github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
46 207 коммитов 1 532 Ветки 130 Теги 474 MiB
Граф коммитов

46207 Коммитов

Автор SHA1 Сообщение Дата
Asger F fef922e417 JS: Bump extractor version string 2022-11-08 11:44:40 +01:00
Asger F 92e8f059c8 JS: Avoid emitting column zero in yaml files 2022-11-08 11:38:26 +01:00
Asger F a887ff4f09 JS: Add test cases to include results with column-zero end locations 2022-11-07 15:13:25 +01:00
Stephan Brandauer 577f1a588b
Merge pull request #11143 from github/codeql-ci/atm/release-0.4.0 
JS: Bump version numbers of ML-powered packs after 0.4.0 release
 2022-11-07 15:03:24 +01:00
Erik Krogh Kristensen d67235b3c1
Merge pull request #11071 from erik-krogh/fixCanon 
ReDoS: fix canonicalization in NfaUtils
 2022-11-07 14:10:50 +01:00
github-actions[bot] 69df9f9daa JS: Bump version of ML-powered library and query packs to 0.4.1 2022-11-07 13:06:46 +00:00
github-actions[bot] 82277d8f56 JS: Bump minor version of ML-powered library and query packs 2022-11-07 13:00:28 +00:00
github-actions[bot] 268a990aa6 JS: Bump version of ML-powered model pack to 0.3.1 2022-11-07 13:00:28 +00:00
github-actions[bot] a1e0bf022e ATM: Update model pack dependency of ML-powered model building and query packs 2022-11-07 13:00:27 +00:00
github-actions[bot] be808deb59 JS: Bump minor version of ML-powered model pack 2022-11-07 12:59:44 +00:00
Chris Smowton eb365c1d24
Merge pull request #11079 from smowton/smowton/test/test-java-extractor-vs-captured-type-variables 
Java: Add test for multiply-bounded wildcards
 2022-11-07 12:31:19 +00:00
Tamás Vajk 830be92f1d
Merge pull request #11089 from tamasvajk/kotlin-enum-ctor-call 
Kotlin: Extract missing arguments of enum constructor calls
 2022-11-07 12:55:27 +01:00
AlexDenisov f8e80f96ff
Merge pull request #11124 from github/redsun82/swift-await 
Swift: extract `AwaitExpr`
 2022-11-07 12:52:42 +01:00
Paolo Tranquilli b30a6d36b5 Swift: extract `AwaitExpr` 2022-11-07 12:08:51 +01:00
Paolo Tranquilli b94066acd8
Merge pull request #11094 from github/redsun82/swift-translators 
Swift: refactor visitors to use translations
 2022-11-07 12:01:44 +01:00
Geoffrey White 7b62bed9db
Merge pull request #10947 from karimhamdanali/swift-pbe-iterations 
Swift: detect hash functions with low # of iterations
 2022-11-07 10:38:29 +00:00
Chris Smowton e877967a62 Add test verifying no malformed wildcards result from captured type variables with a Collection<? extends ...> type 2022-11-07 10:29:04 +00:00
Chris Smowton d999c1d3dd Java: Add test for multiply-bounded wildcards 
This exercises several cases of variables bounded both by a wildcard and by a bound on the type parameter, checking that the extractor strips the wildcards and captures to decide on a concrete type for the parameters and return values.
 2022-11-07 10:29:04 +00:00
Chris Smowton 1cd30847f6
Merge pull request #11121 from smowton/smowton/fix/java-wildcard-extraction 
Kotlin: fix extraction of Java nested wildcards; wildcards in return types
 2022-11-07 10:23:02 +00:00
Chris Smowton 68face8d46
Merge pull request #11130 from smowton/smowton/fix/kotlin-always-extract-file-labels 
Kotlin: always populate the `files` table
 2022-11-07 10:14:41 +00:00
Jeroen Ketema d62e3f6bc2
Merge pull request #11137 from jketema/dataflow-test-fixes 
C++: Small fixes for the dataflow tests
 2022-11-07 11:07:09 +01:00
Anders Schack-Mulligen 99ca28ea9b
Merge pull request #10886 from aschackmull/dataflow/joinorders 
Dataflow: Fix a couple of join-orders.
 2022-11-07 11:05:29 +01:00
Chris Smowton 587aa93f6d
Merge pull request #11105 from smowton/smowton/fix/use-defaults-method-to-implement-jvmoverloads 
Kotlin: use `$default` functions to implement `@JvmOverloads`
 2022-11-07 09:54:16 +00:00
Tamas Vajk 4e8d8a4de1 Add `compilerGeneratedReason` for enum constructor call arguments 2022-11-07 10:07:05 +01:00
Tamas Vajk 7d927a7396 Adjust enum constructor argument extraction based on review 2022-11-07 10:07:05 +01:00
Tamas Vajk fb5b344427 Fix failing build on early kotlin versions 2022-11-07 10:07:05 +01:00
Tamas Vajk 44e70afa85 Kotlin: Extract missing arguments of enum constructor calls 2022-11-07 10:07:04 +01:00
Jeroen Ketema 291027ad82
C++: Fix return type in dataflow test 2022-11-07 09:42:54 +01:00
Jeroen Ketema 3b1feeef6d
C++: Remove unneeded `isAdditionalFlowStep` from dataflow test 
Since the introduction of flow through global variables these additional
steps are no longer needed.
 2022-11-07 09:40:57 +01:00
Dave Bartolomeo b8e1aa67d8
Merge pull request #11134 from github/post-release-prep/codeql-cli-2.11.3 
Post-release preparation for codeql-cli-2.11.3
 2022-11-05 13:54:49 -04:00
github-actions[bot] fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
Dave Bartolomeo 8344d5a376
Merge pull request #11133 from github/release-prep/2.11.3 
Release preparation for version 2.11.3
 2022-11-04 22:50:41 -04:00
Mathias Vorreiter Pedersen 60ac031db4
Merge pull request #11036 from geoffw0/simplify3 2022-11-05 00:31:05 +00:00
Dave Bartolomeo 013b7eff1c
Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-04 18:46:32 -04:00
github-actions[bot] 508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Tiferet Gazit 5198ad7612
Merge pull request #11055 from github/tiferet/sink-classification-reasons 
Sink endpoint characteristics
 2022-11-04 11:24:08 -07:00
Henry Mercer b32f4b844a
Merge pull request #11118 from github/henrymercer/atm-check-queries-improvements 
ATM: Miscellaneous improvements for the check queries workflow
 2022-11-04 18:04:32 +00:00
tiferet 833041c62e Fix QLDoc style errors 2022-11-04 09:30:31 -07:00
tiferet 2aa4651534 Remove predicates not yet used from the current PR 2022-11-04 09:30:31 -07:00
tiferet 74c8bfff4f Minor changes from code review 2022-11-04 09:30:31 -07:00
tiferet e60c016fc6 Format fixes 2022-11-04 09:30:31 -07:00
tiferet cbf81b8839 Improve the import structure 2022-11-04 09:30:31 -07:00
tiferet 300456cd3e Enforce the abstraction over characteristics: 
Make the implementations of specific `EndpointCharacteristic`s private.
 2022-11-04 09:30:31 -07:00
tiferet c0cc754fb5 Rename ClassificationReasons 
Change the name to EndpointCharacteristics.
 2022-11-04 09:30:30 -07:00
tiferet a4939b91e7 Generalize the definition of a known sink: 
If the list of reasons includes positive indicators with maximal confidence for this class, it's a known sink for the class.

