hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 00:43:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,168 Commits 1,693 Branches 160 Tags
39200566c3545f6bf89ddca6281e43a009524ca0
Commit Graph

16168 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
lcartey@github.com
39200566c3 Java: Update CWE claims for XXE. 
This matches the claims in the C# equivalent.
 2020-09-18 12:30:52 +01:00
lcartey@github.com
32f43a84be Java: Add CWE 564 (SQL Injection: Hibernate) 2020-09-18 10:20:21 +01:00
Jonas Jensen
c67605f15c Merge pull request #4230 from MathiasVP/mathiasvp/array-field-flow 
C++: Replace `field -> object` taint rule with `ArrayContent` dataflow
 2020-09-18 10:56:51 +02:00
Mathias Vorreiter Pedersen
8c615ece8a Merge pull request #4292 from MathiasVP/mathiasvp/cache-simpleLocalFlowStep 
C++: Cache simpleLocalFlowStep instead of simpleInstructionLocalFlowStep
 2020-09-18 10:18:21 +02:00
Mathias Vorreiter Pedersen
3ef6e8a580 Merge pull request #4283 from geoffw0/stringstream4 
C++: Model getline
 2020-09-18 10:17:47 +02:00
Mathias Vorreiter Pedersen
c6ff805a07 C++: Cache simpleLocalFlowStep instead of simpleInstructionLocalFlowStep 2020-09-17 21:13:02 +02:00
Robert Marsh
3d07ba9d0b Merge pull request #4290 from MathiasVP/mathiasvp/fix-join-order-in-single-field-flow 
C++: Fix bad join order introduced by #4270
 2020-09-17 14:52:59 -04:00
Mathias Vorreiter Pedersen
8e1d9e0996 C++: Fix bad join order introduced by #4270 2020-09-17 19:23:01 +02:00
Geoffrey White
5cc11f1c44 C++: Additional model for 'this' flow through chains. 2020-09-17 14:12:30 +01:00
Geoffrey White
73399cb5f7 C++: Model GetLine. 2020-09-17 14:05:43 +01:00
Geoffrey White
2c15e6f934 C++: Add test cases. 2020-09-17 13:43:07 +01:00
Mathias Vorreiter Pedersen
63afe1da78 Merge pull request #4276 from geoffw0/stringstream3 
C++: More stringstream models.
 2020-09-17 14:19:52 +02:00
Geoffrey White
4d6125841d C++: Clean up multiply defined functions. 2020-09-17 11:48:26 +01:00
Geoffrey White
c17ae3ad6c C++: Correct dataflow for return (*this). 2020-09-17 11:34:10 +01:00
Geoffrey White
86404af501 Merge pull request #4270 from MathiasVP/mathiasvp/single-field-flow-fix-cwe190test 
C++: Use underlying type when checking whether a type is a single-field struct.
 2020-09-16 17:21:07 +01:00
Geoffrey White
f1a9547b38 C++: Split off putback. 2020-09-16 16:44:39 +01:00
Taus
4b423feef9 Merge pull request #4245 from RasmusWL/python-dataflow-dynamic-tuple-tests 
Python: Add dataflow tests for dynamic tuple creation
 2020-09-16 15:19:41 +02:00
CodeQL CI
c2175b678c Merge pull request #4263 from erik-krogh/importScripts 
Approved by esbena
 2020-09-16 06:01:35 -07:00
Mathias Vorreiter Pedersen
3520b86771 C++: Accept test changes. 2020-09-16 14:51:11 +02:00
Geoffrey White
eedbe839b5 C++: Update change note. 2020-09-16 13:45:05 +01:00
Geoffrey White
c4de071a4c C++: Flow through swap. 2020-09-16 13:39:07 +01:00
Geoffrey White
eb7bd6e176 C++: Flow through putback. 2020-09-16 13:39:07 +01:00
Geoffrey White
7cc60a30a6 C++: Flow through get, peek, read, readsome. 2020-09-16 13:36:41 +01:00
Geoffrey White
56390c1aef C++: Flow through operator>>. 2020-09-16 13:32:13 +01:00
Mathias Vorreiter Pedersen
3026eb4b85 Revert "C++: Remove the same rule in TaintTrackingUtil.qll as 78b24b76a0 removed from DefaultTaintTracking.qll" 
This reverts commit 0b97a4a182.
 2020-09-16 14:26:01 +02:00
Mathias Vorreiter Pedersen
92d81edae6 Revert "C++: Remove the problematic taint tracking rule. It seems like we get the flows from dataflow already now." 
This reverts commit 78b24b76a0.
 2020-09-16 14:25:42 +02:00
Tamás Vajk
5079deb92a Merge pull request #4268 from tamasvajk/feature/java-range-analysis-fn 
Java: Fix range analysis false negative
 2020-09-16 11:08:33 +02:00
Mathias Vorreiter Pedersen
0b97a4a182 C++: Remove the same rule in TaintTrackingUtil.qll as 78b24b76a0 removed from DefaultTaintTracking.qll 2020-09-16 10:54:23 +02:00
Joe Farebrother
4f70af500c Merge pull request #4261 from joefarebrother/printAST-java 
Java: Add PrintAst
 2020-09-16 09:46:19 +01:00
Mathias Vorreiter Pedersen
7b456d6162 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-16 10:45:31 +02:00
Rasmus Wriedt Larsen
d828bc5f3a Merge pull request #4251 from yoff/SharedDataflow_BarrierGuards 
Python: Implement `BarrierGuard`
 2020-09-16 10:00:26 +02:00
Mathias Vorreiter Pedersen
c8a3baf356 Merge pull request #4272 from jbj/dataflow-partial-access 
C++: Add AST flow through arrays
 2020-09-16 09:29:39 +02:00
Rasmus Lerchedahl Petersen
e46ae9b98d Python: Move some query predicates to debug 2020-09-15 21:45:47 +02:00
Matthew Gretton-Dann
17bd678699 Merge pull request #4140 from github/matt-gretton-dann/fix-deleted-constructors 
Update tests for extractor changes with ctors
 2020-09-15 19:34:42 +01:00
Matthew Gretton-Dann
795bf0d93c Update tests for extractor changes with ctors 2020-09-15 17:58:37 +01:00
Matthew Gretton-Dann
9296a12a91 Merge pull request #4260 from github/igfoo/coroutines 
C++: Add coroutines* tables
 2020-09-15 17:39:38 +01:00
Joe
7e9b1a2975 Java: PrintAst: Fix more formatting issues 2020-09-15 17:15:00 +01:00
Ian Lynagh
a912a328a2 C++: Add an upgrade script 2020-09-15 15:36:19 +01:00
Ian Lynagh
56388b57bd C++: Update stats for new coroutines* tables 2020-09-15 15:36:19 +01:00
Ian Lynagh
99c4bc5175 C++: Add coroutine metadata tables 2020-09-15 15:36:19 +01:00
Jonas Jensen
78560833a1 C++: Add a test distilled from real code 
Author: @rvermeulen.

