hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-02 08:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,214 Commits 1,684 Branches 159 Tags
158366ab4684d88f4266b6f7e9eb8a000d19996f
Commit Graph

33214 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jorge
158366ab46 Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-03-14 21:27:37 +01:00
jorgectf
a0bf68f7cd Generally extend TaintTracking::AdditionalTaintStep 2022-03-14 13:39:20 +01:00
jorgectf
ded9663f2b Finish taint steps 2022-03-13 13:59:03 +01:00
jorgectf
447636bf1c Attempt to add MyBatis' sinks and taint steps to SQL and OGNL injection queries 2022-03-09 04:21:26 +01:00
jorgectf
e000163614 Properly model AbstractSQL sinks and taint steps 2022-03-09 04:20:34 +01:00
Tiferet Gazit
bbc712fdb3 Merge pull request #8297 from erik-krogh/atmPerf 
JS: Fix ATM timeout on NodeJS
 2022-03-04 10:41:35 -08:00
Mathias Vorreiter Pedersen
624795cbbf Merge pull request #8059 from rdmarsh2/rdmarsh2/cpp/insufficient-key-strength 
C++: new query for insufficient key strength
 2022-03-04 17:11:44 +00:00
Robert Marsh
280fdbfc1b C++: accept test output from perf improvement 
The last commit removed some source nodes from the dataflow graph, which
changed the test expectations slightly. No result changes occurred.
 2022-03-04 11:39:10 -05:00
Arthur Baars
71e393c6e1 Merge pull request #8330 from aibaars/cache-regExpSource 
Ruby: cache regExpSource/1 instead of isInterpretedAsRegExp
 2022-03-04 13:38:11 +01:00
Mathias Vorreiter Pedersen
9a91e66714 Merge pull request #8321 from MathiasVP/improve-using-expired-address-query 
C++: More TPs from `cpp/using-expired-stack-address`
 2022-03-04 12:07:55 +00:00
Rasmus Wriedt Larsen
3f48916e95 Merge pull request #7915 from yoff/python/promote-xpath-injection 
Python: promote XPath injection query
 2022-03-04 11:59:39 +01:00
yoff
d0a393e8d1 Update python/ql/test/library-tests/frameworks/stdlib/XPathExecution.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-04 10:56:53 +01:00
yoff
c514282d4a Merge pull request #8255 from tausbn/python-nomagic-pattern-getcase 
Python: Prevent magic/inlining in `getCase`
 2022-03-04 10:53:20 +01:00
Arthur Baars
cd5c71e85e Ruby: cache regExpSource/1 instead of isInterpretedAsRegExp 2022-03-04 10:15:22 +01:00
Harry Maclean
1181779c10 Merge pull request #7920 from github/hmac/string-flow-summaries 
Ruby: Add String flow summaries
 2022-03-04 09:09:19 +13:00
Robert Marsh
60532e631e C++: fix missing paren 2022-03-03 14:45:43 -05:00
Arthur Baars
b79d08523c Merge pull request #8293 from aibaars/regex-pattern-source 
Ruby: parse more string literals as regular expressions
 2022-03-03 17:35:40 +01:00
Arthur Baars
22b0697371 Update ruby/ql/lib/codeql/ruby/security/performance/ParseRegExp.qll 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2022-03-03 17:13:19 +01:00
Mathias Vorreiter Pedersen
bf10456bf5 C++: Add a path explanation to the 'cpp/using-expired-stack-address' query. 2022-03-03 13:55:00 +00:00
Mathias Vorreiter Pedersen
9df923a7c8 C++: Catch more true positives by stepping into calls in the 'cpp/using-expired-stack-address' query. 2022-03-03 13:53:09 +00:00
Jeroen Ketema
3fc2f2f3dc Merge pull request #8309 from jketema/taint-join-order 
C++: Fix join order in the IR dataflow library
 2022-03-03 09:00:42 +01:00
Jeroen Ketema
2fd950caad C++: Fix join order in the IR dataflow library 
Not having this fixed caused problems when updating the database
scheme stats file.
 2022-03-03 07:42:52 +01:00
Harry Maclean
4a43731b83 Ruby: Use SimpleSummarizedCallable 
This simplifies some String flow summaries.
