hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,671 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus Brock-Nannestad
5f5285955b Merge branch 'main' into python-api-graphs-import-star 2021-09-07 14:13:56 +02:00
Taus
b99c075282 Merge pull request #6460 from yoff/python-regex-parsing-consistency-checks 
Python: Add regex parsing consistency checks
 2021-09-07 13:33:59 +02:00
Tom Hvitved
bef05f885c C#: Update CIL data flow tests 2021-09-07 13:02:20 +02:00
Anders Schack-Mulligen
f6541811d2 Dataflow: Update more tests. 2021-09-07 13:02:20 +02:00
Anders Schack-Mulligen
f30dad7705 Dataflow: Update test expected outputs. 2021-09-07 13:02:20 +02:00
Rasmus Wriedt Larsen
8f52089475 C#: Fix CWE tag for cs/insufficient-key-size 
Since this targets

CWE-326 Inadequate Encryption Strength

> The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
> \- https://cwe.mitre.org/data/definitions/326.html

and not

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

> The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
> \- https://cwe.mitre.org/data/definitions/327.html

This matches what we do for similar query in Python: https://github.com/github/codeql/blob/main/python/ql/src/Security/CWE-326/WeakCryptoKey.ql
 2021-09-07 12:59:10 +02:00
Anders Schack-Mulligen
7ec1fa2ebe Dataflow: Sync. 2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen
2d7d45a8ac Dataflow: Account for hidden nodes. 2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen
3c3d71d4a0 Dataflow: Sync 2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen
81ed3e7176 Dataflow: Add subpaths query predicate. 2021-09-07 12:51:42 +02:00
Tamás Vajk
1dc712f54d Merge pull request #6629 from tamasvajk/feature/dispatch-fix 
C#: Fix dispatch library to handle summarized callables with no runti…
 2021-09-07 12:35:45 +02:00
Tamas Vajk
203ca3f91b C#: improve stubbing to escape more member names (not just fields) 2021-09-07 12:34:23 +02:00
Tamás Vajk
7befdc9c5c Merge pull request #6627 from tamasvajk/feature/stub-readme 
C#: Add readme to stub folder
 2021-09-07 12:09:52 +02:00
Tamás Vajk
c63fd4a254 Merge pull request #6260 from tamasvajk/feature/method-name 
C#: Change generic method names to include <> and type args/params
 2021-09-07 12:09:27 +02:00
Rasmus Lerchedahl Petersen
fcd346c2af Python: Add flow from default values 
to their parameters.
This creates data-flow inconsistencies,
probably because the default values have incorrect enclosing callables
 2021-09-07 11:33:09 +02:00
Tom Hvitved
bcaf0658e4 C#: Use explicit Code Analysis build command 2021-09-07 10:58:06 +02:00
Mathias Vorreiter Pedersen
5cecea42e4 Merge pull request #6603 from geoffw0/impropnulltests 
C++: Add test cases for cpp/improper-null-termination.
 2021-09-07 09:55:36 +01:00
Mathias Vorreiter Pedersen
b7206c1218 Merge pull request #6581 from geoffw0/uncontrolledarith2 
CPP: Improvements for cpp/uncontrolled-arithmetic
 2021-09-07 09:48:59 +01:00
Anders Fugmann
ebdda885f9 C++: Update test annotation for OverflowStatic 2021-09-07 10:38:16 +02:00
Rasmus Lerchedahl Petersen
e8644f6f2a Python: coment out discriminating test 
The test case has different behaviour between py2/3.
When merging this, we should create an issue to resolve it.
 2021-09-07 10:30:38 +02:00
Rasmus Lerchedahl Petersen
b48caaf465 Python: fix reference to PrintNode.qll 2021-09-07 10:19:42 +02:00
Rasmus Lerchedahl Petersen
8729701b66 Merge branch 'main' of github.com:github/codeql into python/port-modification-of-default-value 
