hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
4f9a6c151b Dataflow: Code review fixes. 2021-06-01 10:29:17 +02:00
Mathias Vorreiter Pedersen
8765c33847 C++: Also check the number of parameters to keep the tests happy. 2021-06-01 10:17:57 +02:00
Ishaq Mohammed
96150a455d Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-06-01 13:47:43 +05:30
Ishaq Mohammed
975355de4a Adding reference link for csurf 2021-06-01 13:41:25 +05:30
Mathias Vorreiter Pedersen
615c805b2c C++: Only use std::rand as a source of randomness. 2021-06-01 09:28:06 +02:00
Henning Makholm
70b9739d2d QL language reference: add monotonic aggregate example 
It's easier to understand what's going on if we start with a
(contrived) example that _doesn't_ involve recursion.
 2021-05-31 21:23:08 +02:00
Mathias Vorreiter Pedersen
41c93d92d7 C++: Remove FPs from right shifts and explicitly bounded random functions. 2021-05-31 15:40:02 +02:00
Mathias Vorreiter Pedersen
10755ece88 C++: Add testcase with bounded randomness source. 2021-05-31 15:33:39 +02:00
Anders Schack-Mulligen
683f853fa5 Dataflow: Fix another bad join order. 2021-05-31 15:14:13 +02:00
Erik Krogh Kristensen
85bd8f1020 add change-note for TypeScript 4.3 2021-05-31 13:08:52 +02:00
Erik Krogh Kristensen
e6b1c61e81 add tests for TypeScript 4.3 2021-05-31 13:08:43 +02:00
Erik Krogh Kristensen
2cc2d116bc bump extractor version 2021-05-31 13:08:24 +02:00
Erik Krogh Kristensen
35d7fda5e2 update typescript to 4.3 in the extractor 2021-05-31 13:08:09 +02:00
Mathias Vorreiter Pedersen
6d7b95c15d Merge pull request #5966 from erik-krogh/overrideConsistency 
CPP/C#: make some parameter names consistent with the names used in the super class
 2021-05-31 11:57:10 +02:00
Jonas Jensen
4e502d10d6 Merge pull request #5951 from MathiasVP/optimize-switcCase-getAStmt 
C++: Remove large antijoin in `SwitchCase.getAStmt`
 2021-05-31 11:50:32 +02:00
Taus
bae3728e3c Merge pull request #5945 from RasmusWL/minor-qldoc-cleanup 
Python: Minor QLDoc cleanup
 2021-05-31 11:40:44 +02:00
Taus
d9911a016e Merge pull request #5933 from RasmusWL/expand-use-of-input-test 
Python: Expand test of py/use-of-input
 2021-05-31 11:39:33 +02:00
Mathias Vorreiter Pedersen
b4e4c12d0f C++: Use a rank aggregate for a much better implementation. 2021-05-31 11:17:09 +02:00
Jonas Jensen
f97b8ad1d4 Merge pull request #5961 from MathiasVP/fix-FPs-in-incorrect-allocation-error-handling 
C++: Exclude custom `operator new` from `cpp/incorrect-allocation-error-handling`
 2021-05-31 10:54:59 +02:00
Mathias Vorreiter Pedersen
66d284ee59 Merge pull request #5766 from ihsinme/ihsinme-patch-267 
CPP: Add query for CWE-415 Double Free
 2021-05-31 10:51:32 +02:00
ihsinme
d808a5b131 Update cpp/ql/test/experimental/query-tests/Security/CWE/CWE-415/semmle/tests/test.c 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-31 11:16:38 +03:00
Mathias Vorreiter Pedersen
175fdbb105 C++: Replace exists(not ...) with not exists(...). 2021-05-31 09:54:24 +02:00
Tamas Vajk
18931e39c8 Improve error reporting in CI check for CSV coverage report comparison 2021-05-31 09:52:14 +02:00
haby0
d6782767b7 Fix typos 2021-05-31 11:12:22 +08:00
Alvaro Muñoz
41d034d5a0 Attempt to use information-leak sink category 2021-05-30 00:22:40 +02:00
Artem Smotrakov
b28d639166 Fixed errors in UnsafeDeserializationRmi.qhelp 2021-05-29 09:32:08 +02:00
Artem Smotrakov
62c6bee5f8 Simplified UnsafeDeserializationRmi.ql 2021-05-29 09:21:20 +02:00
Alvaro Muñoz
ece84d13e5 Merge branch 'github:main' into main 2021-05-28 22:40:10 +02:00
Henry Mercer
263699d8bc Merge pull request #5914 from github/henrymercer/code-scanning-diagnostic-queries 
Code Scanning selectors: Include diagnostic queries
 2021-05-28 18:53:11 +01:00
Mathias Vorreiter Pedersen
64975e5c1e Merge pull request #5842 from japroc/cpp-pqxx-sqli-sink 
C++: SqlPqxxTainted query searches for sql injections via pqxx connector to postgres
 2021-05-28 17:01:27 +02:00
Erik Krogh Kristensen
b947334eea CPP: make some parameter names consistent with the names used in the super class 2021-05-28 16:48:47 +02:00
mr-sherman
ec48d0ac29 Merge remote-tracking branch 'upstream/main' into service-stack-remote-sink 
merging from main because it fell way behind.
