hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,983 Commits 1,741 Branches 166 Tags
23eeb499595db2fffdcd3f6ed83322fcfbb0d067
Commit Graph

24983 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
f1f44ceee7 add change-note 2021-08-03 09:11:27 +02:00
Erik Krogh Kristensen
6b579dfad3 normalize auth-headers to lowercase 2021-08-03 09:09:47 +02:00
Erik Krogh Kristensen
116679d8b6 simplify union 2021-08-03 08:59:33 +02:00
Erik Krogh Kristensen
8f613b6b16 rename seq to visitSequence 2021-08-03 08:59:33 +02:00
Erik Krogh Kristensen
e56e56c14e use Collection instead of Iterable 2021-08-03 08:59:33 +02:00
Erik Krogh Kristensen
1479376f23 rename visit to visitWithSuccessors to avoid ambiguity 2021-08-03 08:59:33 +02:00
Erik Krogh Kristensen
4289875747 make utility methods static 2021-08-03 08:59:33 +02:00
Erik Krogh Kristensen
94a593b208 rename entry and exit to getEntryNode and getExitNode respectively 2021-08-03 08:59:33 +02:00
Erik Krogh Kristensen
366a16f700 rename the V class to WriteSuccessorsVisitor 2021-08-03 08:59:33 +02:00
Erik Krogh Kristensen
c059ceaee9 add qldoc to union(xs, ys) 2021-08-03 08:59:33 +02:00
Erik Krogh Kristensen
8db10aeb9d add JavaDoc to createIterable and createReversedIterable 2021-08-03 08:59:33 +02:00
Erik Krogh Kristensen
8fdcd917ee rename foreach and hcaerof to createIterable and createReversedIterable respectively 2021-08-03 08:59:32 +02:00
Erik Krogh Kristensen
014728a66a implement hcaerof in terms of foreach 2021-08-03 08:59:32 +02:00
Erik Krogh Kristensen
ca26b5ebbc rename succ to writeSuccessor/writeSuccessors 2021-08-03 08:59:32 +02:00
Asger Feldthaus
c88d213f37 JS: Use appendToNamespace 2021-08-03 08:52:19 +02:00
Asger Feldthaus
f5f255d93d JS: Rename getPrefix -> getNamespace 2021-08-03 08:51:35 +02:00
Asger F
ff17d298b0 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-08-03 08:45:56 +02:00
github-actions[bot]
cd65baf481 Add changed framework coverage reports 2021-08-03 00:07:34 +00:00
Ethan Palm
2c6977e5e2 Merge pull request #6327 from ethanpalm/cwe-coverage-tables 
CodeQL: Display CWE coverage information by language
 2021-08-02 18:00:01 -04:00
Erik Krogh Kristensen
87c0c60c22 don't report dummy authentication headers as hardcoded-crendentials 2021-08-02 22:56:14 +02:00
Erik Krogh Kristensen
f719e0ca1b remove nunjucks template URLs from the target-blank query 2021-08-02 22:46:59 +02:00
Ethan P
6a6993248d Add note to readme about CWE coverage tables 2021-08-02 13:34:26 -07:00
Chris Smowton
fad1622730 Merge pull request #5435 from haby0/DynamicallyLoadedClasses 
Java: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
 2021-08-02 16:04:30 +01:00
Tony Torralba
08bdd1aa7a Merge branch 'main' into atorralba/promote-ognl-injection 2021-08-02 16:05:38 +02:00
Tony Torralba
8b50b3d00f Add jackson-core to test dependencies 2021-08-02 16:04:49 +02:00
Geoffrey White
904db788ec Merge branch 'main' into impropnull 2021-08-02 15:00:12 +01:00
Chris Smowton
09a873138d Add missing qldoc 2021-08-02 14:48:42 +01:00
Chris Smowton
170bb43393 Update java/ql/test/library-tests/frameworks/json-java/test.ql 
Remove unnecessary import

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-02 14:46:38 +01:00
Chris Smowton
8a78075d3d Remove redundant method taint flow specifications 2021-08-02 14:30:31 +01:00
Mathias Vorreiter Pedersen
bbbbeda7c3 Merge pull request #6385 from MathiasVP/more-FieldConfiguration-sources 
C++: Fix missing local flow in AST dataflow
 2021-08-02 15:22:07 +02:00
Anders Schack-Mulligen
53e6ddfeb6 Merge pull request #6001 from atorralba/atorralba/promote-mvel-injection 
Java: Promote MVEL injection query from experimental
 2021-08-02 14:40:26 +02:00
Tony Torralba
f4b78ef3bd Fix stubs 2021-08-02 14:12:05 +02:00
Tony Torralba
9b384d84cc Merge branch 'main' into atorralba/promote-ognl-injection 2021-08-02 14:06:45 +02:00
Tony Torralba
351a24558d Add tests for JacksonSerializability 
Upgraded jackson stubs to 2.12
 2021-08-02 14:03:30 +02:00
Tony Torralba
632ae747c7 Fix JacksonModel duplicate row 2021-08-02 12:53:30 +02:00
Anders Schack-Mulligen
3b676d432f Merge pull request #5900 from artem-smotrakov/unsafe-jackson-deserialization 
Java: Unsafe deserialization with Jackson
 2021-08-02 12:45:30 +02:00
Anders Schack-Mulligen
0a1c754de8 Merge pull request #6395 from github/bmuskalla/fixTypoInVariables 
Fix typo in variables documentation
 2021-08-02 12:30:14 +02:00
Benjamin Muskalla
d678cdc815 Update variables.rst 2021-08-02 12:07:09 +02:00
Pavel Avgustinov
2be9f3e41e C#: Guard against virtual dispatch branching too much. 
We have observed databases where dispatch to highly overridden
virtual methots (like Enumerable.GetEnumerator) ends up branching
to many thousands of overrides, if there is not sufficient type
context to prune. This causes performance problems for analyses
that use dataflow.

As an immediate fix, this commit prevents branching to virtual
method overrides if this would result in branching to 1,000 or
more methods.
 2021-08-02 09:40:16 +01:00
Tom Hvitved
7a475eb0a2 C#: Fix CSV overrides logic 2021-08-02 10:35:21 +02:00
Tom Hvitved
df29538840 C#: Add test that exhibits bug in CSV overrides logic 2021-08-02 10:35:21 +02:00
Anders Schack-Mulligen
6c973b59ac Update java/ql/src/semmle/code/java/frameworks/Jackson.qll 2021-08-02 10:16:42 +02:00
Anders Schack-Mulligen
26881ec220 Merge pull request #6389 from github/yo-h-patch-1 
Java: update `frameworks.rst` with Jackson
 2021-08-02 10:07:02 +02:00
Tony Torralba
9fadb26325 Fix qhelp sample 2021-08-02 10:00:59 +02:00
Tony Torralba
4435853c8a Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-08-02 09:56:40 +02:00
ihsinme
098773dd10 Update FindIncorrectlyUsedSwitch.ql 2021-08-01 15:04:30 +03:00
ihsinme
80eb4907c0 Update FindIncorrectlyUsedSwitch.expected 2021-08-01 15:03:30 +03:00
ihsinme
5c71a7c024 Update test.c 2021-08-01 15:02:41 +03:00
Fosstars
bd7e7b1371 Better qldoc for timing attacks 2021-08-01 10:18:37 +02:00
Fosstars
44e52517ad Removed unsafeMacCheckWithArraysDeepEquals() test 2021-08-01 10:12:38 +02:00