hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 11:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,691 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
7d4266aea7 skip pipes and other special files when determining which files to extract 2021-10-12 14:06:41 +02:00
Chris Smowton
3c96e62be7 Remove duplicate declaration 2021-10-12 12:35:05 +01:00
Chris Smowton
8816aa1431 Improve Android stub fidelity to the point that all relevant tests work 
Note these still aren't entirely mechanically generated stubs matching the real Android 9.
 2021-10-12 12:35:05 +01:00
Chris Smowton
205b6fe6d7 Fix bad merge on Uri.java 2021-10-12 12:35:05 +01:00
Chris Smowton
5da392ebfe Introduce TaintInheritingContent 2021-10-12 12:35:05 +01:00
Chris Smowton
1afc03b9b5 Remove redundant import 2021-10-12 12:35:05 +01:00
Chris Smowton
9e0b112f05 Remove now-unnecessary models and tests 2021-10-12 12:35:05 +01:00
Chris Smowton
490168fb05 Fix comments 2021-10-12 12:35:05 +01:00
Chris Smowton
1dffbcd0bd Fix tests disrupted by re-modelling and stubbing Android 9: 
* Account for changed dataflow graph shape using external flow
* Account for BaseBundle only existing as of Android 5
* Properly implement Parcelable, which we previously got away with due to a partial stub
* Restore an Android 11 function that had been added to the Android 9 Context class (I won't get into enforcing the difference in this PR)
 2021-10-12 12:35:05 +01:00
Chris Smowton
81c0e66b1d Add change note and update qhelp 2021-10-12 12:35:05 +01:00
Chris Smowton
fc0b18cf61 Add tests for Android flow steps 2021-10-12 12:35:05 +01:00
Chris Smowton
cd2c9e9ca3 Add Gson support to unsafe deserialization query 2021-10-12 12:35:04 +01:00
Anders Schack-Mulligen
6b4ca31783 Merge pull request #6849 from Marcono1234/marcono1234/improvements 
Java: Serialization query improvements
 2021-10-12 13:30:45 +02:00
Alex Ford
9640af0b8c Merge pull request #339 from github/rc-workflows 
enable actions workflows for rc branches
 2021-10-12 12:23:47 +01:00
Erik Krogh Kristensen
7b61445f83 Merge pull request #40 from github/erik-krogh/fix-qltest 
fix qlpack version string
 2021-10-12 13:08:40 +02:00
Erik Krogh Kristensen
ca21f5800b QL: Merge pull request #40 from github/erik-krogh/fix-qltest 
fix qlpack version string
 2021-10-12 13:08:40 +02:00
Erik Krogh Kristensen
b0a237bcc1 fix qlpack version string 2021-10-12 11:01:18 +00:00
Erik Krogh Kristensen
d6d626e932 QL: fix qlpack version string 2021-10-12 11:01:18 +00:00
hubwriter
516674697b Fix one-word typo 2021-10-12 11:30:02 +01:00
Alex Ford
f870c38e4c enable actions workflows for rc branches 2021-10-12 10:47:27 +01:00
Alex Ford
48f3d48a11 add some test cases for checking against spurious flow into ERB templates 2021-10-12 10:37:22 +01:00
Arthur Baars
2a7f3fbfaf Add upgrade script 2021-10-12 11:36:10 +02:00
Shati Patel
1c3239972c Merge pull request #6854 from shati-patel/packaging-beta-note 
Docs: Update beta note for packaging
 2021-10-12 10:33:59 +01:00
Taus
75c4d6a8a0 Merge pull request #6650 from yoff/python-dataflow/init-time 
Python: Import time dataflow
 2021-10-12 11:31:03 +02:00
Rasmus Lerchedahl Petersen
61008fd3d0 Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection 2021-10-12 11:28:12 +02:00
