hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 06:06:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,673 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Farebrother
ed228cbcef Add sinks for URL Open Stream query 2021-03-08 14:07:53 +00:00
Marcono1234
95aeb7b53f Fix .qhelp file name mismatch 2021-03-08 14:27:35 +01:00
Erik Krogh Kristensen
29ae737475 update expected output for MalformedRegExp 2021-03-08 13:50:58 +01:00
Anders Schack-Mulligen
e63f81171c Merge pull request #5349 from p0wn4j/fix-nashorn-engine-1 
Java: Fix NashornScriptEngine detection in ScriptEngine query
 2021-03-08 13:23:36 +01:00
Erik Krogh Kristensen
b3ee70f4f7 update expected output for trap test 2021-03-08 13:06:17 +01:00
Chris Smowton
6cf15f49bb Replace hasTaintFlow=y with hasTaintFlow everywhere 2021-03-08 11:57:35 +00:00
Marcono1234
b7353f0bb0 Java: Simplify tests using InlineExpectationsTest 2021-03-08 11:49:52 +00:00
Mathias Vorreiter Pedersen
e2c0bf3cc0 C++: Show arguments in path explanations and accept test changes. 2021-03-08 12:44:05 +01:00
ihsinme
921c41d710 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-03-08 14:23:42 +03:00
Erik Krogh Kristensen
bff59a1aaa fix parse error in regular expressions 2021-03-08 12:04:11 +01:00
Chris Smowton
790fb7829a Improve comment and change-note accuracy 2021-03-08 11:00:05 +00:00
Chris Smowton
4a4f4b01a1 Add support for java.util.concurrent.ThreadLocalRandom 2021-03-08 10:59:53 +00:00
Mathias Vorreiter Pedersen
84554af7f5 Merge pull request #5356 from yoff/tests-amend-qldoc 
InlineExpectationTest: clarify the need for an empty `.expected` file
 2021-03-08 11:53:55 +01:00
Rasmus Lerchedahl Petersen
2bccb67be4 Python, doc: Make first batch of examples runnable 
python queries.
 2021-03-08 10:57:02 +01:00
Mathias Vorreiter Pedersen
bb53780ba9 C++: Add flow through unary instructions and pointer/indirection conflation for parameters. These rules are copy/pasted from DefaultTaintTracking. The conflation rules will hopefully be removed as part of #5089. 2021-03-08 09:42:47 +01:00
Rasmus Lerchedahl Petersen
cc9a938054 InlineExpectationTest: clarify the nedd for an 
empty `.expected` file
 2021-03-08 09:18:47 +01:00
Rasmus Lerchedahl Petersen
4a9023b989 Python: add comment with ref 2021-03-08 08:17:23 +01:00
Rasmus Lerchedahl Petersen
7142ddcb25 Python: add taint step for __traceback__ 2021-03-08 08:13:07 +01:00
Rasmus Lerchedahl Petersen
b36e0d0be7 Python: target SSA variable rather than Cfg node 
also add "INTERNAL: Do not use."
also give test functions different names
 2021-03-08 08:04:42 +01:00
Rasmus Lerchedahl Petersen
296297915c Python: add test for __traceback__ 2021-03-07 17:50:28 +01:00
ihsinme
2b1b94835e Update LateCheckOfFunctionArgument.ql 2021-03-07 16:10:32 +03:00
Rasmus Lerchedahl Petersen
aaaf90902f Python: File for dataflow section 
Initilally a copy of the one from C#
 2021-03-07 14:02:55 +01:00
Rasmus Lerchedahl Petersen
24e406d21a Documentation: Fix typo 
in dataflow documentation for C#
 2021-03-07 09:48:20 +01:00
luchua-bc
0ef3eee4ed Revamp the source and the sink of the query 2021-03-06 22:41:54 +00:00
Artem Smotrakov
891b975899 Use correct file names in SpringExporterUnsafeDeserialization.qhelp 2021-03-06 22:07:43 +01:00
Artem Smotrakov
bda223771b Added another example for SpringExporterUnsafeDeserialization.ql 2021-03-06 22:05:00 +01:00
Artem Smotrakov
82cb4a8d68 Renamed SpringHttpInvokerUnsafeDeserialization.ql 2021-03-06 21:48:35 +01:00
Artem Smotrakov
dcabce679a Cover beans from XML configs in SpringHttpInvokerUnsafeDeserialization.ql 2021-03-06 21:40:35 +01:00
p0wn4j
6841f5f7c4 Java: Add NashornScriptEngine detection in ScriptEngine query 
Java: Add NashornScriptEngine detection in ScriptEngine query