 2022-03-03 10:49:44 +13:00
Robert Marsh
9fb94d85b4 C++: performance tweaks for InsufficientKeySize 2022-03-02 15:59:42 -05:00
Arthur Baars
692fc4cb02 Update ruby/ql/lib/change-notes/2022-02-28-regex-string-literals.md 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-03-02 21:13:23 +01:00
Rasmus Lerchedahl Petersen
6946ae931a python: missed a spot.. 2022-03-02 17:12:48 +01:00
Michael Nebel
b39f383d45 Merge pull request #8230 from michaelnebel/csharp/autobuilder-buildless 
C#: Buildless extractor option.
 2022-03-02 15:53:02 +01:00
Michael Nebel
938902dc89 C#: Include example fragment in the release note on, how to invoke the extractor with the optional parameter. 2022-03-02 14:28:25 +01:00
Michael Nebel
fc89888c74 C#: Add pattern that only accepts 'true' and 'false' as the buildless option. 2022-03-02 14:28:21 +01:00
Michael Nebel
c5ddf6110f C#: Address review comments (change description to use true/false instead of yes/no). 2022-03-02 14:27:45 +01:00
Michael Nebel
8d9999a8c4 C#: Change note describing the buildless extractor option. 2022-03-02 14:25:11 +01:00
Michael Nebel
3859b62554 C#: Autobuilder should use standalone in case buildless options is provided. 2022-03-02 14:25:11 +01:00
Michael Nebel
c973693bee C#: Introduce buildless extractor option. 2022-03-02 14:25:06 +01:00
Michael Nebel
fff42501fc Merge pull request #8167 from michaelnebel/csharp/extractor-option-compress 
C# Extractor Option for specifying compression.
 2022-03-02 14:22:52 +01:00
Michael Nebel
a0a2cde6fa C#: Update relase note to include example fragment on, how to invoke the extractor with the optional parameter. 2022-03-02 13:17:20 +01:00
Rasmus Lerchedahl Petersen
143e9ee954 Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection 2022-03-02 13:14:08 +01:00
Rasmus Lerchedahl Petersen
ee45e79948 python: Create XML modulein Concepts 
to prepare for XXE and other XML related modelling
 2022-03-02 13:10:23 +01:00
Rasmus Lerchedahl Petersen
80be767a7a python: implement stdlib xpath support 2022-03-02 12:59:34 +01:00
Rasmus Lerchedahl Petersen
06e0f140c5 python: add tests for stdlib xpath 2022-03-02 12:58:37 +01:00
Mathias Vorreiter Pedersen
3681a1b736 Merge pull request #7933 from geoffw0/cwe497 
C++: Improve cpp/system-data-exposure
 2022-03-02 10:18:01 +00:00
Mathias Vorreiter Pedersen
71cd507f89 Merge pull request #8298 from MathiasVP/filter-bad-conversions-in-cpp-gvn 
C++: Fix `GVN` performance on more invalid IR
 2022-03-02 10:14:19 +00:00
Harry Maclean
37dac186a8 Ruby: String.try_convert isn't value-preserving 
`String.try_convert` can convert arbitrary objects to strings, which
obviously isn't value-preserving.
 2022-03-02 13:31:59 +13:00
Arthur Baars
169f65526e Merge pull request #8292 from aibaars/api-graphs-private 
Ruby: ApiGraphs: use private imports
 2022-03-02 00:35:46 +01:00
Taus
8460ab4f31 Merge pull request #7549 from hvitved/python/points-to-perf 2022-03-01 23:05:10 +01:00
Mathias Vorreiter Pedersen
155502cfdb C#/C++: Sync identical files. 2022-03-01 16:56:49 +00:00
Mathias Vorreiter Pedersen
4acae4a2d1 C++: Remove redundant conjunct. 2022-03-01 16:56:25 +00:00
Geoffrey White
2962b125af Merge branch 'main' into cwe497 2022-03-01 16:19:28 +00:00
Paolo Tranquilli
c81f2661a3 Merge pull request #8300 from redsun82/check-qhelp 
check-qhelp: call super init in IncludeHandler
 2022-03-01 17:07:28 +01:00
Paolo Tranquilli
ef4d1de9c3 check-qhelp: call super init in IncludeHandler 
`xml.sax.ContentHandler` has a non-trivial `__init__`. While this is
probably harmless, it does not hurt to fix this.
 2022-03-01 16:50:55 +01:00
Rasmus Lerchedahl Petersen
f55d7d627e python: model XPathEvaluator 2022-03-01 14:40:13 +01:00