hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Artem Smotrakov
f245dc3ac8 Removed hashes from NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
8a69b7b3ac Added NotConstantTimeCryptoComparison.qhelp and examples 2021-08-01 09:47:01 +02:00
Artem Smotrakov
67579dd1d8 Added tests for NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:01 +02:00
Artem Smotrakov
c2c85d32da Java: Added a query for timing attacks 2021-08-01 09:47:01 +02:00
Artem Smotrakov
7959e76da8 Better qldoc in UnsafeDeserializationQuery.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 09:30:59 +02:00
Fosstars
a4b0041120 Better looksLikeResolveClassStep() predicate 2021-07-30 09:28:03 +02:00
Fosstars
1d3eb570bf hasJsonTypeInfoAnnotation() should check fields recursively 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 08:30:40 +02:00
yo-h
6a18b33616 Java: update frameworks.rst with Jackson 
Updating manually maintained list with coverage in `JacksonSerializability.qll`
 2021-07-29 17:35:06 -04:00
Arthur Baars
d986bea317 Merge pull request #238 from github/aibaars/extract-erb 
Extract ERB tags
 2021-07-29 19:21:32 +02:00
Aditya Sharad
cb686ea802 Merge pull request #6388 from github/geoffw0-patch-2 
Update query-metadata-style-guide.md
 2021-07-29 10:20:26 -07:00
Arthur Baars
00a0b93172 Add erb file 2021-07-29 19:09:56 +02:00
Geoffrey White
5e6e176f32 Update query-metadata-style-guide.md 
Add a note about the `@security-severity` tag.
 2021-07-29 17:53:31 +01:00
Nick Rolfe
4007e85991 Incorporate changes from Python PR 2021-07-29 17:25:39 +01:00
Nick Rolfe
3abe047cac Fix parsing of POSIX bracket expressions. 
The docs are misleading. [[:alpha:]] is actually a character class
*containing* a POSIX bracket expression, and that means you can have
expressions like [[:alpha:][:digit:]_?!]
 2021-07-29 17:24:51 +01:00
Nick Rolfe
5d336d8e1d Make some predicates/classes/imports private 2021-07-29 17:17:11 +01:00
Mathias Vorreiter Pedersen
b1e5fbe2de Merge pull request #6377 from sashabu/sashabu/virtual 
C++: Allow querying virtual, override, and final declaration specifiers.
 2021-07-29 17:51:14 +02:00
Joe Farebrother
227818adb4 Add change note 2021-07-29 16:41:33 +01:00
Joe Farebrother
e23f666f67 Replace get and newWith methods with real implementations 2021-07-29 16:39:50 +01:00
Tony Torralba
29490e5872 Add suggestion from code review 2021-07-29 17:07:18 +02:00
Joe Farebrother
f1ca29a846 Add more stubs 2021-07-29 15:58:42 +01:00
Tony Torralba
3fcc9fae79 Refactor sinks to reuse code 2021-07-29 16:48:47 +02:00
Geoffrey White
417edab126 C++: Simplify out the 'effect' string. 2021-07-29 15:44:53 +01:00
Geoffrey White
7f621bc737 C++: Repair the tests that use subtraction so that the thing they're testing is preserved, and add two new explicit tests of behaviour on subtraction. 2021-07-29 15:36:43 +01:00
Tony Torralba
6e3b6dcb98 Imporve qhelp 2021-07-29 16:36:38 +02:00
Tony Torralba
bdf0f582a4 QLDoc improvements from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-29 16:34:21 +02:00
Tony Torralba
90b5e02b6e Improve qhelp 2021-07-29 16:28:10 +02:00
Geoffrey White
13823df5a1 C++: Remove underflow detection. 2021-07-29 15:22:18 +01:00
Geoffrey White
9e0411238b C++: Add some more test cases. 2021-07-29 15:15:26 +01:00
Tony Torralba
4ea6729c53 Update java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2021-07-29 16:10:49 +02:00
mc
0a986ad0e8 Update JndiInjection.qhelp 
Improve negation
 2021-07-29 15:10:32 +01:00
Joe Farebrother
096509b9aa Generate tests and stubs 2021-07-29 15:01:50 +01:00
Joe Farebrother
3bcb46f875 Model guava cache package 2021-07-29 14:52:26 +01:00
Mathias Vorreiter Pedersen
bbb38fd2aa C++: Accept more test changes. 2021-07-29 15:49:50 +02:00
Tony Torralba
2628d3dc39 Improve csv sink models 2021-07-29 15:36:18 +02:00
Tony Torralba
3edc8bc679 Doc improvements 2021-07-29 15:35:39 +02:00
Tony Torralba
d9fb650dfb JacksonCreateParserMethod converted to CSV summay model 2021-07-29 15:19:30 +02:00
Tony Torralba
b20d53cfd4 Update java/ql/src/semmle/code/java/security/OgnlInjection.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-29 15:08:27 +02:00
Alexandre Boulgakov
e55bd4fb64 C++: Allow querying virtual, override, and final declaration specifiers. 2021-07-29 14:02:03 +01:00
Mathias Vorreiter Pedersen
41d233f086 C++: Make the 'definition by reference'-node in 'foo(a.b);' a source in the 'FieldConfiguration' configuration. 2021-07-29 14:49:59 +02:00
Mathias Vorreiter Pedersen
a082172422 C++: Add testcase demonstrating missing local flow out of fields that are defined by reference. 2021-07-29 14:46:32 +02:00
Nick Rolfe
e757d2e654 Merge pull request #241 from github/fix_yml 
Fix invalid file-type identifier
 2021-07-29 12:05:10 +01:00
Arthur Baars
c568162256 Use a single TrapWriter 
The output of two distinct TrapWriters should not be written to the
same TRAP file because this causes name clashes between TRAP labels.
 2021-07-29 12:50:27 +02:00
Nick Rolfe
4aacdafb38 Fix invalid file-type identifier 
Upper-case characters are not allowed.
 2021-07-29 11:49:22 +01:00
mc
8f1fc9e893 Update MvelInjection.qhelp 
Minor tweaks
 2021-07-29 11:30:19 +01:00
Arthur Baars
cc1bdf1fc3 Add charpred to RubyFile class 2021-07-29 11:48:35 +02:00
Joe Farebrother
143b302eef Merge pull request #6384 from joefarebrother/test-gen-improvements 
Java: Test generator: use getComponentType
 2021-07-29 10:47:37 +01:00
Joe Farebrother
3b430d4925 Use getComponentType 2021-07-29 10:11:22 +01:00
Joe Farebrother
f7099f459f Java: Test generator: use getComponentType 2021-07-29 10:08:45 +01:00
Artem Smotrakov
83a9b0ee28 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-29 11:04:21 +02:00
mc
ebf004a4df Update MissingJWTSignatureCheck.qhelp 
Using same syntax as on other queries for 'BAD' and 'GOOD'.
 2021-07-29 09:13:00 +01:00