hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 18:28:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,723 Branches 164 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
9e9b5292f2 C#: Add change note. 2024-01-18 13:50:52 +01:00
Michael B. Gale
d0003ce7be C#: Rename query to ExtractedFiles 2024-01-18 12:47:11 +00:00
Michael Nebel
337ab611c9 C#: Update expected test output. 2024-01-18 12:53:48 +01:00
Michael Nebel
9460c91c8c C#: Also consider nullable simple types (and datetime) as simple type sanitizers. 2024-01-18 12:53:29 +01:00
Michael Nebel
559842071a C#: Add example of log forging alert for simple nullable types and updated expected test output. 2024-01-18 12:50:40 +01:00
Michael Nebel
f8f95e6a19 C#: Add models as data test for inline arrays. 2024-01-18 12:23:26 +01:00
Michael Nebel
1d88ca2388 C#: Add more InlineArray test cases. 2024-01-18 12:23:26 +01:00
Rasmus Wriedt Larsen
54c7c5e8be Tree sitter extractor: Proper handling of LGTM_INDEX_FILTERS 
If someone had used `LGTM_INDEX_FILTERS=exclude:**/*\ninclude:*.rb`
before, we would have mistakenly excluded all files :|
(LGTM_INDEX_FILTERS is a prioritized list where later matches take
priority over earlier ones)

This change is needed to support adding `exclude:**/*` as the first
filter if `paths` include a glob, which currently causes bad behavior in
the Python extractor. However, we can first introduce that change once
this PR has been merged.

I realize this change can cause more folders and files to be traversed
(since they are not just skipped with --exclude). We plan to make a
better long term fix which should bring back the previous performance.
 2024-01-18 11:44:31 +01:00
Michael Nebel
70e7c92774 C#: Also check the namespace of the InlineArrayAttribute. 2024-01-18 11:09:01 +01:00
Michael Nebel
674838e698 C#: Add flow test for inline arrays. 2024-01-18 11:09:01 +01:00
Michael Nebel
f14b3265ab C#: Move static methods in CollectionFlow as these impact result line numbers. 2024-01-18 11:09:00 +01:00
Michael Nebel
47505b3bfa C#: Add array access test for an inline array. 2024-01-18 11:09:00 +01:00
Michael Nebel
0453bb86e0 C#: Update test output of existing expressions tests. 2024-01-18 11:09:00 +01:00
Michael Nebel
ae52779cf6 C#: Add inline array test to expressions. 2024-01-18 11:09:00 +01:00
Michael Nebel
de831d188f C#: Add inline type array test. 2024-01-18 11:09:00 +01:00
Michael Nebel
8a97c8c28e C#: Add QL support for InlineArrayType. 2024-01-18 11:09:00 +01:00
Erik Krogh Kristensen
cda2ef4db5 Merge pull request #15364 from github/dependabot/cargo/ql/rayon-1.8.1 
Bump rayon from 1.8.0 to 1.8.1 in /ql
 2024-01-18 09:24:30 +01:00
dependabot[bot]
7b574bb07a Bump rayon from 1.8.0 to 1.8.1 in /ql 
Bumps [rayon](https://github.com/rayon-rs/rayon) from 1.8.0 to 1.8.1.
- [Changelog](https://github.com/rayon-rs/rayon/blob/master/RELEASES.md)
- [Commits](https://github.com/rayon-rs/rayon/compare/rayon-core-v1.8.0...rayon-core-v1.8.1)

---
updated-dependencies:
- dependency-name: rayon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-18 03:16:14 +00:00
Michael B. Gale
a30791833d C#: Report any extracted file as successfully extracted 2024-01-17 20:57:39 +00:00
Michael B. Gale
4a71ddd8b6 Merge pull request #15355 from github/mbg/go/increase-test-robustness 
Go: Improve robustness of integration tests
 2024-01-17 16:45:30 +00:00
Ben Rodes
67e43ecc44 Merge branch 'main' into 38-cpp-generalize-use-after-free-libraries 2024-01-17 08:05:41 -08:00
Michael B. Gale
783f006d62 Go: Update go clean -modcache comment 2024-01-17 16:04:13 +00:00
Sid Shankar
2d71294f61 Merge pull request #15256 from sidshank/change/adjust-extracted-files-diagnostics 
Js/Py/Rb: Report any extracted file as successfully extracted
 2024-01-17 11:04:06 -05:00
Mathias Vorreiter Pedersen
39dafd6f6a C++: Suggestions to #15343 (#39) 
* C++: Change the interface of 'FlowAfterFree' so that the module it takes
a single module as a parameter.

