hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
5aba7142e8 C#: Add framework coverage report 2021-06-28 11:20:32 +02:00
Tamas Vajk
016e8fb2cf Adjust framework coverage jobs to cover C# 2021-06-28 11:20:32 +02:00
Tamas Vajk
b7a43dccd3 C#: Migrate System.Int32 flow summaries to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
a9ccd65fa9 C#: Migrate System.Web.HttpResponse sinks to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
45568d5b10 C#: Convert System.Console.Read* local flow source to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
9606816c39 Fix missing summarizedCallable case 2021-06-28 11:20:32 +02:00
Cornelius Riemenschneider
a1c38b78a9 Merge pull request #6163 from adityasharad/lines-of-code-make-unique 
Ensure only one query per language is tagged `lines-of-code`
codeql-cli/v2.5.7 		2021-06-28 10:57:29 +02:00
Rasmus Wriedt Larsen
5477b2e0d5 Python: Minor refactoring cleanup 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
4a2c99a021 Python: Inline LDAPImproperAuth.qll 
Since having it inlined makes the query a bit easier to read. We
obviously need to share it if we want to share this predicate, but for
now that does not seem to be the case.
 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
b33f6a315c Python: Fix select for py/improper-ldap-auth 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
dfe16aae4c Python: Handle both positional and keyword args for LDAP bind 2021-06-28 10:46:13 +02:00
Tom Hvitved
4f8a103df2 C#: Add active preprocessor conditions as suffix in all TRAP .push instructions 2021-06-28 10:34:42 +02:00
ihsinme
6e7644f529 Update FindIncorrectlyUsedExceptions.ql 2021-06-27 22:27:41 +03:00
Aditya Sharad
61e6dcb56d Ensure only one query per language is tagged lines-of-code 
Some languages have multiple `summary` queries for lines of code,
representing different forms of counting (user written, total, etc).
When Code Scanning sees results from multiple such summary queries in a single run,
it will need to choose one as the primary LoC count to display in the UI.

By ensuring only one query per language has the `lines-of-code` tag,
in future we can teach Code Scanning to look for this particular tag
to identify the primary LoC count.

If a "lines of user code" query is available, use that.
Otherwise use the total "lines of code".

