hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,287 Commits 1,703 Branches 162 Tags
3811eae67946eba9814c4945fd77e554890dc76c
Commit Graph

48287 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
3811eae679 simplify the qhelp for unsafe-code-construction 
The `send()` example is not flagged by any current query, so it was weird talking about it as "vulnerable".
 2023-01-02 13:33:56 +01:00
erik-krogh
3815a5a096 fix qhelp syntax 2023-01-02 10:19:05 +01:00
Harry Maclean
a6571a05ab Ruby: Include send example in qhelp 2022-12-28 11:34:55 +13:00
Harry Maclean
d3812f5906 Ruby: Add another code injection example to qhelp 2022-12-28 11:20:56 +13:00
erik-krogh
d95a4a7baf add a second example of how to use module_eval without constructing a code-string 2022-12-13 19:33:45 +01:00
erik-krogh
ccf520a5cd Merge branch 'main' into unsafeCodeConstruction 2022-12-13 18:31:49 +01:00
Edward Minnix III
a85de2b5f4 Merge pull request #10865 from egregius313/egregius313/android-activity-alias 
Java: Add library support for activity-alias elements in AndroidManifest.qll
 2022-12-13 11:52:01 -05:00
Jami
9b0163ce22 Merge pull request #11624 from jcogs33/jcogs33/exclude-paramless-constructors-from-dataflowtargetapi 
Java/C#: exclude parameterless constructors from `DataFlowTargetApi`
 2022-12-13 10:05:57 -05:00
Asger F
bfe9ee3ead Merge pull request #11672 from asgerf/js/extensions 
JS: Add data extension sinks
 2022-12-13 15:34:11 +01:00
Asger F
6b15839221 JS: Add tests for the examples used in the docs 2022-12-13 11:33:12 +01:00
Asger F
ba1364a4cb JS: Add sinks mentioned in doc 
Note that 'sql-injection' was already added
 2022-12-13 11:33:12 +01:00
Michael Nebel
b8ef961498 Merge pull request #9415 from JarLob/sockets 
Add TCP and UDP socket client taint sources
 2022-12-13 10:39:33 +01:00
AlexDenisov
73196fd732 Merge pull request #11669 from github/redsun82/swift-wrapper 
Swift: wrap extractor with shell script
 2022-12-13 09:46:42 +01:00
Paolo Tranquilli
0dc717fd9c Swift: remove no more needed library path setting in qltest.sh 2022-12-13 09:13:43 +01:00
Paolo Tranquilli
03d7adb303 Swift: wrap extractor with shell script 
This is in preparation for the extractor to use shared libraries
packaged alongside it.

We could probably also move the `CODEQL_EXTRACTOR_SWIFT_RUN_UNDER` logic
in it, where it would be simpler and more robust.
 2022-12-13 09:07:37 +01:00
yoff
557a5b469f Merge pull request #11555 from pwntester/new_python_cmdi_sinks 
Added two new CMDi sinks for python's stdlib
 2022-12-13 09:00:34 +01:00
Jami Cogswell
22f8d97f31 C#: add test case 2022-12-12 13:28:01 -05:00
Jami Cogswell
446ac75c87 Java: update unit test 2022-12-12 13:28:01 -05:00
Jami Cogswell
39154b1455 C#: add isParameterless predicate to Constructor class 2022-12-12 13:28:00 -05:00
Jami Cogswell
5113041623 Java: add isParameterless predicate to Constructor class 2022-12-12 13:28:00 -05:00
Jami Cogswell
a8a8b03d2f C#: exclude parameterless constructors from DataFlowTargetApi 2022-12-12 13:28:00 -05:00
Jami Cogswell
16d8e8e931 Java: exclude parameterless constructors from DataFlowTargetApi 2022-12-12 13:28:00 -05:00
Erik Krogh Kristensen
636d5e341c Merge pull request #11652 from erik-krogh/static-useInstanceOf 
Java/C#/GO: Use instanceof in more places
 2022-12-12 17:52:04 +01:00
Edward Minnix III
0ebfee8b11 Merge pull request #11241 from egregius313/egregius313/webview-file-access 
Java: Query to detect Android Webview file access
 2022-12-12 11:12:26 -05:00
