hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
intrigus
592fd1e8ca Java: Accept test changes 2021-06-25 16:47:22 +02:00
intrigus
1b96d0ac54 Java: Remove overlapping code 2021-06-25 16:47:22 +02:00
intrigus
87554a78d4 Java: Add insecure trust manager query. 2021-06-25 16:47:22 +02:00
Timo Müller
8daa398af6 Update InsecureRmiJmxEnvironmentConfiguration.ql 2021-06-25 16:12:37 +02:00
Timo Mueller
b969b9b5e7 Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment 2021-06-25 16:11:47 +02:00
Timo Mueller
72ef4983db Fixed wrong match for symbolic constant 2021-06-25 16:11:37 +02:00
Timo Müller
328b69f46c Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql 2021-06-25 16:10:20 +02:00
Rasmus Wriedt Larsen
c476c89de5 Python: Add tests for peewee 2021-06-25 16:08:57 +02:00
Owen Mansel-Chan
bad32716e8 Import Apache Collections models in ExternalFlow 2021-06-25 14:51:09 +01:00
Timo Müller
d1a4f57342 Added chapter about generating qhelp files locally 2021-06-25 15:48:27 +02:00
Timo Mueller
5aeeb3a801 Fixed and validated qhelp 2021-06-25 15:37:47 +02:00
Owen Mansel-Chan
044ecc51e5 Manually improve tests #2 2021-06-25 13:51:18 +01:00
Mathias Vorreiter Pedersen
794d96e52c C++: Use call context information to perform function-pointer resolution. 2021-06-25 14:45:56 +02:00
Rasmus Wriedt Larsen
9573048ee8 Python: Port py/clear-text-logging-sensitive-data 2021-06-25 14:35:31 +02:00
Rasmus Wriedt Larsen
68cfeb0b5c Python: Model logging from the logging module 2021-06-25 14:26:35 +02:00
Rasmus Wriedt Larsen
c05e375401 Python: Fix indentation of hashlib modeling 2021-06-25 14:26:35 +02:00
Rasmus Wriedt Larsen
36c9ceb13b Python: Add Logging concept 2021-06-25 14:26:35 +02:00
Rasmus Wriedt Larsen
a7eb1b3a12 Python: Minor QLDoc fixup 2021-06-25 14:26:35 +02:00
Owen Mansel-Chan
e2803800dc Add change note 2021-06-25 12:55:09 +01:00
Owen Mansel-Chan
2fd4c9f1b9 Manually improve tests 2021-06-25 11:17:11 +01:00
Owen Mansel-Chan
1bb33bca33 Add Apache Commons Collections to coverage reports 2021-06-25 11:17:10 +01:00
Owen Mansel-Chan
eb469c0811 Duplicate models for old package name 
The package name was org.apache.commons.collection until release 4.0.
 2021-06-25 11:17:09 +01:00
Owen Mansel-Chan
2e670c4050 Manually update automatically generated stubs 2021-06-25 11:17:08 +01:00
Owen Mansel-Chan
acc43fcaca Add options file 2021-06-25 11:17:07 +01:00
Owen Mansel-Chan
5feee9cc17 Add automatically-generated stubs 2021-06-25 11:17:06 +01:00
Owen Mansel-Chan
7004c87ec0 Manually edit tests so they pass 2021-06-25 11:17:05 +01:00
Owen Mansel-Chan
4388f19ddf Add automatically-generated tests 2021-06-25 11:17:04 +01:00
Owen Mansel-Chan
224fd343f3 Fix models (addressing PR review comments) 2021-06-25 11:17:03 +01:00
Owen Mansel-Chan
e78d56e7e9 Model MapUtils class and keyvalue package 2021-06-25 11:17:02 +01:00
Owen Mansel-Chan
213f5d6a37 Model and use isEmpty from Apache Collections 2021-06-25 11:17:01 +01:00
Owen Mansel-Chan
492f6ebc7c Model isNotEmpty from Apache Commons Collections 2021-06-25 11:17:00 +01:00
Mathias Vorreiter Pedersen
fd477383b0 C++: Fix join order in 'bbSuccessorEntryReachesLoopInvariant'. 2021-06-25 10:49:33 +02:00
Anders Schack-Mulligen
2d24387e9e Merge pull request #6149 from edoardopirovano/fix-java-regression 
Performance: Fix bad join order in Java dataflow library
 2021-06-25 10:42:05 +02:00
Timo Müller
d0478eac95 XML validation and spelling/ordering changes 
* XML validation and summary changes in qhelp file
;

