hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,000 Commits 1,740 Branches 165 Tags
0cf9c959810bbdcd2a4dc0be303fbb0cd93bbdea
Commit Graph

24000 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
8eaffaff35 Fix test mistakes 2021-06-28 19:24:19 +01:00
Chris Smowton
6b3bc42ef2 Add JAX-RS XSS tests 2021-06-28 19:24:18 +01:00
Chris Smowton
b3c186c513 Convert XSS test to inline expectations 2021-06-28 19:24:18 +01:00
Sauyon Lee
240058be28 fixup! Fix tests for Spring util 
Apply review comments
 2021-06-28 10:53:00 -07:00
Sauyon Lee
4012076c90 fixup! Model spring util 
Apply review comments
 2021-06-28 10:52:58 -07:00
Felicity Chapman
267e36919e Merge pull request #6153 from github/docs-content-4456-multiple-dbs 
Add information on multi-db options to the CodeQL CLI docs
 2021-06-28 17:38:49 +01:00
Sauyon Lee
bddc88c010 Add stubs for Spring util tests 2021-06-28 08:26:40 -07:00
Sauyon Lee
60db9e1851 Rename springframework-5.2.3 to 5.3.8 2021-06-28 08:26:39 -07:00
Sauyon Lee
fb0e6bfb42 Fix tests for Spring util 2021-06-28 08:26:39 -07:00
Sauyon Lee
739b142209 Generate tests for Spring util 2021-06-28 08:26:38 -07:00
Sauyon Lee
92ebb63b1f Model Spring AntPath utils 2021-06-28 08:26:38 -07:00
Sauyon Lee
c4e9b1fd8e Model Spring util 2021-06-28 08:26:37 -07:00
Rasmus Lerchedahl Petersen
c7992f6c6e Python: add change note 2021-06-28 17:24:37 +02:00
Rasmus Lerchedahl Petersen
40ac91eecd Python: Add some tests for exponential ReDoS 
- `KnownCVEs` contain the currently triaged Python CVEs
- `unittest.py` contains some tests constructed by @erik-krogh
- `redos.py` contains a port of `tst.js` from javascript
The expected file has been ported as well with some fixups by @tausbn
 2021-06-28 17:04:49 +02:00
Rasmus Lerchedahl Petersen
591b6ef69c Python: Add ReDoS as identical files from JS 
The library specific file is `RegExpTreeView`.
The files are recorded as identical via the mapping
in `identical-files.json`.
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
d2eeaff441 JS: Refactor ReDoS to make files sharable 
the extra ordering conditions in ReDoSUtil will be needed
for the Python implementation.
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
2c27ce7aa5 Python: Make ast viewer see regexes 
This work is due to @erik-krogh who also
 - made corresponding fixes to `RegexTreeView.qll`
 - implemented `toUnicode` so it is available on `String`s
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
d953ba8dd4 Python: A parse-tree-view of regular expressions 
This contains several contributions from @erik-krogh
and also some fixes from @nickrolfe
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
21007d21f4 Python: track if qualifiers allow unbounded 
repeats. This in preparation for ReDoS
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
74ca1d00b9 Python: More precise regex parsing 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
e5f07cc4d3 Python: inline test of regex components 
- Added naive implementation of `charRange` so the test can run.
- Made predicates public as needed.
 2021-06-28 17:04:48 +02:00
Tony Torralba
8112d723e0 Merge branch 'main' into atorralba/spring-beans 2021-06-28 17:02:31 +02:00
Tony Torralba
393b95cbbe Remove 'magic' from tests 2021-06-28 17:01:34 +02:00
Tamas Vajk
006303420b Fix CSV framework coverage commenter workflow 2021-06-28 15:07:13 +02:00
Chris Smowton
ca4c519a2a Merge pull request #6170 from smowton/smowton/admin/cleanup-exec-tainted-query 
Change ID and description of cloned query
 2021-06-28 13:22:34 +01:00
Felicity Chapman
c4047afc05 Add extra reference to docs.github.com 
