hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-15 23:44:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,857 Commits 1,680 Branches 158 Tags
0d75c6a5f104fda85e58ea182afd23ea4df634fb
Commit Graph

12857 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
0d75c6a5f1 Merge pull request #3506 from ggolawski/spring-actuators-fix 
Fixes FPs in SpringBootActuators query
 2020-05-25 13:09:56 +02:00
semmle-qlci
ac1a338390 Merge pull request #3407 from RasmusWL/python-add-BoundMethodValue-v2 
Approved by tausbn
 2020-05-25 12:00:45 +01:00
Taus
a2308771a3 Merge pull request #3489 from yoff/DeprecateObject 
Python: Modernise `py/missing-equals`.
 2020-05-25 10:56:16 +02:00
Rasmus Wriedt Larsen
49d7e12acd Python: Remove unnecessary restriction from getNamedArgumentForCall 
As agreed in https://github.com/github/codeql/pull/3407
 2020-05-25 10:17:37 +02:00
Rasmus Wriedt Larsen
4fc3cae646 Python: Add test for how arguments to *args and **kwargs are handled 2020-05-25 10:16:10 +02:00
Rasmus Wriedt Larsen
87ee6ae101 Python: Add a bit of docs to CallableObjectInternal 
As requested :)
 2020-05-25 09:53:28 +02:00
Rasmus Wriedt Larsen
9e0d57c610 Python: Fix grammar in QLDoc 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-25 09:47:01 +02:00
Rasmus Lerchedahl Petersen
3e712be431 Python: Modernise 2020-05-25 09:00:34 +02:00
semmle-qlci
b9ecf1a304 Merge pull request #3447 from erik-krogh/LibCmdInjection 
Approved by asgerf, mchammer01
 2020-05-22 17:10:57 +01:00
James Fletcher
9259dca40d Merge pull request #3540 from github/jf205-patch-2 
Link README.md to CodeQL for Go repo
 2020-05-22 10:29:55 +01:00
Shati Patel
8c1e4d49ca Merge pull request #3537 from syang-ng/master 
fix an error in the code snippet of the documentation about global-data-flow-java
 2020-05-21 19:43:51 +01:00
James Fletcher
49d4c76f2f Update README.md 2020-05-21 16:37:44 +01:00
syang-ng
184209d1eb fix an error in the code snippet of the documentation about global-data-flow-java 2020-05-21 22:00:15 +08:00
Geoffrey White
0f4723aee4 Merge pull request #3520 from dbartol/github/codeql-c-analysis-team/79 
C++: Mark deprecated overrides as deprecated
 2020-05-21 14:55:39 +01:00
Erik Krogh Kristensen
b79b25ef87 correct cwe-78 to cwe-078 2020-05-21 12:38:44 +00:00
Erik Krogh Kristensen
b297837969 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-05-21 14:32:02 +02:00
Dave Bartolomeo
5641b2c140 C++: Remove deprecated predicate from File 2020-05-20 14:14:49 -04:00
Dave Bartolomeo
ff1e70efce C++: Undo changes to shared XML.qll 2020-05-20 14:14:31 -04:00
semmle-qlci
8df7b7c42a Merge pull request #3525 from erik-krogh/ZipTaint 
Approved by asgerf
 2020-05-20 16:45:02 +01:00
semmle-qlci
079021a3e9 Merge pull request #3453 from RasmusWL/python-flask-routed-params 
Approved by tausbn
 2020-05-20 14:47:53 +01:00
Erik Krogh Kristensen
a23cde1354 autoformat 2020-05-20 15:36:46 +02:00
Erik Krogh Kristensen
5a3eec87c0 rename isTaintedPathStep to isPosixPathStep 2020-05-20 13:44:14 +02:00
Erik Krogh Kristensen
97c199e10d update docstring 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-20 13:40:12 +02:00
Rasmus Wriedt Larsen
712d4bd150 Python: Fix typo in docs 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-20 13:06:24 +02:00
semmle-qlci
c15d22d9f8 Merge pull request #3516 from asger-semmle/js/typescript-3.9.2 
Approved by erik-krogh
 2020-05-20 11:31:57 +01:00
semmle-qlci
2bbc1c2af0 Merge pull request #3478 from erik-krogh/PromiseAll 
Approved by asgerf, esbena
 2020-05-20 11:03:05 +01:00
semmle-qlci
29b8a0db92 Merge pull request #3508 from asger-semmle/js/shared-data-flow-node 
Approved by esbena
 2020-05-20 10:58:09 +01:00
Erik Krogh Kristensen
33e0f25f3c use NodeJSLib::Path instead of DataFlow::moduleMember 2020-05-20 10:30:23 +02:00
Erik Krogh Kristensen
7c51dff0f7 share implementation between TaintedPath and ZipSlip 2020-05-20 10:10:04 +02:00
Tom Hvitved
e9839198f4 Merge pull request #3484 from calumgrant/cs/index-initializers 
C#: Extract indexed initializers correctly
 2020-05-20 09:22:47 +02:00
Tom Hvitved
97080731ad Merge pull request #3486 from h3ku/master 
CSHARP: Add experimental query for tainted WebClient
 2020-05-20 08:17:05 +02:00
Robert Marsh
28c2acabe5 Merge pull request #3505 from dbartol/github/codeql-c-analysis-team/69 
C++/C#: Remove `UnmodeledDefinition` instruction
 2020-05-19 17:17:53 -07:00
Dave Bartolomeo
3832d4cae6 C++: Mark deprecated overrides as deprecated 
The QL compiler is about to be changed to emit a warning when overriding a deprecated predicate. This PR marks the existing overrides of deprecated predicates as `deprecated` themselves, which avoids the warning.

