hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,673 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
37db21d269 Merge pull request #5284 from yoff/python-port-insecure-protocol 
Python: port py/insecure-protocol
 2021-04-27 09:30:18 +02:00
ihsinme
0c3e2b9ab7 Update test.c 2021-04-27 10:11:32 +03:00
Erik Krogh Kristensen
0b322a3143 update JS/TS versions to reflect supported versions 2021-04-27 08:53:15 +02:00
haby0
5be9fbbc5a Remove LogOperationSink and PrintSink 2021-04-27 14:12:33 +08:00
ihsinme
c31a761750 Add files via upload 2021-04-26 23:05:08 +03:00
ihsinme
b7de370918 Add files via upload 2021-04-26 23:04:08 +03:00
thank_you
62f3e8d64a Add sanitizer for ObjectId 
ObjectId is a sanitizer used to sanitize strings into valid MongoDB ids. During research we've found that this method is used.

ObjectId returns a string representing an id. If at any time ObjectId can't parse it's input (like when a tainted dict in passed in), then ObjectId will throw an error preventing the query from running.
 2021-04-26 15:35:42 -04:00
Andrew Eisenberg
0e53ad33f6 Actions: Add permissions block to code scanning workflow 2021-04-26 10:53:29 -07:00
Geoffrey White
0e7eeb3051 Merge pull request #5678 from MathiasVP/sound-expr-might-overflow-predicate 
C++: Make exprMightOverflowPositively sound for unanalyzable expressions
 2021-04-26 17:38:23 +01:00
Andrew Eisenberg
3670c729c0 Actions: Use the main branch of the codeql action 
This commit switches to the bleeding edge, main branch of the
codeql action. This helps us test the action before merging all
of the new changes into main, which occurs roughly once a week.

