hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
8f91e9eba0 JavaScript: Model chaining calls in sqlite3. 2021-05-10 10:58:58 +01:00
Rasmus Wriedt Larsen
8afdf26540 Python: Add modeling of idna PyPI package 2021-05-10 11:47:11 +02:00
Tony Torralba
d99b5bfc66 Reuse previous tests from experimental 2021-05-10 11:17:20 +02:00
Asger F
f4e636dcd6 Update javascript/ql/src/semmle/javascript/frameworks/ClassValidator.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-10 10:08:10 +01:00
CodeQL CI
097b6e5e33 Merge pull request #5794 from erik-krogh/rxPipe 
Approved by asgerf
 2021-05-10 02:06:34 -07:00
Erik Krogh Kristensen
d913668943 move hasPathWithoutUnmatchedReturn to Configuration.qll 2021-05-10 10:55:33 +02:00
Rasmus Wriedt Larsen
7ed20a8b2c Python: Add reminder to update docs for new frameworks 2021-05-10 10:55:21 +02:00
Erik Krogh Kristensen
b4e35f54d9 fix typo 2021-05-10 10:48:43 +02:00
Erik Krogh Kristensen
646bf99489 rewrite the qhelp to focus more on documenting unsafe functions 2021-05-10 10:48:40 +02:00
Asger Feldthaus
df5eab33f9 JS: Update relevantTaintSource() 2021-05-10 09:43:33 +01:00
CodeQL CI
b1f28afcbd Merge pull request #5741 from asgerf/js/more-cheat-sheet 
Approved by erik-krogh
 2021-05-10 01:34:56 -07:00
Mathias Vorreiter Pedersen
474b337eeb C++: Add change-note. 2021-05-10 10:22:44 +02:00
Mathias Vorreiter Pedersen
c91ed80e6c C++: Fix false positive by computing range of the converted expression. 2021-05-10 10:12:43 +02:00
Mathias Vorreiter Pedersen
7ac7830973 C++: Add testcase with false positive involving a conversion on the large-expression side of the comparison. 2021-05-10 10:11:31 +02:00
Erik Krogh Kristensen
3fe5dd0f35 add comment about filtering away jQuery from the source 2021-05-10 10:05:18 +02:00
Tony Torralba
c70503142f Require JS enabled even when cross-origin access is enabled in the webviews 2021-05-10 09:45:59 +02:00
Tom Hvitved
8b465e86e0 Merge pull request #5820 from hvitved/csharp/cfg/constructor-same-compilation 
C#: Improve CFG for constructors when there are multiple implementations
 2021-05-10 09:23:16 +02:00
thank_you
0238e51c10 Add checks for EmbeddedDocument classes 
Mongoengine supports EmbeddedDocument documents. We should check for this in our query.
 2021-05-09 19:42:40 -04:00
thank_you
07c3e22428 Fix method name to match flask_mongoengine library 2021-05-09 19:23:52 -04:00
jorgectf
8665747316 Update sink and sanitizer to match new naming 2021-05-08 18:08:50 +02:00
Dave Bartolomeo
d9f243d18a Java: Fix QLDoc for Container.toString() 
Fixes #5828

The QLDoc was just too specific about the default implementation. I've improved the wording.
 2021-05-08 11:14:02 -04:00
Hayk Andriasyan
fd88b72101 Delete JSchOSInjection.qhelp 2021-05-08 12:51:15 +04:00
${sleep,5}
67bc576e30 Delete StdLib.qll 2021-05-07 17:37:02 -04:00
jorgectf
0fc044dfd5 Checkout Stdlib.qll 2021-05-07 23:03:23 +02:00
jorgectf
e7bdc73420 Update .expected 2021-05-07 23:00:21 +02:00
jorgectf
65c6f1976a Rename mongoengine-flask-db-document-subclass 2021-05-07 23:00:08 +02:00
Dave Bartolomeo
773e5f2e2e Merge remote-tracking branch 'upstream/main' into side-effects 2021-05-07 16:50:48 -04:00
Dave Bartolomeo
187e136ecc C++: Generate IR side effects for smart pointer indirections 
When inserting side effect instructions for argument indirections, we now insert side effects for smart pointers as we would for raw pointers. The address operand of the side effect instruction is  the smart pointer object, which is a bit odd. However, I'd like to think through the design of a more principled solution before doing additional work.

