hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,188 Commits 1,714 Branches 163 Tags
289660067cf1fee08ca22969bee75b32a1117ec9
Commit Graph

26188 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
289660067c Merge branch 'main' into pythonXpath 2021-09-24 13:53:38 +02:00
Mathias Vorreiter Pedersen
a66f83644b Merge pull request #6728 from rdmarsh2/rdmarsh/sql-models-followup 
C++: Add additional functions to the SQL models
 2021-09-22 10:19:51 +01:00
Edoardo Pirovano
b960857fc2 Merge pull request #6722 from edoardopirovano/update-analyze-docs 
Update documentation to reflect changes to `database analyze`
 2021-09-22 08:29:45 +01:00
yoff
65d3373ad3 Merge pull request #6727 from RasmusWL/fix-sqlalchemy-query 
Python: Merge SQLAlchemy TextClause injection into `py/sql-injection`
 2021-09-22 09:29:28 +02:00
Robert Marsh
3108817717 C++: Add additional functions to the SQL models 2021-09-21 17:34:01 -07:00
Rasmus Wriedt Larsen
d44f279339 Python: Fix .qhelp 2021-09-21 20:35:03 +02:00
Rasmus Wriedt Larsen
a83bb39d0f Python: Merge SQLAlchemy TextClause injection into py/sql-injection 
As discussed in a meeting today, this will end up presenting an query
suite that's easier to use for customers.

Since https://github.com/github/codeql/pull/6589 has JUST been merged,
if we get this change in fast enough, no end-user will ever have run
`py/sqlalchemy-textclause-injection` as part of LGTM.com or Code
Scanning.
 2021-09-21 20:21:42 +02:00
Robert Marsh
d62f76afa6 Merge pull request #6133 from MathiasVP/promote-sql-pqxx 
C++: Promote `cpp/sql-injection-via-pqxx` out of experimental
 2021-09-21 10:13:57 -07:00
Robert Marsh
97c2917c16 Merge pull request #6409 from JordyZomer/main 
cpp: Add query to detect unsigned integer to signed integer conversio…
 2021-09-21 09:57:44 -07:00
Mathias Vorreiter Pedersen
478093aa89 Update cpp/ql/lib/semmle/code/cpp/models/interfaces/Sql.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-09-21 17:51:24 +01:00
Anders Schack-Mulligen
2c41de6648 Merge pull request #6720 from aschackmull/java/isunreachableincall-joinorder 
Java: Fix join-order in isUnreachableInCall.
 2021-09-21 16:07:42 +02:00
Anders Schack-Mulligen
dd1bed02e8 Merge pull request #6721 from aschackmull/dataflow/subpaths01-joinorder 
Dataflow: Fix join-order in subpaths01
 2021-09-21 16:05:41 +02:00
Mathias Vorreiter Pedersen
bd5edc7ae5 Respond to review comments. 2021-09-21 14:29:26 +01:00
Mathias Vorreiter Pedersen
dfe932d053 Add missing conjunct in PostgreSqlEscapeFunction's 'escapesSqlArgument' predicate. 2021-09-21 12:14:45 +01:00
Edoardo Pirovano
5a28a796af Update documentation to reflect changes to database analyze 2021-09-21 10:16:12 +01:00
yoff
4adb0c75bd Merge pull request #6589 from RasmusWL/promote-sqlalchemy 
Python: Promote modeling of SQLAlchemy
 2021-09-21 11:08:41 +02:00
Rasmus Wriedt Larsen
4a16be2cba Merge pull request #6557 from yoff/python/port-modification-of-default-value 
Python: port modification of default value
 2021-09-21 10:12:12 +02:00
Rasmus Wriedt Larsen
f8e6ba633a Python: Fix .expected for new subpaths query predicate 2021-09-21 09:40:13 +02:00
Rasmus Wriedt Larsen
c7c8e2f3e3 Merge branch 'main' into promote-sqlalchemy 2021-09-21 09:36:07 +02:00
Anders Schack-Mulligen
eaf05305ff Merge pull request #6709 from aschackmull/java/local-taint-collections 
Java: Add container flow to the local taint flow relation.