Clarify the existing reference and add one for CodeQL code scanning using GitHub Actions.
 2021-06-28 12:30:49 +01:00
Felicity Chapman
b52b158c97 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-06-28 12:20:20 +01:00
Chris Smowton
3d69868297 Change ID and description of cloned query 
This should be cleaned up more effectively soon, but this suffices to fix the clashing-id problem.
 2021-06-28 12:18:59 +01:00
Tamas Vajk
3b5856907f Add updated C# framework coverage report 2021-06-28 11:29:46 +02:00
Tamas Vajk
3170781d57 Rework timeseries report to iterate git history only once 2021-06-28 11:29:45 +02:00
Tamas Vajk
1ec1e1cfc8 Adjust framework coverage report generator to include all sources not just remote ones 2021-06-28 11:20:32 +02:00
Tamas Vajk
4524563923 Fix timeseries coverage report to handle multiple languages 2021-06-28 11:20:32 +02:00
Tamas Vajk
a90a86bcbf Fix flow from Element of Argument[0] for Int32.TryParse(ReadOnlySpan<Char>,... 2021-06-28 11:20:32 +02:00
Tamas Vajk
1d8b19e153 Adjust coverage report generator to allow multiple sink identifiers per CWE 2021-06-28 11:20:32 +02:00
Tamas Vajk
2a75989881 Migrate StringContent sink to CSV format 2021-06-28 11:20:32 +02:00
Tamas Vajk
5aba7142e8 C#: Add framework coverage report 2021-06-28 11:20:32 +02:00
Tamas Vajk
016e8fb2cf Adjust framework coverage jobs to cover C# 2021-06-28 11:20:32 +02:00
Tamas Vajk
b7a43dccd3 C#: Migrate System.Int32 flow summaries to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
a9ccd65fa9 C#: Migrate System.Web.HttpResponse sinks to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
45568d5b10 C#: Convert System.Console.Read* local flow source to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
9606816c39 Fix missing summarizedCallable case 2021-06-28 11:20:32 +02:00
Cornelius Riemenschneider
a1c38b78a9 Merge pull request #6163 from adityasharad/lines-of-code-make-unique 
Ensure only one query per language is tagged `lines-of-code`
codeql-cli/v2.5.7 		2021-06-28 10:57:29 +02:00
Tom Hvitved
4f8a103df2 C#: Add active preprocessor conditions as suffix in all TRAP .push instructions 2021-06-28 10:34:42 +02:00
Aditya Sharad
61e6dcb56d Ensure only one query per language is tagged lines-of-code 
Some languages have multiple `summary` queries for lines of code,
representing different forms of counting (user written, total, etc).
When Code Scanning sees results from multiple such summary queries in a single run,
it will need to choose one as the primary LoC count to display in the UI.

By ensuring only one query per language has the `lines-of-code` tag,
in future we can teach Code Scanning to look for this particular tag
to identify the primary LoC count.

If a "lines of user code" query is available, use that.
Otherwise use the total "lines of code".

(It is completely fine for multiple queries to be tagged with `summary`.)
 2021-06-25 16:45:37 -07:00
Chris Smowton
8aa9cd52b5 Merge pull request #5811 from mogwailabs/insecureJmxRmiServerEnvironment 
Java: Add query - insecure environment configuration during JMX/RMI server init
 2021-06-25 22:09:20 +01:00
Timo Mueller
e5fa5325b5 Auto formatting .ql file 2021-06-25 22:31:29 +02:00
Timo Mueller
eb0a13f60f Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment 2021-06-25 22:29:43 +02:00
Chris Smowton
def4a23af2 Merge pull request #4879 from intrigus-lgtm/java/improve-trustmanager 
Java: Add/improve insecure trustmanager query
 2021-06-25 18:15:55 +01:00
Tom Hvitved
e624fb46f9 Merge pull request #6152 from hvitved/csharp/dataflow/csv-out-ref 2021-06-25 18:02:59 +02:00
intrigus
5aa711a956 Accept test changes. 2021-06-25 17:04:36 +02:00