hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

331 Commits

Author SHA1 Message Date
Michael Nebel
20cbd6b332 Java/C#: Include the share files in sync files. 2022-03-14 13:47:24 +01:00
Erik Krogh Kristensen
417def8c8b only mark deprecations as old after 14 months 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
ef07aaa998 add script for detecting deprecations that are over a year old 2022-03-09 18:25:07 +01:00
Arthur Baars
747c7f6b5e JS/Ruby: share implementation of IncompleteUrlSubstringSanitization query 2022-03-09 12:11:14 +01:00
Jeroen Ketema
3877598c12 C++: Remove cpp/duplicated-lines-in-files which was deprecated over a year ago 2022-03-08 12:58:19 +01:00
Arthur Baars
ce50f35dda Python: switch to shared implementation of IncompleteHostnameRegExp.ql 2022-03-07 16:10:08 +01:00
Arthur Baars
98f56f4d60 Js/Ruby: Share IncompleteHostnameRegExp.ql 2022-03-07 16:10:08 +01:00
Asger Feldthaus
a33e89279d Ruby: instantiate ApiGraphModels library in Ruby 2022-03-01 14:08:20 +01:00
Asger F
02c4966109 Merge pull request #7878 from asgerf/dot-separated-access-paths 
Shared: Switch to dot-separated access paths in summary specs
 2022-02-21 13:29:09 +01:00
Asger Feldthaus
6dbeb81f36 Ruby: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:55 +01:00
Asger Feldthaus
dffa1d1558 C#: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:55 +01:00
Asger Feldthaus
753c557dbe Java: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:54 +01:00
Alex Ford
cfb2d7ffaf Ruby: add shared SensitiveDataHeuristics.qll 2022-01-28 16:38:58 +00:00
Tony Torralba
ea4ff80cc6 Add DataFlowImplForOnActivityResult to identical-files.json 2022-01-19 16:08:31 +01:00
Alex Ford
a2104de8a0 Move CryptoAlgorithms::AlgorithmsName into a separate internal/CryptoAlgorithmNames.qll 2021-12-22 16:38:15 +00:00
Alex Ford
bdb2d8ba16 Ruby: split OpenSSL parts from CryptoALgorithms.qll and sync with JS/Python version 2021-12-22 16:38:15 +00:00
Erik Krogh Kristensen
ee858d840e get ReDoSUtil in sync for ruby 2021-11-18 16:49:34 +01:00
Erik Krogh Kristensen
1cca377e7d Merge pull request #6561 from erik-krogh/htmlReg 
JS/Py/Ruby: add a bad-tag-filter query
 2021-11-18 09:39:13 +01:00
Mathias Vorreiter Pedersen
7197216185 Add a copy of SsaImplCommon to the identical-files script. 2021-10-28 12:36:36 +01:00
Erik Krogh Kristensen
97264b5dda add the bad tag filter query to ruby 2021-10-26 15:25:12 +02:00
Erik Krogh Kristensen
44afa34e37 Merge branch 'main' of github.com:github/codeql into htmlReg 2021-10-26 14:46:27 +02:00
Arthur Baars
804aef9b4a Merge remote-tracking branch 'codeql/main' into 'main' 
Conflicts:
	config/identical-files.json
 2021-10-15 16:37:59 +02:00
Arthur Baars
5a16f1e093 Merge identical-files.json 2021-10-15 15:38:16 +02:00
Tom Hvitved
ed6a182cd1 C#: Adopt inline test expectations framework 2021-10-14 15:22:21 +02:00
Andrew Eisenberg
0d1632a5d2 Move tutorial directly into each qlpack 
Previously, the tutorial was injected during build time. This is much
simpler.
 2021-10-13 08:37:04 -07:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
Erik Krogh Kristensen
f5a1a12435 support case insensitive regexps in the ReDoS queries 2021-08-30 09:59:33 +02:00
Andrew Eisenberg
5609c3d1b5 Packaging: Fix identical files script 2021-08-25 12:17:27 -07:00
Andrew Eisenberg
e23df94748 Packaging: Fix identical files script 2021-08-24 16:12:43 -07:00
Andrew Eisenberg
8e75fef923 Fix identical files script 2021-08-19 14:55:54 -07:00
Andrew Eisenberg
2c5dd2dfa3 Packaging: Refactor the cpp libraries 
This PR separates the core cpp packs into `codeql/cpp-queries` and
`codeql/cpp-all`.

