hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 04:56:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,714 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
4afdb0927e Dataflow: Remove src/sink grouping feature. 2024-08-20 10:07:36 +02:00
Ed Minnix
49a4318ab1 DRAFT: Go MaD docs first draft (still need to change Select example) 2024-08-20 00:30:16 -04:00
Ed Minnix
0361b5c342 Fix AllocationSizeOverflow expectations 2024-08-19 22:31:29 -04:00
Ed Minnix
bb1cf4f51f Fix tests 2024-08-19 20:14:23 -04:00
Ed Minnix
e3ffbbe3b7 Fix extensible name in io/fs models 2024-08-19 19:02:07 -04:00
Ed Minnix
442026cc9d Fix test results 2024-08-19 17:23:32 -04:00
Ed Minnix
2629e09b67 Add io/ioutil and io/fs models 2024-08-19 17:22:46 -04:00
Ed Minnix
a308bdb75d Modify UnhandledCloseWritableHandle to use post processing 2024-08-19 12:59:34 -04:00
Geoffrey White
4c5c6c6968 Merge pull request #17148 from geoffw0/hardkey 
Swift: Additional test cases for swift/hardcoded-key
 2024-08-19 17:45:34 +01:00
Ed Minnix
5e8185ac4f Port test to inline expectations test 2024-08-19 12:44:30 -04:00
Ed Minnix
704cd8aee3 Update change note 2024-08-19 12:28:55 -04:00
Edward Minnix III
fc38476e42 Fix models 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-19 12:25:55 -04:00
Ed Minnix
f89174a6f3 CI changes (provenance) 2024-08-19 12:25:52 -04:00
Ed Minnix
0f7ad98a23 Change note 2024-08-19 12:25:48 -04:00
Ed Minnix
eb8c785c6b Fix formatting 2024-08-19 12:25:43 -04:00
Ed Minnix
3f640a99d3 Tests for file models 2024-08-19 12:25:37 -04:00
Ed Minnix
383e27c2bd Add file sources 2024-08-19 12:25:27 -04:00
Chris Smowton
80e03c3c51 Improve ql/doc style 2024-08-19 16:25:06 +01:00
Chris Smowton
27522a2781 Remove redundant imports 2024-08-19 16:23:06 +01:00
Tamas Vajk
9d7314febb C#: Change random temp folder names to hash values 2024-08-19 15:56:56 +02:00
Cornelius Riemenschneider
35ff4d69b7 Merge branch 'main' into impr/add-retry-logic-to-file-download 2024-08-19 12:46:29 +02:00
Tamas Vajk
8b6c293b5c C#: Add retry logic to file (nuget.exe, dotnet-install.sh) downloads 2024-08-19 12:19:51 +02:00
Cornelius Riemenschneider
33f87c0c46 Port linux/kotlin tests to pytest. 2024-08-19 11:33:25 +02:00
Cornelius Riemenschneider
ccd90f25ba Port posix/kotlin tests to pytest. 2024-08-19 11:33:24 +02:00
Cornelius Riemenschneider
c2aff1ea97 Port all-platforms/kotlin tests to pytest. 2024-08-19 11:33:23 +02:00
Asger F
3be219c79d Merge pull request #17243 from asgerf/js/post-message-source-client-side 
JS: Classify post-message events as client side taint sources
 2024-08-19 11:09:26 +02:00
Rasmus Wriedt Larsen
8f7dec07b8 Python: Remove 'response' from default threat-models 
I didn't want to put the configuration file in
`semmle/python/frameworks/**/*.model.yml`, so created `ext/` as in other
languages
 2024-08-19 10:54:48 +02:00
Rasmus Wriedt Larsen
617ab27c75 Python: Add test showing default active threat-models 2024-08-19 10:54:48 +02:00
Rasmus Wriedt Larsen
766dcc4dd6 ThreatModels: Expose knownThreatModel 
Without, it's impossible to write test showing what threat-models are
active by default... unless I provide a hardcoded list in the test
itself, which is not any fun.
