hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,781 Commits 1,712 Branches 163 Tags
05ab6cd54a806449be0b1b7003532deda11f59a8
Commit Graph

18781 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
05ab6cd54a Python: Add RemoteFlowSource for django handler without route 
A bit scary that we don't have any tests to indicate that I forgot to add this :O
 2020-12-21 18:02:30 +01:00
Rasmus Wriedt Larsen
d4d6f0ca0c Python: Model django request handlers without known route 2020-12-21 18:02:22 +01:00
Rasmus Wriedt Larsen
004ff38e22 Python: Add separate RequestHandler concept 
Since I really want to use our existing infrastructure to model that we can
recognize something as a request handler without it having a route, we need this
as a separate concept. All tests have been adjusted.

The early modeling was based on flask, where all request-handling is based on
handling requests from a specific route. But with the standard library handling
and handlers without routes, the naming had to change.
 2020-12-21 17:31:58 +01:00
Rasmus Wriedt Larsen
a9bbe1d087 Python: Test Django un-routed class-based route handler 2020-12-21 16:01:23 +01:00
Tom Hvitved
0c78fb2933 Merge pull request #4855 from madneal/fix-for-csharp-docs 
Fix for csharp docs
 2020-12-21 14:11:36 +01:00
Shati Patel
0a0137bb5e Merge pull request #4859 from github/shati-patel-patch-1 
Fix typo in docs title
 2020-12-21 12:07:32 +00:00
Jonas Jensen
4308381057 Merge pull request #4846 from MathiasVP/default-taint-tracking-operand-instruction-interleaving 
C++: Instruction -> Operand interleaving for DefaultTaintTracking
 2020-12-21 12:44:06 +01:00
Shati Patel
66b85f1e5e Fix typo 2020-12-21 11:29:02 +00:00
Neal Caffery
ee0257836f removed, as it fixed by #4848 2020-12-21 19:05:37 +08:00
Mathias Vorreiter Pedersen
06366fa320 Merge pull request #4856 from jbj/gvn-wrapper-test 
C++: Test the AST wrapper for IR GVN
 2020-12-21 09:31:10 +01:00
Tom Hvitved
16aee6e71e Merge pull request #4842 from hvitved/csharp/format-method-no-insertion-param 
C#: Recognize format methods without insertion parameters
 2020-12-21 09:25:18 +01:00
Jonas Jensen
3236cbd83e C++: Test the AST wrapper for IR GVN 
Out of our 3 GVN libraries, the one we actually use in production didn't
have tests -- except indirectly through `diff_ir_expr.ql`.
 2020-12-21 08:21:02 +01:00
neal1991
b9d24b8255 fix for issue #4849 2020-12-21 08:54:15 +08:00
neal1991
eac83df40b fix for issue #4848 2020-12-21 08:52:42 +08:00
Rasmus Wriedt Larsen
49f902d28b Merge pull request #4757 from yoff/python-dataflow-synthetic-callables 
Python: Enclosing callable for synthetic arguments
 2020-12-18 16:06:26 +01:00
yoff
a08eb99778 Merge pull request #4779 from RasmusWL/django-class-based-handlers 
Python: Add modeling of django class based view handlers
 2020-12-18 15:58:51 +01:00
Anders Schack-Mulligen
5106d5df53 Merge pull request #4833 from luchua-bc/java-broken-crypto-algorithms 
Java: Add missing broken crypto algorithms
 2020-12-18 15:12:29 +01:00
Rasmus Wriedt Larsen
3e6296c7b8 Python: Fix grammar in QLDoc 2020-12-18 14:54:14 +01:00
Rasmus Wriedt Larsen
ed11e8f916 Python: Simplify predicate implementation 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-12-18 14:52:20 +01:00
Mathias Vorreiter Pedersen
b5102043b1 Fix comments. 2020-12-18 14:19:02 +01:00
Chris Smowton
de4cdda839 Merge pull request #4841 from smowton/smowton/admin/mergeback-126-2020-12-16 
Mergeback rc/1.26
 2020-12-18 12:59:06 +00:00
Mathias Vorreiter Pedersen
f5e4725642 C++: Propagate flow from instruction's to non-exact operands for arrays and unions, and accept test changes. 2020-12-18 13:54:34 +01:00
Mathias Vorreiter Pedersen
2bf8e47932 Merge branch 'main' into default-taint-tracking-operand-instruction-interleaving 2020-12-18 11:59:10 +01:00
Mathias Vorreiter Pedersen
7ccd48e53c Make DefaultTaintTracking do operand->instruction->operand interleaving like DataFlowUtil. 2020-12-18 11:57:16 +01:00
Tom Hvitved
d53faa86dc C#: Restrict FormatInvalid.ql and UncontrolledFormatString.ql to calls with insertions 2020-12-18 10:53:11 +01:00
Rasmus Lerchedahl Petersen
0629d3e6e7 Python: Enclosing callable for synthetic arguments 2020-12-18 10:45:24 +01:00
Rasmus Lerchedahl Petersen
a16d58dfc0 Python: Add tests cases with synthetic arguments 2020-12-18 10:41:42 +01:00
Jonas Jensen
fd7dec7f20 Merge pull request #4824 from geoffw0/modelchanges5 
C++: Add cases in the Allocation model.
