github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
46 678 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

46678 Коммитов

Автор SHA1 Сообщение Дата
Nora Dimitrijević 09b669a584 Swift: Add direct call to remote source to a test 
Strangely, there are two separate paths to each of the JSEvaluateScript
sinks: one passing through the JSString constructor, one omitting this
step.
 2022-11-15 21:57:46 +01:00
Nora Dimitrijević 52e5d541ef
Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-15 21:15:04 +01:00
Nora Dimitrijević fccb581765
Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-15 21:14:56 +01:00
Nora Dimitrijević cb7d9d5f3f
Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-15 21:14:50 +01:00
Nora Dimitrijević 8db8f14f99
Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-15 21:14:37 +01:00
Nora Dimitrijević b42482c960
Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-15 21:14:18 +01:00
Nora Dimitrijević 16ba5b1bb5 Swift: update doctests 2022-11-14 12:30:16 +01:00
Nora Dimitrijević 4b7a89e754
Merge branch 'main' into swift/js-injection 2022-11-11 12:23:26 +01:00
Michael Nebel 176405cd7c
Merge pull request #11223 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-11-11 11:49:50 +01:00
Jeroen Ketema 5dec08b9a3
Merge pull request #11212 from jketema/std-string-fixes 
C++: Improve handling of `std::string::insert` with iterator return type and do some cleanup
 2022-11-11 11:41:59 +01:00
Michael Nebel ef50e57317
Merge pull request #11083 from michaelnebel/csharp/telemetry 
C#: Telemetry query updates.
 2022-11-11 10:57:54 +01:00
Erik Krogh Kristensen 313f600432
Merge pull request #11214 from erik-krogh/oneFormatToRuleThemAll 
CI: remove langauge specific format checks
 2022-11-11 10:10:36 +01:00
Jeroen Ketema ba00a0f370
C++: Share parameter logic in `std::string` model 2022-11-11 08:48:11 +01:00
Jeroen Ketema 23e29e993b
C++: Split `std::string::insert` off in a separate class 
The `insert` function has two different return types: `iterator` and
`basic_string&`.
 2022-11-11 08:48:01 +01:00
AlexDenisov ecd8921dcd
Merge pull request #11211 from github/redsun82/swift-drop-impossible-nodes 
Swift: fix printing of unextracted entities
 2022-11-11 08:06:54 +01:00
github-actions[bot] dcebe930e7 Add changed framework coverage reports 2022-11-11 00:21:31 +00:00
Erik Krogh Kristensen 90382c4d1c
Merge pull request #11178 from erik-krogh/passcode 
JS/RB/PY: Recognize `passcode` as sensitive
 2022-11-10 17:58:34 +01:00
erik-krogh 866e92558c
broaden the file pattern used in the format check to ensure js-ml is included 2022-11-10 17:57:45 +01:00
erik-krogh fbb2dcf7a8
remove langauge specific format checks 2022-11-10 17:47:14 +01:00
Tom Hvitved bda4b52395
Merge pull request #11206 from hvitved/ruby/self-toplevel-def 
Ruby: Fix SSA entry definitions for `self` in top-level
 2022-11-10 17:01:59 +01:00
Jeroen Ketema f7c55a3258
Merge pull request #11202 from jketema/fix-accept-prototype 
C++: Fix the `accept` prototype in the dataflow taint tests
 2022-11-10 17:00:07 +01:00
Paolo Tranquilli 458fb3a4a2 Swift: fix printing of unextracted entities 
This was still printing explicitly ignored classes.
 2022-11-10 16:49:32 +01:00
Paolo Tranquilli 30bbae3c22
Merge pull request #11209 from github/redsun82/swift-drop-impossible-nodes 
Swift: drop impossible nodes from schema
 2022-11-10 16:47:23 +01:00
Michael Nebel 2a26c8f340
Merge pull request #10628 from michaelnebel/java/typebasedmodels 
Java: Type based summary models.
