github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
48 342 коммитов 1 541 ветка 130 Теги 483 MiB
Граф коммитов

48342 Коммитов

Автор SHA1 Сообщение Дата
Jami Cogswell f48cc9f40e Java: remove previous uses of isUninteresting 2022-12-08 16:56:43 -05:00
Jeroen Ketema aabbafd2bf
C++: Fix QL-for-QL warning 2022-12-08 19:33:11 +01:00
Jeroen Ketema ec0ce56269
C++: Model `getaddrinfo` as flow source 2022-12-08 19:20:11 +01:00
Jeroen Ketema 89cd4790d5
Merge pull request #11610 from jketema/scanf 
C++: Model `scanf` and `fscanf` as flow sources
 2022-12-08 19:14:39 +01:00
Chris Smowton 4ea795baf4 Autoformat docs ql files 2022-12-08 17:36:59 +00:00
Chris Smowton f4f4de392f Outdent river answer files 2022-12-08 17:36:59 +00:00
Jami Cogswell 29046e7960 Java: update ExternalApi characteristic predicate to include not isUninteresting 2022-12-08 12:31:46 -05:00
Geoffrey White f373b7fe7c
Merge pull request #11596 from geoffw0/cleartextbufferwrite 
C++: Performance fix for cpp/cleartext-storage-buffer
 2022-12-08 17:18:10 +00:00
Geoffrey White 52881385bf
Merge pull request #11597 from geoffw0/stats2 
Swift: Add taint reach to SummaryStats.ql.
 2022-12-08 17:11:56 +00:00
Paolo Tranquilli 7645d4d928 Swift: remove `ModuleDecl` from `PrintAst` test 2022-12-08 17:31:48 +01:00
Chris Smowton f50a4ddf5f
Merge pull request #11617 from github/smowton/admin/docs-river-example-codeql-style 
Docs: Make river-crossing example comply with the CodeQL style guide
 2022-12-08 16:17:54 +00:00
Paolo Tranquilli 26ae8f177b Swift: accept test changes 
Downgrading the emit object action to a type check one has some
unexpected side effects, that seem however acceptable:
* experimental false static assertions do not make compilation fail in
  type check mode
* the implicit module loading of `SwiftOnoneSupport` is not happening.
  That module contains some "pre-specializations", it does not seem
  really relevant for analysis
 2022-12-08 17:13:00 +01:00
Paolo Tranquilli 935e264f24 Swift: add empty directory marker 2022-12-08 17:04:56 +01:00
Henry Mercer d196704a2d
Merge pull request #11574 from github/henrymercer/check-query-ids 
Add a PR check to ensure query IDs are unique
 2022-12-08 15:31:26 +00:00
Tom Hvitved 2ab05a81d1
Merge pull request #11621 from hvitved/ruby/library-callable-get-param 
Ruby: Add `SummarizedCallable::getParameter`
 2022-12-08 16:20:44 +01:00
Jeroen Ketema 8f9a73ee09
C++: Address review comments 2022-12-08 16:14:12 +01:00
Paolo Tranquilli d03b82c8c5
Merge branch 'main' into redsun82/swift-fix-parent-paths 2022-12-08 16:11:54 +01:00
Paolo Tranquilli d35c5e90ee Swift: remove fishhook 2022-12-08 16:10:44 +01:00
Paolo Tranquilli bf1b32f210 Swift: rework file redirection 
The hash map mechanism that was already in use for reading swiftmodule
files on macOS is now in use also on Linux. The output replacing
mechanism has been also reworked so that:
* frontend module emission modes have the remapping done directly in
  the internal frontend options instead of painstakingly modifying input
  flags (this requires a patch on the swift headers though)
* object emission mode is silenced to be just a type checking pass,
  thus producing no output files
* all other passes but some debugging and version related ones become
  noops

The open file read redirection uses a global weak pointer instance to
maximize robustness in the face of possibly multi-threaded calls to open
happening while `main` is exiting. Possibly overkill, but better safe
than sorry.
 2022-12-08 16:10:44 +01:00
Paolo Tranquilli 944adfe727 Swift: allow modifying frontend outputs 2022-12-08 16:10:25 +01:00
Paolo Tranquilli 219ed64b74 Swift: reorganize bazel third party dependencies 2022-12-08 16:10:25 +01:00
dependabot[bot] 8600d2d12d
Bump Newtonsoft.Json in /csharp/autobuilder/Semmle.Autobuild.CSharp 
Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) from 13.0.1 to 13.0.2.
- [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases)
- [Commits](https://github.com/JamesNK/Newtonsoft.Json/compare/13.0.1...13.0.2)

