hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,885 Commits 1,712 Branches 163 Tags
1ecee2da0d176abfe8db4096feabe8541c73c97b
Commit Graph

20885 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
1ecee2da0d Merge pull request #5357 from yoff/python-rework-documentation 
Python: rework documentation
 2021-03-17 14:25:23 +01:00
Anders Schack-Mulligen
05779ef7ee Merge pull request #5368 from joefarebrother/guava-convert-to-csv 
Java: Convert existing Guava models to CSV format
 2021-03-17 13:50:48 +01:00
CodeQL CI
efeff6fcf8 Merge pull request #5033 from asgerf/js/generalized-remote-flow-source 
Approved by erik-krogh
 2021-03-17 05:41:39 -07:00
yoff
0fc30997eb Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-17 13:00:09 +01:00
Tamás Vajk
2e2a5d62c2 Merge pull request #5420 from tamasvajk/feature/fix-nullable-warning 
C#: Fix nullable warning
 2021-03-17 12:16:15 +01:00
Asger Feldthaus
3a68eceaaa JS: Fix typo in change note 2021-03-17 10:17:56 +00:00
Tamas Vajk
02cb383d3b C#: Fix nullable warning 2021-03-17 09:35:13 +01:00
Rasmus Lerchedahl Petersen
acac519fef Python: Address review suggestions 2021-03-17 00:10:04 +01:00
yoff
0ee7ccf6b9 Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-16 19:58:23 +01:00
Asger Feldthaus
97b8e35426 JS: Update test expectations 2021-03-16 15:09:01 +00:00
Joe Farebrother
f5e4b87d1e Remove redundant rows and add note on collection flow 2021-03-16 14:28:24 +00:00
Joe Farebrother
1e3c4d0eb1 Add stubs to fix broken test case 2021-03-16 14:24:49 +00:00
Joe Farebrother
980b2c1f4c Convert existing Guava models to CSV system 2021-03-16 14:24:49 +00:00
Rasmus Wriedt Larsen
fbbec5d2b9 Merge pull request #5118 from yoff/python-port-stacktrace-exosure 
Python: Port stack trace exposure
 2021-03-16 14:52:44 +01:00
Rasmus Wriedt Larsen
50978364a6 Merge pull request #5246 from yoff/python-port-insecure-default-protocol 
Python: Port insecure default protocol
 2021-03-16 14:30:19 +01:00
Asger Feldthaus
3922c73be7 JS: Add change note 2021-03-16 13:28:12 +00:00
Asger Feldthaus
a76be91481 JS: Remove deprected use of queryAccess 2021-03-16 13:28:12 +00:00
Asger Feldthaus
ff1326cc7b JS: Cache getReExportedModule 2021-03-16 13:28:12 +00:00
Asger Feldthaus
710cca5395 JS: Update expectations with new sources 2021-03-16 13:28:12 +00:00
Asger Feldthaus
a9383da2c3 JS: Autoformat 2021-03-16 13:28:12 +00:00
Asger Feldthaus
bc4c178648 JS: Cache together 2021-03-16 13:28:12 +00:00
Asger Feldthaus
7b7e87f177 JS: Fix bad join order in closure 2021-03-16 13:28:11 +00:00
Asger Feldthaus
aa1c8c041e JS: Exclude client-side sources from RegExpInjection 2021-03-16 13:28:11 +00:00
Asger Feldthaus
2e57a7d3e9 JS: Add ClientSideRemoteFlowSource 2021-03-16 13:28:09 +00:00
Anders Schack-Mulligen
aa360c0378 Merge pull request #5413 from smowton/smowton/feature/infer-fluent-method-taint-flow 
Add taint-preserving edges where a call also has a value-preserving edge
 2021-03-16 14:10:11 +01:00
Anders Schack-Mulligen
53c360479a Merge pull request #5329 from tamasvajk/feature/csv-taint-step 
Java: migrate taint steps to CSV
 2021-03-16 14:09:21 +01:00
Anders Schack-Mulligen
46bae88181 Merge pull request #5375 from aschackmull/dataflow/unbind 
Dataflow: Switch from unbind to pragma[only_bind_into].
 2021-03-16 14:03:54 +01:00
CodeQL CI
ae62fbc2c7 Merge pull request #5382 from erik-krogh/moreCache 
Approved by asgerf
 2021-03-16 05:53:03 -07:00
CodeQL CI
b37da7cc22 Merge pull request #5386 from erik-krogh/cachePrepend 
Approved by asgerf
 2021-03-16 05:49:24 -07:00
CodeQL CI
40acb95105 Merge pull request #5397 from erik-krogh/globalSanitizer 
Approved by asgerf
 2021-03-16 05:37:32 -07:00
Tamas Vajk
d02fba8c37 Java: adjust wrapped constructor calls 2021-03-16 12:42:41 +01:00
Rasmus Lerchedahl Petersen
cf791e8164 Python: Describe Concepts and Attributes 2021-03-16 12:31:47 +01:00
Tamas Vajk
e3534d1635 Java: cover wrapped constructor taint flow 2021-03-16 12:10:28 +01:00
Tamas Vajk
af0dff8c6f Java: migrate constructor flow taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
f9a207dd9f Java: migrate 'arg to arg' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
7e1534a6cd Java: migrate 'arg to return' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
5cdbde2686 Java: migrate 'qualifier to return' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
40126563ef Java: migrate 'qualifier to arg' taint steps to CSV 2021-03-16 12:10:28 +01:00
CodeQL CI
c08230ce1e Merge pull request #5378 from asgerf/js/meta-problem-queries 
Approved by esbena
 2021-03-16 03:58:12 -07:00
Tamás Vajk
24140195d6 Merge pull request #5242 from tamasvajk/feature/tuple-df 
C#: Add tuple dataflow
 2021-03-16 11:45:11 +01:00
Tamás Vajk
8d6b8359eb Merge pull request #5316 from tamasvajk/feature/roslyn3.9 
C#: Upgrade Roslyn dependencies to 3.9
 2021-03-16 11:44:42 +01:00
Anders Schack-Mulligen
2d8d967060 Dataflow: Address review comment. 2021-03-16 11:07:33 +01:00
Chris Smowton
6d108c0fa7 Improve docstring for composedValueAndTaintModelStep 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-16 09:00:35 +00:00
Chris Smowton
915a19fb9d Improve naming; eliminate some harmless extra results 
Adding `src != valueSource` should have no effect as the introduced edge would already exist, but could reduce workload downstream.
 2021-03-16 08:57:14 +00:00
Chris Smowton
516122aa74 Add taint-preserving edges where a call also has a value-preserving edge 
For example, for a fluent method that returns `this`, we take a tainting edge from argX to either `this` or the return value to also taint the other.
 2021-03-16 08:45:24 +00:00
CodeQL CI
86b933a0e0 Merge pull request #5354 from yoff/doc-fix-typo-csharp-dataflow 
Approved by hvitved
 2021-03-15 23:52:38 -07:00
yoff
14dd708abc Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-15 17:56:50 +01:00
Anders Schack-Mulligen
45c9428668 Merge pull request #5337 from smowton/smowton/feature/commons-lang-random-sources 
Java: Add support for Commons-Lang's RandomUtils
 2021-03-15 16:21:01 +01:00
CodeQL CI
9268050eb8 Merge pull request #5369 from erik-krogh/tempObjInj 
Approved by asgerf
 2021-03-15 05:23:55 -07:00
CodeQL CI
a9c292e265 Merge pull request #5391 from erik-krogh/additionalXss 
Approved by asgerf
 2021-03-15 04:50:54 -07:00