Files have moved around, specifically PrintNode.qll.
 2021-09-07 10:13:51 +02:00
Rasmus Lerchedahl Petersen
29cb067769 Python: Remember to update test expectations 2021-09-07 10:13:17 +02:00
Rasmus Lerchedahl Petersen
ae8408bcab Python: Add missing qldoc 2021-09-07 10:09:02 +02:00
Rasmus Lerchedahl Petersen
4998a48f99 Python: Fix simple guards 2021-09-06 22:40:30 +02:00
Chris Smowton
79ff7baaf6 Claim Java 16 support 
As of https://github.com/github/codeql/pull/6604 we support all new Java 16 features
 2021-09-06 17:17:17 +01:00
yoff
138a7ae67f Merge pull request #6349 from RasmusWL/more-modeling 
Python: Improve various library modeling
 2021-09-06 17:01:45 +02:00
Tamas Vajk
3a9cf639bd Change ServiceStack redis sinks to code injection instead of SQL injection 2021-09-06 16:59:31 +02:00
Tamas Vajk
5fa9f16c01 Adjust ServiceStack CSV rows with generic method names 2021-09-06 16:45:21 +02:00
yoff
c7146ac10c Update python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2021-09-06 16:00:58 +02:00
Tamas Vajk
f6366e1e1f Merge branch 'feature/method-name' into feature/service-stack 2021-09-06 15:52:08 +02:00
Tamas Vajk
207d8f6030 Merge branch 'main' into feature/service-stack 2021-09-06 15:46:43 +02:00
Anders Fugmann
9af4d560dd Merge branch 'main' into andersfugmann/improve_upper_bound 2021-09-06 14:26:58 +02:00
Tamas Vajk
5014ef2337 C#: Add ServiceStack support with CSV data model 2021-09-06 14:06:37 +02:00
Tamas Vajk
43ccc14162 Add ServiceStack stubs and empty test referencing it 2021-09-06 14:05:41 +02:00
Tamas Vajk
e3a49f8213 C#: improve stubbing to escape more member names (not just fields) 2021-09-06 14:02:42 +02:00
Tamas Vajk
270b56af1b Extend runtime callables to interface members with default implementation 2021-09-06 14:02:42 +02:00
Tamas Vajk
39a88d2e43 Fix dispatch library to handle summarized callables with no runtime target 2021-09-06 14:02:42 +02:00
Tamas Vajk
648197db35 C#: Fix dispatch library to handle summarized callables with no runtime target 2021-09-06 13:45:43 +02:00
Tamas Vajk
0d88d18781 C#: Add readme to stub folder 2021-09-06 13:42:36 +02:00
Andrew Eisenberg
bb9911e06f Merge pull request #6605 from aeisenberg/aeisenberg/pack/consistency 2021-09-06 04:40:58 -07:00
Rasmus Wriedt Larsen
b28bddd22c Merge pull request #6598 from RasmusWL/fail-on-missing-query-pack 
Misc: Make `generate-code-scanning-query-list.py` fail on missing query pack
 2021-09-06 13:22:13 +02:00
Tamas Vajk
b7f13a7e1f C#: Change generic method names to include <> and type args/params 2021-09-06 11:48:22 +02:00
Erik Krogh Kristensen
85e1c87d14 use the new non-extending-subtypes syntax 2021-09-06 11:19:50 +02:00
Erik Krogh Kristensen
8d4af3ad81 convert field based range pattern to casting based range pattern 2021-09-06 11:05:23 +02:00
Anders Fugmann
ddbaf585ec Merge branch 'main' into andersfugmann/improve_upper_bound 2021-09-06 10:32:44 +02:00
Anders Fugmann
e4d22ea628 C++: Add comment on why getGuardedUpperBound must have exactly one predecessor 2021-09-06 10:31:32 +02:00
Anders Schack-Mulligen
5a47ddbf77 Merge pull request #6604 from smowton/smowton/admin/marcono-record-tests 
Java: Add tests for static and final modifiers relating to record classes
 2021-09-06 09:32:32 +02:00
Tamás Vajk
b9ef6c7e55 Merge pull request #6596 from tamasvajk/fix/stub-ordering 
C#: Fix ordering of stubbed type members, implemented interfaces, and…
 2021-09-06 09:27:19 +02:00
ihsinme
8b0d5a2e7b Update cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-09-05 22:46:37 +03:00