---
updated-dependencies:
- dependency-name: Newtonsoft.Json
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-08 15:01:05 +00:00
Tom Hvitved cbf722dad0 Ruby: Add `SummarizedCallable::getParameter` 2022-12-08 15:59:41 +01:00
Paolo Tranquilli 1ba8b6d35a Swift: fix extraction of sources from `..` 2022-12-08 15:57:57 +01:00
Chris Smowton d0a2c1c9b6 Accept test changes 2022-12-08 14:44:43 +00:00
Chris Smowton a79126268c Override modality when needed 
In particular when generating an implementation based on an abstract prototype, the result is final, and an interface forwarder is open / Java's default modality.
 2022-12-08 14:39:57 +00:00
Asger F 6fa2fe6c86
Merge pull request #11608 from asgerf/docs/sphinx-python2 
Docs: Update README to mention Python 2 requirement
 2022-12-08 15:36:17 +01:00
Jeroen Ketema 33fa76f911
C++: Add change note 2022-12-08 15:22:42 +01:00
Jeroen Ketema b216c79992
C++: Accept test changes 2022-12-08 15:22:41 +01:00
Jeroen Ketema f35b7f8fe8
C++: Model `scanf` and `fscanf` as flow sources 2022-12-08 15:22:41 +01:00
Anders Schack-Mulligen d157e13318 Java: Switch DispatchFlow to typetracking. 2022-12-08 14:58:44 +01:00
Anders Schack-Mulligen ae1373c2d6 Shared: Bugfix typetracking source-sink hasFlow. 2022-12-08 14:58:05 +01:00
Chris Smowton 85ee4e6ca1
Merge pull request #11578 from retanoj/MybatisSqli 
Java: Add MyBatis Sql Injection no @Param case
 2022-12-08 13:53:44 +00:00
Chris Smowton 37b2b0a128 Use set literal instead of disjunction 2022-12-08 13:49:53 +00:00
Henry Mercer 3036b15af2
Merge branch 'main' into henrymercer/check-query-ids 2022-12-08 13:05:46 +00:00
Henry Mercer 280bb6864f
Merge pull request #11604 from github/codeql-ci/atm/release-0.4.3 
JS: Bump version numbers of ML-powered packs after 0.4.3 release
 2022-12-08 13:04:16 +00:00
Henry Mercer 5674251839 Python: Disable `TarSlipImprov` qhelp 2022-12-08 13:03:31 +00:00
Geoffrey White e288b07099
Update swift/ql/src/queries/Summary/SummaryStats.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-12-08 13:02:58 +00:00
Mathias Vorreiter Pedersen 6897b20722
Merge pull request #11601 from MathiasVP/keep-std-string-iterator 2022-12-08 12:59:33 +00:00
Michael Nebel 670ae6c84c
Merge pull request #11593 from michaelnebel/csharp/patternmatchspan 
C#: Pattern match Span<char> and ReadOnlySpan<char> against a constant string.
 2022-12-08 13:53:00 +01:00
Michael Nebel 5883957a67
Merge pull request #11589 from michaelnebel/csharp/numericintptr 
C#: nint/System.IntPtr and nuint/System.UIntPtr are indistinguishable…
 2022-12-08 13:52:44 +01:00
Chris Smowton 8789dfb655
Make river-crossing example comply with the CodeQL style guide 2022-12-08 12:33:42 +00:00
Chris Smowton 81110b19e7
Merge pull request #11612 from smowton/smowton/admin/merge-rc38-into-main 
Merge rc/3.8 into main
 2022-12-08 12:25:59 +00:00
Chris Smowton 045e3a2cf3 Kotlin: extract callable modality 2022-12-08 12:22:50 +00:00
Chris Smowton 0d2474bd55 Autoformat 2022-12-08 11:30:53 +00:00
Chris Smowton 49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
Rasmus Wriedt Larsen d684dbdf5c
Merge pull request #10656 from porcupineyhairs/PyPamImprove 
Python: Improve the PAM authentication bypass query
 2022-12-08 11:59:10 +01:00
Jeroen Ketema a6bc9fd10f
Merge pull request #11591 from jketema/getenv 
C++: Model `secure_getenv` and `_wgetenv` as local flow sources
 2022-12-08 10:44:28 +01:00
Asger F f2b99c5fff Docs: Update README to mention Python 2 requirement 2022-12-08 09:50:01 +01:00
Jeroen Ketema fc49ede33d
C++: Add change note 2022-12-08 09:44:23 +01:00