 2024-08-19 10:54:47 +02:00
Rasmus Wriedt Larsen
5ec8e5dd30 Python: Setup support for threat-models 
Naming in other languages:
- `SourceNode` (for QL only modeling)
- `ThreatModelFlowSource` (for active sources from QL or data-extensions)

However, since we use `LocalSourceNode` in Python, and `SourceNode` in
JS (for local source nodes), it seems a bit confusing to follow the same
naming convention as other languages, and instead I came up with new names.
 2024-08-19 10:54:47 +02:00
Cornelius Riemenschneider
ed7f3305d9 Move legacy marker only to java tests. 2024-08-19 10:47:15 +02:00
Felicity Chapman
dc0832c3d8 Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp.rst 2024-08-19 09:42:04 +01:00
Geoffrey White
a25d9c7397 Merge pull request #17220 from paldepind/reuse-unbounded-in-tainted-allocation-size 
C++: Reuse bounded predicate in TaintedAllocationSize query
 2024-08-19 09:37:55 +01:00
Cornelius Riemenschneider
2933a3be9c Merge pull request #17088 from github/criemen/modext-isolation 
`crate_universe`: Enable modext isolation.
 2024-08-19 10:22:55 +02:00
Cornelius Riemenschneider
675e920667 Fix formatting. 2024-08-19 09:00:08 +02:00
Cornelius Riemenschneider
1faad979ad Address review. 2024-08-19 08:54:56 +02:00
Michael Nebel
ec9f533325 Merge pull request #17248 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-08-19 08:26:47 +02:00
Simon Friis Vindum
1665badc83 C++: Add change note for cpp/uncontrolled-allocation-size 2024-08-19 08:23:40 +02:00
Simon Friis Vindum
1959e1929e C++: Reuse bounded predicate in TaintedAllocationSize query 2024-08-19 08:23:32 +02:00
github-actions[bot]
9279bebf07 Add changed framework coverage reports 2024-08-19 00:19:04 +00:00
Cornelius Riemenschneider
f9bc97b2a1 crate_universe: Enable modext isolation. 
This should allow us to build our python and ruby
code independently - in particular, we can now do shallow
checkouts of one without the other.
Previously, the modext introduced cross-dependency.
This also reduces the amount of work we do in the
crate universe processing for the other language, even
though it's unused.

This does need renaming the module, as otherwise
the generated paths from rules_rust get too long
for Windows :(
 2024-08-18 21:00:30 +02:00
Geoffrey White
b001f47c17 Merge pull request #17211 from paldepind/uncontrolled-allocation-size-docs 
C++: Update documentation for cpp/uncontrolled-allocation-size to clarify its scope
 2024-08-16 16:36:22 +01:00
Chris Smowton
9c0bdbb20a Java: add a test exercising Spring component liveness detection 
The existing Spring stubs are expanded sufficiently to support the needed annotations and a few referenced classes and exceptions.
 2024-08-16 16:36:08 +01:00
Geoffrey White
e3b9b0a9bd Merge pull request #17210 from geoffw0/mailto 
Swift: Fix false positives in the swift/cleartext-transmission query
 2024-08-16 16:23:09 +01:00
Geoffrey White
0e766aa99b C++: Remove redundant lines. 2024-08-16 15:56:30 +01:00
am0o0
f4764378c9 update tests to contain the new source, delete query with local sources 2024-08-16 16:15:46 +02:00
Simon Friis Vindum
5504799d44 Merge branch 'main' into uncontrolled-allocation-size-docs 2024-08-16 16:15:14 +02:00
am0o0
d88b310b0e add getCredentials method of AuthenticationToken as a remote source 2024-08-16 15:41:19 +02:00
Anders Schack-Mulligen
3a9610795b Merge pull request #16808 from JLLeitschuh/patch-8 
Align Java CommandInjectionRuntimeExec.ql Severity
 2024-08-16 15:14:48 +02:00
Asger F
7a7ab457a9 JS: Delete unneeded test code (and shift line numbers) 2024-08-16 14:38:54 +02:00