hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 15:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,431 Commits 1,700 Branches 161 Tags
04e04b30315d2194e3560bbe208702153c93f3ca
Commit Graph

25431 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
04e04b3031 Use array allocation syntax 2021-08-27 11:25:03 -07:00
Sauyon Lee
97faeb026f Fix side of stack that gen method types are used 2021-08-27 11:25:03 -07:00
Sauyon Lee
119de6c60c Replace type variables before attempting to match to an array generation 2021-08-27 11:25:03 -07:00
Sauyon Lee
9d66761eeb Consider a callable to ambiguous if it has a varargs parameter 2021-08-27 11:25:02 -07:00
Sauyon Lee
0d174f2daf Only include support methods and imports from working test cases 2021-08-27 11:25:02 -07:00
Sauyon Lee
2132ee52d5 Restrict the size of appliesTo for default methods 2021-08-26 08:02:21 -07:00
Sauyon Lee
abf3bbbe8d Add qldoc for public elements 2021-08-26 08:02:21 -07:00
Sauyon Lee
e7611ab641 Move getCall and appliesTo to relevant classes 2021-08-26 08:02:21 -07:00
Sauyon Lee
ce8d14e6ef Add a priority predicate for test generation support methods 2021-08-26 08:02:21 -07:00
Sauyon Lee
1bd5eb5120 Use if statement instead of manual disjuction 2021-08-26 08:02:21 -07:00
Sauyon Lee
73d6177477 Java test gen: make char zero '\0' 2021-08-26 08:02:20 -07:00
Chris Smowton
2b0f6a2723 Java: Generate more realistic tests 2021-08-26 08:02:20 -07:00
Chris Smowton
33c727e6b9 Split up GenerateFlowTestCase.qll 
This doesn't change any behaviour or alter any predicate bodies
 2021-08-26 08:02:19 -07:00
Andrew Eisenberg
039b655f7f Merge pull request #6544 from github/aeisenberg/pack/javascript 
Packaging: Rafactor Javascript core libraries
 2021-08-25 13:17:34 -07:00
Andrew Eisenberg
5609c3d1b5 Packaging: Fix identical files script 2021-08-25 12:17:27 -07:00
Andrew Eisenberg
45d1fa7f01 Packaging: Rafactor Javascript core libraries 
Extract the external facing `qll` files into the codeql/javascript-all
query pack.
 2021-08-25 12:15:56 -07:00
Andrew Eisenberg
48344d9ffc Merge pull request #6545 from github/aeisenberg/pack/python 
Packaging: Rafactor Python core libraries
 2021-08-25 12:04:44 -07:00
CodeQL CI
1daeea5696 Merge pull request #6472 from erik-krogh/apiPromise 
Approved by asgerf
 2021-08-25 14:45:03 +01:00
CodeQL CI
170a069657 Merge pull request #6403 from asgerf/js/handlebars-extraction 
Approved by erik-krogh
 2021-08-25 13:54:52 +01:00
Asger Feldthaus
87843a3794 JS: Autoformatttt 2021-08-25 10:37:37 +02:00
Erik Krogh Kristensen
c664d7cfb3 add a getMaybePromisifiedCall method in API graphs, and use it to model child_process 2021-08-25 10:27:09 +02:00
Jonas Jensen
abdf993e47 Merge pull request #6537 from andersfugmann/implicit_downcast_involving_references 
Implicit downcast involving references
 2021-08-25 09:45:32 +02:00
Anders Peter Fugmann
67a267d971 Update cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-25 08:58:44 +02:00
Andrew Eisenberg
e23df94748 Packaging: Fix identical files script 2021-08-24 16:12:43 -07:00
Andrew Eisenberg
8f73c6968a Merge pull request #6542 from github/aeisenberg/pack/move-external 
Java: Move the ExternalArtifact.qll module to the library pack
 2021-08-24 16:07:26 -07:00
yo-h
2b4635c4e0 Merge pull request #6539 from smowton/smowton/admin/downgrade-sql-unescaped 
Downgrade precision of java/concatenated-sql-query
 2021-08-24 17:22:01 -04:00
Andrew Eisenberg
3660c64328 Packaging: Rafactor Python core libraries 
Extract the external facing `qll` files into the codeql/python-all
query pack.
