codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
Robert Marsh	fe1f9878ba	C++: add GVN import to fix reevaluation	2021-09-15 10:55:54 -07:00
Robert Marsh	e874fbbea2	C++: Add path stitching in ExecTainted.ql	2021-09-15 10:55:54 -07:00
Robert Marsh	5dc6e13ab5	C++: use TaintTracking2 in ExecTainted.ql	2021-09-15 10:55:53 -07:00
Robert Marsh	4d2036fa26	C++: change note for cpp/command-line-injection	2021-09-15 10:55:53 -07:00
Robert Marsh	c30e7ec41a	C++: raise precision of cpp/command-line-injection	2021-09-15 10:55:53 -07:00
Robert Marsh	181eb803e1	C++: Add QLDoc for getOutputArgument	2021-09-15 10:55:52 -07:00
Robert Marsh	37c92178a5	C++: exclude int/string conversion in ExecTainted	2021-09-15 10:55:52 -07:00
Robert Marsh	5e265f45e1	C++: ExecTainted tests for int/string conversions	2021-09-15 10:55:51 -07:00
Robert Marsh	9926892c8a	C++: remove debugging predicates	2021-09-15 10:55:51 -07:00
Robert Marsh	9c478c502e	C++: add some more tests for ExecTainted	2021-09-15 10:55:50 -07:00
Robert Marsh	562c8b97ad	C++: add comment explaining concatenation logic	2021-09-15 10:55:50 -07:00
Robert Marsh	6f408f949c	C++: Refactor ExecTainted.ql to need concatenation This makes ExecTainted report results only when the tainted value does not become the start of the string which is eventually run as a shell command. The theory is that those cases are likely to be deliberate, and part of the expected threat model of the program (e.g. $CC in make). This lines up better with the results I considered fixable true positives in LGTM testing	2021-09-15 10:55:49 -07:00
Robert Marsh	8f4df8603a	C++: more tests for command injection	2021-09-15 10:55:49 -07:00
Nick Rolfe	f76ce8b33b	Merge pull request #6686 from hvitved/cpp/files-folders-drop-columns C++: Drop redundant columns from `files` and `folders` relations	2021-09-15 18:33:20 +01:00
Mathias Vorreiter Pedersen	33ef634ea8	Merge pull request #6679 from andersfugmann/relax_memberMayBeVarSize Improve precision on OverflowStatic query.	2021-09-15 17:24:10 +01:00
Felicity Chapman	05d83e487d	Update all links to CodeQL microsite	2021-09-15 17:08:55 +01:00
Tony Torralba	21079a1315	Fix conditionControlsMethod predicate Exceptions for throw and return statements were missing the appropriate condition	2021-09-15 17:51:51 +02:00
Tony Torralba	d3cf697b07	QLDoc	2021-09-15 17:32:36 +02:00
Tony Torralba	5ed9949498	Adapt InsecureBasicAuth to the previous commit	2021-09-15 17:20:28 +02:00
Tony Torralba	2e08c5dd2b	Refactored HttpsUrls.ql	2021-09-15 17:20:28 +02:00
Tony Torralba	c3c73377b8	Fix scope issues in the Java example	2021-09-15 17:20:28 +02:00
Tony Torralba	023264660b	Suggestions from code review	2021-09-15 17:20:28 +02:00
mc	0e7cbbfeb8	Update InsecureBasicAuth.qhelp	2021-09-15 17:20:28 +02:00
mc	e58b90ef1c	Added full stops	2021-09-15 17:20:28 +02:00
Tony Torralba	e159351179	Update java/change-notes/2021-06-01-insecure-basic-auth-query.md Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-09-15 17:20:27 +02:00
Tony Torralba	30178d4f23	Decouple InsecureBasicAuth.qll to reuse the taint tracking configuration	2021-09-15 17:20:27 +02:00
Tony Torralba	90df3fa94c	Remove CWE reference from qlhelp since it's obtained from metadata	2021-09-15 17:20:27 +02:00
Tony Torralba	49c6a56f97	Add change note	2021-09-15 17:20:27 +02:00
Tony Torralba	148443fae1	Use InlineExpectationsTest	2021-09-15 17:20:27 +02:00
Tony Torralba	2cada386b4	Refactored into InsecureBasicAuth.qll	2021-09-15 17:20:27 +02:00
Tony Torralba	905be67aae	Moved from experimental	2021-09-15 17:20:27 +02:00
Tom Hvitved	d3a1d0a62a	Merge pull request #294 from github/bump-codeql Bump `codeql` submodule	2021-09-15 16:24:04 +02:00
Anders Schack-Mulligen	c0fd44c909	Dataflow: Sync.	2021-09-15 16:10:54 +02:00
Anders Schack-Mulligen	3abe1b4fc6	Dataflow: Fix bad join-order.	2021-09-15 16:10:30 +02:00
Geoffrey White	c4714b55a3	Merge pull request #6588 from ihsinme/ihsinme-patch-069 CPP: Add query for CWE-675: Duplicate Operations on Resource	2021-09-15 15:10:03 +01:00
Tom Hvitved	9e67382f06	Bump `codeql` submodule	2021-09-15 14:59:42 +02:00
Jonas Jensen	65f4ec403f	Merge pull request #6593 from geoffw0/samate-move C++: Add test cases with SAMATE Juliet code snippets to the codeql test suite.	2021-09-15 14:18:08 +02:00
Mathias Vorreiter Pedersen	947ab8a14d	Make the QLDoc on 'getAnSqlParameter' more clear.	2021-09-15 13:15:05 +01:00
Erik Krogh Kristensen	3f736d3eb8	Merge pull request #6694 from erik-krogh/owasp-fixes JS/Java: use the correct cwe tags	2021-09-15 13:46:35 +02:00
CodeQL CI	b228398b87	Merge pull request #6587 from erik-krogh/ts44 Approved by asgerf	2021-09-15 04:00:13 -07:00
Rasmus Lerchedahl Petersen	8ea7a28a77	Python: Unexpose fields as suggested.	2021-09-15 12:32:21 +02:00
yoff	758b6bd4dd	Update python/ql/src/semmle/python/functions/ModificationOfParameterWithDefaultCustomizations.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2021-09-15 12:25:27 +02:00
Geoffrey White	0e7afb24cf	Merge pull request #6643 from MathiasVP/add-frontend-and-extractor-diagnostic-query C++: Add uninterpreted query for obtaining frontend and extraction time	2021-09-15 11:17:58 +01:00
Geoffrey White	9ad51fbc02	C++: Fix the correct test this time.	2021-09-15 11:03:09 +01:00
Erik Krogh Kristensen	cf149bd8c8	add static_initializer as a stmt_parent	2021-09-15 11:54:30 +02:00
Chris Smowton	03db15af9a	Merge pull request #6685 from smowton/smowton/admin/android-uri-model Java: Add models for android.net.Uri[.Builder]	2021-09-15 10:48:33 +01:00
Erik Krogh Kristensen	0b83d033d7	add @static_initializer in the stats file	2021-09-15 11:33:05 +02:00
Jordy Zomer	0f6e845418	Merge branch 'main' of https://github.com/JordyZomer/codeql into main	2021-09-15 10:41:31 +02:00
Jordy Zomer	01a06d1f5c	Add filter and format the query	2021-09-15 10:37:40 +02:00
Anders Fugmann	e49cd83868	C++: update change note per suggestion from peer review	2021-09-15 10:31:15 +02:00

... 48 49 50 51 52 ...

29908 Commits