This negates the need for each query config to define the isKnownSink predicate individually.
 2022-11-04 09:30:29 -07:00
tiferet 08bbe596a2 Create the sink ClassificationReasons 
Write the reasons that indicate that an endpoint is a sink for each sink type.

Also fix import error.
 2022-11-04 09:30:29 -07:00
Dave Bartolomeo 649c3af98a
Merge pull request #11127 from github/henrymercer/fix-atm-pr-checks 
ATM: Fix CodeQL pack workspace references
 2022-11-04 12:19:42 -04:00
Arthur Baars 58c0e65542
Merge pull request #11129 from aibaars/improve-weak-crypto 
Ruby: Improve weak crypto query
 2022-11-04 16:31:55 +01:00
Chris Smowton 8fd4041511 Kotlin: always populate the `files` table 
Previously individual top-level file declarations relied on their corresponding file-class to declare their `File` instance, but this can be scuppered by a Java extractor replacing that file-class and identifying a different file location.
 2022-11-04 15:00:27 +00:00
Arthur Baars 98f4c29913 Ruby: weak crypto: do not report weak hash algorithms 
Weak hash algorithms such as MD5 and SHA1 are often
used in non security sensitive contexts and reporting
all uses is far too noisy.
 2022-11-04 15:58:50 +01:00