* C++: Add another predicate to the module signature.

* C++: Convert the use-after-free and double-free libraries to use new interface.

* C++: Accept test changes.
 2024-01-17 11:02:46 -05:00
Max Schaefer
7bc03040ec Make tags for positive and negative examples more precise. 2024-01-17 15:57:27 +00:00
Max Schaefer
3ae484868a Merge pull request #15326 from github/max-schaefer/automodel-negative-sink-models 
Automodel: Apply negative characteristics only to endpoints of the right kind.
 2024-01-17 15:54:28 +00:00
Calum Grant
4660a25d44 Merge pull request #15354 from github/calumgrant/shared-diagnostics 
C++/Swift: Create shared library and share Diagnostics
 2024-01-17 15:40:12 +00:00
Max Schaefer
ae23920a6d Fix spurious source models for primitive types in framework mode. 2024-01-17 15:36:31 +00:00
Max Schaefer
9975f974ee Autoformat. 2024-01-17 14:53:09 +00:00
Max Schaefer
6d2bf68a86 Use inline expectations for all framework-mode tests. 2024-01-17 14:52:42 +00:00
Max Schaefer
6c47a5d5f9 Refactor framework-mode queries to make them more easily testable. 2024-01-17 14:51:58 +00:00
Erik Krogh Kristensen
17466385e0 Merge pull request #15351 from erik-krogh/zero-to-question 
JS/PY/JAVA/RB: mark the range [0-?] as good in the overly-large-range query
 2024-01-17 15:51:42 +01:00
Michael B. Gale
c00520011c Go: Install integration test dependencies to local GOPATH 2024-01-17 14:51:06 +00:00
Michael B. Gale
afc673324f Go: Move integration test sources to subdirectories 2024-01-17 14:50:57 +00:00
Max Schaefer
adea805546 Refactor application-mode tests so we can reuse most of it for framework mode. 2024-01-17 14:49:19 +00:00
Max Schaefer
312dd16956 Consolidate application mode tests. 2024-01-17 14:48:27 +00:00
Max Schaefer
692d5e55a2 Use inline expectations for positive examples. 2024-01-17 14:48:22 +00:00
Max Schaefer
83c567385f Use inline expectations for negative-example tests as well. 2024-01-17 14:47:39 +00:00
Max Schaefer
1ebd0747a8 Fix treatment of void method calls. 2024-01-17 14:40:47 +00:00
Max Schaefer
18e44b6f5c Turn AutomodelApplicationModeExtractCandidates into an inline-expectations test. 2024-01-17 14:40:46 +00:00
Max Schaefer
587d69e88c Refactor application-mode candidate-extraction query so we can test its results before sampling. 2024-01-17 14:40:46 +00:00
Max Schaefer
800a78d258 Treat unexploitable types more centrally. 
The apparently missing test result is due to sampling.
 2024-01-17 14:40:37 +00:00
Calum Grant
d57fc3d7db C++: Remove unneeded includes 2024-01-17 14:34:28 +00:00
Sid Shankar
2c683c910f Merge branch 'change/adjust-extracted-files-diagnostics' of https://github.com/sidshank/codeql into change/adjust-extracted-files-diagnostics 2024-01-17 14:32:36 +00:00
Sid Shankar
0824ab77e9 Adds change notes 2024-01-17 14:31:40 +00:00
Max Schaefer
8614d7bddb Address review feedback. 2024-01-17 14:29:52 +00:00
Chad Bentz
b12f4d97f8 Merge branch 'main' into patch-1 2024-01-17 09:25:28 -05:00
Calum Grant
51c5afff8b Create shared/cpp library and move Diagnostics there 2024-01-17 14:23:18 +00:00
AlexDenisov
8610c950e1 Merge pull request #15329 from github/alexdenisov/duplicate-destructor-calls 
C++: update tests to pick up destructor changes
 2024-01-17 15:05:30 +01:00
Michael Nebel
fcb9e473c0 C#: Add upgrade and downgrade scripts. 2024-01-17 14:08:18 +01:00