There are very few lines of code changed. Almost all changes are moving
files around.
 2021-08-17 11:22:36 -07:00
Chris Smowton
75310a6609 Create a dataflow instance specifically for the Serializability library 
Otherwise because this dataflow instance populates AdditionalTaintStep there is an ever-present danger that a user will stumble into creating a recursive configuration, or at least that by using DataFlow5::Configuration for any other purpose they will needlessly recalculate the Serializability dataflow results.
 2021-08-03 10:36:46 +01:00
Rasmus Lerchedahl Petersen
c306cee04e Python: mimic JS file hierarchy 2021-06-30 15:03:22 +02:00
Rasmus Lerchedahl Petersen
591b6ef69c Python: Add ReDoS as identical files from JS 
The library specific file is `RegExpTreeView`.
The files are recorded as identical via the mapping
in `identical-files.json`.
 2021-06-28 17:04:48 +02:00
Jonas Jensen
7282ad90d0 Merge pull request #5854 from dbartol/dbartol/smart-pointers/side-effects 
C++: Generate side effect instructions for smart pointer indirections
 2021-06-01 16:57:05 +02:00
Rasmus Wriedt Larsen
97fadd9970 Merge branch 'main' into port-weak-crypto-algorithm 2021-05-18 14:04:18 +02:00
yoff
549c9eee1a Merge pull request #5739 from RasmusWL/share-sensitive-data-modeling 
Python/JS: Share sensitive data modeling
 2021-05-11 11:53:59 +02:00
Dave Bartolomeo
773e5f2e2e Merge remote-tracking branch 'upstream/main' into side-effects 2021-05-07 16:50:48 -04:00
Dave Bartolomeo
54b9f2175d C++: Allow annotating IR dumps with Alias Analysis info 
This commit adds a `PrintAliasAnalysis.qll` module, which can be imported alongside `PrintIR.qll` to annotate those dumps with alias analysis results.
 2021-05-07 16:03:11 -04:00
Tom Hvitved
017beb6786 Java: Use separate data-flow copy for PredictableSeedFlowConfiguration 2021-04-27 10:07:33 +02:00
Rasmus Wriedt Larsen
a8de2aba3b Python: Move CryptoAlgorithms implementation 2021-04-22 14:51:15 +02:00
Rasmus Wriedt Larsen
16b62486e9 Python: Extract SensitiveDataHeuristics to be shared with JS 
Initially I had called `nameIndicatesSensitiveData` for `maybeSensitiveName`,
which made the relationship with `maybeSensitive` and `notSensitive` quite
strange -- and therefore I added the more informative `maybeSensitiveRegexp` and
`notSensitiveRegexp`.

Although I'm no longer using `maybeSensitiveName`, and I no longer have a strong
argument for making this name change, I still like it. If someone thinks this is
a terrible idea, I'm happy to change it though 👍
 2021-04-21 11:31:28 +02:00
Tom Hvitved
fd8f745468 Java: Adopt shared flow summary library and refactor data-flow nodes. 2021-04-09 16:57:03 +02:00
Mathias Vorreiter Pedersen
983b64a05f Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-26 09:11:12 +01:00
Tom Hvitved
90868a4788 Merge pull request #5524 from hvitved/csharp/cleanup 
C#: Remove legacy queries and `@precision` tags from metric queries
 2021-03-25 15:36:12 +01:00
Tom Hvitved
eeb8c74666 C#: Remove filter and external queries 
These are legacy queries that are no longer used.
 2021-03-25 09:50:01 +01:00
Tom Hvitved
20aa05b090 C#: Add CIL SSA library 2021-03-23 10:07:36 +01:00
Mathias Vorreiter Pedersen
d09458a486 C++: Add another taint tracking copy to identical-files.json 2021-03-22 11:35:59 +01:00
Anders Schack-Mulligen
45f52289ea Merge branch 'main' into java/merge-5226 2021-03-04 11:36:16 +01:00
Marcono1234
b9c0193022 Sync .qhelp file renaming to other languages 2021-03-03 15:38:08 +01:00