Erik Krogh Kristensen
4ff823c36b Merge pull request #11366 from p-/p--ruby-kernel-open-addition 
Ruby: Add additional sinks to the `rb/kernel-open` query
 2022-12-12 15:56:01 +01:00
erik-krogh
873d3553cd Merge branch 'main' into static-useInstanceOf 2022-12-12 15:36:54 +01:00
Tom Hvitved
912aa461c7 Merge pull request #11654 from hvitved/ruby/stage-collapse 
Ruby: Ensure `Node::{toString,getLocation}` are computed in data flow stage
 2022-12-12 13:57:47 +01:00
Michael Nebel
0fdf9a42f2 C#: Cleanup and make the last StreamReader model explicit on its input. 2022-12-12 13:21:26 +01:00
JarLob
1d303e0470 C#: Add remote type source kind in model validation. 2022-12-12 12:56:14 +01:00
Jaroslav Lobačevski
340fd8ae4e C#: Add change note. 2022-12-12 12:56:14 +01:00
Jaroslav Lobačevski
204a1d3d06 C#: Add source TCP/UDP source models and StreamReader summary models. 2022-12-12 12:56:14 +01:00
Chris Smowton
2bdc9e80de Merge pull request #11625 from smowton/smowton/admin/autoformat-docs-ql-files 
Autoformat docs ql files
 2022-12-12 10:37:35 +00:00
Mathias Vorreiter Pedersen
b2fcf87e6a Merge pull request #11638 from jketema/rewrite-tainted-path-v2 
C++: Use `FlowSource` in `cpp/path-injection`
 2022-12-12 10:08:15 +00:00
Chris Smowton
77004f3e15 Merge pull request #11258 from smowton/smowton/feature/kotlin-annotation-extraction 
Kotlin: extract annotations
 2022-12-12 09:52:49 +00:00
Michael Nebel
e0f1b38439 Merge pull request #11580 from michaelnebel/renamenegativemodels 
C#/Java: Rename Negative Summary Model to Neutral Model
 2022-12-12 07:59:06 +01:00
Harry Maclean
6c8896d83f Merge pull request #11337 from hmac/actionmailbox 
Ruby: Model ActionMailbox
 2022-12-12 10:29:23 +13:00
Tom Hvitved
58549087e0 Ruby: Ensure Node::{toString,getLocation} are computed in data flow stage 2022-12-11 20:37:24 +01:00
Tom Hvitved
367aa35d8c Ruby: Avoid SummarizedCallable::propagatesFlowExt being recursive 2022-12-11 20:37:23 +01:00
erik-krogh
8262fbbfb5 Java/C#/GO: Use instanceof in more places 2022-12-11 18:32:19 +01:00
Jeroen Ketema
beb66d027e C++: Use FlowSource in cpp/path-injection 2022-12-10 20:27:56 +01:00
Jeroen Ketema
d5acd310ce Merge pull request #11644 from jketema/lower-case-flow-source-description 
C++: Make all flow source descriptions start with a lower case letter
 2022-12-10 20:23:14 +01:00
Mathias Vorreiter Pedersen
bea67abd64 Merge pull request #11643 from jketema/generalize-argv 2022-12-10 16:03:20 +00:00
Jeroen Ketema
ce92ba640a C++: Accept test changes 2022-12-09 23:38:03 +01:00
Jeroen Ketema
9dc2614012 C++: Make all flow source descriptions start with a lower case letter 
In every context where we use the description a lower case letter makes more
sense.
 2022-12-09 23:18:58 +01:00
Jeroen Ketema
1e1974c9fb C++: Add change note 2022-12-09 23:17:36 +01:00
Jeroen Ketema
331fab5ac0 C++: Generalize the ArgvSource flow source 
This matches `isUserInput` and handles cases where `argv` has a different name,
which is allowed.
 2022-12-09 23:12:31 +01:00
Chris Smowton
5282c86158 Apply review feedback 2022-12-09 18:07:14 +00:00
Edward Minnix III
4278997a2c Reword WebView file access query description 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-12-09 11:36:09 -05:00
Edward Minnix III
8c8e71dd82 Grammar, concision, and style edits 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-12-09 11:35:02 -05:00
Michael Nebel
4835d14865 Java/C#: Delete the deprecated NeutralModelCsv class. 2022-12-09 15:11:49 +01:00