hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,885 Commits 1,741 Branches 165 Tags
175fdbb1051759e1336971f8aadbc2d6dc51841b
Commit Graph

22885 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
luchua-bc
1497fba6f2 Remove the isAdditionalTaintStep predicate 2021-05-14 11:43:49 +00:00
Mathias Vorreiter Pedersen
5031b73f35 C++: Add barrier to cpp/uncontrolled-allocation-size that blocks flow when overflow isn't possible. 2021-05-14 13:43:20 +02:00
CodeQL CI
af0d31695a Merge pull request #5862 from asgerf/js/has-underlying-type 
Approved by erik-krogh, max-schaefer
 2021-05-14 04:10:43 -07:00
Robin Neatherway
f378513ea3 Add lines-of-code tags 
This is a proposed method for advertising which queries are measuring
the lines of code in a project in a more robust manner than inspecting
the rule id.

Note that the python "LinesOfUserCode" query should _not_ have this
property, as otherwise the results of the two queries will be summed.
 2021-05-14 11:20:43 +01:00
haby0
498c99e26c Add left value, Add return expression tracing flow 2021-05-14 16:31:59 +08:00
Ethan P
406fb1e383 Update with Go custom build options 2021-05-13 17:29:34 -04:00
Erik Krogh Kristensen
9d60ec035f fix casing on the uid regexp 2021-05-13 23:04:30 +02:00
Erik Krogh Kristensen
662e335424 keep python in sync 2021-05-13 22:54:39 +02:00
Erik Krogh Kristensen
51067af784 add "uid" (and friends) as maybe being sensitive account info 2021-05-13 22:34:10 +02:00
Geoffrey White
9cdf838981 C++: Bug fix. 2021-05-13 16:20:52 +01:00
Geoffrey White
a9d57450c8 C++: Autoformat. 2021-05-13 16:19:09 +01:00
CodeQL CI
9b0c24abc2 Merge pull request #5876 from erik-krogh/moreAxios 
Approved by asgerf
 2021-05-13 08:03:33 -07:00
Geoffrey White
3a83ff54e6 C++: Add support for class methods. 2021-05-13 16:02:00 +01:00
Geoffrey White
2576075b98 C++: Repair result message. 2021-05-13 15:52:28 +01:00
Geoffrey White
5d1ef49f8f C++: Add support for enum constants. 2021-05-13 15:42:42 +01:00
Geoffrey White
e4d2c7cfc4 C++: Rewrite so that we look for additional evidence. 2021-05-13 13:19:39 +01:00
Geoffrey White
123889a671 C++: Fix 'triple DES' false positives. 2021-05-13 10:21:06 +01:00
haby0
02e415045f Delete RedirectBuilderFlowConfig 2021-05-13 15:48:15 +08:00
Geoffrey White
40cf29b625 C++: Rearrange the library. 2021-05-13 08:39:37 +01:00
haby0
effa2b162a Add spring url redirection detect 2021-05-13 09:55:37 +08:00
Taus
79cfe5aca2 Python: Limit py/use-of-input to Python 2 2021-05-12 21:23:16 +00:00
Taus
fad55b3635 Python: Reimplement py/use-of-input 2021-05-12 21:09:51 +00:00
Evgenii Protsenko
470e3eb089 [python] ClickHouseDriver.qll: add support for subclasses 2021-05-13 00:03:53 +03:00
Erik Krogh Kristensen
34fbafafde remove redundant "put" case 2021-05-12 22:34:44 +02:00
Evgenii Protsenko
2efa0ad105 [C++] Implement module ClickHouseDriver.qll 2021-05-12 22:36:24 +03:00
Taus
fe12e620dd Python: Avoid clobbering range in test 
This was an unwanted interaction between two unrelated tests, so I
switched to a different built-in in the second test. I also added a test
case that shows an unfortunate side effect of this more restricted
handling of built-ins.
 2021-05-12 18:42:10 +00:00
Geoffrey White
0450caa73d C++: Exclude array initializers. 2021-05-12 19:39:30 +01:00