 2021-08-24 13:23:45 -07:00
Andrew Eisenberg
7f3066cd64 Java: Move the ExternalArtifact.qll module to the library pack 2021-08-24 13:01:02 -07:00
Chris Smowton
2689c13bde Merge pull request #6485 from Marcono1234/marcono1234/field-initializer-fix 
Java: Fix Field.getInitializer() matching non-initializer assignments
 2021-08-24 20:52:02 +01:00
Geoffrey White
8f38ab0116 Merge pull request #6540 from jbj/ctime-weaken-claims 
C++:Lower potentially-dangerous-function precision
 2021-08-24 17:01:23 +01:00
Jonas Jensen
19ee64d9ad C++:Lower potentially-dangerous-function precision 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
 2021-08-24 17:14:42 +02:00
yoff
2f5ed03798 Merge pull request #6323 from RasmusWL/sec-test-layout 
Python: Restructure security tests to contain query name
 2021-08-24 16:50:08 +02:00
Chris Smowton
5a2dfda09e Add test for field initializers 2021-08-24 14:04:45 +01:00
Marcono1234
c8d98ae649 Java: Fix Field.getInitializer() matching non-initializer assignments 2021-08-24 14:04:44 +01:00
Asger Feldthaus
8a564cc64b JS: Fix qldoc 2021-08-24 14:31:00 +02:00
Asger F
8f8a46848d Update javascript/ql/src/semmle/javascript/frameworks/Templating.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-08-24 14:16:41 +02:00
CodeQL CI
c66a34be9c Merge pull request #6533 from erik-krogh/cwdPath 
Approved by asgerf
 2021-08-24 13:10:38 +01:00
CodeQL CI
c0e8680c81 Merge pull request #6534 from erik-krogh/fallbackEntry 
Approved by asgerf
 2021-08-24 11:38:25 +01:00
Erik Krogh Kristensen
99d7e8b953 add change note 2021-08-24 12:35:20 +02:00
Chris Smowton
7f73efe3e1 Downgrade precision of java/concatenated-sql-query 2021-08-24 10:46:01 +01:00
Rasmus Wriedt Larsen
ca341bde08 Merge pull request #5612 from jty-team/jty/python/nosqlInjection 
Python: CWE-943 - Add NoSQL injection query
 2021-08-24 11:29:25 +02:00
Anders Fugmann
6b66f5dbb4 C++: Add change note for implicit downcasting involving references 2021-08-24 10:26:25 +02:00
Anders Fugmann
6d4b7c828c C++: Remove superfluous 'and any()' 2021-08-24 09:37:39 +02:00
Ian Lynagh
43355feaeb Merge pull request #6536 from github/igfoo/getPrimaryQlClasses 
All languages: Add getPrimaryQlClasses()
 2021-08-23 19:49:37 +01:00
Geoffrey White
bc9994774a Merge pull request #6515 from MathiasVP/clarify-initialization-vs-assignment-in-docs 
C++: Clarify difference between 'Initializer' and 'Assignment'.
 2021-08-23 18:00:36 +01:00
Ian Lynagh
1e06808105 Update cpp/change-notes/2021-08-23-getPrimaryQlClasses.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-23 16:52:07 +01:00
Chris Smowton
57d44b8a40 Merge pull request #6538 from atorralba/atorralba/fix-test-generator-qlpack 
Java: Adapt test generator to new qlpack name
 2021-08-23 15:57:38 +01:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Shati Patel
2a51abdee3 Merge pull request #6523 from shati-patel/vscode-docs 
Docs: Minor tweaks to VS Code docs (query history + viewing results)
 2021-08-23 15:06:09 +01:00
Tony Torralba
1ee2f6f207 Adapt test generator to new package name 2021-08-23 16:05:13 +02:00