A few new tests are added to the existing IR tests. In addition, the IR tests now `#include` some of the shared STL headers. I've disabled IR dumps for functions from those headers, since they only get in the way of the test cases we intended.
 2021-05-07 16:50:03 -04:00
Dave Bartolomeo
f0a994a570 C++: Fix pointer flow modeling for smart pointer setters 2021-05-07 16:33:15 -04:00
jorgectf
2ad72ad693 Add LDAP framework entry in Frameworks.qll 2021-05-07 22:16:12 +02:00
jorgectf
6159fbea2b Update functions naming 2021-05-07 22:15:51 +02:00
jorgectf
34b8af30ac Move structure to LDAP.qll 2021-05-07 22:09:57 +02:00
Dave Bartolomeo
653ef9d257 C++: Improve consistency failure message for multiple MemoryLocations on a memory access. 2021-05-07 16:04:01 -04:00
Dave Bartolomeo
54b9f2175d C++: Allow annotating IR dumps with Alias Analysis info 
This commit adds a `PrintAliasAnalysis.qll` module, which can be imported alongside `PrintIR.qll` to annotate those dumps with alias analysis results.
 2021-05-07 16:03:11 -04:00
Jorge
c2b96b3a5e Add documentation to main classes' functions. 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-05-07 21:51:10 +02:00
thank_you
aa24c689bc Add back accidentally deleted StdLib.qll file 2021-05-07 15:17:01 -04:00
thank_you
83f0870231 Update file path of module 2021-05-07 15:13:56 -04:00
thank_you
9a44020af3 Rename StdLib.qll file to NoSQL.qll file 
It makes more sense to have this file represent just the NoSQL module
 2021-05-07 15:13:30 -04:00
thank_you
8f8eff231a Fix comment description of predicate 2021-05-07 15:08:48 -04:00
Jorge
ae806cd445 Merge branch 'github:main' into jorgectf/python/ldapimproperauth 2021-05-07 20:46:09 +02:00
thank_you
7693d696cc Add additional query tests 
To ensure that this query works against numerous usages of libraries such as PyMongo, Flask PyMongo, Mongoengine, and Flask Mongoengine, I've added a variety of query tests to test against. These tests deal with scenarious such as:

- Subscript expressions
- Mongoengine instances and Document subclasses
- Mongoengine connection usage
- And more...
 2021-05-07 14:36:02 -04:00
thank_you
1d36aa6649 Add additional querying for mongoengine Document subclassing 
After further research, it was discovered that Flask-Mongoengine has multiple ways of allowing a developer to call the Document class. One way is by directly importing the Document class from the module. Another approach is to get the Document class via a mongoengine instance.

The update to this query checks for cases where the developer gets the Document class via the MongoEngine instance.

Other misc changes include setting the various predicates to private.
 2021-05-07 14:30:50 -04:00
Geoffrey White
65ac5b862d Merge pull request #5847 from MathiasVP/improve-wrong-in-detecting-and-handling-memory-allocation-errors 
Improve wrong in detecting and handling memory allocation errors
 2021-05-07 17:39:04 +01:00
Mathias Vorreiter Pedersen
2241d7b359 Merge pull request #5616 from geoffw0/unsigneddiff2 
C++: Improve cpp/unsigned-difference-expression-compared-zero
 2021-05-07 17:58:53 +02:00
Geoffrey White
75edcf0b4f Merge branch 'main' into unsigneddiff2 2021-05-07 16:35:16 +01:00
Geoffrey White
69468514f0 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:42 +01:00
Geoffrey White
91be483c57 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:36 +01:00
Geoffrey White
fc96c1c400 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:23 +01:00
Geoffrey White
5db6abe2f4 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:22:48 +01:00
Geoffrey White
894f5d523c Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:19:48 +01:00