 2022-11-10 16:34:52 +01:00
Jeroen Ketema 62f5d10d03
C++: Fix `localTaint` expected results 2022-11-10 16:08:07 +01:00
Erik Krogh Kristensen 724a31b746
fix comment that wasn't updated in test 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-11-10 15:56:44 +01:00
Ian Lynagh a2c0d47e9c
Merge pull request #11199 from igfoo/igfoo/kotlin_default 
Kotlin: Update docs and tests
 2022-11-10 14:53:06 +00:00
Karim Ali b209cac2e2
Merge pull request #11063 from karimhamdanali/swift-pbe-constant-password 
Swift: detect the use of constant passwords for password-based encryption
 2022-11-10 16:36:27 +02:00
Karim Ali e18b2cfa39
Merge pull request #11084 from karimhamdanali/swift-static-iv 
Swift: detect the use of static initialization vectors
 2022-11-10 16:35:21 +02:00
Paolo Tranquilli 5b9e89acd3 Swift: implement ignoring of removed classes 2022-11-10 15:26:55 +01:00
Paolo Tranquilli e26e0ec809 Swift: remove imposible nodes from schema 
We don't expect these AST types to really appear during an extraction
run, even in an unsuccessful compilation.
 2022-11-10 15:26:55 +01:00
Tom Hvitved e18442069b Ruby: Fix SSA entry definitions for `self` in top-level 2022-11-10 15:08:17 +01:00
Ian Lynagh 3d17c8f1ab
Merge pull request #11200 from igfoo/igfoo/extractor-info 
Java/Kotlin: Add ExtractorInformation query
 2022-11-10 13:51:13 +00:00
Paolo Tranquilli 7f36f65ab0
Merge pull request #11190 from github/redsun82/swift-exprs 
Swift: extract some more `Expr`
 2022-11-10 14:36:42 +01:00
Jeroen Ketema 62a0bcddd9
C++: Fix the `accept` prototype in the dataflow taint tests 2022-11-10 14:23:26 +01:00
Erik Krogh Kristensen 5d2ab8adfb
Merge pull request #11191 from erik-krogh/arrJoin 
RB: add join(" ") calls as a sink for rb/shell-command-constructed-from-input
 2022-11-10 14:20:42 +01:00
Erik Krogh Kristensen 54958fd502
Merge pull request #11201 from erik-krogh/no-set-output 
QL-for-QL: don't use the deprecated set-output feature in github-actions
 2022-11-10 14:07:40 +01:00
Michael Nebel 8041542f92 Java: Make sure that IterableTypes has a unique iterator. 2022-11-10 14:06:18 +01:00
Karim Ali 7d473fb265 address docs review 2022-11-10 15:01:05 +02:00
Michael Nebel 2f12ccc803 C#: Delete incorrect comment. 2022-11-10 13:59:50 +01:00
erik-krogh a2ce764c82
update codeql-action version used in QL-for-QL, as the old version still used the deprecated set-output feature 2022-11-10 13:58:07 +01:00
Michael Nebel 9b5318876d Java: Improve tests and allow spurious models. 2022-11-10 13:57:44 +01:00
Michael Nebel 91aa75da0e Java: Rename IterableType to IterableClass. 2022-11-10 13:57:44 +01:00
Michael Nebel ce8ab0e66e Simplify test predicate implementation. 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-11-10 13:57:44 +01:00
Michael Nebel 0e7179ca85 Simplify functional predicate implementation. 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-11-10 13:57:44 +01:00
Michael Nebel 9d34ce9776 Adjust the co-variant claim comment. 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-11-10 13:57:44 +01:00
Michael Nebel decfcdd82a Improve IterableType implementation. 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-11-10 13:57:43 +01:00
Michael Nebel d6ae1ef6f2 Java/C#: Move C# internal implementation for model generation. 2022-11-10 13:57:43 +01:00
Michael Nebel 4cb82ad5a7 Java: Explicit import of needed classes from stream and some improvements to comments. 2022-11-10 13:57:43 +01:00
Michael Nebel 62603dd2bc Java: Inline expectations for type based model test case. 2022-11-10 13:57:43 +01:00