hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 21:56:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,673 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cornelius Riemenschneider
fa3ac30894 C++: Update query to latest spec. 2021-03-16 09:56:38 +00:00
Chris Smowton
6d108c0fa7 Improve docstring for composedValueAndTaintModelStep 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-16 09:00:35 +00:00
Chris Smowton
915a19fb9d Improve naming; eliminate some harmless extra results 
Adding `src != valueSource` should have no effect as the introduced edge would already exist, but could reduce workload downstream.
 2021-03-16 08:57:14 +00:00
Chris Smowton
516122aa74 Add taint-preserving edges where a call also has a value-preserving edge 
For example, for a fluent method that returns `this`, we take a tainting edge from argX to either `this` or the return value to also taint the other.
 2021-03-16 08:45:24 +00:00
CodeQL CI
86b933a0e0 Merge pull request #5354 from yoff/doc-fix-typo-csharp-dataflow 
Approved by hvitved
 2021-03-15 23:52:38 -07:00
Jaroslav Lobačevski
8445ec6c17 Update javascript/ql/src/experimental/semmle/javascript/Actions.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-15 19:15:10 +02:00
yoff
14dd708abc Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-15 17:56:50 +01:00
Jaroslav Lobačevski
87ea442a78 qhelp 2021-03-15 18:47:45 +02:00
Rasmus Lerchedahl Petersen
6fff746b16 Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol 2021-03-15 17:37:28 +01:00
Rasmus Lerchedahl Petersen
9a96230523 Python: Add changenote 2021-03-15 17:35:30 +01:00
Jaroslav Lobačevski
de6ed1dcb9 File rename 2021-03-15 18:34:10 +02:00
Rasmus Lerchedahl Petersen
514a69c47a Python: Support ssl.PROTOCOL_TLS_SERVER 
and `ssl.PROTOCOL_TLS_CLIENT`
 2021-03-15 17:30:01 +01:00
Rasmus Lerchedahl Petersen
87f3ba2684 Python: add tests for ssl.PROTOCOL_TLS_SERVER 
and `ssl.PROTOCOL_TLS_CLIENT`
 2021-03-15 17:24:39 +01:00
Jaroslav Lobačevski
a823baabfb Ranamed to CWE-094 2021-03-15 18:24:08 +02:00
Rasmus Lerchedahl Petersen
731f4559b4 Python: update test expectations 2021-03-15 17:23:58 +01:00
Jaroslav Lobačevski
16ca2314e4 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-15 18:14:20 +02:00
Rasmus Lerchedahl Petersen
4094b18407 Python: Clean up tests 2021-03-15 16:28:08 +01:00
Anders Schack-Mulligen
45c9428668 Merge pull request #5337 from smowton/smowton/feature/commons-lang-random-sources 
Java: Add support for Commons-Lang's RandomUtils
 2021-03-15 16:21:01 +01:00
Anders Schack-Mulligen
d1f30d9164 Java: Autoformat. 2021-03-15 15:28:04 +01:00
Anders Schack-Mulligen
662e17ff85 Java: Bugfix dispatch to lambda in call context. 2021-03-15 15:09:03 +01:00
CodeQL CI
9268050eb8 Merge pull request #5369 from erik-krogh/tempObjInj 
Approved by asgerf
 2021-03-15 05:23:55 -07:00
CodeQL CI
a9c292e265 Merge pull request #5391 from erik-krogh/additionalXss 
Approved by asgerf
 2021-03-15 04:50:54 -07:00
Erik Krogh Kristensen
b039267b76 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-15 12:39:56 +01:00
Cornelius Riemenschneider
f75b969ffc C++: Only include sum of LoC in the new non-alert summary queries for now. 2021-03-15 11:32:10 +00:00
Mathias Vorreiter Pedersen
0ffb80e3b1 Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-15 09:42:32 +01:00
Anders Schack-Mulligen
e37ba75599 Merge pull request #5401 from Marcono1234/patch-2 
Add missing quote in documentation
 2021-03-15 09:17:29 +01:00
Rasmus Lerchedahl Petersen
41c9394b4b Python: update qhelp and example 2021-03-14 09:22:47 +01:00
Rasmus Lerchedahl Petersen
0d8f8d2cc5 Python, doc: subsection on local sources 
also remove references to `parameterNode` which is not available yet.
 2021-03-13 08:15:42 +01:00
Marcono1234
a457f5cc4a Add missing quote in documentation 2021-03-13 05:01:56 +01:00
yoff
a760ed8c55 Merge pull request #5388 from tausbn/python-api-graph-builtins 
Python: Support built-ins in API graphs
 2021-03-12 17:45:59 +01:00
Tamas Vajk
27048191c8 C#: Add dataflow test for tuple-positional pattern 2021-03-12 17:14:24 +01:00
Erik Krogh Kristensen
1dcfc3840d add test 2021-03-12 16:25:33 +01:00
Erik Krogh Kristensen
f357b73f94 require that the MetacharEscapeSanitizer is a global replace call 2021-03-12 16:18:47 +01:00
Tamas Vajk
9ff304ca6b Fix missing variable binding 2021-03-12 16:14:32 +01:00
Taus
dfc0e9b906 Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces 
Python: Port py/bind-socket-all-network-interfaces query
 2021-03-12 16:04:19 +01:00
Rasmus Lerchedahl Petersen
748749c32a Python, doc: Describe smoother syntax 2021-03-12 16:02:20 +01:00
Anders Schack-Mulligen
5aa9c2bd19 Dataflow: One more pragma. 2021-03-12 15:59:19 +01:00
CodeQL CI
cb6ee547ca Merge pull request #5379 from asgerf/js/d3 
Approved by erik-krogh
 2021-03-12 06:49:48 -08:00
Taus
c6d6d07720 Apply suggestions from code review 2021-03-12 14:28:59 +01:00
Taus
ffe5d30c2b Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-12 14:27:07 +01:00
Taus Brock-Nannestad
f05313435d Python: Move typePreservingStep into Private 2021-03-12 14:06:39 +01:00
Chris Smowton
92d61354d4 Remove abstract class RandomNumberGenerator 2021-03-12 13:04:31 +00:00
Asger Feldthaus
a2d1e88bb3 JS: Update more test expectations 2021-03-12 12:57:21 +00:00
Taus Brock-Nannestad
9b8056371f Python: Make the type tracking implementation shareable 2021-03-12 13:51:24 +01:00
luchua-bc
1a2e341b7c Refactor the business logic of the query into a separate predicate 2021-03-12 12:19:37 +00:00
Anders Schack-Mulligen
a8b84e430f Merge pull request #5390 from Marcono1234/patch-2 
Java: Fix documentation mistake in Modules.qll
 2021-03-12 12:51:24 +01:00
Anders Schack-Mulligen
c9786df760 Merge pull request #5344 from smowton/smowton/feature/commons-object-utils 
Java: Add models for flow- and taint-preserving functions in Commons ObjectUtils
 2021-03-12 12:46:31 +01:00
Anders Schack-Mulligen
195ed0173c Merge pull request #5393 from aschackmull/java/taint-not-value-step 
Java: Remove value steps from taint steps.
 2021-03-12 12:44:48 +01:00
Taus Brock-Nannestad
978200e2ad Python: Distinguish between Python 2 and 3 
Also moves the filtering on `name` to before the big disjunction in
`MkModuleImport`.
 2021-03-12 12:35:23 +01:00
Chris Smowton
58d5c2c32d Abbreviate redundant value-flow / taint-flow tests 2021-03-12 10:53:27 +00:00