hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,673 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ihsinme
b277082462 Update DeclarationOfVariableWithUnnecessarilyWideScope.qhelp 2021-05-05 23:28:04 +03:00
Evgenii Protsenko
330eaea467 C++: SqlPqxxTainted.ql style fixes 2021-05-05 21:48:14 +03:00
Evgenii Protsenko
955d97f6be C++: Init SqlPqxxTainted.ql 2021-05-05 21:25:36 +03:00
Henry Mercer
a3c57c43c8 Code Scanning selectors: Include summary metrics 2021-05-05 16:38:39 +01:00
Henry Mercer
74c9994305 Code Scanning selectors: Add alert aliases 2021-05-05 16:36:39 +01:00
Shati Patel
059a5f35fa Merge pull request #5812 from mario-campos/patch-1 
Add React Native to JavaScript frameworks docs
 2021-05-05 16:03:41 +01:00
Tony Torralba
c138ed3e4d QLDocs 2021-05-05 16:51:15 +02:00
Tony Torralba
03ce8d689f Refactored to use CSV sink model 2021-05-05 16:34:30 +02:00
Erik Krogh Kristensen
4ac21e9f3f make the .filter step more precise 2021-05-05 14:53:09 +02:00
Rasmus Wriedt Larsen
d50f22504e Python: Fix .expected 2021-05-05 14:07:15 +02:00
CodeQL CI
69cd9dfb7d Merge pull request #5826 from erik-krogh/moreLib 
Approved by esbena
 2021-05-05 04:40:49 -07:00
Felicity Chapman
8b2009cfb1 Minor updates to qhelp file 2021-05-05 12:36:29 +01:00
Rasmus Wriedt Larsen
668bfd3a41 Python: Support EC keygen without class-instance for cryptography 
I also added a new test to show off how what the origin ends up looking
like... I think it looks ok
 2021-05-05 12:29:55 +02:00
Erik Krogh Kristensen
ab53f3b380 add array.filter() as a taint-step 2021-05-05 12:03:14 +02:00
Erik Krogh Kristensen
e333267e69 require that the factory function is in a main module file 2021-05-05 12:00:38 +02:00
Tony Torralba
9b78cee37a Add tests 2021-05-05 11:59:57 +02:00
Tony Torralba
be50e8f30c Moved from experimental to standard 2021-05-05 11:59:49 +02:00
Tony Torralba
458b89bf5f Added Android stubs 2021-05-05 11:57:01 +02:00
Erik Krogh Kristensen
fc3f5adbbb more source code examples in PackageExports.qll 2021-05-05 11:48:41 +02:00
Erik Krogh Kristensen
28eef264e5 recognize the define(..) call in PackageExports.qll 2021-05-05 11:23:25 +02:00
Jonas Jensen
390ee3a6b8 Merge pull request #5829 from MathiasVP/reorder-get-instruction-opcode 
C++: Reorder getInstructionOpcode
 2021-05-05 11:13:15 +02:00
Erik Krogh Kristensen
3ca670146e remove outdated comment 2021-05-05 11:10:45 +02:00
Rasmus Wriedt Larsen
3ceb8bbcc6 Python: Add cryptography test for EC 
Apparently, passing in the class (without instantiating it) is allowed
 2021-05-05 10:52:57 +02:00
Rasmus Wriedt Larsen
dc4a0c1d38 Python/JS: Fix typo 2021-05-05 10:13:54 +02:00
Mathias Vorreiter Pedersen
066cdb55d7 C++: Add qldoc explaining column order. 2021-05-05 09:30:12 +02:00
Mathias Vorreiter Pedersen
f03c99ab03 Merge pull request #5835 from hmakholm/hmakholm/pr/blowup-fix 
CPP: fix semi-unused variables in WrongInDetectingAndHandlingMemoryAllocationErrors.q
 2021-05-05 08:15:37 +02:00
Henning Makholm
4964ce347b CPP: fix semi-unused variables in WrongInDetectingAndHandlingMemoryAllocationErrors.ql 
The fact that `aex` and `it` was each used in just one disjunct of the
exists() body caused the optimizer to generate perfectly horrible
code, including a pointless cartesian product between them that caused
the evaluation to blow up.

Fix it such that each variable is logically scoped. That makes the
compiler much happier.
 2021-05-05 02:31:11 +02:00
thank_you
c4a67e522c Rewrite query to take into account MongoClient and subscript expressions 
A couple of notes with these changes:

- Added TypeTracker pattern to handle subscript expressions. We've found that pymongo supports subscripts expressions when calling databases and collections. To resolve this, we implemented the TypeTracker pattern to catch those subscripts since CodeQL Python API modeling doesn't support subscript expressions.

- After some research, we've discovered that MongoEngine and Flask-MongoEngine utilize MongoClient under-the-hood. This requires us to rewrite the query so that instead of querying these libraries with specific queries, we are instead going to query for usages of MongoClient since all of the libraries we are targeting utilizes MongoClient under-the-hood.
 2021-05-04 19:29:31 -04:00
thank_you
56dc4d886e Add comment on BsonObjectIdCall 2021-05-04 19:11:59 -04:00
CodeQL CI
95f26aadd3 Merge pull request #5681 from yoff/python-support-pathlib 
Approved by tausbn
 2021-05-04 09:20:24 -07:00
Robert Marsh
5ee74d269a Merge pull request #5822 from MathiasVP/more-cwe-tags-in-code-scanning 
C++: Add more CWE tags to queries in the Code Scanning suite
 2021-05-04 09:01:00 -07:00
Timo Müller
a65481d24b Apply suggestions from code review more precise help text 2021-05-04 17:30:49 +02:00
Timo Müller
65642df1a0 Apply suggestions from code review for help text 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 17:28:34 +02:00
Timo Mueller
152f4862ec Reworked the references a bit 2021-05-04 16:10:15 +02:00
Timo Mueller
81363a8843 Some better (and more styleguide compliant) descriptions within the query. 2021-05-04 15:57:47 +02:00
Timo Mueller
f7437422c1 InstanceOf check instead of comparing classnames 2021-05-04 15:51:40 +02:00
Timo Mueller
fd52135f29 Removed unnecessary check for type 2021-05-04 15:45:30 +02:00
Timo Mueller
787a4ede85 Fixed file reference in test cases 2021-05-04 15:33:53 +02:00
Timo Mueller
374ed851a0 Fixed file reference in test cases 2021-05-04 15:12:50 +02:00
Mathias Vorreiter Pedersen
d5793418f9 C++: Remove parent CWE tags. 2021-05-04 14:39:23 +02:00
Timo Müller
c476b6c088 Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 14:00:01 +02:00
Timo Müller
030e2bdd9b Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:59:52 +02:00
Timo Müller
ab308b5e9e Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:59:43 +02:00
Timo Müller
485a3a139a Fixed content to confirm with the style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:58:38 +02:00
Timo Müller
45443baf84 Fixed Typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:58:00 +02:00
Timo Müller
1fd2be3879 Added more clear reference 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:57:19 +02:00
Timo Müller
7026d82a72 Fixed typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:53:14 +02:00
Timo Müller
f28e994121 Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp 
More descriptive (and PC) description.

Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:52:47 +02:00
CodeQL CI
b160badbf6 Merge pull request #5768 from erik-krogh/cacheMore 
Approved by esbena
 2021-05-04 04:16:15 -07:00
Tony Torralba
6e94dc5b85 Autoformatting 2021-05-04 13:15:20 +02:00