hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,671 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Eisenberg
7f3066cd64 Java: Move the ExternalArtifact.qll module to the library pack 2021-08-24 13:01:02 -07:00
Chris Smowton
2689c13bde Merge pull request #6485 from Marcono1234/marcono1234/field-initializer-fix 
Java: Fix Field.getInitializer() matching non-initializer assignments
 2021-08-24 20:52:02 +01:00
Geoffrey White
8f38ab0116 Merge pull request #6540 from jbj/ctime-weaken-claims 
C++:Lower potentially-dangerous-function precision
 2021-08-24 17:01:23 +01:00
Jonas Jensen
19ee64d9ad C++:Lower potentially-dangerous-function precision 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
 2021-08-24 17:14:42 +02:00
yoff
2f5ed03798 Merge pull request #6323 from RasmusWL/sec-test-layout 
Python: Restructure security tests to contain query name
 2021-08-24 16:50:08 +02:00
Rasmus Lerchedahl Petersen
e865a290de Python: straight port of query 
The old query uses `pointsTo` to limit the sinks
to methods on lists and dictionaries.
That constraint is omitted here which could hurt performance.
 2021-08-24 16:35:11 +02:00
Rasmus Lerchedahl Petersen
e3765ced78 Python: Add tests for modification of defaults 2021-08-24 16:35:11 +02:00
Chris Smowton
5a2dfda09e Add test for field initializers 2021-08-24 14:04:45 +01:00
Marcono1234
c8d98ae649 Java: Fix Field.getInitializer() matching non-initializer assignments 2021-08-24 14:04:44 +01:00
Asger Feldthaus
8a564cc64b JS: Fix qldoc 2021-08-24 14:31:00 +02:00
Asger F
8f8a46848d Update javascript/ql/src/semmle/javascript/frameworks/Templating.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-08-24 14:16:41 +02:00
CodeQL CI
c66a34be9c Merge pull request #6533 from erik-krogh/cwdPath 
Approved by asgerf
 2021-08-24 13:10:38 +01:00
CodeQL CI
c0e8680c81 Merge pull request #6534 from erik-krogh/fallbackEntry 
Approved by asgerf
 2021-08-24 11:38:25 +01:00
Erik Krogh Kristensen
99d7e8b953 add change note 2021-08-24 12:35:20 +02:00
Chris Smowton
7f73efe3e1 Downgrade precision of java/concatenated-sql-query 2021-08-24 10:46:01 +01:00
Rasmus Wriedt Larsen
ca341bde08 Merge pull request #5612 from jty-team/jty/python/nosqlInjection 
Python: CWE-943 - Add NoSQL injection query
 2021-08-24 11:29:25 +02:00
Anders Fugmann
6b66f5dbb4 C++: Add change note for implicit downcasting involving references 2021-08-24 10:26:25 +02:00
Anders Fugmann
6d4b7c828c C++: Remove superfluous 'and any()' 2021-08-24 09:37:39 +02:00
Ian Lynagh
43355feaeb Merge pull request #6536 from github/igfoo/getPrimaryQlClasses 
All languages: Add getPrimaryQlClasses()
 2021-08-23 19:49:37 +01:00
Geoffrey White
bc9994774a Merge pull request #6515 from MathiasVP/clarify-initialization-vs-assignment-in-docs 
C++: Clarify difference between 'Initializer' and 'Assignment'.
