hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
20,381 Commits 1,747 Branches 166 Tags
312ead44c55be13eb7791fed01698f7d54f7eb63
Commit Graph

20381 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Marsh
312ead44c5 Merge pull request #5309 from github/aeisenberg/from-source-docs 
Documentation: Update C/C++ Element::fromSource() docs
 2021-03-02 12:51:41 -08:00
Andrew Eisenberg
9982112b61 Documentation: Update C/C++ Element::fromSource() docs 
The previous documentation was not correct. This
documentation is adapted from File::fromSource().
 2021-03-02 08:57:17 -08:00
Aditya Sharad
648910e974 Merge pull request #5285 from adityasharad/actions/docs-review 
Actions: Add workflow to request docs review
 2021-03-02 08:52:32 -08:00
Anders Schack-Mulligen
0eb2c06e20 Merge pull request #3945 from porcupineyhairs/structsDevMode 
Java: Add query to detect Apache Struts enabled Devmode
 2021-03-02 15:22:20 +01:00
Porcuiney Hairs
beb15e27eb remove tests 2021-03-02 18:13:33 +05:30
CodeQL CI
79839d2304 Merge pull request #5267 from erik-krogh/httpProxy 
Approved by asgerf
 2021-03-02 02:46:50 -08:00
Anders Schack-Mulligen
b0fa8dfeae Merge pull request #4214 from porcupineyhairs/springViewManipulation 
[Java] Add QL for detecting Spring View Manipulation Vulnerabilities.
 2021-03-02 11:31:42 +01:00
CodeQL CI
2957131853 Merge pull request #5258 from erik-krogh/nextPerf 
Approved by asgerf
 2021-03-02 02:04:20 -08:00
CodeQL CI
9ea8f8201c Merge pull request #5265 from erik-krogh/cacheRemote 
Approved by asgerf
 2021-03-02 02:03:09 -08:00
Anders Schack-Mulligen
394c82d564 Apply suggestions from code review 
Adjust qldoc.
 2021-03-02 10:17:07 +01:00
Aditya Sharad
dbed4a1a8b Actions: Add workflow to request docs review 
When a PR is labelled with 'ready-for-docs-review',
this workflow comments on the PR to notify the GitHub CodeQL docs team.
Runs on `pull_request_target` events so it can write comments to the PR.
Since this runs in the context of the base repo, it must not check out the PR
or use untrusted data from the event payload.

Only runs when the PR base is github/codeql, to prevent notifications from forks.
 2021-03-01 17:15:03 -08:00
Calum Grant
cee96775b8 Merge pull request #5305 from asgerf/js/tuple-type-rest-index-stats 
JS: Regenerate stats for tuple_type_rest_index
codeql-cli/v2.4.5 		2021-03-01 17:43:55 +00:00
Porcuiney Hairs
5151a528ac Include suggestions from review 2021-03-01 22:59:30 +05:30
Asger Feldthaus
26924a3378 JS: Regenerate stats for tuple_type_rest_index 2021-03-01 16:30:09 +00:00
Tamás Vajk
2ac94255b7 Merge pull request #5299 from tamasvajk/feature/limit-codescanning-csharp2 
C#: Fix codeql analysis workflow
 2021-03-01 16:20:03 +01:00
Porcuiney Hairs
14ec148272 refactor to meet experimental guidelines. 2021-03-01 18:46:33 +05:30
Tamas Vajk
1ecbbf6af3 C#: Fix codeql analysis workflow 2021-03-01 09:18:05 +01:00
Anders Schack-Mulligen
37baf77b93 Merge pull request #5273 from intrigus-lgtm/java/unify-main-method-check 
Java: Remove duplicate code.
