hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
23,063 Commits 1,741 Branches 165 Tags
30cb80b341a7eace96fef036e6df437cb0f7e8f1
Commit Graph

23063 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
dbe352f3ff Java: Remove deprecated tests. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
901996f9fd Java: Add collection flow test. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
43d1b0ab27 Java: Update qltests. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
a40880af70 Java: Add read-as-taint and config-dependent store-as-taint. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
2f087e17cb Java: Allow <> in types for now. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
3f538e7fac Java: Update some models. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
9e313d0cf6 Java: Remove container taint steps. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
3b6cef4f74 Java: Add container flow models. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
ffd52bb673 Java: Fix bug in matching generic signatures. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
1001dd84e6 Java: Switch array steps and one containerstep. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
ce509eb7e1 Merge pull request #5927 from aschackmull/dataflow/flowthrough-dispatch-perf 
Dataflow: Improve performance in flow-through pruning
 2021-06-01 11:46:22 +02:00
Anders Schack-Mulligen
a4661e1aca Merge pull request #5704 from edvraa/regexj 
Java: Regex injection
 2021-06-01 11:45:59 +02:00
Erik Krogh Kristensen
0b225419a3 Merge pull request #5977 from security-prince/patch-1 
Adding reference link for csurf
 2021-06-01 11:07:36 +02:00
Tom Hvitved
5771b0420f Merge pull request #5936 from hvitved/csharp/cfg/perf-tweaks 
C#: Various CFG related performance tweaks
 2021-06-01 11:06:01 +02:00
Anders Schack-Mulligen
5d21c64247 Dataflow: qldoc fix. 2021-06-01 10:49:47 +02:00
Tamas Vajk
bc02f28ddd Fix change note workflow to handle paginated results 2021-06-01 10:44:44 +02:00
Jonas Jensen
2261085cfe Merge pull request #5973 from MathiasVP/more-uncontrolled-arith-improvements 
C++: More `cpp/uncontrolled-arithmetic` improvements
 2021-06-01 10:44:29 +02:00
Anders Schack-Mulligen
4f9a6c151b Dataflow: Code review fixes. 2021-06-01 10:29:17 +02:00
Mathias Vorreiter Pedersen
8765c33847 C++: Also check the number of parameters to keep the tests happy. 2021-06-01 10:17:57 +02:00
Ishaq Mohammed
96150a455d Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-06-01 13:47:43 +05:30
Ishaq Mohammed
975355de4a Adding reference link for csurf 2021-06-01 13:41:25 +05:30
Mathias Vorreiter Pedersen
615c805b2c C++: Only use std::rand as a source of randomness. 2021-06-01 09:28:06 +02:00
Henning Makholm
70b9739d2d QL language reference: add monotonic aggregate example 
It's easier to understand what's going on if we start with a
(contrived) example that _doesn't_ involve recursion.
 2021-05-31 21:23:08 +02:00
Mathias Vorreiter Pedersen
41c93d92d7 C++: Remove FPs from right shifts and explicitly bounded random functions. 2021-05-31 15:40:02 +02:00
Mathias Vorreiter Pedersen
10755ece88 C++: Add testcase with bounded randomness source. 2021-05-31 15:33:39 +02:00
Anders Schack-Mulligen
683f853fa5 Dataflow: Fix another bad join order. 2021-05-31 15:14:13 +02:00
Erik Krogh Kristensen
85bd8f1020 add change-note for TypeScript 4.3 2021-05-31 13:08:52 +02:00
Erik Krogh Kristensen
e6b1c61e81 add tests for TypeScript 4.3 2021-05-31 13:08:43 +02:00
Erik Krogh Kristensen
2cc2d116bc bump extractor version 2021-05-31 13:08:24 +02:00
Erik Krogh Kristensen
35d7fda5e2 update typescript to 4.3 in the extractor 2021-05-31 13:08:09 +02:00
Mathias Vorreiter Pedersen
6d7b95c15d Merge pull request #5966 from erik-krogh/overrideConsistency 
CPP/C#: make some parameter names consistent with the names used in the super class
 2021-05-31 11:57:10 +02:00
Jonas Jensen
4e502d10d6 Merge pull request #5951 from MathiasVP/optimize-switcCase-getAStmt 
C++: Remove large antijoin in `SwitchCase.getAStmt`
 2021-05-31 11:50:32 +02:00
Taus
bae3728e3c Merge pull request #5945 from RasmusWL/minor-qldoc-cleanup 
Python: Minor QLDoc cleanup
 2021-05-31 11:40:44 +02:00
Taus
d9911a016e Merge pull request #5933 from RasmusWL/expand-use-of-input-test 
Python: Expand test of py/use-of-input
 2021-05-31 11:39:33 +02:00
Mathias Vorreiter Pedersen
b4e4c12d0f C++: Use a rank aggregate for a much better implementation. 2021-05-31 11:17:09 +02:00
Jonas Jensen
f97b8ad1d4 Merge pull request #5961 from MathiasVP/fix-FPs-in-incorrect-allocation-error-handling 
C++: Exclude custom `operator new` from `cpp/incorrect-allocation-error-handling`
 2021-05-31 10:54:59 +02:00
Mathias Vorreiter Pedersen
66d284ee59 Merge pull request #5766 from ihsinme/ihsinme-patch-267 
CPP: Add query for CWE-415 Double Free
 2021-05-31 10:51:32 +02:00
ihsinme
d808a5b131 Update cpp/ql/test/experimental/query-tests/Security/CWE/CWE-415/semmle/tests/test.c 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-31 11:16:38 +03:00
Mathias Vorreiter Pedersen
175fdbb105 C++: Replace exists(not ...) with not exists(...). 2021-05-31 09:54:24 +02:00
Tamas Vajk
18931e39c8 Improve error reporting in CI check for CSV coverage report comparison 2021-05-31 09:52:14 +02:00
Alvaro Muñoz
41d034d5a0 Attempt to use information-leak sink category 2021-05-30 00:22:40 +02:00
Alvaro Muñoz
ece84d13e5 Merge branch 'github:main' into main 2021-05-28 22:40:10 +02:00
Henry Mercer
263699d8bc Merge pull request #5914 from github/henrymercer/code-scanning-diagnostic-queries 
Code Scanning selectors: Include diagnostic queries
 2021-05-28 18:53:11 +01:00
Mathias Vorreiter Pedersen
64975e5c1e Merge pull request #5842 from japroc/cpp-pqxx-sqli-sink 
C++: SqlPqxxTainted query searches for sql injections via pqxx connector to postgres
 2021-05-28 17:01:27 +02:00
Erik Krogh Kristensen
b947334eea CPP: make some parameter names consistent with the names used in the super class 2021-05-28 16:48:47 +02:00
Alvaro Muñoz
f60df3b26a Update java/change-notes/2021-05-28-remove-senderror-xss-sink.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-28 15:13:19 +02:00
Alvaro Muñoz
5a894ac7f7 update java library coverage documentation 2021-05-28 15:13:19 +02:00
Alvaro Muñoz
db2f05ac24 Updated Java change notes 2021-05-28 15:13:18 +02:00
Alvaro Muñoz
735e4e4b7b update failing tests 2021-05-28 15:13:18 +02:00
Alvaro Muñoz
706874491b Remove XSS sink for Java 2021-05-28 15:13:18 +02:00