hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,671 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
69541d3628 Merge pull request #6744 from rdmarsh2/rdmarsh2/dtt-subpath 
C++: add subpaths to DefaultTaintTracking
 2021-09-24 11:58:31 +01:00
Benjamin Muskalla
70e1724463 Exclude methods with non-public parameter types 2021-09-24 12:41:12 +02:00
Anders Fugmann
cbdabe35de C++: Update test results to reflect changes 2021-09-24 12:29:28 +02:00
Anders Fugmann
c9c41252e3 C++: Update test results in SimpleRangeAnalysis 2021-09-24 12:23:48 +02:00
Anders Fugmann
3437cf2909 C++: only use upperbound if there are no overflows in the guard 2021-09-24 11:46:58 +02:00
Anders Fugmann
d7afd86a27 C++: Add test case exposing problem with overflows for upperBound predicate 2021-09-24 11:44:05 +02:00
Benjamin Muskalla
38ca5aba98 Move test generator into subdirectory 2021-09-24 11:13:04 +02:00
Benjamin Muskalla
4e6a8d991e Move stub generator into subdirectory 2021-09-24 11:12:41 +02:00
Benjamin Muskalla
cb0a567c03 Merge pull request #6743 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-09-24 09:23:35 +02:00
Anders Fugmann
032ac50034 C++: Do not warn on static buffer overflow using loop counters, if the loop counter has been widened 2021-09-24 08:31:36 +02:00
Anders Fugmann
3e5f7d0db5 C++: using buildin offsetof for an array member indexed after end is legal 2021-09-24 08:31:35 +02:00
Anders Fugmann
b08eabec68 C++: Relax predicate memberMayBeVarSize to mark all members of size 0 or 1 as variable sized 2021-09-24 08:31:35 +02:00
Anders Fugmann
a4a9e2aa96 C++: Weaken wording on overflow static alert text 2021-09-24 08:31:35 +02:00
Robert Marsh
3189c578a4 C++: Add QLDoc to subpaths in DefaultTaintTracking 2021-09-23 22:42:38 -07:00
Robert Marsh
c2b356ab08 C++: add subpaths to DefaultTaintTracking 2021-09-23 21:00:45 -07:00
github-actions[bot]
ceb9a0bd6b Add changed framework coverage reports 2021-09-24 00:08:02 +00:00
Anders Schack-Mulligen
a031b2a090 Merge pull request #6493 from atorralba/atorralba/cleartext-storage-query-refactor 
Java: Refactor Cleartext Storage queries
 2021-09-23 16:31:17 +02:00
Tony Torralba
b52a2cd292 Apply code review comments 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-09-23 15:48:15 +02:00
Anders Schack-Mulligen
6be4b3bac6 Merge pull request #6725 from emilejq/date-format 
Java: Remove requirements for final and access mods from DateFormatThreadUnsafe
 2021-09-23 15:02:17 +02:00
Anders Schack-Mulligen
4841c3037d Java: Add callback dispatch to more anonymous classes. 2021-09-23 14:34:56 +02:00
Rasmus Wriedt Larsen
f14e3f6007 Merge pull request #5445 from jorgectf/jorgectf/python/ldapinsecureauth 
Python: Add LDAP Insecure Authentication query
 2021-09-23 11:08:13 +02:00
Emile El-Qawas
83fb41e414 Add visibility constraints; Fix non-compliant code 2021-09-23 09:55:49 +01:00
Tony Torralba
d0b9920cac Fix encryption sanitizer 
It now discards sensitive exprs (sources) instead of sinks for better precision
 2021-09-23 10:42:30 +02:00
Tony Torralba
51d2b5225e Remove cached property from SensitiveSource::flowsTo 2021-09-23 10:42:30 +02:00
Tony Torralba
563e8a2bd6 Remove unused library 2021-09-23 10:42:30 +02:00
Tony Torralba
a30554e97c Refactored cleartext storage libraries 2021-09-23 10:42:30 +02:00
Rasmus Wriedt Larsen
ef6e502ff0 Python: Make LDAP global options test better 
Before it didn't really showcase that we know it can make connections
secure.