The `Print.qll` models seem to preserve the `isWideCharDefault()` predicate for backwards compatibility, so we can't remove them and must continue overriding them.

The `XML.qll` override is necessary because both superclasses declare the `getName()` predicate. One is `deprecated`, and the other is `abstract`, so we have to have an override.
 2020-05-19 16:33:33 -04:00
semmle-qlci
0a8b3adc25 Merge pull request #3518 from felicitymay/merge-124-master 
Approved by shati-patel
 2020-05-19 19:30:47 +01:00
Felicity Chapman
99d7a21425 Merge branch 'rc/1.24' into merge-124-master 2020-05-19 19:04:44 +01:00
Felicity Chapman
cca3922d00 Merge pull request #3517 from felicitymay/1.24/SD-54-update-contact 
CodeQL 1.24: Update information on support
 2020-05-19 18:57:34 +01:00
Tom Hvitved
f0f833b58f Merge pull request #3512 from jbj/mergeback-2020-05-19 
Mergeback rc/1.24 -> master
 2020-05-19 19:51:36 +02:00
Felicity Chapman
70d642a956 Update information on support 2020-05-19 18:17:17 +01:00
Erik Krogh Kristensen
5b569a4d6d add a sanitizer for chained replace-calls 2020-05-19 19:16:58 +02:00
Jonas Jensen
d38700a87c Merge remote-tracking branch 'upstream/master' into mergeback-2020-05-19 
Conflicts:
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
 2020-05-19 17:44:15 +02:00
Asger Feldthaus
9d006327df JS: Update qldoc for ValueNode 2020-05-19 15:57:07 +01:00
semmle-qlci
26dfca80f6 Merge pull request #3510 from max-schaefer/cull-boring-queries 
Approved by asgerf, esbena
 2020-05-19 15:41:53 +01:00
Asger Feldthaus
b39e0ec091 JS: Update output due to whitelisting change 2020-05-19 15:30:36 +01:00
Hector Cuesta
66d77a43bd Fix typo in comment and TaintTrackingConfiguration name 2020-05-19 15:15:03 +01:00
Hector Cuesta
e18d8c5234 Remove duplicated CWE in security tag 2020-05-19 15:12:43 +01:00
Hector Cuesta
7d1ef92fbf Remove unnecessary CWE reference. 2020-05-19 15:09:17 +01:00
Mathias Vorreiter Pedersen
f0f7e531d7 Merge pull request #3511 from jbj/simplify-field-conflation-test 
C++: Simplify field conflation test
 2020-05-19 16:04:45 +02:00
yo-h
bfeaeccf60 Merge pull request #3507 from aschackmull/java/cleanup-deprecated-overrides 
Java: Clean up deprecated overrides.
 2020-05-19 09:47:57 -04:00
Max Schaefer
a803120414 Lower precision for a number of queries. 
These queries are currently run by default, but don't have their results displayed.

Looking through results on LGTM.com, they are either false positives (e.g., `BitwiseSignCheck` which flags many perfectly harmless operations and `CompareIdenticalValues` which mostly flags NaN checks) or harmless results that developers are unlikely to care about (e.g., `EmptyArrayInit` or `MisspelledIdentifier`).

With this PR, the only queries that are still run but not displayed are security queries, where different considerations may apply.
 2020-05-19 13:43:17 +01:00
Jonas Jensen
5318d42c4f Merge remote-tracking branch 'upstream/rc/1.24' into mergeback-2020-05-19 2020-05-19 14:42:58 +02:00