 2021-09-20 16:04:45 +02:00
Anders Schack-Mulligen
044623a360 Dataflow: Sync. 2021-09-20 14:58:28 +02:00
Anders Schack-Mulligen
07c05528ef Dataflow: Fix join-order in subpaths01. 2021-09-20 14:58:12 +02:00
Anders Schack-Mulligen
c72e385a47 Java: Fix join-order in isUnreachableInCall. 2021-09-20 14:09:09 +02:00
Mathias Vorreiter Pedersen
797966fd3d C++: Change the names of the new classes and predicates to match the upcoming 'CommandExecutionFunction' class. 2021-09-20 11:49:09 +01:00
Tom Hvitved
82d463e86e Merge pull request #6718 from hvitved/csharp/xss-subpath 
C#: Add `subpaths` predicate to XSS queries
 2021-09-20 12:47:27 +02:00
Rasmus Wriedt Larsen
97c0f1c7b7 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-09-20 12:04:46 +02:00
Tom Hvitved
64507ab316 Merge pull request #6712 from hvitved/csharp/subsumption-perf-take2 
C#: Speedup type subsumption calculation
 2021-09-20 11:59:24 +02:00
Tom Hvitved
b9c4abe7dc C#: Fix qldoc typos 2021-09-20 10:42:01 +02:00
Tom Hvitved
6d315a5d16 C#: Add subpaths predicate to XSS queries 2021-09-20 10:40:54 +02:00
Anders Schack-Mulligen
187b7e117c Merge pull request #6715 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-09-20 10:19:16 +02:00
github-actions[bot]
f0e7be7d56 Add changed framework coverage reports 2021-09-20 00:08:08 +00:00
Tom Hvitved
c6c1ad1b90 C#: Update toString for nested types 2021-09-18 19:51:37 +02:00
Tom Hvitved
07fe29cc67 C#: Speedup type subsumption calculation 2021-09-18 19:51:37 +02:00
Anders Schack-Mulligen
2cbad4aed6 Merge pull request #6600 from atorralba/atorralba/fix-conditionalbypass 
Java: Fix performance of the query User-controlled bypass of sensitive method
 2021-09-17 16:07:39 +02:00
Tamás Vajk
3247794e2f Merge pull request #6196 from tamasvajk/feature/sql-sinks 
C#: Migrate SQL sinks to CSV format
 2021-09-17 14:36:57 +02:00
Tamas Vajk
8232698254 C#: Migrate SQL sinks to CSV format 2021-09-17 10:21:31 +02:00
Tamás Vajk
6a78aa7840 Merge pull request #6461 from tamasvajk/feature/service-stack 
C#: Add ServiceStack support
 2021-09-17 10:16:20 +02:00
Ethan Palm
b73a2f7d56 Merge pull request #6667 from ethanpalm/indirect-build-tracing-docs 
Add indirect build tracing docs
codeql-cli/v2.6.2 		2021-09-16 12:36:56 -04:00
Ethan P
4d7aa5c945 Update example note 2021-09-16 09:29:35 -07:00
Anders Schack-Mulligen
a67db45454 Merge pull request #6612 from Marcono1234/marcono1234/literal-getLiteral-usage 
Java: Replace incorrect usage of `Literal.getLiteral()`
 2021-09-16 17:00:32 +02:00
Marcono1234
020aa4d94c Java: Address feedback and fix test failures 2021-09-16 14:10:48 +01:00
Marcono1234
58d2d5d14e Java: Replace incorrect usage of Literal.getLiteral() 2021-09-16 14:10:48 +01:00
Tom Hvitved
1c1c46591e Merge pull request #6708 from hvitved/python/files-folders-drop-columns 
Python: Drop redundant columns from `files` and `folders` relations
 2021-09-16 14:42:15 +02:00
Tom Hvitved
9f10018d48 Address review comment 2021-09-16 13:11:03 +02:00
Taus
783233dfe4 Merge pull request #6696 from yoff/python/copy-multiples-performance-fix-from-ruby 
Python: Copy performance fix for `multiples` from ruby
 2021-09-16 13:01:07 +02:00
Tony Torralba
f18c163408 Improve handling of the 'author' word as an exception 2021-09-16 11:57:28 +02:00
Tony Torralba
8022530f34 Merge pull request #5983 from atorralba/atorralba/promote-insecure-basic-auth 
Java: Promote Insecure Basic Authentication query from experimental
 2021-09-16 11:45:30 +02:00
Anders Schack-Mulligen
28e5dcef52 Java: Add container flow to the local taint flow relation. 2021-09-16 11:14:30 +02:00
Tom Hvitved
37ec83a68b Python: Upgrade script 2021-09-16 10:51:27 +02:00
Tom Hvitved
94b5c4eada Python: Drop redundant columns from files and folders relations 2021-09-16 10:51:27 +02:00