Geoffrey White
52a88af6c1 C++: Exclude macro invocations in switch case expressions. 2021-05-12 19:33:18 +01:00
Geoffrey White
9404d0676d C++: Exclude macros that don't generate anything. 2021-05-12 19:28:08 +01:00
Geoffrey White
b6d5f7c315 C++: Fix FPs caused by substring regexp. 2021-05-12 19:23:49 +01:00
Geoffrey White
109fa4d38e C++: Add test cases for BrokenCryptoAlgorithm.ql. 2021-05-12 19:16:00 +01:00
Taus
ff2b6b9737 Python: Correctly locate stores to built-ins 2021-05-12 18:07:18 +00:00
Mathias Vorreiter Pedersen
7d26aca793 C++: Add change-note. 2021-05-12 16:34:23 +02:00
Erik Krogh Kristensen
e0f78dde56 make the axios error catch match the non-error case 2021-05-12 16:23:37 +02:00
Mathias Vorreiter Pedersen
e94dab70b5 C++: Add sanitizers to cpp/uncontrolled-arithmetic. 2021-05-12 15:44:09 +02:00
Jonathan Leitschuh
48b50f93c2 Update java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2021-05-12 08:58:01 -04:00
Taus
3d30efed11 Python: Add exec as a shared built-in 
This is _slightly_ wrong, since `exec` isn't a built-in function in
Python 2. It should be harmless, however, since `exec` is a keyword,
and so cannot be redefined anyway.
 2021-05-12 11:07:16 +00:00
Anders Schack-Mulligen
7974e3ad38 Merge pull request #5883 from zbazztian/consider-boxed-booleans-to-avoid-xxe-fps 
Consider boxed booleans to avoid false positives for XXE.ql
 2021-05-12 12:51:22 +02:00
Sebastian Bauersfeld
b05512a958 Add change notes. 2021-05-12 16:58:24 +07:00
Taus
5c7e73d485 Python: Add exception types 2021-05-12 09:53:09 +00:00
Sebastian Bauersfeld
bf4d88175c Consider boxed booleans to avoid false positives for XXE.ql 2021-05-12 16:40:00 +07:00
Geoffrey White
8f152b7380 Merge pull request #5877 from MathiasVP/detect-more-abs-in-overflow-library 
C++: Detect more uses of `abs`
 2021-05-12 10:02:12 +01:00
Tom Hvitved
fc121e1cbd Merge pull request #5865 from tamasvajk/feature/remove-base-class-dependency-id 
C#: Remove base class from type IDs in trap files
 2021-05-12 10:30:31 +02:00
Taus
07a70af344 Python: Limit set of globals that may be built-ins 
I am very tempted to leave out the constants, or at the very least
`False`, `True`, and `None`, as these have _many_ occurrences in the
average codebase, and are not terribly useful at the API-graph level.

If we really do want to capture "nodes that refer to such and such
constant", then I think a better solution would be to create classes
extending `DataFlow::Node` to facilitate this.
 2021-05-12 08:19:35 +00:00
Tom Hvitved
961467e06e C#: Always pass /p:UseSharedCompilation=false to dotnet build in auto builder 2021-05-12 10:15:04 +02:00
Anders Schack-Mulligen
a247ae4357 Merge pull request #5843 from JLLeitschuh/feat/JLL/improve_kryo_support 
[Java] Fix Kryo FP & Kryo 5 Support
 2021-05-12 09:52:24 +02:00
Anders Schack-Mulligen
74ae2e0857 Merge pull request #5773 from hvitved/dataflow/aggressive-caching 
Data flow: Cache most language-dependent predicates
 2021-05-12 09:41:55 +02:00
Tamas Vajk
8e371fd05a Adjust expected IR test file 2021-05-11 21:54:05 +02:00
Mathias Vorreiter Pedersen
948f1d8e34 C++: Add testcase with INTMAX_MIN. 2021-05-11 19:43:21 +02:00
luchua-bc
e7cd6c9972 Optimize the query 2021-05-11 16:56:12 +00:00