hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,673 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
ec79094957 Merge pull request #5191 from MathiasVP/regression-test-const-member-function 
C++: Add test for missing flow due to const specifier
 2021-02-17 10:59:20 +00:00
Mathias Vorreiter Pedersen
25beadcb05 Update cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/search.c 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-02-17 11:54:24 +01:00
Geoffrey White
c07a60818c C++: Simplify IteratorAssignArithmeticOperator. 2021-02-17 10:49:28 +00:00
Mathias Vorreiter Pedersen
e1c4406fd4 Merge pull request #5187 from geoffw0/modelsbsl5 
C++: Support BSL in Allocation.qll, Deallocation.qll.
 2021-02-17 11:48:53 +01:00
Mathias Vorreiter Pedersen
6db75df943 Merge pull request #5186 from geoffw0/modelsbsl4 
C++: More models work
 2021-02-17 11:46:23 +01:00
Francis Alexander
58971f9f4e Switch qualified name to available CollectionType 2021-02-17 16:01:27 +05:30
Rasmus Wriedt Larsen
cf9ad0cdc5 Python: Move ExternalAPI queries back under Security 
This was raised as a question at review, and I don't really have a good enough
argument for moving it under POI. At the end of the day, they are _security_
related enough I guess :)
 2021-02-17 11:29:33 +01:00
Rasmus Wriedt Larsen
dec026a820 Python: Fix security qlref to have single empty line 2021-02-17 11:26:02 +01:00
Rasmus Wriedt Larsen
1adb510578 Python: Add a single missing QLDoc 2021-02-17 11:24:11 +01:00
Mathias Vorreiter Pedersen
1b148c4c90 C++: Add reduced testcase demonstrating the problem in codeql-c-analysis-team/issues/231. 2021-02-17 11:20:00 +01:00
Rasmus Wriedt Larsen
2927d888cf Python: Fix location of PathInjection tests 2021-02-17 11:20:00 +01:00
Mathias Vorreiter Pedersen
f5d5460dde C++: Fix testcase. 2021-02-17 10:53:31 +01:00
Chris Smowton
c700d004e0 Commons Lang/Text StrBuilder: propagate taint from constructors 2021-02-17 09:51:28 +00:00
Chris Smowton
c243e03133 Lang3 StrBuilder: fix typo and coding style 2021-02-17 09:50:56 +00:00
Erik Krogh Kristensen
408ac2729d Merge pull request #5066 from CaptainFreak/express-hbs-lfr 
JS: add query for Express-HBS LFR
 2021-02-17 10:41:38 +01:00
Chris Smowton
10112c50ab Add support for StrBuilder and TextStringBuilder in commons-text 
These are identical to the current deprecated StrBuilder in commons-lang3.
 2021-02-17 09:36:28 +00:00
Chris Smowton
714611f803 Address review feedback 2021-02-17 09:36:21 +00:00
Chris Smowton
a63f18e49d Add models for Commons-Lang's StrBuilder class. These exclude its fluent methods for the time being, which will be added in a forthcoming PR. 2021-02-17 09:36:20 +00:00
Anders Schack-Mulligen
5188ad1444 Merge pull request #5126 from smowton/smowton/feature/commons-stringutils 
Java: Add support for Apache Commons Lang StringUtils
 2021-02-17 09:48:22 +01:00
Francis Alexander
520ba47293 Sanitizer improvements from code review 2021-02-17 08:35:50 +05:30
Robert Marsh
6aeec5872d Merge branch 'main' into rdmarsh2/cpp/operand-reuse 2021-02-16 15:42:58 -08:00
Rasmus Wriedt Larsen
d98aae9fc1 Python: Expose framework identifier for route-setup and req handler 
This makes collecting metrics on framework coverage a bit simpler (specifically
giving the RoutedParameter class a more descriptive result for getSourceType).

I guess it can also help a bit when trying to get an overview of a new DB, but
making metrics collection easier is my main motivation for this.
 2021-02-16 23:44:03 +01:00
Geoffrey White
3323683ab2 C++: Support BSL in Allocation.qll, Deallocation.qll. 2021-02-16 19:19:06 +00:00
Sauyon Lee
8db234f5f3 Merge pull request #5092 from github/sauyon-patch-1 
Add GoKit to Go supported library list
 2021-02-16 11:04:43 -08:00
Geoffrey White
d068ede65b Merge pull request #5180 from criemen/bsl-stdcontainer 
C++: Refactor StdContainer.qll.