* Encode entities within <code> snippet

* Updated minor descriptions and examples

* Implemented spelling review
 2021-06-25 09:45:46 +02:00
Tamás Vajk
1cddcdfcb1 Merge pull request #6123 from tamasvajk/feature/framework-coverage-pr 
Add scheduled job to update framework coverage
 2021-06-25 09:18:10 +02:00
CodeQL CI
28c060e758 Merge pull request #6113 from erik-krogh/promise 
Approved by esbena
 2021-06-24 13:25:42 -07:00
yo-h
61c89369b8 Merge pull request #6151 from tamasvajk/fix/csv-comment-backwards-compat 
Fix framework coverage commenting action
 2021-06-24 15:57:03 -04:00
Tom Hvitved
7a9f9e245f C#: Handle CSV data-flow summaries with out/ref parameters 2021-06-24 18:34:25 +02:00
Chris Smowton
2acb4de2cb Merge pull request #5955 from haby0/java/JShellCodeInjection 
Java: JShell Injection
 2021-06-24 17:03:30 +01:00
Rasmus Wriedt Larsen
a9469b73d9 Python: Port py/clear-text-storage-sensitive-data 2021-06-24 17:39:08 +02:00
Rasmus Wriedt Larsen
8926b3edc7 Python: Add change-note for CookieWrite 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
7017beca47 Python: Model CookieWrite for twisted 
Had to split the call to `request.cookies.append` since inline
expectation tests didn't like the expectation that contained `=` :(
 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
4606444b85 Python: Model CookieWrite for flask 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
65c526df86 Python: Model CookieWrite for tornado 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
9340d658a4 Python: Model CookieWrite for django 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
930ed0a712 Python: Minor django fixup 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
226425e831 Python: Model CookieWrite for aiohttp 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
e1af1f11ee Python: Add HTTP::Server::CookieWrite concept 
along with tests, but no implementations (to ease reviewing).

---

I've put quite some thinking into what to call our concept for this.

[JS has `CookieDefinition`](581f4ed757/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll (L148-L187)), but I couldn't find a matching concept in any other languages.

We used to call this [`CookieSet`](f07a7bf8cf/python/ql/src/semmle/python/web/Http.qll (L76)) (and had a corresponding `CookieGet`).

But for headers, [Go calls this `HeaderWrite`](cd1e14ed09/ql/src/semmle/go/concepts/HTTP.qll (L97-L131)) and [JS calls this `HeaderDefinition`](581f4ed757/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll (L23-L46))

I think it would be really cool if we have a naming scheme that means the name for getting the value of a header on a incoming request is obvious. I think `HeaderWrite`/`HeaderRead` fulfils this best. We could go with `HeaderSet`/`HeaderGet`, but they feel a bit too vague to me. For me, I'm so used to talking about def-use, that I would immediately go for `HeaderDefinition` and `HeaderUse`, which could work, but is kinda strange.

So in the end that means I went with `CookieWrite`, since that allows using a consistent naming scheme for the future :)
 2021-06-24 17:34:43 +02:00
Mathias Vorreiter Pedersen
a294fb07f5 C++: Add change-note. 2021-06-24 16:01:59 +02:00
Mathias Vorreiter Pedersen
af56c782bf C++: Add QLDoc. 2021-06-24 15:57:01 +02:00