Rasmus Lerchedahl Petersen
b093aaaf27 Python: switch to type tracking 
for tracking compiled regexes
 2021-10-12 11:23:27 +02:00
yoff
43f7eede0b Merge pull request #6182 from haby0/python/LogInjection 
Python: CWE-117 Log injection
 2021-10-12 10:54:45 +02:00
yoff
c007c9460c Merge pull request #6843 from RasmusWL/dataflow-bool-expr 
Python: Add data-flow for `x or y` and `x and y`
 2021-10-12 10:40:54 +02:00
Rasmus Lerchedahl Petersen
f34d1ee997 Python: Update test expectation following rename 2021-10-12 10:36:18 +02:00
Tom Hvitved
97bbb12e06 Merge pull request #6838 from hvitved/csharp/enumerate-files-dir-not-found 
C#: Make `GetCSharpArgsLogs` robust against log directory not existing
 2021-10-12 10:00:27 +02:00
haby0
d52f95d24d Auto Formatting 2021-10-12 09:36:44 +08:00
Nick Rolfe
8e14b6582d Remove unused predicate 2021-10-11 18:15:41 +01:00
Mathias Vorreiter Pedersen
df8c399efb Merge pull request #6710 from ihsinme/ihsinme-patch-70 
CPP: Add query for CWE-1041 Use of Redundant Code
 2021-10-11 17:17:01 +01:00
Alex Ford
7270fe0ee7 slightly limit viable template files from render calls 2021-10-11 17:12:08 +01:00
Alex Ford
cdfee1f27d better RenderCall#getTemplateFile performance and accuracy 2021-10-11 16:46:10 +01:00
ihsinme
4334acb6f2 Update FindWrapperFunctions.qhelp 2021-10-11 18:40:03 +03:00
Tony Torralba
a8aa8e3bb4 Use InlineExpectationsTest directly 2021-10-11 16:38:20 +02:00
yoff
0629ce00de Merge pull request #6214 from haby0/python/ClientSuppliedIpUsedInSecurityCheck 
[Python] CWE-348:  Client supplied ip used in security check
 2021-10-11 16:38:04 +02:00
Geoffrey White
ac6acfb660 C++: Use data flow. 2021-10-11 15:36:00 +01:00
Owen Mansel-Chan
058a04f756 Merge pull request #6795 from owen-mc/inline-expectation-test-trivial-change 
Change class name in InlineExpectationTest to avoid clash
 2021-10-11 15:35:17 +01:00
shati-patel
c7fbddce54 Docs: Update beta note for packaging 2021-10-11 15:02:25 +01:00
Rasmus Wriedt Larsen
bca1cb141c Packaging: Normalize src/qlpack.yml 
Port of 4) from https://github.com/github/codeql/pull/6605

> Dependencies from query packs to other packs are always "*" since
these dependencies are always from source and we should get the
latest.

Compare with [C++ change](https://github.com/github/codeql/pull/6605/files#diff-0236560ca1b9c19eb7c74d8bfecd1c78005e762122f8bcdaee9eb9b20460bf9c).
 2021-10-11 14:36:14 +02:00
Marcono1234
ba0dbd5871 Java: Improve IncorrectSerializableMethods.ql; address review comments 2021-10-11 14:29:10 +02:00
Rasmus Lerchedahl Petersen
19f6cc00c8 Python: rewrite import time test 2021-10-11 14:28:25 +02:00
yoff
5aee715931 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-11 13:00:21 +02:00
Arthur Baars
fac4df203a Update tree-sitter-ruby 2021-10-11 12:53:16 +02:00
Tom Hvitved
98d1ee5178 API graphs: Avoid non-linear recursion 2021-10-11 12:01:33 +02:00
Tom Hvitved
68ea3e7b49 Data flow: Add debugging predicates for rendering data flow graphs for summarized callables 2021-10-11 11:29:08 +02:00
Tom Hvitved
d5955f1ae1 Java: Add test for missing summary flow 2021-10-11 11:29:08 +02:00
Tom Hvitved
30bf2aade4 C#: Add test for missing summary flow 2021-10-11 11:29:08 +02:00