hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,997 Commits 1,741 Branches 166 Tags
14bada4bbe654d7d42e5415ec8974f0232fbd8a6
Commit Graph

24997 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
0356ed7f9e Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check 
Java: Promote Missing JWT signature check query from experimental
 2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen
1932f604dc Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb 
Add unsafe-deserialization support for Jabsorb
 2021-08-05 09:04:23 +02:00
Erik Krogh Kristensen
d3ea58002d fix a case in union where order wasn't necessarily preserved 2021-08-05 08:48:15 +02:00
Erik Krogh Kristensen
6ca53c8b25 a little more special casing in CFGExtractor union 2021-08-05 08:32:56 +02:00
CodeQL CI
475032780e Merge pull request #6311 from asgerf/js/dom-element-methods 
Approved by erik-krogh
 2021-08-04 23:18:34 -07:00
github-actions[bot]
9d13edb325 Add changed framework coverage reports 2021-08-05 00:08:17 +00:00
Erik Krogh Kristensen
7e422a656a remove unused imports 2021-08-04 23:41:36 +02:00
Erik Krogh Kristensen
ff9943906d micro optimize the hot loops by adding special cases and removing streams 2021-08-04 23:35:58 +02:00
Fosstars
b913928294 Renamed queries and merged qhelp files 2021-08-04 17:54:16 +02:00
Chris Smowton
1f08c3fe55 Move test files to appropriate package directories 2021-08-04 16:50:03 +01:00
Chris Smowton
5a42448888 Code review suggestions 
- Remove unneeded import
- Remove unnecessary `toLowerCase` call
 2021-08-04 16:08:07 +01:00
Chris Smowton
69549e9ce3 Add unsafe-deserialization support for Jabsorb 
This is partly extracted from https://github.com/github/codeql/pull/5954
 2021-08-04 15:35:50 +01:00
Asger Feldthaus
1b67b43b40 JS: Change note 2021-08-04 16:25:59 +02:00
Asger Feldthaus
00f4694616 JS: Recognize methods returning DOM objects 2021-08-04 16:25:56 +02:00
Anders Schack-Mulligen
5f9f857c34 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:23:21 +02:00
Anders Schack-Mulligen
78998d0ca1 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:22:56 +02:00
Anders Schack-Mulligen
6a09a5667d Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection 
Java: Promote JNDI Injection query from experimental
 2021-08-04 15:48:44 +02:00
Tony Torralba
bc9563c073 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:40:32 +02:00
Tony Torralba
989afb446e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:07:10 +02:00
Tony Torralba
a046d75ea6 Apply suggestions from code review 2021-08-04 13:15:49 +02:00
edvraa
e790ee7c2e Fix formatting 2021-08-04 14:06:27 +03:00
Tony Torralba
452fd9a8e3 Refactor to path query 2021-08-04 13:05:18 +02:00
Anders Schack-Mulligen
fe654dc8ee Merge pull request #6418 from github/cwe-918-add-sec-sev 
Update Security-Severity for CWE-918
 2021-08-04 13:04:40 +02:00
turbo
a8f84da7ac Update Security-Severity for CWE-918 2021-08-04 12:17:21 +02:00
Tony Torralba
b586f3ec9c Make the additional flow step abstract 2021-08-04 12:11:17 +02:00
Tony Torralba
f4bc4df8c1 Renamed JWTQuery so that it's named after the actual query name 2021-08-04 12:08:08 +02:00
Anders Schack-Mulligen
1a078c38ad Merge pull request #6412 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-04 09:58:34 +02:00
github-actions[bot]
8a2acda53c Add changed framework coverage reports 2021-08-04 00:07:10 +00:00
Erik Krogh Kristensen
fe551f1359 remove the last use of createCollection 2021-08-03 21:54:55 +02:00
Robert Marsh
55256d434d Merge pull request #6410 from geoffw0/uncontrolledarithtests 
C++: Clean up the test directories for cpp/uncontrolled-arithmetic
 2021-08-03 12:46:31 -07:00
Geoffrey White
e679eac008 C++: Rename test directories to match the test names, where possible. 2021-08-03 18:43:02 +01:00
Mathias Vorreiter Pedersen
8ce6335383 Merge pull request #6372 from geoffw0/uncontrolledarith 2021-08-03 17:53:39 +02:00
Erik Krogh Kristensen
85d6bfe044 move createCollection to the only place it is used 2021-08-03 16:55:44 +02:00
Erik Krogh Kristensen
ef5ea437c3 remove raw Object type where possible, and simplify accordingly 2021-08-03 16:55:38 +02:00
Geoffrey White
54253bc2eb C++: Resurrect underflow detection, but only on unsigned types. 2021-08-03 15:02:39 +01:00
Chris Smowton
eaf3d3cc03 Merge pull request #6162 from smowton/smowton/feature/jax-rs-content-type-sensitivity-fixes 
Jax-RS: implement content-type tracking
 2021-08-03 14:53:31 +01:00
Geoffrey White
23ba7dcf9c Merge pull request #6141 from ihsinme/ihsinme-patch-276 
CPP: Add a query to find incorrectly used exceptions. 2
 2021-08-03 14:46:39 +01:00
Anders Schack-Mulligen
7fb1e1578e Merge pull request #5894 from atorralba/atorralba/promote-ognl-injection 
Java: Promote OGNL Injection query from experimental
 2021-08-03 15:31:40 +02:00
Anders Schack-Mulligen
be6fd7c22e Merge pull request #6382 from bmuskalla/stringValueOfTaint 
Track taint for String.valueOf(..)
 2021-08-03 15:30:30 +02:00
Chris Smowton
3bf41491b3 Apply suggestions from code review 2021-08-03 14:15:39 +01:00
Benjamin Muskalla
8ce841493c Avoid taint for valueOf(Object) 2021-08-03 14:46:55 +02:00
Anders Schack-Mulligen
c0d76da1a6 Merge pull request #5846 from atorralba/atorralba/promote-unsafe-android-webview-fetch 
Java: Promote Unsafe resource loading in Android WebView from experimental
 2021-08-03 14:24:34 +02:00
Tony Torralba
f5cbec4938 Fix tests affected by Jackson stubs changes 2021-08-03 14:22:55 +02:00
Anders Schack-Mulligen
fb9feabe64 Merge pull request #6062 from atorralba/atorralba/promote-groovy-injection 
Java: Promote Groovy Code Injection from experimental
 2021-08-03 14:19:15 +02:00
Mathias Vorreiter Pedersen
43044cd475 Merge pull request #6081 from ihsinme/ihsinme-patch-273 
CPP: Add a query to find incorrectly used switch
 2021-08-03 13:16:45 +02:00
Tony Torralba
a33e0bce9d Fix tests affected by Jackson stubs changes 2021-08-03 13:15:45 +02:00
Anders Schack-Mulligen
ad86641e22 Merge pull request #6216 from smowton/smowton/admin/serializability-dataflow 
Create a dataflow instance specifically for the Serializability library
 2021-08-03 13:03:49 +02:00
Tony Torralba
c44de87503 Fix reference to PostUpdateNode 2021-08-03 12:45:12 +02:00
Tom Hvitved
ee51e1593f Merge pull request #6217 from hvitved/csharp/dataflow/csv-override-fix 
C#: Fix CSV overrides logic
 2021-08-03 12:11:26 +02:00
Chris Smowton
36379146c5 Resync dataflow clone 2021-08-03 11:03:30 +01:00