hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,672 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

78658 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
3da76cb798 JS: add model of ShellJS 2019-04-04 11:44:56 +01:00
Geoffrey White
cb09d23069 CPP: Add a test of common mistakes using locking and similar classes. 2019-04-04 11:23:06 +01:00
Mark Shannon
8b01bac900 Python: make sure unsafe deserialization query is using correct sources and that pickle is included in sinks. 2019-04-04 10:56:45 +01:00
Mark Shannon
bc19769e6d Python: make sure code injection query is using correct sources. 2019-04-04 10:56:45 +01:00
Mark Shannon
35e82dca68 Python revert .getNode() to .getSink()/.getSource() to keep expected test output the same. 2019-04-04 10:56:45 +01:00
Mark Shannon
f8c43ca40b Python: make sure all django and flask request sources conform to interface. 2019-04-04 10:56:45 +01:00
Mark Shannon
61e6ae7c4a Python: Use new taint-tracking query in unsafe deserialization query. 2019-04-04 10:56:45 +01:00
Mark Shannon
3c1a5bb046 Python: Use new taint-tracking query in code-injection query. 2019-04-04 10:56:44 +01:00
Mark Shannon
64e8be6ed1 Python: Use new taint-tracking query in reflected-xss query. 2019-04-04 10:56:44 +01:00
Mark Shannon
7fc5d690cd Python: Use new taint-tracking query in SQL-injection query. 2019-04-04 10:56:44 +01:00
Anders Schack-Mulligen
15fa4f8b7a Merge pull request #1007 from jbj/dataflow-dispatch-no-ctx 
C++: Simplify stubs in DataFlowDispatch.qll
 2019-04-04 11:25:50 +02:00
Anders Schack-Mulligen
d144ea2f1c Java: Exclude slf4j calls in PrintLnArray as it supports array formatting. 2019-04-04 11:09:41 +02:00
yh-semmle
b226cb64cd Merge pull request #1189 from aschackmull/java/preconditions 
Java: Support precondition calls as guards (ODASA-7796).
 2019-04-03 21:36:08 -04:00
Ziemowit Laski
921523e8e7 Merge branch 'cpp340a' of github.com:zlaski-semmle/ql into cpp340a 2019-04-03 17:56:34 -07:00
Ziemowit Laski
970c45e896 Merge branch 'master' into cpp340a 2019-04-03 17:52:46 -07:00
zlaski-semmle
b060fd13a6 Merge branch 'master' into cpp340a 2019-04-03 17:00:33 -07:00
Ziemowit Laski
e4ce8347bc [CPP-340] Simplify MistypedFunctionArguments.ql and reduce its 
precision from very-high to high.
 2019-04-03 16:19:37 -07:00
Rebecca Valentine
ec2e17f07a adds whitelist and recursive cases, per PR change req 2019-04-03 10:06:02 -07:00
Tom Hvitved
f5d52d0652 Merge pull request #274 from lukecartey/csharp/remove-security-tags 
C#: Remove the 'security' tag from some queries
 2019-04-03 17:04:25 +02:00
Asger F
3bc7371fd6 JS: be less conservative about incomplete nodes in prefix sanitizers 2019-04-03 15:20:03 +01:00
Jonas Jensen
d0091b28ee Merge pull request #1199 from geoffw0/printfld 
CPP: Support %Ld in printf.qll
 2019-04-03 15:38:16 +02:00
Taus
b79b53f5e3 Merge pull request #1103 from markshannon/python-encapsulate-builtins 
Python: encapsulate extensionals dealing with 'builtin' objects.
