 2024-08-23 11:02:28 +02:00
Asger F
7cfe3dae85 JS: Port step for dynamic imports 2024-08-23 10:07:28 +02:00
Asger F
379952febc Merge pull request #17285 from asgerf/js/shared-dataflow-bump 
JS: Resolve conflicts after merging 'main' into shared data flow branch
 2024-08-23 09:58:27 +02:00
Michael Nebel
20d9fd11ac Merge pull request #17288 from michaelnebel/shared/contentflow 
Shared: ContentFlow.
 2024-08-23 09:52:27 +02:00
Michael Nebel
19c2eb17c4 C#: Remove redundant imports. 2024-08-23 09:04:13 +02:00
Andrew Eisenberg
c1c9ef2c1f Add a pull request template 2024-08-22 12:36:24 -07:00
Chris Smowton
67d94376e8 Merge pull request #17227 from smowton/smowton/fix/baseline-vs-nonroot-vendor-dirs 
Go / configure-baseline: account for multiple vendor directories and the `CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS` setting
 2024-08-22 15:00:51 +01:00
Michael Nebel
d935c47231 C#: Use the shared content flow implementation. 2024-08-22 15:46:01 +02:00
Michael Nebel
e6424f0f45 Shared: Make ContentDataFlow reusable. 2024-08-22 15:45:58 +02:00
Owen Mansel-Chan
18b99ffecc Merge pull request #17284 from owen-mc/go/fix-frameworks-coverage 
Go: Try to fix packages in frameworks coverage
 2024-08-22 14:43:52 +01:00
Tamas Vajk
6827bedaa7 C#: Add aggregated compiler and extractor message counts to extraction telemetry query 2024-08-22 15:14:33 +02:00
Tamás Vajk
3dce56b0b1 Merge pull request #17276 from tamasvajk/impr/change-partial-method-location 
C#: Change reporting location of partial methods
 2024-08-22 15:10:21 +02:00
Michael Nebel
4cd34531c6 Shared: Add a copy of the existing C# Content Dataflow implementation. 2024-08-22 15:07:45 +02:00
Ed Minnix
bf11e2cd0f Fix code block 2024-08-22 08:57:54 -04:00
Edward Minnix III
9b43b4994e fixed-version: example 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-22 08:52:02 -04:00
Edward Minnix III
7e98d02d56 Wording 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-22 08:51:30 -04:00
Asger F
a2dd47aeb2 JS: Update test output 
These files conflicted and have been regenerated.
 2024-08-22 14:27:15 +02:00
Felicity Chapman
28c333a327 Merge pull request #17272 from github/redirect-dataflow-cpp 
Add basic redirect for renamed article on dataflow analysis for C/C++
 2024-08-22 12:24:36 +01:00
Asger F
423fd04545 JS: Update new xsjs-specific code to respect TEarlyStageNode 2024-08-22 13:22:35 +02:00
Asger F
c54f5858b1 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-22 13:22:05 +02:00
Owen Mansel-Chan
2edadbf423 Try to fix packages in frameworks coverage 2024-08-22 11:44:34 +01:00
Asger F
a1688f6a1a Merge pull request #17240 from knewbury01/knewbury01/fix-helmetrequiredsetting-model 
Update JS helmet model structure
 2024-08-22 11:59:28 +02:00
Asger F
81239dcd95 Java: add test case 2024-08-22 11:26:05 +02:00
Michael Nebel
bd69b96752 Merge pull request #17273 from michaelnebel/csharp/sqlinject 
C#: ASP.NET Controller is allowed to be abstract.
 2024-08-22 11:18:48 +02:00
Asger F
43f54db4db Merge pull request #17274 from asgerf/java/implicit-pending-intents-implicit-read 
Java: Reveal false negative in test
 2024-08-22 11:00:07 +02:00
Tom Hvitved
d41d7c8246 Merge pull request #17207 from hvitved/csharp/content-set 
C#: Implement `ContentSet`
 2024-08-22 10:55:11 +02:00
Tom Hvitved
a213982b48 Merge pull request #17222 from hvitved/ruby/hash-splat-param-arg-matching 
Ruby: Rework (hash) splat argument/parameter matching
 2024-08-22 10:54:52 +02:00
Asger F
09aca6b47e Merge pull request #17212 from mbaluda/main 
Add support for importing NPM modules in XSJS sources
 2024-08-22 10:54:33 +02:00
Anders Schack-Mulligen
d97a301fef Merge pull request #17105 from aschackmull/dataflow/stage6 
Dataflow: Refactor stage 6 to use shared stage code.
 2024-08-22 09:46:49 +02:00
Tom Hvitved
e94fabcc19 Address review comment 2024-08-22 08:27:15 +02:00
Ed Minnix
2757b0ba6e Change example to net/http Request::FormValue 2024-08-21 18:35:19 -04:00
Edward Minnix III
1e1bbe92a3 Wording and typo 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-21 18:12:40 -04:00
Henry Mercer
55d325148d Merge pull request #17280 from github/post-release-prep/codeql-cli-2.18.3 
Post-release preparation for codeql-cli-2.18.3
 2024-08-21 21:34:50 +01:00
github-actions[bot]
0724fd7ce2 Post-release preparation for codeql-cli-2.18.3 2024-08-21 18:25:54 +00:00
Henry Mercer
ecb1428198 Merge pull request #17279 from github/release-prep/2.18.3 
Release preparation for version 2.18.3
 2024-08-21 18:31:17 +01:00
Henry Mercer
c4d37ebec7 C#: Add spaces around em dash in changelog note 2024-08-21 18:17:51 +01:00
github-actions[bot]
17cd9624fb Release preparation for version 2.18.3 2024-08-21 17:13:52 +00:00
Tom Hvitved
cb1b1da422 Ruby: Add another array flow test 2024-08-21 19:06:53 +02:00
Tom Hvitved
b0003c0453 Ruby: Remove two redundant checks 2024-08-21 19:06:29 +02:00
Edward Minnix III
2f3ebfb81f Merge pull request #17205 from egregius313/egregius313/go/dataflow/models/environment 
Go: Add models for environment variables
 2024-08-21 12:27:33 -04:00
Tamas Vajk
f7bf5e89be Add change note 2024-08-21 15:58:05 +02:00
Ed Minnix
c2fa721966 Fix stub 2024-08-21 09:56:42 -04:00
Ed Minnix
6fdff977e5 Fix test cases 2024-08-21 09:47:46 -04:00