 2021-02-16 18:53:08 +00:00
Geoffrey White
58230d6d0a C++: Model BSL in Fread.qll. 2021-02-16 18:00:51 +00:00
Mathias Vorreiter Pedersen
fa44cedd38 C++: Add isBarrier to CgiXss.ql. 2021-02-16 18:58:28 +01:00
Geoffrey White
e17d539883 C++: Model BSL in Getenv.qll. 2021-02-16 17:56:48 +00:00
Taus
36be72972d Merge pull request #2663 from tausbn/python-type-annotation-reuse-fp 
Python: Add false positive test example for issue #2652.
 2021-02-16 18:46:15 +01:00
Taus Brock-Nannestad
04eb0c774c Python: Use LocalSourceNode in type tracker tests 
One minor change to the tests results needed: there is no longer local
flow going into the `ModuleVariableNode` for `attr_ref` in the
`moduleattr.ql` test, but I think this is reasonable.
 2021-02-16 18:25:54 +01:00
Geoffrey White
735e014b43 C++: Model BSL in Gets.qll. 2021-02-16 17:22:59 +00:00
Cornelius Riemenschneider
f7f8dd49c6 Merge pull request #5156 from geoffw0/modelsbsl 
C++: Improve StdSet and StdPair models
 2021-02-16 18:00:23 +01:00
Cornelius Riemenschneider
3fb42194a5 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-02-16 17:58:45 +01:00
Geoffrey White
92df1f7a3d Merge pull request #5165 from criemen/bsl-model-identity 
C++: Refactor IdentityFunction.qll.
 2021-02-16 16:32:57 +00:00
Taus
9499edf761 Merge pull request #5078 from RasmusWL/flask-blueprints 
Python: Add modeling of Flask blueprints
 2021-02-16 17:22:13 +01:00
Geoffrey White
c32e54e902 Merge pull request #5176 from criemen/bsl-smartptr 
BSL support for smart pointers and other std classes.
 2021-02-16 16:21:50 +00:00
Jonathan Leitschuh
a8167c6c9c Add docstring for DeclaredRepository.getUrl 2021-02-16 11:21:19 -05:00
Cornelius Riemenschneider
173b16ae21 Merge pull request #5169 from criemen/bsl-pure 
C++: Model bsl functions in Pure.qll.
 2021-02-16 17:19:11 +01:00
Cornelius Riemenschneider
80eaf0b67a Merge pull request #5174 from criemen/bsl-str 
Model bsl functions in Str*.qll
 2021-02-16 17:18:40 +01:00
Cornelius Riemenschneider
f087ff3e49 Merge pull request #5167 from criemen/bsl-memset 
C++: Refactor Mem*.qll and include bsl model.
 2021-02-16 17:18:29 +01:00
Cornelius Riemenschneider
a04883cafc C++: Fix compilation. 2021-02-16 16:17:59 +00:00
Cornelius Riemenschneider
552f0a7c5e C++: Address review. 2021-02-16 15:55:41 +00:00
Chris Smowton
a2eeffa9c0 Add support for Apache Commons Lang StringUtils 2021-02-16 14:48:39 +00:00
Chris Smowton
bf03c0f419 Port InlineExpectationsTest for the Java analysis 2021-02-16 14:48:39 +00:00
Rasmus Wriedt Larsen
bc8e61366b Python: Clarify comment about flask blueprint URL prefixes 2021-02-16 15:29:25 +01:00
Rasmus Wriedt Larsen
1e1cb87436 Python: Model flask blueprints 2021-02-16 15:26:51 +01:00
luchua-bc
e698ee77f7 Update qldoc and test method 2021-02-16 14:11:39 +00:00
Rasmus Wriedt Larsen
b7ea469e26 Python: Add tests for flask blueprints 2021-02-16 15:03:00 +01:00
Rasmus Wriedt Larsen
bf401c7498 Merge pull request #5103 from tausbn/python-port-flask-to-api-graphs 
Python: Port Flask models to use API graphs
 2021-02-16 15:00:46 +01:00
Rasmus Wriedt Larsen
4b9e37f62d Docs: Update list of support frameworks in Python 
So it follows what is we actually support with 6eafa9d396/python/ql/src/semmle/python/Frameworks.qll
 2021-02-16 14:37:11 +01:00