hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
edvraa
e790ee7c2e Fix formatting 2021-08-04 14:06:27 +03:00
Tony Torralba
452fd9a8e3 Refactor to path query 2021-08-04 13:05:18 +02:00
Anders Schack-Mulligen
fe654dc8ee Merge pull request #6418 from github/cwe-918-add-sec-sev 
Update Security-Severity for CWE-918
 2021-08-04 13:04:40 +02:00
Tamas Vajk
6405b89443 Add DB upgrade script to change generic type names to undecorated ones 2021-08-04 12:38:16 +02:00
Tamas Vajk
f1a596ee81 Fix code review findings 2021-08-04 12:38:16 +02:00
Tamas Vajk
62f5af9ac8 Fix TupleType::getName 2021-08-04 12:38:16 +02:00
Tamas Vajk
d3803b01e4 Fix nested generic type qualified names 2021-08-04 12:38:16 +02:00
Tamas Vajk
99fe9d8d07 Fix erroneous space in type name 2021-08-04 12:38:16 +02:00
Tamas Vajk
0cfd73c818 Adjust QL getName to the extracted undecorated names 2021-08-04 12:38:15 +02:00
Tamas Vajk
8df77060ba C#: Remove type args/params from generic type names in extractor 2021-08-04 12:38:15 +02:00
turbo
a8f84da7ac Update Security-Severity for CWE-918 2021-08-04 12:17:21 +02:00
Tony Torralba
b586f3ec9c Make the additional flow step abstract 2021-08-04 12:11:17 +02:00
Tony Torralba
f4bc4df8c1 Renamed JWTQuery so that it's named after the actual query name 2021-08-04 12:08:08 +02:00
Anders Schack-Mulligen
1a078c38ad Merge pull request #6412 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-04 09:58:34 +02:00
github-actions[bot]
8a2acda53c Add changed framework coverage reports 2021-08-04 00:07:10 +00:00
Erik Krogh Kristensen
fe551f1359 remove the last use of createCollection 2021-08-03 21:54:55 +02:00
Jordy Zomer
19bb8e8c17 Make requested changes 2021-08-03 21:54:04 +02:00
Robert Marsh
55256d434d Merge pull request #6410 from geoffw0/uncontrolledarithtests 
C++: Clean up the test directories for cpp/uncontrolled-arithmetic
 2021-08-03 12:46:31 -07:00
Geoffrey White
e679eac008 C++: Rename test directories to match the test names, where possible. 2021-08-03 18:43:02 +01:00
Jordy Zomer
e07516585a cpp: Add query to detect unsigned integer to signed integer conversions used in pointer arithmetics 2021-08-03 19:08:47 +02:00
Mathias Vorreiter Pedersen
8ce6335383 Merge pull request #6372 from geoffw0/uncontrolledarith 2021-08-03 17:53:39 +02:00
Erik Krogh Kristensen
85d6bfe044 move createCollection to the only place it is used 2021-08-03 16:55:44 +02:00
Erik Krogh Kristensen
ef5ea437c3 remove raw Object type where possible, and simplify accordingly 2021-08-03 16:55:38 +02:00
Geoffrey White
54253bc2eb C++: Resurrect underflow detection, but only on unsigned types. 2021-08-03 15:02:39 +01:00
Chris Smowton
eaf3d3cc03 Merge pull request #6162 from smowton/smowton/feature/jax-rs-content-type-sensitivity-fixes 
Jax-RS: implement content-type tracking
 2021-08-03 14:53:31 +01:00
Geoffrey White
23ba7dcf9c Merge pull request #6141 from ihsinme/ihsinme-patch-276 
CPP: Add a query to find incorrectly used exceptions. 2
 2021-08-03 14:46:39 +01:00
Anders Schack-Mulligen
7fb1e1578e Merge pull request #5894 from atorralba/atorralba/promote-ognl-injection 
Java: Promote OGNL Injection query from experimental
 2021-08-03 15:31:40 +02:00
Anders Schack-Mulligen
be6fd7c22e Merge pull request #6382 from bmuskalla/stringValueOfTaint 
Track taint for String.valueOf(..)
 2021-08-03 15:30:30 +02:00
Chris Smowton
3bf41491b3 Apply suggestions from code review 2021-08-03 14:15:39 +01:00
Benjamin Muskalla
8ce841493c Avoid taint for valueOf(Object) 2021-08-03 14:46:55 +02:00
ihsinme
a1755b0b53 Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-03 15:42:59 +03:00
ihsinme
e5c30c2edf Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-03 15:29:51 +03:00
Anders Schack-Mulligen
c0d76da1a6 Merge pull request #5846 from atorralba/atorralba/promote-unsafe-android-webview-fetch 
Java: Promote Unsafe resource loading in Android WebView from experimental
 2021-08-03 14:24:34 +02:00
Tony Torralba
f5cbec4938 Fix tests affected by Jackson stubs changes 2021-08-03 14:22:55 +02:00
Anders Schack-Mulligen
fb9feabe64 Merge pull request #6062 from atorralba/atorralba/promote-groovy-injection 
Java: Promote Groovy Code Injection from experimental
 2021-08-03 14:19:15 +02:00
ihsinme
4f09545f24 Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-03 15:12:39 +03:00
ihsinme
15e76d1a98 Update cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-08-03 15:11:22 +03:00
Mathias Vorreiter Pedersen
43044cd475 Merge pull request #6081 from ihsinme/ihsinme-patch-273 
CPP: Add a query to find incorrectly used switch
 2021-08-03 13:16:45 +02:00
Tony Torralba
a33e0bce9d Fix tests affected by Jackson stubs changes 2021-08-03 13:15:45 +02:00
Anders Schack-Mulligen
ad86641e22 Merge pull request #6216 from smowton/smowton/admin/serializability-dataflow 
Create a dataflow instance specifically for the Serializability library
 2021-08-03 13:03:49 +02:00
Tony Torralba
c44de87503 Fix reference to PostUpdateNode 2021-08-03 12:45:12 +02:00
Tom Hvitved
ee51e1593f Merge pull request #6217 from hvitved/csharp/dataflow/csv-override-fix 
C#: Fix CSV overrides logic
 2021-08-03 12:11:26 +02:00
Chris Smowton
36379146c5 Resync dataflow clone 2021-08-03 11:03:30 +01:00
Joe Farebrother
a4659f4e96 Exclude package protected members 2021-08-03 10:51:39 +01:00
Chris Smowton
afa827829a Make imports private where possible 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-03 10:36:46 +01:00
Chris Smowton
a52c4746bc Improve docs 2021-08-03 10:36:46 +01:00
Chris Smowton
75310a6609 Create a dataflow instance specifically for the Serializability library 
Otherwise because this dataflow instance populates AdditionalTaintStep there is an ever-present danger that a user will stumble into creating a recursive configuration, or at least that by using DataFlow5::Configuration for any other purpose they will needlessly recalculate the Serializability dataflow results.
 2021-08-03 10:36:46 +01:00
Chris Smowton
f83f950be6 Merge pull request #6325 from smowton/smowton/feature/org-json-models 
Java: add models of JSON-java, aka `org.json`
 2021-08-03 10:33:49 +01:00
Mathias Vorreiter Pedersen
3a456577d8 Merge pull request #6378 from geoffw0/impropnull 
C++: Test and improve cpp/improper-null-termination
 2021-08-03 11:32:15 +02:00
CodeQL CI
07f6ce7f3b Merge pull request #6398 from erik-krogh/authHeader 
Approved by esbena
 2021-08-03 02:04:35 -07:00