Anders Fugmann
44752d5ee0
C++: Model strdupa and strndupa string functions returning memory allocated with alloca
2021-08-18 13:12:08 +02:00
james
8443d344a2
correct article name
2021-08-18 11:58:42 +01:00
james
18b8244406
fix link
2021-08-18 11:47:16 +01:00
james
429decd7b6
tweak sojme text
2021-08-18 11:38:03 +01:00
james
ad2850dd5d
add new tutorial
2021-08-18 11:27:53 +01:00
james
babec9bf79
add data flow debugging guide
2021-08-18 11:26:51 +01:00
Asger Feldthaus
4a1fb5df5d
JS: De-abstractify Vue::Instance class
2021-08-18 11:14:25 +02:00
Asger Feldthaus
40ae13a20e
JS: Rename Vue::{Component -> ComponentRegistration}
2021-08-18 11:14:25 +02:00
Erik Krogh Kristensen
dd59f79947
use min() instead of rank[1]()
2021-08-18 11:09:03 +02:00
Erik Krogh Kristensen
4cc2ac9d35
exclude char classes that match everything
2021-08-18 08:59:17 +00:00
Harry Maclean
a2115f41e8
Merge pull request #259 from github/hmac-print-ast
...
Don't include desugared nodes in the printed AST
2021-08-18 09:16:36 +01:00
Aditya Sharad
21d03cd365
Merge pull request #6488 from github/aeisenberg/pack/cpp
...
Packaging: Refactor cpp libraries
2021-08-17 16:44:04 -07:00
Andrew Eisenberg
03d6b15401
Merge branch 'main' into aeisenberg/pack/cpp
2021-08-17 15:28:47 -07:00
Andrew Eisenberg
88ceb42356
Packaging: Migrate cpp experimental/semmle folder to lib
...
Also, fix up some library path dependencies.
2021-08-17 14:41:41 -07:00
Andrew Eisenberg
d8e4e25c1e
Packaging: Fix query pack references
...
We can't have recursive references to query packs.
2021-08-17 13:03:40 -07:00
Sauyon Lee
17cef3f498
Address review comments
2021-08-17 12:45:47 -07:00
Andrew Eisenberg
2c5dd2dfa3
Packaging: Refactor the cpp libraries
...
This PR separates the core cpp packs into `codeql/cpp-queries` and
`codeql/cpp-all`.
There are very few lines of code changed. Almost all changes are moving
files around.
2021-08-17 11:22:36 -07:00
Daniel Santos
5e155d25b1
new Experimental query ClipboardBasedXss
2021-08-17 12:57:26 -05:00
Joe Farebrother
076aeb5d80
Update tests
2021-08-17 16:44:58 +01:00
Benjamin Muskalla
99e19e6d59
Fix predicate to only match the current API
2021-08-17 16:26:08 +02:00
Benjamin Muskalla
035f7b57e9
Improve query name
2021-08-17 16:25:49 +02:00
Harry Maclean
e82c21d35d
Don't include desugared nodes in the printed AST
...
The base `PrintAstConfiguration` class already has a predicate for
filtering out desugared nodes - this change just makes use of it in the
query.
This fixes https://github.com/github/codeql-team/issues/408 , which was
caused by including nodes representing the desugaring of
a[b] = c
in the query output. This would result in multiple edges to the same
target node (one from the surface AST and another from the desugared
AST), which the VSCode AST viewer cannot handle.
2021-08-17 15:20:30 +01:00
Mathias Vorreiter Pedersen
88372df125
Merge pull request #6495 from andersfugmann/more_buffer_overrun_tests
...
More buffer overrun tests
2021-08-17 16:18:36 +02:00
yoff
50a4345235
Merge pull request #6161 from RasmusWL/peewee-modeling
...
Python: Add modeling of `peewee`
2021-08-17 16:06:35 +02:00
Anders Fugmann
666d5917fa
C++: Avoid inclusion of standard headers
2021-08-17 15:56:28 +02:00
Anders Fugmann
469f8a638b
C++: Add more tests for buffer overruns
2021-08-17 15:21:33 +02:00
Anders Fugmann
35b7808866
C++: Fix wrong comment on what is tested
2021-08-17 15:21:03 +02:00
Rasmus Wriedt Larsen
3231ae77ef
Python: Apply suggestions from code review
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2021-08-17 15:17:10 +02:00
Erik Krogh Kristensen
25d29b2c29
add change-note
2021-08-17 15:12:15 +02:00
Erik Krogh Kristensen
3f7f5d2418
performance improvements in ReDoSUtil
2021-08-17 15:10:33 +02:00
Erik Krogh Kristensen
49e47641e4
sync ReDoSUtil.qll with python
2021-08-17 15:10:33 +02:00
Erik Krogh Kristensen
9c2d83e82b
add tests
2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
6d06550f7d
update expected output
2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
5d4c434d34
restrict char class matches to alpha-numeric chars
2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
59f0a41665
support more regular expressions in js/incomplete-multi-character-sanitization
2021-08-17 15:10:20 +02:00
Chris Smowton
92d1becf08
Merge pull request #6474 from github/yo-h-patch-1
...
Java: add `org.json` package to known frameworks
2021-08-17 14:09:39 +01:00
Chris Smowton
c52a51e5c8
Merge pull request #6454 from smowton/smowton/admin/change-note-wording
...
Java: Elaborate change note a little
2021-08-17 14:08:04 +01:00
CodeQL CI
92804a3cc3
Merge pull request #6487 from erik-krogh/moreJquerySinks
...
Approved by asgerf
2021-08-17 11:46:24 +01:00
Arthur Baars
df4fb23f37
Merge pull request #246 from github/aibaars/tweaks
...
Add an example snippet query
2021-08-17 12:42:02 +02:00
Cornelius Riemenschneider
341dad5f73
Merge pull request #6490 from criemen/criemen/delete-flaky-test
...
JS: Delete flaky test.
2021-08-17 12:33:03 +02:00
CodeQL CI
e3cdc4522e
Merge pull request #6450 from asgerf/js/query-suffix-convention2
...
Approved by erik-krogh
2021-08-17 11:31:21 +01:00
Arthur Baars
9b877dc6e1
Add an example snippet query
2021-08-17 11:29:44 +01:00
Rasmus Wriedt Larsen
15d483d56c
Python: Use TypeTrackingNode in new PEP249 modeling
2021-08-17 12:03:40 +02:00
Rasmus Wriedt Larsen
b649f5f38c
Merge branch 'main' into peewee-modeling
2021-08-17 12:03:18 +02:00
Tom Hvitved
44ff623d8c
Merge pull request #5508 from edvraa/deserializers
...
deserialization sinks
2021-08-17 11:41:52 +02:00
Rasmus Lerchedahl Petersen
dee5535fbb
Python: condense tests
...
This also avoids potential licensing issues.
2021-08-17 11:24:39 +02:00
Tom Hvitved
50cfd9c318
Merge pull request #257 from github/hvitved/cfg/erb
...
CFG: Allow `erb` top-level scopes
2021-08-17 11:21:44 +02:00
Sauyon Lee
390e48fdd2
Remove more redundant models
2021-08-17 02:17:36 -07:00
Arthur Baars
115a13f50c
Merge pull request #258 from github/qltest-no-beta
...
Exclude beta releases of code-cli for qltest job
2021-08-17 11:09:53 +02:00
Cornelius Riemenschneider
59b3d55b9a
JS: Delete flaky test.
2021-08-17 10:58:39 +02:00