 2021-09-23 10:18:18 +02:00
Chris Smowton
93daaf5b5b Merge pull request #6174 from joefarebrother/guava-collections 
Java: Model Guava collections package
 2021-09-23 09:13:24 +01:00
Rasmus Wriedt Larsen
70489b2fc2 Merge branch 'main' into jorgectf/python/ldapinsecureauth 2021-09-23 10:05:56 +02:00
Tom Hvitved
27c45d8dda Merge pull request #6731 from hvitved/remove-reduced-env-var 
Remove `CODEQL_REDUCE_FILES_FOLDERS_RELATIONS`
 2021-09-23 09:39:17 +02:00
Chris Smowton
3123abfac3 Merge pull request #6711 from bananabr/AndroidLoggingFix 
Fix Android logging signature
 2021-09-22 17:23:04 +01:00
Joe Farebrother
522c6e01d2 Sort models by class and name 2021-09-22 15:23:01 +01:00
yoff
14a31a2299 Merge pull request #6732 from RasmusWL/minor-sqlalchemy-comment-fixes 2021-09-22 15:15:52 +02:00
Mathias Vorreiter Pedersen
35baff8bac C#/C++: Sync identical files. 2021-09-22 13:32:29 +01:00
Mathias Vorreiter Pedersen
5969c227ab C++: Fix QLDoc on 'getAllocationAddressOperand' and 'getAllocationAddress'. 2021-09-22 13:32:20 +01:00
Rasmus Wriedt Larsen
8badba26b8 Python: Minor SQLALchemy comment fixes 2021-09-22 13:58:29 +02:00
Chris Smowton
24e3ad4e18 Remove unnecessary type constraint 2021-09-22 10:54:24 +01:00
Mathias Vorreiter Pedersen
a66f83644b Merge pull request #6728 from rdmarsh2/rdmarsh/sql-models-followup 
C++: Add additional functions to the SQL models
 2021-09-22 10:19:51 +01:00
Tom Hvitved
364dab6990 Remove CODEQL_REDUCE_FILES_FOLDERS_RELATIONS 2021-09-22 09:43:56 +02:00
Edoardo Pirovano
b960857fc2 Merge pull request #6722 from edoardopirovano/update-analyze-docs 
Update documentation to reflect changes to `database analyze`
 2021-09-22 08:29:45 +01:00
yoff
65d3373ad3 Merge pull request #6727 from RasmusWL/fix-sqlalchemy-query 
Python: Merge SQLAlchemy TextClause injection into `py/sql-injection`
 2021-09-22 09:29:28 +02:00
Robert Marsh
3108817717 C++: Add additional functions to the SQL models 2021-09-21 17:34:01 -07:00
Rasmus Wriedt Larsen
d44f279339 Python: Fix .qhelp 2021-09-21 20:35:03 +02:00
Rasmus Wriedt Larsen
a83bb39d0f Python: Merge SQLAlchemy TextClause injection into py/sql-injection 
As discussed in a meeting today, this will end up presenting an query
suite that's easier to use for customers.

Since https://github.com/github/codeql/pull/6589 has JUST been merged,
if we get this change in fast enough, no end-user will ever have run
`py/sqlalchemy-textclause-injection` as part of LGTM.com or Code
Scanning.
 2021-09-21 20:21:42 +02:00
Robert Marsh
d62f76afa6 Merge pull request #6133 from MathiasVP/promote-sql-pqxx 
C++: Promote `cpp/sql-injection-via-pqxx` out of experimental
 2021-09-21 10:13:57 -07:00
Robert Marsh
97c2917c16 Merge pull request #6409 from JordyZomer/main 
cpp: Add query to detect unsigned integer to signed integer conversio…
 2021-09-21 09:57:44 -07:00
Joe Farebrother
3cd675bfff Manually fill in most of the remaining support method calls 2021-09-21 17:56:18 +01:00
Mathias Vorreiter Pedersen
478093aa89 Update cpp/ql/lib/semmle/code/cpp/models/interfaces/Sql.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-09-21 17:51:24 +01:00
Emile El-Qawas
dcae1c5c04 DateFormatThreadUnsafe - Remove requirements for final and access modifiers 2021-09-21 16:50:48 +01:00
Joe Farebrother
6e9bee1be7 Add missing models 2021-09-21 16:32:49 +01:00