 2019-04-03 15:20:42 +02:00
Anders Schack-Mulligen
9211927112 Java: Add change note. 2019-04-03 13:17:18 +02:00
calum
42b2f09315 C#: Tidy up query, remove false-positives and add some more test cases. 2019-04-03 12:17:01 +01:00
Geoffrey White
aa21db3ed3 CPP: Change note. 2019-04-03 11:57:38 +01:00
Geoffrey White
d4c931cf11 CPP: Permit %Ld and similar. 2019-04-03 11:46:48 +01:00
Geoffrey White
b3fd7ab757 CPP: Add test cases. 2019-04-03 11:46:30 +01:00
Esben Sparre Andreasen
3c608fe11e Merge branch 'master' into js/improve-createServer 2019-04-03 12:37:33 +02:00
semmle-qlci
1da828fa80 Merge pull request #1195 from esben-semmle/js/firebase-express-requests 
Approved by xiemaisi
 2019-04-03 11:36:02 +01:00
Anders Schack-Mulligen
5379c6e3c5 Merge pull request #1197 from felicity-semmle/java/update-query-description 
Java: Fix typo in query description
 2019-04-03 12:09:26 +02:00
Felicity Chapman
ffeb61c698 Fix typo in query description 2019-04-03 10:46:48 +01:00
Jonas Jensen
2140995530 C++: Update QLDoc for new use of getFullyConverted 2019-04-03 10:52:05 +02:00
Jonas Jensen
4b159fd2a5 C++: Fix the suppression for alerts about enums 
The suppression mechanism broke when I changed `relOpWithSwap` to take
fully-converted expressions as parameters.
 2019-04-03 10:45:39 +02:00
Jonas Jensen
f9c9efeabe Merge pull request #1188 from geoffw0/donotedit 
CPP: Consider more files to be generated.
 2019-04-03 09:52:28 +02:00
Esben Sparre Andreasen
f23a5a5fee JS: model firebase-functions/https.onRequest 2019-04-03 08:01:45 +02:00
Robert Marsh
fa8b771944 Merge pull request #1186 from jbj/dataflow-defbyref-1.20-fixes 
C++: Let data flow past definition by reference
 2019-04-02 13:36:37 -07:00
Robert Marsh
65d0412692 Merge pull request #1194 from geoffw0/dead-goto 
CPP: Fix false positive from DeadCodeGoto.ql
 2019-04-02 10:03:15 -07:00
Jonas Jensen
eae2fe5a16 Merge pull request #1190 from Semmle/rc/1.20 
Merge 1.20 into master
 2019-04-02 15:29:12 +02:00
Geoffrey White
2e106879b8 CPP: Change note. 2019-04-02 14:25:38 +01:00
Geoffrey White
8979361255 CPP: Exclude functions containing preprocessor logic. 2019-04-02 14:24:37 +01:00
Esben Sparre Andreasen
0b733b4f23 JS: treat the last argument to https.createServer as a route handler 2019-04-02 14:38:31 +02:00
Geoffrey White
5cb30b04cc CPP: Add a test case. 2019-04-02 13:15:40 +01:00
Geoffrey White
1542fdc44b CPP: Change AV Rule 107.ql to a recommendation. 2019-04-02 12:19:33 +01:00
Geoffrey White
96136a1c55 CPP: Change SloppyGlobal.ql to a recommendation. 2019-04-02 12:18:22 +01:00
Geoffrey White
c3ec7b55b7 CPP: Workaround improvement for File.compiledAsMicrosoft. 2019-04-02 11:40:49 +01:00
semmle-qlci
4ec2df6bad Merge pull request #1179 from asger-semmle/js-windoc 
Approved by xiemaisi
 2019-04-02 11:21:07 +01:00
Jonas Jensen
b7e6f9a43e Merge pull request #1183 from aibaars/fix-query-metadata 
Fix queries with inconsistent `@kind` and `select` statements
 2019-04-02 12:00:25 +02:00
Jonas Jensen
842aafc888 C++: Fix new UnsafeDaclSecurityDescriptor FP 
This query uses data flow for nullness analysis, which is always going
to be a large overapproximation. The overapproximation became too big
for one of the test cases after the recent change to make data flow go
across assignment by reference.

To make this query more conservative, it will now only report that the
`pDacl` argument can be null if there isn't also evidence that it can be
non-null.
 2019-04-02 11:31:12 +02:00
Anders Schack-Mulligen
b1e364b56a Java: Support precondition calls as guards. 2019-04-02 10:58:46 +02:00
Geoffrey White
bce6ee5c27 CPP: Consider more files to be generated. 2019-04-02 09:19:55 +01:00