hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

33347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Wright
b38335a6c2 add QL comment; inline a predicate; restore a comment 2022-02-04 15:21:09 +00:00
Nick Rolfe
ed00f2b0d2 Ruby: address some feedback on array flow summaries 2022-02-04 13:40:39 +00:00
Erik Krogh Kristensen
edcb3ba902 add file sources from jszip to js/zip-slip 2022-02-04 14:39:49 +01:00
Tom Hvitved
693aa69abd Update csharp/ql/consistency-queries/qlpack.yml 2022-02-04 14:38:25 +01:00
yoff
182c62f5c3 Merge pull request #7838 from tausbn/python-fix-charset-performance-problem 
Python: Fix performance issue in `charSet`
 2022-02-04 14:18:13 +01:00
Michael Nebel
567768134f Merge pull request #7792 from michaelnebel/csharp/attributes 
C#: Attribute kind and return value attributes.
 2022-02-04 14:10:51 +01:00
Taus
67be20f368 Python: Remove implied inequalities 
Also gets rid of `inner_end`, since we're already doing `end - 1 = ...`
in the other fix (and so this is more consistent).
 2022-02-04 12:46:06 +00:00
Benjamin Muskalla
eee03ebe3b Merge pull request #7767 from bmuskalla/regenerateModelScript 
Java: Regenerate framework models automatically
 2022-02-04 13:29:46 +01:00
Naman Jain
009c95774e update expected files 2022-02-04 12:28:17 +00:00
Michael Nebel
6487b546dc C#: Update TargetFramework testcases expected files as well, as these also uses the string representation of the attributes. 2022-02-04 13:05:08 +01:00
Nick Rolfe
161d766ba9 Ruby: address review comments on array_flow.rb 2022-02-04 11:59:59 +00:00
Michael Nebel
ade119f4a8 C#: Add flow test cases for undetected value flow, when making variable bindinds in pattern matching. 2022-02-04 12:57:58 +01:00
Jeroen Ketema
b967eaf25d Add documentation for parseHex 2022-02-04 12:35:13 +01:00
Rasmus Wriedt Larsen
c817ba5718 Python: Add consistency-queries/qlpack.yml 
But no queries yet
 2022-02-04 12:08:54 +01:00
Rasmus Wriedt Larsen
0bcfc4b657 Ruby: Update consistency-queries/qlpack.yml 
I'm not sure whether this means the consistency queries were run using
the 0.0.1 release of the `codeql/ruby-all` qlpack, but using `"*"` at
least ensures that it is always using the version from the CodeQL repo.
 2022-02-04 12:06:50 +01:00
Rasmus Wriedt Larsen
580d7d9df0 QL: Update consistency-queries/qlpack.yml 2022-02-04 12:06:50 +01:00
Rasmus Wriedt Larsen
1db4bdc607 C#: Update consistency-queries/qlpack.yml 2022-02-04 12:06:50 +01:00
Rasmus Wriedt Larsen
2220d3cc47 Misc: Allow */ql/consistency-queries/qlpack.yml 2022-02-04 12:06:50 +01:00
Rasmus Wriedt Larsen
2e788ea86e Python: Accept deprecation warnings for old tests 2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen
438a01e911 Python: Deprecate old bottle points-to extension 2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen
c9e36aaf72 Python: Fix deprecated deprecated 2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen
9ec531f040 Python: Add deprecation change-note 2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen
84fdd8a739 Python: Add non-deprecated httpVerb to Concepts 2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen
5a032d6f84 Python: deprecate old taint-tracking related predicates 2022-02-04 12:02:08 +01:00
Rasmus Wriedt Larsen
dba6b60c80 Python: Deprecate old library modeling 2022-02-04 12:02:08 +01:00
Rasmus Wriedt Larsen
a40fdf7a7c Python: Deprecate old web modeling 2022-02-04 12:02:08 +01:00
Rasmus Wriedt Larsen
14a1aa0c11 Python: Add change-note 
I went with `minorAnalysis` instead of `majorAnalysis`, since I don't
think the impact of this change will be major (but that's just my gut
feeling).
 2022-02-04 12:00:49 +01:00
Rasmus Wriedt Larsen
b2ce0fcb72 Python: Add post-update nodes to args of unresolved calls 
Besides solving the problem with `setattr`, it also solved some old
problems with json library modeling (yay).
 2022-02-04 11:51:53 +01:00
Michael Nebel
f365477996 C#: Address review comments and update test output. 2022-02-04 11:48:12 +01:00
Benjamin Muskalla
bc5753cb20 Fix path expression 2022-02-04 11:43:18 +01:00
Naman Jain
5e1ca3154f Update javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCallGood3.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-02-04 16:13:05 +05:30
Naman Jain
5121414a53 Update javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCallGood4.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-02-04 16:12:58 +05:30
Rasmus Wriedt Larsen
e9b496ba73 Merge pull request #7831 from RasmusWL/printast-remove-regexp 
Python: Remove `RegExpTerm` from PrintAST
 2022-02-04 11:38:58 +01:00
Asger Feldthaus
0a0d9583b4 Ruby: rephase comment for MkDef 2022-02-04 11:37:54 +01:00
Mathias Vorreiter Pedersen
2e2913b921 Merge pull request #7839 from rdmarsh2/rdmarsh2/ir-initializer-inheritance-fix 
C++: fix IR generation for constructor base inits when no constructor is present.
 2022-02-04 10:32:57 +00:00
Asger Feldthaus
0189e8abb4 Ruby: autoformat 2022-02-04 11:32:31 +01:00
Benjamin Muskalla
fcaead4004 Enable debugging action 2022-02-04 11:29:36 +01:00
Benjamin Muskalla
b747391c74 Improve error handling and refactor base path 2022-02-04 11:26:19 +01:00
Asger Feldthaus
87c62db781 Ruby: disable test line not currently working 2022-02-04 11:20:42 +01:00
Asger Feldthaus
75b72361ce Ruby: add toString and locations to the new node types 2022-02-04 11:20:42 +01:00
Asger Feldthaus
7373a503f6 Ruby: Populate ArgumentPosition based on keyword arguments 2022-02-04 11:20:42 +01:00
Asger Feldthaus
5e350a0270 Ruby: Derive edge labels from {Argument,Parameter}Position 2022-02-04 11:20:42 +01:00
Asger Feldthaus
040e56623c Ruby: add getAValueReachingRhs 2022-02-04 11:20:42 +01:00
Asger Feldthaus
17dd5cd581 Ruby: remove a stray TODO 2022-02-04 11:20:42 +01:00
Asger Feldthaus
d2e381aa79 Ruby: more def-node tests 2022-02-04 11:20:41 +01:00
Asger Feldthaus
32e0f42969 Ruby: refactor Return(x) to Method(x).return 2022-02-04 11:20:39 +01:00
Asger Feldthaus
55b5f19b92 Ruby: Add def-nodes to API graphs 2022-02-04 11:06:35 +01:00
Asger Feldthaus
9c17a5ce99 Ruby: replace "instance" label with a call to new 2022-02-04 11:03:25 +01:00
Asger Feldthaus
5858732da1 Ruby: change useStep signature 2022-02-04 11:01:04 +01:00
Asger Feldthaus
e6fdd4d34a Ruby: Make hasLocalSource private/cached 2022-02-04 11:01:03 +01:00