 2021-05-28 10:30:29 -04:00
Alvaro Muñoz
f60df3b26a Update java/change-notes/2021-05-28-remove-senderror-xss-sink.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-28 15:13:19 +02:00
Alvaro Muñoz
5a894ac7f7 update java library coverage documentation 2021-05-28 15:13:19 +02:00
Alvaro Muñoz
db2f05ac24 Updated Java change notes 2021-05-28 15:13:18 +02:00
Alvaro Muñoz
735e4e4b7b update failing tests 2021-05-28 15:13:18 +02:00
Alvaro Muñoz
706874491b Remove XSS sink for Java 2021-05-28 15:13:18 +02:00
Rasmus Wriedt Larsen
6e9d74403a Merge pull request #5963 from adityasharad/python/lines-of-user-code 
Python: Treat `py/summary/lines-of-user-code` as the primary summary metric
 2021-05-28 11:08:35 +02:00
Jonas Jensen
eda25bb402 Merge pull request #5962 from erik-krogh/getAPrimaryQlClass 
CPP/Java: Fix getAPrimaryQlClass implementations
 2021-05-28 09:31:16 +02:00
Aditya Sharad
b41a06a15c Python: Treat py/summary/lines-of-user-code as the primary summary metric 
Move the `lines-of-code` tag from `py/summary/lines-of-code`.
Code Scanning will eventually look for this tag.

The intent is to treat the number of lines of user code for Python as the summary of
how much code was analysed, ignoring both external libraries and generated code.
This matches the current baseline metric the CodeQL Action computes for Python.
We'll revisit this decision, and the baseline, if necessary.
 2021-05-27 13:20:24 -07:00
Erik Krogh Kristensen
79989cc3f4 CPP/Java: Fix getAPrimaryQlClass implementations 2021-05-27 21:36:27 +02:00
Rasmus Wriedt Larsen
ab73b10869 Merge pull request #5959 from github/igfoo/ReturnValueIgnored_python 
python: Correct the ReturnValueIgnored.qhelp docs
 2021-05-27 11:51:42 +02:00
Mathias Vorreiter Pedersen
4107e350cb C++: Add qldoc to NoThrowType. 2021-05-27 11:39:03 +02:00
Mathias Vorreiter Pedersen
71a860a356 C++: Exclude custom operator new allocators from the ThrowingAllocator class. 2021-05-27 11:23:11 +02:00
Evgenii Protsenko
efa657d47c C++: SqlPqxxTainted.ql Add namespace check 2021-05-27 00:13:54 +03:00
Mathias Vorreiter Pedersen
e01d7127e2 Merge pull request #5958 from github/igfoo/ReturnValueIgnored 
C++: Update the ReturnValueIgnored.qhelp docs to match the code
 2021-05-26 19:04:41 +02:00
Ian Lynagh
f0bec74ce3 python: Correct the ReturnValueIgnored.qhelp docs 2021-05-26 17:40:57 +01:00
Ian Lynagh
f9ede97fcd C++: Update the ReturnValueIgnored.qhelp docs to match the code 2021-05-26 17:38:49 +01:00
Rasmus Wriedt Larsen
795a1c7006 Merge pull request #5443 from jorgectf/jorgectf/python/ldapInjection 
Python: Add LDAP Injection query
 2021-05-26 11:52:31 +02:00
Rasmus Wriedt Larsen
f807c2f52b Python: autoformat 2021-05-26 11:07:48 +02:00