The consistency warnings go away because `sink` is defined with a body
in this file.
 2020-09-15 16:24:37 +02:00
Joe
3be8fa5155 Java: PrintAst: Fix formatting 2020-09-15 15:10:56 +01:00
Mathias Vorreiter Pedersen
50ad4cfec4 C++: Add comments to {Array,Pointer}StoreNode and arrayStoreStepChi. 2020-09-15 16:03:21 +02:00
Joe
28338eb32e Java: PrintAst: Various minor fixes of typos 
Fix references to C#

Fix getAPrimaryQlClass for JavadocTag

Fix typo for Import

Update test outputs
 2020-09-15 15:02:56 +01:00
Jonas Jensen
b3c50aed5e Merge pull request #4262 from github/igfoo/location 
C++: Deprecate Location subclasses
 2020-09-15 15:49:36 +02:00
Joe
53ab8dac06 Java: PrintAst: Fix failing tests 2020-09-15 14:45:48 +01:00
Joe
112b6d28a1 Java: PrintAst: Handle multiple javadocs in one element correctly 2020-09-15 14:45:48 +01:00
Joe
e38b583ec4 Java: PrintAst: Add tests 2020-09-15 14:45:48 +01:00
Joe
b73e7d8390 Java: PrintAST: Support Javadoc 2020-09-15 14:45:48 +01:00
Joe
c3320eeb3c Java: Improve getAPrimaryQlClass 
Implement it for more types
Fix typos
 2020-09-15 14:45:48 +01:00