hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-02 05:38:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,723 Branches 164 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
7fbba3a659 Java: adapt stub to ExecutorService change in JDK19 2023-10-13 20:30:28 +01:00
Chris Smowton
8f985e0045 Java: restrict test to source classes 2023-10-13 20:30:28 +01:00
Chris Smowton
0510b0c825 Java: restrict test to source methods 
Otherwise it finds standard library methods that depend on stdlib internals as to what happens to get extracted. In particular the extractor bump to JDK21 led to MethodHandles being in scope and a new method being found; seems better to avoid considering the standard library at all.
 2023-10-13 20:30:28 +01:00
Geoffrey White
cea87a53e0 Swift: Fix LocalTaint.expected. 2023-10-13 18:19:26 +01:00
Ed Minnix
3356261031 Static IV refactor to MaD 2023-10-13 12:50:49 -04:00
Geoffrey White
e2ac3769bc Swift: Change note. 2023-10-13 17:42:14 +01:00
Geoffrey White
aa0db1426d Swift: Simplify the QL a bit further. 2023-10-13 17:42:14 +01:00
Geoffrey White
d0f214a9a7 Swift: Widen the model to include things that are not strictly RawRepresentable but which appear similar. This fixes the XXE test cases. Unclear whether xmlParserOption in the test should in fact extend RawRepresentable, or not. 2023-10-13 17:35:05 +01:00
Joe Farebrother
9097d93ac7 Add shared library for filepath normalization 2023-10-13 17:07:47 +01:00
Jeroen Ketema
d56a9f0781 Merge pull request #14424 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-13 17:57:04 +02:00
Mathias Vorreiter Pedersen
fb0016e4f6 Merge pull request #14485 from geoffw0/logging 
Swift: Add more sinks to `swift/cleartext-logging`
 2023-10-13 16:09:19 +01:00
Mathias Vorreiter Pedersen
9a2ac65f53 Merge pull request #14394 from geoffw0/sqlpathinject3 
Swift: Add sinks for sqlite3 and SQLite.swift to swift/hardcoded-key
 2023-10-13 16:07:09 +01:00
Robert Marsh
b832fc8e32 Swift: additional QLDoc around closures 2023-10-13 14:54:38 +00:00
Mathias Vorreiter Pedersen
140ff537c0 C++: Split 'defaultViableCallable' and 'viableCallable'. 2023-10-13 15:47:02 +01:00
Geoffrey White
4e29ed5ff0 Swift: Model RawRepresentable. 2023-10-13 15:00:49 +01:00
Geoffrey White
228aaee0bf Swift: Add data flow tests for RawRepresentable, OptionSet. 2023-10-13 14:34:05 +01:00
Joe Farebrother
915352861d Check for generic base types in Missing Function Level Access Control and Insecure Direct Object Reference. 2023-10-13 14:22:45 +01:00
erik-krogh
69c3e62965 add change-note 2023-10-13 15:16:39 +02:00
Geoffrey White
9e473ebda4 Swift: Remove the 'rawValue' step as well. 2023-10-13 14:02:15 +01:00
Geoffrey White
da14f428e2 Swift: Remove now redundant additional taint step. from the XXE query. 2023-10-13 13:57:54 +01:00
Tamas Vajk
15ec0a10c9 Code quality improvements 2023-10-13 14:09:58 +02:00
Calum Grant
192c16bbb3 C++: Format QL and delete note 2023-10-13 13:07:43 +01:00
Jeroen Ketema
61676277e8 C++: Fix barrier in cpp/cgi-xss 2023-10-13 14:05:47 +02:00
Geoffrey White
33f83a2089 Swift: Add some failing data flow test cases. 2023-10-13 12:24:43 +01:00
Asger F
a02ab2ad88 JS: Port heuristic versions of standard queries 2023-10-13 13:15:08 +02:00
Asger F
3c7c5377ec JS: Add content approximation 
This seems to fix a performance issue for RegExpInjection in angular
 2023-10-13 13:15:08 +02:00
Asger F
5775fe6d6e JS: Use TAnyType in FlowSummaryPrivate 2023-10-13 13:15:08 +02:00
Asger F
9faf300dd0 JS: Use type-pruning to restrict callback flow 2023-10-13 13:15:08 +02:00
Asger F
e738b5d125 JS: Expand callback test case 
Type-based pruning is confused by the different tests being interleaved, so we additionally want to have a test that is independent from the other parts of this test.
 2023-10-13 13:15:08 +02:00
Asger F
d3f5169e66 JS: Lower field-flow branch limit on Polynomial ReDoS 2023-10-13 13:15:08 +02:00
Asger F
51dec79401 JS: Lower access path limit to 2 2023-10-13 13:15:08 +02:00
Asger F
24bab27ffe JS: Add TODO for dynamic import step 2023-10-13 13:15:08 +02:00
Asger F
7c5eb89491 JS: Add tests for captured 'this' (genuine FN) 2023-10-13 13:15:08 +02:00
Asger F
98c79e7674 JS: Update test output showing lack of global flow (geniune FN) 2023-10-13 13:15:08 +02:00
Asger F
9b46c4596c JS: Update HeuristicSoruceCodeInjection test 2023-10-13 13:15:08 +02:00
Asger F
bab639f23c JS: Update ReflectedXssWithCustomSanitizer test 2023-10-13 13:15:08 +02:00
Asger F
85e8998067 JS: Update ImportEquals test 2023-10-13 13:15:08 +02:00
Asger F
2eff07f476 JS: Update TaintTracking test 2023-10-13 13:15:08 +02:00
Asger F
b5ad36686e JS: Block flow into window.location 2023-10-13 13:15:08 +02:00
Asger F
75c915b2a3 JS: Update Spife test 2023-10-13 13:15:07 +02:00
Asger F
c2f66c0f93 JS: Update Restify2 test 2023-10-13 13:15:07 +02:00
Asger F
b304fb4337 JS: Reorder result sets in ReactJS test output 2023-10-13 13:15:07 +02:00
Asger F
32eddd3c07 JS: Update ReactJS test output 2023-10-13 13:15:07 +02:00
Asger F
b8a0afbb9f JS: Make overriding ConsistencyChecking.getATestFile() optional 2023-10-13 13:15:07 +02:00
Asger F
6c9f4a10ac JS: Port TaintBarriers test 2023-10-13 13:15:07 +02:00
Asger F
e5946bf43b JS: Port HeuristicSource test 2023-10-13 13:15:07 +02:00
Asger F
771519bbc5 JS: Port Routing test 2023-10-13 13:15:07 +02:00
Asger F
2364bd84e0 JS: Fix whitespace in a test (trivial change) 2023-10-13 13:15:07 +02:00
Asger F
98d1bb3826 JS: Reorder result sets in a test (trivial change) 2023-10-13 13:15:07 +02:00
Asger F
81bd292a16 JS: Port Promises test 
Result changes are benign
 2023-10-13 13:15:07 +02:00