hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
d0563c80be Merge pull request #6665 from smowton/smowton/fix/python-redos-invalid-utf16 
ReDoS: fix unpaired surrogate test
 2021-09-13 11:14:45 +02:00
Anders Schack-Mulligen
2db039fb77 Merge pull request #6673 from Marcono1234/marcono1234/clone-method-models 
Java: Remove duplicate classes modeling Object.clone
 2021-09-13 11:13:14 +02:00
Anders Schack-Mulligen
dde07fd2ee Merge pull request #6672 from Marcono1234/marcono1234/functional-interfaces-test 
Java: Extend functional interfaces test
 2021-09-13 11:13:06 +02:00
Anders Fugmann
4ab9b81a9a C++: Add tests exposing some FP's for OverflowStatic query 2021-09-13 11:09:56 +02:00
Tom Hvitved
4628f880b4 Merge pull request #6489 from hvitved/csharp/files-folders-drop-columns 
C#: Drop redundant columns from `files` and `folders` relations
 2021-09-13 11:02:13 +02:00
Geoffrey White
e696eaaa2f C++: Fix false positives involving STDIN_FILENO. 2021-09-13 09:50:19 +01:00
Geoffrey White
3ba9e80635 C++: Support various functions / variants. 2021-09-13 09:50:03 +01:00
Geoffrey White
1707d67adb C++: Support 'send' as well. 2021-09-13 09:49:40 +01:00
Geoffrey White
29ad3bf7f8 C++: Test dataflow and other slightly more complex cases. 2021-09-13 09:49:25 +01:00
Anders Schack-Mulligen
31739cdae6 Merge pull request #6668 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-09-13 09:50:09 +02:00
Tom Hvitved
2730423ab2 C#: Upgrade script 2021-09-13 09:49:10 +02:00
Tom Hvitved
5d048a9518 C#: Drop redundant columns from files and folders relations 2021-09-13 09:49:09 +02:00
Tamás Vajk
cc1374b832 Merge pull request #6646 from tamasvajk/fix/csv-timeseries 
Fix CSV timeseries script to create DB with scheme from correct git SHA
 2021-09-13 09:41:56 +02:00
Tom Hvitved
0abfb00032 Merge pull request #6660 from hvitved/csharp/dotnet-exec-tracing-windows 
C#: Handle `dotnet exec csc.dll` compiler calls on Windows
 2021-09-13 09:07:50 +02:00
github-actions[bot]
26e8e89aca Add changed framework coverage reports 2021-09-13 00:08:00 +00:00
jorgectf
353c0a9ee7 Add missing comment 2021-09-12 20:44:04 +02:00
jorgectf
3cf28ad6ce Merge remote-tracking branch 'origin/main' into jorgectf/python/ldapinsecureauth 2021-09-12 20:36:25 +02:00
jorgectf
18b05bc56e Fix tests and add global option 2021-09-12 20:35:57 +02:00
jorgectf
54012eba23 Optimize getFullHostRegex 2021-09-12 20:13:08 +02:00
Philip Ginsbach
131d63c374 Merge pull request #6592 from github/ginsbach/instanceofDocs 
language reference entry for non-extending subtypes
 2021-09-12 15:21:41 +01:00
Marcono1234
d117593d72 Java: Remove duplicate classes modeling Object.clone 2021-09-12 02:05:57 +02:00
Marcono1234
5009ed618f Java: Extend functional interfaces test 2021-09-12 01:50:07 +02:00
Andrew Eisenberg
edbaceceb3 Merge pull request #6666 from github/aeisenberg/suites-fix 
Remove incorrect `suites` directive
 2021-09-10 14:15:10 -07:00
Ethan P
fb22931e2d add indirect build tracing content and example 2021-09-10 16:06:32 -04:00
CodeQL CI
e8fc3c8ead Merge pull request #5888 from erik-krogh/casting 
Approved by asgerf
 2021-09-10 09:11:39 -07:00
Andrew Eisenberg
9c0f18b88d Remove incorrect directive 
This directive should only be in the
pack.
 2021-09-10 08:57:37 -07:00
Harry Maclean
800e18349f Add != to StringConstCompare 
This means we treat != comparisons against strings as taint tracking guards:

