hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-05 17:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,689 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
fff3b5c5b4 Dataflow: Add qldoc. 2022-01-18 10:39:55 +01:00
Anders Schack-Mulligen
9479301485 Ruby: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
5cfa3c7927 C++: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
7b98ca9b0a C#: Adjust qltest expected output. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
aa9912a699 Java: Fix expected output 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
71e39353ca Dataflow: Sync. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
b22c4e3c56 Dataflow: Bugfix: include subpaths ending at a sink. 2022-01-18 10:34:14 +01:00
Chris Smowton
f7d3892320 Update test expectations 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
dfa79f6119 Dataflow: Sync. 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
46736a137c Dataflow: Don't include subpaths that can't reach a sink. 2022-01-18 10:30:09 +01:00
Chris Smowton
2c37885f6e Sync dataflow 2022-01-18 10:30:09 +01:00
Chris Smowton
7c9b44b4cb Don't include arg -> param edges in PathGraph::edges whose arg is not reachable 
This avoids lots of missing-node warnings from `codeql bqrs interpret` as it discards the nodes that occur in the `edges` relation but not `nodes`. The problem arises because subpaths introduced two variants of `reach`, one of which is more restrictive than simply `reach(succ) and succ = pred.getASuccessor()`, so it no longer suffices to just check that the successor is reachable.
 2022-01-18 10:30:09 +01:00
Michael Nebel
de3d62b3f4 C#: Update stats file for the new relations (they are unfortunately empty). 2022-01-18 09:33:40 +01:00
Michael Nebel
bf21026771 C#: Add downgrade scripts for the line span pragma. 2022-01-18 09:32:14 +01:00
Michael Nebel
8fd116fbd7 C#: Add upgrade scripts for the new tables requires for the line span pragma. 2022-01-18 09:32:14 +01:00
Michael Nebel
ac47c96f48 C#: Add Line span pragma test case. 2022-01-18 09:32:14 +01:00
Michael Nebel
8b048ca17e C#: Add line span pragma example. 2022-01-18 09:32:14 +01:00
Michael Nebel
93255dfe13 C#: Add QL library support for the Line span directive. 2022-01-18 09:32:14 +01:00
Michael Nebel
7e264668d8 C#: Refator directive visitor to use expression body. 2022-01-18 09:32:14 +01:00
Michael Nebel
af380f846e C#: Add support in the extractor for the LineSpanDirective. 2022-01-18 09:32:14 +01:00
Michael Nebel
195d40c04e C#: Add new class needed for LineSpanDirective and modify existing implementation to use the new types. 2022-01-18 09:32:14 +01:00
Michael Nebel
a197befb5f C#: Add shared base class for line and line span pragmas. 2022-01-18 09:32:14 +01:00
Michael Nebel
c9467d7e94 C#: Add new tables to the dbscheme line span pragma. 2022-01-18 09:32:14 +01:00
Anders Schack-Mulligen
c41ec1f8ec Merge pull request #7619 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-18 09:17:40 +01:00
github-actions[bot]
b8959f7bdb Add changed framework coverage reports 2022-01-18 00:10:52 +00:00
Alex Ford
c1a51d94a2 Ruby: add test for protect_from_forgery without exception strategy 2022-01-17 17:44:52 +00:00
Erik Krogh Kristensen
d63f4bfd94 Merge pull request #7615 from erik-krogh/super-charpred 
QL: support this.method() calls in the charpred that references non-extending supertypes
 2022-01-17 18:32:10 +01:00
Felicity Chapman
e0110bd25e FIx typo in new note 2022-01-17 17:20:00 +00:00
Henry Mercer
ffa4135cbe JS: Update alert messages for ML-powered queries 2022-01-17 17:19:49 +00:00
Erik Krogh Kristensen
a4cfb80b81 QL: update comment 2022-01-17 17:19:15 +00:00
Felicity Chapman
e7dde79d50 Add note and link to main CodeQL CLI docs 2022-01-17 17:14:58 +00:00
Erik Krogh Kristensen
85c273a413 QL: support this.method() calls in the charpred that references non-extending supertypes 2022-01-17 17:42:35 +01:00
Henry Mercer
e9128466d4 JS: Add query help for ML-powered queries 
Query help is identical to the original query, except for a new
paragraph prepended to the overview explaining that the queries are
experimental.

We add Markdown query help since only Markdown query help is embedded in
SARIF via `--sarif-add-query-help`.
 2022-01-17 16:34:50 +00:00
Henry Mercer
568d37e9b9 JS: Update definition of ATM query suite 
It's simpler to just run all the queries in the pack instead of
specifying the IDs.
 2022-01-17 16:34:50 +00:00
Geoffrey White
d475101286 C++: Fix some code duplication. 2022-01-17 16:26:22 +00:00
Owen Mansel-Chan
065043b311 Merge pull request #7588 from owen-mc/add-specific-needs-reference-predicates 
Dataflow: Add language-specific NeedsReference predicates
 2022-01-17 15:51:34 +00:00
Asger Feldthaus
79f799066a JS: Update test output 2022-01-17 16:27:57 +01:00
Michael Nebel
b927aad6ed C#: Address review comments related to record structs. 2022-01-17 16:16:18 +01:00
Michael Nebel
6c1bb4a3a9 C#: Add test case for record class and record structs. 2022-01-17 16:16:18 +01:00
Michael Nebel
746fd603d8 C#: Add flow summary test for record struct constructors. 2022-01-17 16:16:18 +01:00
Michael Nebel
9770f09839 C#: Deprecate Record and introduce RecordClass instead. Also make flow summary support for record struct constructors. 2022-01-17 16:16:18 +01:00
Michael Nebel
55cb2aa160 C#: Use modifier to decide, if a type is a record like type and implement support for record struct types. 2022-01-17 16:16:18 +01:00
Michael Nebel
dc76775d07 C#: Consider 'record' a type modifier in the extractor (it can be applied to both class and struct). 2022-01-17 16:16:18 +01:00
Michael Nebel
c17bd29640 C#: Rename C# code file and update test. 2022-01-17 16:16:18 +01:00
Tony Torralba
e967b8a9be Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem 
Java: Create new query Cleartext storage of sensitive information in Android filesystem
 2022-01-17 14:02:38 +01:00
Tony Torralba
227929508f Merge pull request #6923 from atorralba/atorralba/android-fragment-injection 
Java: CWE-470  - Queries to detect Fragment Injection in Android applications
 2022-01-17 14:02:15 +01:00
Tom Hvitved
3c837c322b Merge pull request #7514 from github/post-release-prep/codeql-cli-2.7.5 
Post-release preparation for codeql-cli-2.7.5
 2022-01-17 12:40:33 +01:00
Tony Torralba
7beab7cb59 Apply code review suggestions 2022-01-17 12:02:27 +01:00
Mathias Vorreiter Pedersen
78642aaae2 Merge pull request #7593 from MathiasVP/fix-join-order-in-get-conversion-type 
C++: Fix join order in 'getConversionType4'
 2022-01-17 11:01:08 +00:00
Chris Smowton
16aa53a928 Add security tag to java/random-used-once 
Raised in https://github.com/github/codeql/issues/7601, this is one of the only .ql files that has a security-severity score but not the tag "security", including many other queries that live outside the `Security/` subdirectory.

Besides this the only other files with this security-severity-but-no-security-tag combination are:

```
java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql
```

Given their location I'm assuming these queries are disabled by default and likely shouldn't changed?
 2022-01-17 10:35:34 +00:00