 2021-08-23 18:00:36 +01:00
Ian Lynagh
1e06808105 Update cpp/change-notes/2021-08-23-getPrimaryQlClasses.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-23 16:52:07 +01:00
Chris Smowton
57d44b8a40 Merge pull request #6538 from atorralba/atorralba/fix-test-generator-qlpack 
Java: Adapt test generator to new qlpack name
 2021-08-23 15:57:38 +01:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Shati Patel
2a51abdee3 Merge pull request #6523 from shati-patel/vscode-docs 
Docs: Minor tweaks to VS Code docs (query history + viewing results)
 2021-08-23 15:06:09 +01:00
Tony Torralba
1ee2f6f207 Adapt test generator to new package name 2021-08-23 16:05:13 +02:00
Erik Krogh Kristensen
38477d7d2e Merge pull request #6462 from erik-krogh/repeat 
JS: support more regular expressions in js/incomplete-multi-character-sanitization
 2021-08-23 15:39:31 +02:00
Shati Patel
1dc18c4f9c Update docs/codeql/codeql-for-visual-studio-code/analyzing-your-projects.rst 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2021-08-23 14:37:51 +01:00
yoff
0c0f335b1c Merge pull request #6508 from github/RasmusWL-patch-1 
Python: Update comment for RegExpTreeView isExcluded
 2021-08-23 15:07:29 +02:00
james
18440710b4 fix typos 2021-08-23 14:02:53 +01:00
Anders Fugmann
c04ba7b724 C++: Revert benign change of return type from 'unsigned int' to 'int' in testcase, and add 'GOOD' annotation to the testcase 2021-08-23 14:58:43 +02:00
Anders Fugmann
9324d8f348 C++: Fix case where implicit downcasts were not detected when using reference 2021-08-23 14:44:49 +02:00
Anders Fugmann
8939a9b2c1 C++: Add tests for implicit downcast involving references 2021-08-23 14:42:36 +02:00
james
66bdbf4a28 address review comments 2021-08-23 11:35:04 +01:00
james
dbf7487a9b address review comments 2021-08-23 11:34:48 +01:00
Chris Smowton
0210d85ce8 Merge pull request #6499 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-23 11:26:36 +01:00
shati-patel
e1ae531b62 Docs: Auto-update copyright year 2021-08-23 11:11:31 +01:00
Chris Smowton
4cfa0f66a8 Merge pull request #6526 from github/aeisenberg/pack/java-default 
Packaging: Migrate default.qll
 2021-08-23 11:05:00 +01:00
yoff
467aa647da Merge pull request #6507 from tausbn/python-prevent-polynomial-redos-explosion 
Python: Prevent explosion in poly-ReDoS query
 2021-08-23 11:48:14 +02:00
Rasmus Lerchedahl Petersen
34d7772a0d Python: Move constraints into pranch charpreds 
For sequences and alternations, we require at least one child.
Otherwise, we wish to represent the term differently.
This avoids multiple representations.
 2021-08-23 11:44:00 +02:00
Erik Krogh Kristensen
5fe6671cc5 making it more explicit what character class matching is used for 2021-08-23 08:30:50 +02:00
Erik Krogh Kristensen
5d232bbfce recognize more src folders when "main" in package.json points to a compiled output 2021-08-23 08:09:01 +02:00
Erik Krogh Kristensen
32ac8778bd add the cwd option to shell executions as a sink to js/path-injection 2021-08-23 07:32:05 +02:00
github-actions[bot]
7d9f06fb63 Add changed framework coverage reports 2021-08-23 00:08:11 +00:00
Andrew Eisenberg
2042cc7871 Packaging: Migrate default.qll 2021-08-20 20:01:29 -07:00
Andrew Eisenberg
eda7616a23 Merge pull request #6514 from github/aeisenberg/pack/java 
Packaging: Refactor java and C#
 2021-08-20 15:24:13 -07:00
Andrew Eisenberg
8e75fef923 Fix identical files script 2021-08-19 14:55:54 -07:00
Andrew Eisenberg
c9f1c98390 Packaging: C# refactoring 
Split c# pack into `codeql/csharp-all` and `codeql/csharp-queries`.
 2021-08-19 14:09:35 -07:00
Andrew Eisenberg
8e750f18ad Packaging: Java refactoring 
Split java pack into `codeql/java-all` and `codeql/java-queries`.
 2021-08-19 14:09:35 -07:00
Andrew Eisenberg
39533317ff Merge pull request #6524 from github/aeisenberg/cpp/move-file 
C++: Move file from src to lib
 2021-08-19 13:46:31 -07:00
Andrew Eisenberg
2b36378917 C++: Move file from src to lib 
Neglected to do this one earlier.
 2021-08-19 13:12:42 -07:00