Java: Add NashornScriptEngine detection in ScriptEngine query

Java: Add NashornScriptEngine detection in ScriptEngine query
 2021-03-06 16:19:07 +04:00
Jaroslav Lobačevski
673e64909a github actions queries 2021-03-06 10:27:11 +02:00
luchua-bc
31eaa80f5b Revamp the source 2021-03-06 00:56:15 +00:00
Dave Bartolomeo
863497c695 C++: Update naming of queries and paths to use "summary" instead of "metrics" 2021-03-05 14:36:26 -05:00
Shati Patel
c53ce00944 Merge pull request #5342 from shati-patel/docs-delete-unused-script 
Docs: Remove unused script and workflow
lgtm/v1.27.0 codeql-cli/v2.4.6 v1.27.0 		2021-03-05 18:02:50 +00:00
Rasmus Wriedt Larsen
99c1b2039c Pyhton: Extract vulnerable hostnames into own predicate 
Which makes the code a bit cleaner (and made testing out back-tracking easier).
 2021-03-05 17:14:32 +01:00
Rasmus Wriedt Larsen
4804a0a9f8 Python: Minor refactor addressArg 2021-03-05 17:12:45 +01:00
Rasmus Wriedt Larsen
024a586a7d Python: Remove tags for old query copy 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:55 +01:00
Rasmus Wriedt Larsen
66c9cfad85 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:37 +01:00
Rasmus Wriedt Larsen
83539928e6 Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:20 +01:00
Shati Patel
85205a21de Docs: Remove query help script 2021-03-05 16:02:53 +00:00
Tom Hvitved
63686b5c4e C#: Use is [not] null throughout in the extractor 2021-03-05 16:28:12 +01:00
Tamás Vajk
23d994a4b4 Merge pull request #5197 from tamasvajk/feature/refactor-4 
C#: Enable nullability in Extraction.CSharp
 2021-03-05 16:24:19 +01:00
Anders Schack-Mulligen
cf4f55d9ab Merge pull request #5223 from smowton/smowton/feature/backward-dataflow-for-modelled-fluent-methods 
Java: Add backward dataflow edges through modelled function invocations
 2021-03-05 15:11:43 +01:00
Tom Hvitved
6e5af1a9f8 Data flow: Sync files 2021-03-05 14:56:40 +01:00
Tom Hvitved
d496503d5d Data flow: Restrict the size of getApNil() 2021-03-05 14:54:54 +01:00
Tom Hvitved
492add1f7a Data flow: Force join-order for Node::getEnclosingCallable() 2021-03-05 14:54:54 +01:00
Chris Smowton
012058a866 Apply review suggestions: use ArgumentNode.argumentOf, and change more uses of ValuePreservingCallable -> ValuePreservingMethod 2021-03-05 13:34:13 +00:00
Chris Smowton
eed357dc93 ValuePreservingCallable -> ValuePreservingMethod 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:28:35 +00:00
Chris Smowton
a37b98ca27 Value-preserving methods: handle generics in DataFlowUtil.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:15:06 +00:00
Chris Smowton
ca86925a45 Update java/ql/src/semmle/code/java/dataflow/FlowSteps.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:02:19 +00:00
Chris Smowton
45f3365d06 Apply suggestions from code review 
Note value-preserving functions can't be constructors

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 12:52:38 +00:00