 2020-12-18 09:16:01 +01:00
yoff
39acc9a40b Merge pull request #4735 from RasmusWL/python-untrusted-flow 
Python: Untrusted data used in external APIs
 2020-12-18 00:15:08 +01:00
yoff
9dd6439e3c Merge pull request #4749 from RasmusWL/command-injection-tests 
Python: Add some command injection tests
 2020-12-17 23:36:06 +01:00
yoff
8a44405365 Merge pull request #4827 from RasmusWL/reword-qldoc-for-type-tracking-classes 
Python: Reword QLDoc for class modeling with type-tracking
 2020-12-17 23:28:19 +01:00
Tom Hvitved
7a132149a2 C#: Add change note 2020-12-17 15:39:01 +01:00
Tom Hvitved
fe559c190e C#: Recognize format methods without insertion parameters 2020-12-17 15:39:01 +01:00
Tamás Vajk
45893ab084 Merge pull request #4775 from tamasvajk/feature/cil-attribute-decoding2 
C#: Improve CIL attribute decoding
 2020-12-17 15:20:44 +01:00
Tamás Vajk
65c58edbed Merge pull request #4617 from tamasvajk/feature/csharp9-implicit-obj-creation 
C#: Extract 'ImplicitObjectCreationExpressionSyntax'
 2020-12-17 15:20:13 +01:00
Tamas Vajk
f12befdcd0 Add extra test for collection initialization 2020-12-17 13:49:02 +01:00
luchua-bc
bed8a68d28 Exclude broken algorithms from the list of secure algorithms 2020-12-17 00:41:23 +00:00
Aditya Sharad
a79f1e145b Merge pull request #4832 from github/docs/add-favicon 
[docs] Add GitHub favicon to CodeQL docs
 2020-12-16 13:29:32 -08:00
Chris Smowton
faa08c10e0 Merge branch 'rc/1.26' of https://github.com/github/codeql into smowton/admin/mergeback-126-2020-12-16 2020-12-16 21:08:20 +00:00
James Fletcher
7bfc2853cb Merge pull request #4839 from github/docs/css-fixes-126 
[CodeQL docs] Fix two CSS bugs (rc/1.26)
 2020-12-16 18:10:18 +00:00
James Fletcher
58f17d79c2 Merge pull request #4838 from github/docs/css-fixes 
[CodeQL docs] Fix two CSS bugs
 2020-12-16 16:44:59 +00:00
james
6c430ce0c7 align list items correctly 2020-12-16 16:41:27 +00:00
james
686eca9adf fix footnote spacing 2020-12-16 16:41:27 +00:00
james
ff123f8e78 align list items correctly 2020-12-16 15:58:12 +00:00
james
256460dddc fix footnote spacing 2020-12-16 15:31:25 +00:00
Tamas Vajk
1bc65a68df Address PR review comments 2020-12-16 16:12:11 +01:00
Geoffrey White
c89f7d824b C++: Back out support for SysAllocString. It turns out supporting all of the SysAlloc stuff is beyond our current models, supporting just SysFreeString as we do is OK. 2020-12-16 15:08:53 +00:00
CodeQL CI
41ef7a3fce Merge pull request #4733 from erik-krogh/args 
Approved by esbena
 2020-12-16 06:51:26 -08:00
CodeQL CI
287954e0d8 Merge pull request #4686 from erik-krogh/buildFp 
Approved by esbena
 2020-12-16 06:42:41 -08:00
Erik Krogh Kristensen
94e07bb91c add change note 2020-12-16 15:10:03 +01:00