hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-22 07:26:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,458 Commits 1,712 Branches 163 Tags
260763a7486fa3a3a94de249f0451ff0ceb9dbaf
Commit Graph

15458 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
4990d00498 C++: Add taint tests demonstrating lack of taint through range based for loops 2020-07-31 09:57:35 +02:00
Mathias Vorreiter Pedersen
b88ef56cb4 C++: Add basic iterator definition that matches STL 2020-07-31 09:45:32 +02:00
Emil Hessman
246ae575be Fix typos 2020-07-31 06:59:55 +02:00
Raul Garcia (MSFT)
a5dab4e768 removing a redundant line 2020-07-30 17:05:42 -07:00
luchua-bc
81de1b14d9 Revamp the source of path query 2020-07-30 19:16:48 +00:00
Raul Garcia (MSFT)
64f4613a3f Removing the options file as requested 2020-07-30 10:25:15 -07:00
Raul Garcia (MSFT)
9e74c183fe Fixing expected results after adding comments to the unit test .cs file 2020-07-30 10:24:24 -07:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Rasmus Lerchedahl Petersen
133e18edd9 Python: Annotate missing flow 2020-07-30 18:13:39 +02:00
Rasmus Lerchedahl Petersen
1467d6b419 Python: Test all expressions that incur dataflow 2020-07-30 17:51:17 +02:00
semmle-qlci
5b1d25591e Merge pull request #3979 from max-schaefer/js/more-comand-injection-models 
Approved by asgerf
 2020-07-30 15:10:46 +01:00
Tom Hvitved
e08e7cdf34 C#: Fix a few alerts 2020-07-30 16:03:36 +02:00
Tom Hvitved
07f1e133f3 C#: More type-based adjustment of library-flow access paths 
This change removes the restriction that only access paths of length 1 can
have the head adjusted, based on type information from the call to the relevant
library-code callable.
 2020-07-30 15:48:41 +02:00
Shati Patel
437baf160e Merge pull request #3973 from shati-patel/sd-189 
Add basic LGTM tutorials to CodeQL sphinx project
 2020-07-30 14:37:48 +01:00
Tamas Vajk
0ea5f347f7 Turn off C# auto-compile on topmost folder 
If the C# extension is installed, then it reports 25k+ errors on the C# extractor until it is properly built. This is pure noise because the solution would be opened and built from the correct subdirectory. This commit disables the C# compilation altogether.
 2020-07-30 15:26:16 +02:00
Tom Hvitved
632713c475 Merge pull request #3986 from hvitved/csharp/null-maybe-null-coalescing-assignment 
C#: Fix false-positives in `cs/dereferenced-value-may-be-null`
 2020-07-30 14:20:00 +02:00
Tom Hvitved
05307b8757 C#: Remove more FPs in cs/dereferenced-value-may-be-null 2020-07-30 12:16:59 +02:00
Tom Hvitved
4f4d9d35be C#: Add more nullness tests 2020-07-30 12:15:49 +02:00
Shati Patel
4da74dea28 Update C# example 2020-07-30 10:57:17 +01:00
Shati Patel
0a4b828432 Update docs/language/learn-ql/java/basic-query-java.rst 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-07-30 11:55:28 +02:00
Shati Patel
9aaf20e6f2 Update docs/language/learn-ql/java/basic-query-java.rst 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-07-30 11:55:14 +02:00
Raul Garcia (MSFT)
6f845b0044 Using CodeQL AutoFormat 2020-07-29 18:01:46 -07:00
Raul Garcia (MSFT)
7923c480af Fixing queries based on suggestions/comments. 
TODO: Auto-formatting is still pending (need guidance on how to enable it on my environment). Thanks
 2020-07-29 17:14:37 -07:00
Raul Garcia
83e9d052d9 Update csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qll 
Co-authored-by: Jaroslav Lobačevski <novaisas@gmail.com>
 2020-07-29 16:24:13 -07:00
Robert Marsh
ddbec50c07 Merge pull request #3990 from MathiasVP/mathiasvp/fix-qldoc-SemanticStackVariable 
C++: Fix QLDoc for `SemanticStackVariable`
 2020-07-29 12:27:29 -07:00
Tom Hvitved
bec415c5c1 Merge pull request #3988 from hvitved/csharp/collection-flow-change-note 
C#: Add change note
 2020-07-29 19:58:54 +02:00
Arthur Baars
5bad003c0c Add qlpack.yml files for example queries 2020-07-29 16:57:04 +02:00
Mathias Vorreiter Pedersen
978bf3aefc C++: Make QLDoc comment represent a valid C++ template 2020-07-29 15:59:19 +02:00
Rasmus Lerchedahl Petersen
d32e2772a0 Python: some doc, a generator, and a corotuine 2020-07-29 15:52:56 +02:00
Tom Hvitved
f91043e08e C#: Add change note 2020-07-29 10:27:40 +02:00
Tom Hvitved
4345b167ec Merge pull request #3935 from github/henrymercer/fix-broken-doc-link 
C#: Fix broken link to ECMA-335
 2020-07-29 10:04:08 +02:00
Marcono1234
5942bc6a43 Improve InsecureJavaMail.qhelp references 2020-07-29 01:45:27 +02:00
Rasmus Lerchedahl Petersen
488a7f4d01 Python: update test expectations 2020-07-28 21:46:45 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
Rasmus Lerchedahl Petersen
eab64f125b Python: Dataflow, start on test for classes 2020-07-28 20:32:12 +02:00
luchua-bc
5520504658 Update expected results 2020-07-28 15:41:23 +00:00
luchua-bc
a91cc9b7ec Convert the query to path-problem 2020-07-28 15:36:12 +00:00
Tom Hvitved
d39a33655f C#: Fix false-positives in cs/dereferenced-value-may-be-null 
Dereferencing an expression of a nullable type should only be reported when
the expression is not clearly non-null.
 2020-07-28 16:27:36 +02:00
Shati Patel
a79f09f1de Add basic query for Go 2020-07-28 15:25:59 +02:00
Shati Patel
8e8c43a25b Add basic query for JavaScript 2020-07-28 13:54:06 +02:00
luchua-bc
7f911f00ee Rename to insecure basic auth 2020-07-28 11:40:21 +00:00
Shati Patel
9edf1646c9 Add basic queries for C#, Java, and Python 2020-07-28 12:18:45 +02:00
Shati Patel
0f3599039f Update docs/language/learn-ql/cpp/basic-query-cpp.rst 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-07-28 11:49:17 +02:00
Tom Hvitved
ce2368de96 C#: Add tests for null-coalescing assignment 2020-07-28 11:07:47 +02:00
luchua-bc
248628b11e Enhance basic auth string search with a recursive method 2020-07-27 20:31:07 +00:00
luchua-bc
3a23451395 Enhance the query 2020-07-27 18:50:47 +00:00
Rasmus Lerchedahl Petersen
38acea633f Python: Dataflow, expand callable to classes 2020-07-27 17:58:21 +02:00
Tom Hvitved
c5a4a6be05 Merge pull request #3871 from hvitved/csharp/autobuilder/dotnet-delegate 
C#: Introduce delegate type in autobuilder
 2020-07-27 16:51:24 +02:00
Taus
f40242dc3f Merge pull request #3396 from porcupineyhairs/python-ssti 
Python : Add query to detect Server Side Template Injection
 2020-07-27 14:43:39 +02:00
Max Schaefer
91762ec274 JavaScript: Add partial model for opener. 
3.5M weekly downloads.

Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
 2020-07-27 11:42:32 +01:00