hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
b6904a7992 Merge branch 'main' into atorralba/promote-ognl-injection 2021-07-20 17:17:17 +02:00
Tony Torralba
22c9baa462 Refactor JWT.qll 2021-07-20 17:14:34 +02:00
Tony Torralba
430d9f1834 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-07-20 16:20:35 +02:00
Tony Torralba
8f1ecf529f QLDoc 2021-07-20 15:53:38 +02:00
Tony Torralba
42b6b26c10 Decouple JndiInjection.qll to reuse the taint tracking configuration 2021-07-20 15:38:34 +02:00
Anders Schack-Mulligen
77d53676ba Java: Remove deprecated ParExpr. 2021-07-20 15:27:31 +02:00
Taus
6591a86aad Python: Add test cases 
I debated whether to add a
`MISSING: use=moduleImport("builtins").getMember("print").getReturn()`
annotation to the last line.

Ultimately, I decided to add it, as we likely _do_ want this information
to propagate into inner functions (even if the value of `var2` may
change before `func4` is called).
 2021-07-20 13:26:35 +00:00
Taus
e53b86fbbc Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-07-20 15:19:45 +02:00
Geoffrey White
5d1c7841a6 C++: Change note. 2021-07-20 14:14:01 +01:00
Tony Torralba
b8ea833a61 Merge branch 'main' into atorralba/promote-jndi-injection 2021-07-20 15:01:26 +02:00
Taus
bbcbcefedc Python: Add false negative test case. 2021-07-20 12:54:06 +00:00
Tony Torralba
68df8028d2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-20 14:47:16 +02:00
Taus
233ae5a54b Python: Fix FP in py/unused-local-variable 
This is only a temporary fix, as indicated by the TODO comment.

The real underlying issue is the fact that `isUnused` is defined in
terms of the underlying SSA variables (as these are only created
for variables that are actually used), and the fact that annotated
assignments are always considered to redefine their targets, which may
not actually be the case.

Thus, the correct fix would be to change the extractor to _disregard_
mere type annotations for the purposes of figuring out whether an
SSA variable should be created or not.

However, in the short term the present fix is likely sufficient.
 2021-07-20 12:13:44 +00:00
Taus
8b3fa789da Python: Add AnnAssign DefinitionNode 
This was a source of false positives for the
`py/uninitialized-local-variable` query, as exemplified by the test
case.
 2021-07-20 11:57:26 +00:00
Taus
f91e826781 Python: Add test case 2021-07-20 11:57:12 +00:00
Arthur Baars
890adf97d6 Merge pull request #6333 from github/rc/3.2 
Merge rc/3.2 to main
 2021-07-20 12:19:20 +02:00
Geoffrey White
ae944b268a C++: Restrict the 'check' to stat / access only as these are by far the more reliable results. 2021-07-20 11:18:00 +01:00
James Fletcher
a365d4fb34 update docs for security-severity 2021-07-20 11:00:13 +01:00
Rasmus Wriedt Larsen
5a489a386a Merge pull request #6329 from havron/qhelp-typo 
Fix qhelp typo in RequestWithoutValidation
 2021-07-20 10:18:35 +02:00
Artem Smotrakov
158a75e5a1 Import UnsafeDeserializationQuery in unsafeDeserialization.ql 2021-07-20 10:14:50 +02:00
Tony Torralba
0f199601f8 Refactor GroovyInjection.qll 2021-07-20 09:44:37 +02:00
Anders Schack-Mulligen
47528b3379 Merge pull request #6332 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-20 09:27:59 +02:00
github-actions[bot]
bed08a6f4f Add changed framework coverage reports 2021-07-20 00:06:37 +00:00
Ethan P
1cf5386824 Create publishing-and-using-codeql-packs.rst 2021-07-19 18:42:01 -04:00
Ethan P
a5cbc560e3 Add conceptual info for creating and working with CodeQL packs 2021-07-19 18:41:44 -04:00
Porcuiney Hairs
c6c925d67a Python : Improve Xpath Injection Query 2021-07-20 03:31:30 +05:30
Aditya Sharad
48778ce9a4 Merge pull request #6160 from timoles/patch-1 
Add information for generating qhelp files locally
 2021-07-19 14:14:22 -07:00
Ethan P
26a36592ce Add intros and Overview headers 2021-07-19 16:29:18 -04:00
Ethan P
511e01aa1b shorten title for full-cwe 2021-07-19 16:23:57 -04:00
Sam Havron
733e5b45bf Fix qhelp typo in RequestWithoutValidation 2021-07-19 16:01:06 -04:00
Timo Müller
b24c096a76 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-07-19 21:12:59 +02:00
Aditya Sharad
20fa8e49c8 Merge pull request #6326 from adityasharad/codeowners/codeql-tools 
Codeowners: Add reviewer teams for CodeQL tools and associated docs
 2021-07-19 11:15:58 -07:00
Ethan P
5028fccee5 Create new CWE coverage overview and full CWE coverage page 2021-07-19 14:01:42 -04:00
Ethan P
618e8b34dc Create individual language pages for CWE tables 2021-07-19 14:01:18 -04:00
Aditya Sharad
94b2b174c1 Merge pull request #6177 from skyzyx/patch-1 
Update getting-started-with-the-codeql-cli.rst
 2021-07-19 10:58:43 -07:00
Geoffrey White
ab4b2c2342 C++: Fix 'rename'. 2021-07-19 18:58:39 +01:00
Geoffrey White
95ec8f5394 C++: Add support for '_wfsopen'. 2021-07-19 18:36:09 +01:00
Aditya Sharad
c26a4d315d Codeowners: Add reviewer teams for CodeQL tools and associated docs 2021-07-19 10:35:59 -07:00
Chris Smowton
7819d32784 Make MediaType stub constants actually constant 
This is required to use them in annotations
 2021-07-19 18:28:30 +01:00
Chris Smowton
a0297d51e5 Note fixed test result 
the Optional type has now been modelled
 2021-07-19 18:28:06 +01:00
Chris Smowton
82ea2592ad Spring HTTP: Fix test mistakes 
Classes without RestController and methods without GetMapping or similar were never going to be detected.
 2021-07-19 18:21:13 +01:00
Chris Smowton
392e405f5d Add Spring-XSS test 
This covers the cases currently exercised in https://github.com/github/codeql-securitylab/blob/main/java/ql/src/pwntester/security/RestXSS.ql
 2021-07-19 18:21:11 +01:00
Chris Smowton
16c5952167 Add and improve Spring-web stubs 2021-07-19 18:20:37 +01:00
Chris Smowton
8051a7cd83 Add change note 2021-07-19 18:11:05 +01:00
Chris Smowton
34a4b71891 Add models of JSON-java, aka org.json 2021-07-19 17:57:27 +01:00
Arthur Baars
43c68eae94 Merge pull request #6324 from github/aibaars/include-diagnostic-summary 
Code Scanning selectors: Include diagnostic and summary metric queries
 2021-07-19 17:16:48 +02:00
Arthur Baars
ed054acd8e Merge pull request #6305 from intrigus-lgtm/patch-5 
C# remove spurious spaces in <code> tag
 2021-07-19 17:09:36 +02:00
Arthur Baars
d960ef2dac Code Scanning selectors: Include diagnostic and summary metric queries 2021-07-19 17:05:43 +02:00
Rasmus Wriedt Larsen
5249591747 Python: Fix test folder for InsecureProtocol 2021-07-19 16:57:00 +02:00
Rasmus Wriedt Larsen
5939128a76 Python: Fix test folder for InsecureDefaultProtocol 
it was named wrong before. whoops.
 2021-07-19 16:56:07 +02:00