    if foo != "A"
      foo         # still tainted
    else
      foo         # not tainted, because we know foo == "A"
    end
 2021-09-10 16:42:45 +01:00
Chris Smowton
95046b9bb1 Factor JaxRS models 2021-09-10 16:36:40 +01:00
Chris Smowton
451a46bf0e Add models for getLanguage, getMediaType 2021-09-10 16:36:38 +01:00
Chris Smowton
5e7a3ca2e6 Model UriInfo.relativize and resolve. 2021-09-10 16:36:37 +01:00
Chris Smowton
62ecab8432 Add change note 2021-09-10 16:36:36 +01:00
Chris Smowton
f1c3a11103 Add sources for Jax-RS filters 2021-09-10 16:36:34 +01:00
Harry Maclean
8f36b0d7fe Simplify guard in SQL injection tests 
We don't (yet) properly sanitize taint in cases like this

    foo = "A" unless foo == "B"

So for now, use a simpler guard in the SQL injection test.
We can resurrect the old, more idiomatic guard when we can support it.
 2021-09-10 16:27:57 +01:00
Chris Smowton
d83ed33252 Make supertype consideration consistent 2021-09-10 16:27:28 +01:00
Chris Smowton
9b488207eb Add support for the Flexjson framework to the unsafe-deserialization query 2021-09-10 16:27:23 +01:00
Harry Maclean
56983565fe Update ReDoS length guard 
Changes to barrier guards in a previous commit mean we need to update
this guard to match.
 2021-09-10 16:21:17 +01:00
Chris Smowton
9d31641bb1 Add change note 2021-09-10 16:10:56 +01:00
Chris Smowton
655236c70d Remove no-longer-needed generic specifiers 2021-09-10 16:10:55 +01:00
Chris Smowton
b47939c737 Note resolved spurious results 2021-09-10 16:10:54 +01:00
Chris Smowton
d940085384 Spring HTTP: inherit produced content-types from surrounding class 2021-09-10 16:10:52 +01:00
Chris Smowton
bdd135dbff Spring HTTP: mark explicitly content-typed body calls as sinks 
Previously only the return from the request-handler method constituted a sink, and was filtered by the Produces annotation if any, even though a BodyBuilder could explicitly override.

These sinks are also marked as out-barriers to avoid duplicate paths when the Produces annotation is in agreement.
 2021-09-10 16:10:50 +01:00
Chris Smowton
701d0bcdca Spring content types: recognise constant content-type strings 2021-09-10 16:10:48 +01:00
Chris Smowton
4397371a50 Spring constant media types: recognise constant string versions 
Previously we only recognised the constant MediaTypes
 2021-09-10 16:10:47 +01:00
Chris Smowton
b9b34eb0ee Move Spring XSS sink definition into SpringHttp.qll 2021-09-10 16:10:45 +01:00
Chris Smowton
3b6cc97557 Sanitize Spring bodies directly associated with an XSS-safe Content-Type 2021-09-10 16:10:44 +01:00
Chris Smowton
0ebbb333ba Merge pull request #6564 from haby0/java/xxe/new 
Java: Add XXE sinks
 2021-09-10 16:04:27 +01:00
Chris Smowton
38cc9bef02 ReDoS: fix unpaired surrogate test 
This actually does result in an FP, but this was previously hidden by non-interpretation of '\u' escapes within a raw string.
 2021-09-10 15:37:34 +01:00
Chris Smowton
29028c5d46 Update test expectations to account for dataflow subpaths changes 2021-09-10 13:53:41 +01:00
Chris Smowton
2d03840fde Add experimental variants of java/xxe, incorporating new sinks and a version that uses local sources. 
Originally authored by @haby0, squashed to clean up a tangled commit history.
 2021-09-10 13:49:31 +01:00
Rasmus Lerchedahl Petersen
2eb11731e2 Python: Subpaths in test output 2021-09-10 14:04:57 +02:00