If there are commits that introduce bugs in codeql-action, then
we will be more likely to catch it before releasing to the world
if we are using it in this extension.
 2021-04-26 08:43:28 -07:00
Taus
3889c8afec Python: Use only TApiNode in API::Impl 
This ensures that changes to `API::Node` does not invalidate the cached
`module Impl`. At present, I don't expect this to have any effect (as
the `Node` class is also fairly static, though not explicitly cached),
but I can imagine us making some of the `Node` methods have
user-extensible behaviour, in which case we definitely do not want this
to result in reevaluation of `API::Impl`.
 2021-04-26 13:10:15 +00:00
Shati Patel
a09c12acfe Merge pull request #5537 from alexet/ambig-super 
Docs: Update the language specification for changes to super.
 2021-04-26 13:34:50 +01:00
Hayk Andriasyan
7455b1b4f0 Update JSchOSInjectionSanitized.java 2021-04-26 15:17:57 +04:00
p0wn4j
3d891f0b39 [Java] CWE-078: Add JSch OS command injection sink 2021-04-26 18:20:32 +04:00
Chris Smowton
d717fc7b1f Use Microsoft archive of vijaysk's blog 2021-04-26 10:13:04 +01:00
Tom Hvitved
824c243268 C#: Add change note 2021-04-26 10:50:17 +02:00
Mathias Vorreiter Pedersen
772d5eacca C++: Add change note. 2021-04-26 09:55:32 +02:00
Erik Krogh Kristensen
4e8ae77b6f cache more predicates 2021-04-26 08:57:20 +02:00
ihsinme
98f7f70814 Add files via upload 2021-04-25 22:35:40 +03:00
ihsinme
50c63a88c3 Add files via upload 2021-04-25 22:34:41 +03:00
ihsinme
c1d125b378 Add files via upload 2021-04-25 22:25:17 +03:00
ihsinme
f2b2300da9 Add files via upload 2021-04-25 22:23:31 +03:00
intrigus
b1a3633495 Java: Remove redundant condition + docs. 2021-04-23 22:06:04 +02:00
Rasmus Lerchedahl Petersen
7cc97836a9 Python: More cleanup from reviewer suggestions 2021-04-23 20:26:13 +02:00
Chris Smowton
78b9682a4e Fix dead links in JS externs too 2021-04-23 15:46:48 +01:00
Tamás Vajk
a7030c7fed Merge pull request #5308 from tamasvajk/feature/flow-sources-sinks 
C#: Add Console.Read* to local flow sources
codeql-cli/v2.5.3 codeql-cli/v2.5.4 		2021-04-23 16:36:16 +02:00
Tamás Vajk
c3058f4744 Merge pull request #5749 from tamasvajk/feature/fix-fromsource 
C#: Adjust 'fromSource' to hold only on files passed to the compiler as a source file
 2021-04-23 16:35:40 +02:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Tom Hvitved
004450b201 C#: Add missing StringBuilder flow summaries 2021-04-23 16:17:49 +02:00
Mathias Vorreiter Pedersen
86822f6c61 C++: Exclude pointer results from cpp/integer-overflow-tainted. 2021-04-23 16:01:53 +02:00
Mathias Vorreiter Pedersen
3cf4f1f956 C++: Accept test changes. 2021-04-23 16:00:23 +02:00
Shati Patel
6f2103f312 Merge pull request #5722 from github/tamasvajk-patch-1 
C#: Add Dapper to supported frameworks
 2021-04-23 14:32:22 +01:00
Jonas Jensen
9b5bb95766 Merge pull request #5696 from jbj/reapply-inconsistency-workaround 
Revert "Revert "C++: Work around extractor issue CPP-383""
 2021-04-23 14:49:32 +02:00
Asger Feldthaus
0da0670a79 JS: Add Nest.js to list of supported framworks 2021-04-23 13:15:35 +01:00
Asger Feldthaus
71e3041370 JS: Fewer spurious reflected xss sinks 2021-04-23 13:15:35 +01:00
Asger Feldthaus
4f53a1ab40 JS: Cache ClassNode::Range 2021-04-23 13:15:35 +01:00
Asger Feldthaus
d0b8b32345 JS: Add change notes 2021-04-23 13:15:35 +01:00
Asger Feldthaus
671e968936 JS: Model NestJS 2021-04-23 13:15:35 +01:00
Anders Schack-Mulligen
bc8c55836a Merge pull request #5743 from aschackmull/java/flow-summary-tweaks 
Java/C#: Move a couple of flow summary tweaks to the shared implementation.
 2021-04-23 13:46:04 +02:00
Tamas Vajk
1b4c3c7415 Fix code review findings 2021-04-23 13:44:34 +02:00
Tamás Vajk
819be43ce7 Fix alphabetical order of supported frameworks 2021-04-23 13:41:59 +02:00
Tamas Vajk
b4bd7af9c8 Add change note 2021-04-23 13:40:12 +02:00
Tamas Vajk
e3f10c0e32 Cleanup DiagnosticError classes 2021-04-23 13:37:42 +02:00
Rasmus Wriedt Larsen
deb3db3f95 Python: Add non-alert data for extractor diagnostics 
This is basically just a port of the C++/JS queries added in:

- https://github.com/github/codeql/pull/5414 (C++)
- https://github.com/github/codeql/pull/5656 (JS)

SyntaxError should capture all errors we have information about. At least in
`python/ql/src/semmlecode.python.dbscheme` the only match for `error` is
`py_syntax_error_versioned` (which `SyntaxError` is based on).
 2021-04-23 13:29:44 +02:00
Rasmus Wriedt Larsen
354dee1b09 Python: Add non-alert data for lines of code 
`py/summary/lines-of-code` is just a port of the C++/JS queries added in:

- https://github.com/github/codeql/pull/5271 (C++)
- https://github.com/github/codeql/pull/5304 (JS)

We are the first to implement the `lines-of-user-code` query, so nothing to
compare with in other languages -- but it makes a lot of sense to do for Python 👍
 2021-04-23 13:22:18 +02:00
Asger Feldthaus
109d1ad27f JS: Model fs.promises 2021-04-23 11:59:48 +01:00
Asger Feldthaus
822d4525af JS: Drive-by change in LogInjection 2021-04-23 11:59:48 +01:00
Asger Feldthaus
ad12f383d9 JS: Reduce reliance on RouteHandler in Express model 2021-04-23 11:59:48 +01:00
Tamás Vajk
43dc9bbc94 Merge pull request #5744 from tamasvajk/feature/java-loc 
Java: Introduce LoC summary metric query
 2021-04-23 11:39:42 +02:00
Mathias Vorreiter Pedersen
e6077127be C++: Only unary and binary arithmetic operations and left shifts are now 
reported as overflowing when we cannot analyze them.
 2021-04-23 11:13:34 +02:00