(It is completely fine for multiple queries to be tagged with `summary`.)
 2021-06-25 16:45:37 -07:00
Chris Smowton
8aa9cd52b5 Merge pull request #5811 from mogwailabs/insecureJmxRmiServerEnvironment 
Java: Add query - insecure environment configuration during JMX/RMI server init
 2021-06-25 22:09:20 +01:00
Timo Mueller
e5fa5325b5 Auto formatting .ql file 2021-06-25 22:31:29 +02:00
Timo Mueller
eb0a13f60f Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment 2021-06-25 22:29:43 +02:00
Chris Smowton
def4a23af2 Merge pull request #4879 from intrigus-lgtm/java/improve-trustmanager 
Java: Add/improve insecure trustmanager query
 2021-06-25 18:15:55 +01:00
Tom Hvitved
e624fb46f9 Merge pull request #6152 from hvitved/csharp/dataflow/csv-out-ref 2021-06-25 18:02:59 +02:00
Rasmus Wriedt Larsen
97571e0b4f Python: Add modeling of peewee 2021-06-25 17:50:59 +02:00
Rasmus Wriedt Larsen
1317ae298c Python: Rename cursor => Cursor in PEP249 
Notice that since this will be part of the same PR as 5cfc433, it is OK
to do this change without keeping `PEP249::cursor` for backwards
compatibility.
 2021-06-25 17:30:35 +02:00
Rasmus Wriedt Larsen
d8db83d081 Python: Add cursor::instance for PEP249 
For Peewee modeling I want to be able to define new cursor instances
just like I can do for connections.
 2021-06-25 17:29:32 +02:00
Rasmus Wriedt Larsen
6be0db2c22 Python: Improve QLDoc of PEP249 modeling 2021-06-25 17:24:28 +02:00
Rasmus Wriedt Larsen
5cfc43395b Python: Refactor PEP249 to encapsulate in module 
So global namespace doesn't contain `Connection` whenever `PEP249.qll`
is imported
 2021-06-25 17:15:12 +02:00
intrigus
5aa711a956 Accept test changes. 2021-06-25 17:04:36 +02:00
Owen Mansel-Chan
44f0411b7c Merge pull request #6138 from owen-mc/java/model/apache-commons-collections 
Model Apache commons collections MapUtils class and keyvalue package
 2021-06-25 15:53:03 +01:00
Anders Schack-Mulligen
a79356e316 Apply suggestions from code review 2021-06-25 16:47:26 +02:00
intrigus
be57aeccf2 Remove change-note. 2021-06-25 16:47:26 +02:00
intrigus
5106aec319 Fix test location. 2021-06-25 16:47:25 +02:00
intrigus
36575bb26f Move back to experimental......... 2021-06-25 16:47:25 +02:00
intrigus
fe923facc8 Java: Move comments to separate lines. 
Move comments to separate lines to improve
the rendering in the finished query help.
 2021-06-25 16:47:25 +02:00
intrigus-lgtm
f527df73d5 Apply suggestions from code review. 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-06-25 16:47:25 +02:00
intrigus
f0d4b1d2b0 Java: Add change-note. 2021-06-25 16:47:25 +02:00
intrigus
6bfdf8d148 Java: Fix qhelp errors. 2021-06-25 16:47:24 +02:00
intrigus
dc0b06a735 Java: Factor out SecurityFlag library. 2021-06-25 16:47:24 +02:00
intrigus-lgtm
51fdcf86c8 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-25 16:47:24 +02:00
intrigus
6f217d37da Java: Apply suggestions from review. 2021-06-25 16:47:24 +02:00
intrigus
4a00670b68 Java: Reduce long comment. 2021-06-25 16:47:24 +02:00
intrigus
45cec3df1c Java: Use this consistently in QL classes. 2021-06-25 16:47:24 +02:00
intrigus
0c1ce74135 Java: Switch from tabs to spaces. 2021-06-25 16:47:24 +02:00
intrigus
281e0859d1 Java: Accept test changes. 2021-06-25 16:47:23 +02:00
intrigus
6413af4fbe Java: Expand tests. 2021-06-25 16:47:23 +02:00
intrigus
484533c659 Java: Flag "intentionally" unsafe methods in tests. 
Previously intentionally unsafe methods such as `disableCertificate`
would be ignored by this query. But now they will also be flagged
as it is hard to guess intentions...
Adjust the tests to account for this change.
 2021-06-25 16:47:23 +02:00
intrigus
7023793af4 Java: Fix compilation errors in test. 2021-06-25 16:47:23 +02:00
intrigus
6d09db6fd6 Java: Explicitly list custom flow steps. 2021-06-25 16:47:23 +02:00
intrigus
e4775e0fae Java: Remove "intention-guessing" sanitizer & simplify. 
This removes the sanitizer part that classified some results as FP
if the results were in methods with certain names, like
`disableVerification()`. I now think that it's a bad idea to filter
based on the method name.
The custom flow steps in `flagFlowStep` are now listed explicitly.
Simplified check whether a method throws an exception.
 2021-06-25 16:47:23 +02:00
intrigus
8a7f6b72e9 Java: Apply suggestions for QHelp 2021-06-25 16:47:23 +02:00
intrigus
d37d922e8f Java: Fix Typos 2021-06-25 16:47:22 +02:00
intrigus-lgtm
030c286902 Java: Use machine-in-the-middle consistently 2021-06-25 16:47:22 +02:00
intrigus-lgtm
f52e438f3e Java: Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-06-25 16:47:22 +02:00