hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-25 09:01:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,715 Branches 163 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
2af68d37d0 C++: Include 'SwitchInstruction's as 'IRGuardCondition's. 2024-03-15 17:03:45 +00:00
Mathias Vorreiter Pedersen
704f1fad46 C++: Add switches as testcases for guard conditions. 2024-03-15 17:02:32 +00:00
Jorge
09c2ba4280 Make action download actions-all 2024-03-15 16:39:18 +01:00
Max Schaefer
daee22d38c Merge pull request #15933 from github/max-schaefer/go-incomplete-hostname-regex 
Go: Mention raw string iterals in QHelp for `go/incomplete-hostname-regexp`.
 2024-03-15 15:07:10 +00:00
Edward Minnix III
8ae64e992c Merge pull request #15929 from egregius313/egregius313/csharp/mad/source-node-clases-for-models 
C#: Add classes extending `SourceNode` for local and stored source models
 2024-03-15 11:06:14 -04:00
Joe Farebrother
8c5fff2d11 Update names and qldoc for params taint predicates 2024-03-15 14:43:29 +00:00
Mathias Vorreiter Pedersen
23cf99734a C++: Add a new experimental query ' cpp/iterator-to-expired-container'. 2024-03-15 14:29:29 +00:00
Mathias Vorreiter Pedersen
f7c29e6bfb C++: Expose some previously private classes from our models so they can be used in queries. 2024-03-15 14:21:39 +00:00
Rasmus Lerchedahl Petersen
cfbc3f73ec Pyhton: add test for conflicting summaries 
We noticed that when
- a function has more than one summary (with different charpred)
- one summary is subsumed by a subpath (or something happens around the function being extracted)
- the function is called multiple times(we needed at least three)
one of the summaries would no longer lead to flow.
 2024-03-15 15:13:39 +01:00
Jorge
e0bbb66be4 Try to fix actions-all suite 2024-03-15 15:11:21 +01:00
Sim4n6
3acdd3382c Update the expected file 2024-03-15 14:17:23 +01:00
Sim4n6
26a16b7857 use of a single var "op" of type Cmpop 2024-03-15 14:17:23 +01:00
Sim4n6
a717bf1b9d Fix p tag in UnicodeDoS.qhelp 2024-03-15 14:17:23 +01:00
Sim4n6
af19a0342e Fix UnicodeDoS vulnerability in CWE-770 code 2024-03-15 14:17:23 +01:00
Sim4n6
085d803b14 Fix UnicodeDoS vulnerability in CWE-770 2024-03-15 14:17:23 +01:00
Sim4n6
31dc542111 Update request parameter name in good_1() function 2024-03-15 14:17:23 +01:00
Sim4n6
70ebc58b4c Refactor Unicode normalization code 2024-03-15 14:17:23 +01:00
Sim4n6
3d8868a6c3 Add routes for bad_5 and bad_6, and fix routes for good_3 and good_4 2024-03-15 14:17:23 +01:00
Sim4n6${{7*'7'}}
658b88e62f Update python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql 
update the Config API

Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-15 14:17:23 +01:00
Sim4n6
1f767b887e Add some comments and docs 2024-03-15 14:17:23 +01:00
Sim4n6
5cc9170249 Add UnicodeDoS sink for werkzeug secure_filename 2024-03-15 14:17:23 +01:00
Sim4n6
342465057c Add Unicode DoS (CWE-770) 2024-03-15 14:17:23 +01:00
Alvaro Muñoz
0da8f8d299 Merge pull request #36 from GitHubSecurityLab/fix_source_regexps 
fix(fn): Apply json wrappers to source regexps
 2024-03-15 14:05:29 +01:00
Alvaro Muñoz
d9e589c6e7 Remove unnecessary boundary anchors 2024-03-15 13:58:46 +01:00
Alvaro Muñoz
6cb15f06bc fix(fn): Apply json wrappers to source regexps 2024-03-15 13:54:21 +01:00
Alvaro Muñoz
27a9bc8564 Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-03-15 13:34:21 +01:00
Alvaro Muñoz
01d8d79e6d Bump versions 2024-03-15 13:34:12 +01:00
Mathias Vorreiter Pedersen
19c9ea7e20 C++: Implement alias and side effect models for iterators. 2024-03-15 12:13:43 +00:00
Mathias Vorreiter Pedersen
a51fe4a00e C++: Make the vector and iterator classes in 'ir.cpp' more realistic. This matches the one we use for dataflow tests. 2024-03-15 12:10:48 +00:00
Max Schaefer
d3e0a90ae5 Go: Mention raw string iterals in QHelp for go/incomplete-hostname-regexp. 2024-03-15 11:22:40 +00:00
Tom Hvitved
693c28a821 Merge pull request #15931 from hvitved/ql/remove-missing-override-query 
QL4QL: Remove `MissingOverride` query
 2024-03-15 11:28:41 +01:00
Alvaro Muñoz
ea135a60de Merge pull request #35 from GitHubSecurityLab/jorgectf-patch-2 
Fix tokens
 2024-03-15 11:25:08 +01:00
Jorge
5908d6c567 Fix tokens 2024-03-15 11:23:37 +01:00
Jorge
465700b2cd Merge pull request #33 from GitHubSecurityLab/jorgectf-patch-1 
Add `GITHUB_TOKEN`
 2024-03-15 11:19:41 +01:00
Alvaro Muñoz
188f9d5adc Merge pull request #34 from GitHubSecurityLab/refactor_queries 
Refactor queries
 2024-03-15 11:17:31 +01:00
Alvaro Muñoz
169e57e874 Refactor queries 2024-03-15 11:10:41 +01:00
Owen Mansel-Chan
8e52483beb Add df-manual models in manually modeled classes 2024-03-15 10:10:23 +00:00
Jorge
a36ae6a7e2 Add GITHUB_TOKEN 2024-03-15 11:07:01 +01:00
Tom Hvitved
80649786c3 QL4QL: Remove MissingOverride query 2024-03-15 11:06:15 +01:00
Tom Hvitved
e7b00a7b42 Ruby: Add post-update argument nodes for string constants 2024-03-15 10:47:39 +01:00
Rasmus Wriedt Larsen
7eb4419342 Python: Restrict type-tracking content to only be precise 
At least for now :)
 2024-03-15 10:24:57 +01:00
Rasmus Wriedt Larsen
6babb2ff90 Python: Accept .expected for typetracking-summaries 2024-03-15 10:24:33 +01:00
Alvaro Muñoz
92dbceb507 boost pack versions 2024-03-15 10:19:08 +01:00
Rasmus Wriedt Larsen
00f2a6a65e Python: Update ssa-compute test expectations 2024-03-15 10:14:45 +01:00
Asger F
711a08b0d4 JS: Add TODO about switching to the shared library 2024-03-15 09:26:19 +01:00
Tony Torralba
171ff4d161 Merge pull request #15928 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-03-15 09:24:57 +01:00
Ed Minnix
71cf948650 Classes extending SourceNode for local and stored source models 
Queries such as `cs/sql-injection` cast their source to a `SourceNode`
in order to describe them. For example:

```ql
import semmle.code.csharp.security.dataflow.flowsources.FlowSources

string getSourceType(DataFlow::Node source) {
   result = source.(SourceNode).getSourceType()
}
```

Models as data source models are not included in `SourceNode` by
default, they must be wrapped with a class extending `SourceNode`.

This adds such classes, which wrap the
`sourceNode(DataFlow::Node,string)` predicate and assigns a
`getSourceType`.
 2024-03-14 22:23:54 -04:00
github-actions[bot]
7f05743212 Add changed framework coverage reports 2024-03-15 00:16:16 +00:00
Joe Farebrother
f464f1b94e Accept test output + fix qldoc typo 2024-03-14 22:25:37 +00:00
Joe Farebrother
b4ed77343b Add change note + fix qldoc 2024-03-14 22:25:36 +00:00