 2021-03-01 09:05:28 +01:00
Tamás Vajk
3b56e3520c Merge pull request #5277 from tamasvajk/feature/fix-name-resolution 
Fix method name resolution issue with nullable suppression
 2021-03-01 08:47:21 +01:00
Jonas Jensen
208a374c58 Merge pull request #5256 from MathiasVP/promote-insecure-memset-query 
C++: Promote insecure removal of memset query
 2021-03-01 08:30:16 +01:00
Mathias Vorreiter Pedersen
d4f7fab7df Update cpp/change-notes/2021-02-24-memset-may-be-deleted.md 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-02-26 19:17:13 +01:00
Mathias Vorreiter Pedersen
0f7256752a Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-02-26 19:16:28 +01:00
Erik Krogh Kristensen
af7a188bbd add change note 2021-02-26 17:18:30 +01:00
Erik Krogh Kristensen
214aa072b9 support host for http-proxy client requests 2021-02-26 17:18:29 +01:00
Erik Krogh Kristensen
cc48172fd8 add support for events in http-proxy 2021-02-26 17:17:47 +01:00
Erik Krogh Kristensen
ede1a40a02 add ClientRequst models for http-proxy 2021-02-26 17:17:46 +01:00
CodeQL CI
b7c0d18c4a Merge pull request #5278 from erik-krogh/formData 
Approved by asgerf
 2021-02-26 08:13:41 -08:00
Erik Krogh Kristensen
ae051af9d8 remove redundant code 2021-02-26 14:15:30 +01:00
CodeQL CI
0e70b58a41 Merge pull request #5205 from erik-krogh/ts42 
Approved by asgerf
 2021-02-26 05:06:40 -08:00
Porcupiney Hairs
42a84a18b0 JAVA : Add query to detect Apache Structs enabled DEvmode 
This query detects cases where the development mode is enabled for a
struts configuration. I can't find a CVE per se but, at present, [Github's fuzzy search](https://github.com/search?q=%3Cconstant+name%3D%22struts.devMode%22+value%3D%22true%22+%2F%3E+language%3Axml&type=Code) returns more
than 44000 results. Some of them look like they are classroom projects,
so they may be ineligible for a CVE. But we should be flagging them
anyways as setting the development on in a production system is a very
bad practice and can often lead to remote code execution.
So these should be fixed anyways.
 2021-02-26 16:30:04 +05:30
Porcupiney Hairs
602f63ad45 [Java] Add QL for detecting Spring View Manipulation Vulnerabilities. 2021-02-26 16:29:18 +05:30
Tom Hvitved
ac67c67ad7 Merge pull request #4998 from hvitved/csharp/shared-base-pre-ssa 
C#: Use shared SSA implementation for `{Pre,Base}Ssa`
 2021-02-26 11:29:07 +01:00
Erik Krogh Kristensen
c59e6fef80 add model for form-data 2021-02-26 10:54:46 +01:00
Erik Krogh Kristensen
00cfc77fc0 Revert "fix file lookup for exclude patterns" 
This reverts commit 74630b0fd8.
 2021-02-26 10:28:20 +01:00
Erik Krogh Kristensen
4ec3289ecc update relation name in .stats file 2021-02-26 10:26:08 +01:00
Erik Krogh Kristensen
bd19d5a93c remove is_abstract_signature.ql 2021-02-26 10:24:40 +01:00
Erik Krogh Kristensen
1cac692b1d Update javascript/ql/src/semmle/javascript/TypeScript.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-26 10:23:01 +01:00
Mathias Vorreiter Pedersen
42d2a673c7 C++: Respond to review comments. 2021-02-26 10:06:05 +01:00
Tamas Vajk
b3d6d0c12b Fix method name resolution issue with nullable suppression 2021-02-26 09:48:37 +01:00
Mathias Vorreiter Pedersen
4e4ffbd790 Update cpp/change-notes/2021-02-24-memset-may-be-deleted.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-02-26 09:48:21 +01:00
Mathias Vorreiter Pedersen
72daf2eef9 C++: Make the tests more realistic by actually using the local variable for something. Otherwise it looks like a zero-initialization of a buffer, which the query now tries to exclude. 2021-02-26 09:19:05 +01:00
Tamás Vajk
ce69e3ae66 Merge pull request #5263 from tamasvajk/feature/fix-file-move 
C#: Fix potentially concurrent file moves
 2021-02-26 08:27:42 +01:00
Tamás Vajk
8241a9c2f1 Merge pull request #5264 from tamasvajk/feature/more-known-enums 
C#: Add more well-known enum underlying types
 2021-02-26 08:20:14 +01:00
yoff
e3b3825ab0 Merge pull request #5151 from RasmusWL/django-get-redirect-url 
Python: Model get_redirect_url in django
 2021-02-25 23:07:33 +01:00
intrigus
141f057f7b Java: Remove duplicate code. 2021-02-25 21:29:26 +01:00
Mathias Vorreiter Pedersen
faadcd913e C++: Exclude memsets that clear a variable that has no other uses. 2021-02-25 21:27:12 +01:00
Geoffrey White
0c4a5f5e2a Merge pull request #5266 from geoffw0/isis 
JS: Fix 'is, is' and 'is is'.
 2021-02-25 18:55:41 +00:00
Mathias Vorreiter Pedersen
2777ca445e Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-25 19:49:58 +01:00
Mathias Vorreiter Pedersen
9e7c9d0ea0 C++: Respond to review comments. Relax the escaping requirements on the local variable being used in memset. 2021-02-25 18:22:48 +01:00
CodeQL CI
1bd12e6fdf Merge pull request #5199 from asgerf/js/vue-router 
Approved by erik-krogh
 2021-02-25 07:32:57 -08:00