hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,278 Commits 1,712 Branches 163 Tags
3c1206f8731f8908e6a67a6b4da126e111cc0bef
Commit Graph

26278 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
3c1206f873 Python: Model more awaiting construcs 
in API graphs.
Some unsatisfactory lack of understanding here.
 2021-09-27 16:41:01 +02:00
Rasmus Lerchedahl Petersen
f6311bf051 Python: model other awaiting constructs 2021-09-27 14:32:55 +02:00
Rasmus Lerchedahl Petersen
15b07bfcc0 Python: Model sql executions 2021-09-27 14:15:58 +02:00
Rasmus Lerchedahl Petersen
520a2da8ab Python: Add tests for asyncpg 2021-09-24 14:41:50 +02:00
Benjamin Muskalla
cb0a567c03 Merge pull request #6743 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-09-24 09:23:35 +02:00
github-actions[bot]
ceb9a0bd6b Add changed framework coverage reports 2021-09-24 00:08:02 +00:00
Anders Schack-Mulligen
a031b2a090 Merge pull request #6493 from atorralba/atorralba/cleartext-storage-query-refactor 
Java: Refactor Cleartext Storage queries
 2021-09-23 16:31:17 +02:00
Tony Torralba
b52a2cd292 Apply code review comments 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-09-23 15:48:15 +02:00
Anders Schack-Mulligen
6be4b3bac6 Merge pull request #6725 from emilejq/date-format 
Java: Remove requirements for final and access mods from DateFormatThreadUnsafe
 2021-09-23 15:02:17 +02:00
Rasmus Wriedt Larsen
f14e3f6007 Merge pull request #5445 from jorgectf/jorgectf/python/ldapinsecureauth 
Python: Add LDAP Insecure Authentication query
 2021-09-23 11:08:13 +02:00
Emile El-Qawas
83fb41e414 Add visibility constraints; Fix non-compliant code 2021-09-23 09:55:49 +01:00
Tony Torralba
d0b9920cac Fix encryption sanitizer 
It now discards sensitive exprs (sources) instead of sinks for better precision
 2021-09-23 10:42:30 +02:00
Tony Torralba
51d2b5225e Remove cached property from SensitiveSource::flowsTo 2021-09-23 10:42:30 +02:00
Tony Torralba
563e8a2bd6 Remove unused library 2021-09-23 10:42:30 +02:00
Tony Torralba
a30554e97c Refactored cleartext storage libraries 2021-09-23 10:42:30 +02:00
Rasmus Wriedt Larsen
ef6e502ff0 Python: Make LDAP global options test better 
Before it didn't really showcase that we know it can make connections
secure.
 2021-09-23 10:18:18 +02:00
Chris Smowton
93daaf5b5b Merge pull request #6174 from joefarebrother/guava-collections 
Java: Model Guava collections package
 2021-09-23 09:13:24 +01:00
Rasmus Wriedt Larsen
70489b2fc2 Merge branch 'main' into jorgectf/python/ldapinsecureauth 2021-09-23 10:05:56 +02:00
Tom Hvitved
27c45d8dda Merge pull request #6731 from hvitved/remove-reduced-env-var 
Remove `CODEQL_REDUCE_FILES_FOLDERS_RELATIONS`
 2021-09-23 09:39:17 +02:00
Chris Smowton
3123abfac3 Merge pull request #6711 from bananabr/AndroidLoggingFix 
Fix Android logging signature
 2021-09-22 17:23:04 +01:00
Joe Farebrother
522c6e01d2 Sort models by class and name 2021-09-22 15:23:01 +01:00
yoff
14a31a2299 Merge pull request #6732 from RasmusWL/minor-sqlalchemy-comment-fixes 2021-09-22 15:15:52 +02:00
Rasmus Wriedt Larsen
8badba26b8 Python: Minor SQLALchemy comment fixes 2021-09-22 13:58:29 +02:00
Chris Smowton
24e3ad4e18 Remove unnecessary type constraint 2021-09-22 10:54:24 +01:00
Mathias Vorreiter Pedersen
a66f83644b Merge pull request #6728 from rdmarsh2/rdmarsh/sql-models-followup 
C++: Add additional functions to the SQL models
 2021-09-22 10:19:51 +01:00
Tom Hvitved
364dab6990 Remove CODEQL_REDUCE_FILES_FOLDERS_RELATIONS 2021-09-22 09:43:56 +02:00
Edoardo Pirovano
b960857fc2 Merge pull request #6722 from edoardopirovano/update-analyze-docs 
Update documentation to reflect changes to `database analyze`
 2021-09-22 08:29:45 +01:00
yoff
65d3373ad3 Merge pull request #6727 from RasmusWL/fix-sqlalchemy-query 
Python: Merge SQLAlchemy TextClause injection into `py/sql-injection`
 2021-09-22 09:29:28 +02:00
Robert Marsh
3108817717 C++: Add additional functions to the SQL models 2021-09-21 17:34:01 -07:00
Rasmus Wriedt Larsen
d44f279339 Python: Fix .qhelp 2021-09-21 20:35:03 +02:00
Rasmus Wriedt Larsen
a83bb39d0f Python: Merge SQLAlchemy TextClause injection into py/sql-injection 
As discussed in a meeting today, this will end up presenting an query
suite that's easier to use for customers.

Since https://github.com/github/codeql/pull/6589 has JUST been merged,
if we get this change in fast enough, no end-user will ever have run
`py/sqlalchemy-textclause-injection` as part of LGTM.com or Code
Scanning.
 2021-09-21 20:21:42 +02:00
Robert Marsh
d62f76afa6 Merge pull request #6133 from MathiasVP/promote-sql-pqxx 
C++: Promote `cpp/sql-injection-via-pqxx` out of experimental
 2021-09-21 10:13:57 -07:00
Robert Marsh
97c2917c16 Merge pull request #6409 from JordyZomer/main 
cpp: Add query to detect unsigned integer to signed integer conversio…
 2021-09-21 09:57:44 -07:00
Joe Farebrother
3cd675bfff Manually fill in most of the remaining support method calls 2021-09-21 17:56:18 +01:00
Mathias Vorreiter Pedersen
478093aa89 Update cpp/ql/lib/semmle/code/cpp/models/interfaces/Sql.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-09-21 17:51:24 +01:00
Emile El-Qawas
dcae1c5c04 DateFormatThreadUnsafe - Remove requirements for final and access modifiers 2021-09-21 16:50:48 +01:00
Joe Farebrother
6e9bee1be7 Add missing models 2021-09-21 16:32:49 +01:00
Joe Farebrother
25d6e00b1a Implement gen methods for MapDifference 2021-09-21 16:30:12 +01:00
Joe Farebrother
a47897bdf9 Implement Table gen methods 2021-09-21 15:29:06 +01:00
Anders Schack-Mulligen
2c41de6648 Merge pull request #6720 from aschackmull/java/isunreachableincall-joinorder 
Java: Fix join-order in isUnreachableInCall.
 2021-09-21 16:07:42 +02:00
Anders Schack-Mulligen
dd1bed02e8 Merge pull request #6721 from aschackmull/dataflow/subpaths01-joinorder 
Dataflow: Fix join-order in subpaths01
 2021-09-21 16:05:41 +02:00
Mathias Vorreiter Pedersen
bd5edc7ae5 Respond to review comments. 2021-09-21 14:29:26 +01:00
Mathias Vorreiter Pedersen
dfe932d053 Add missing conjunct in PostgreSqlEscapeFunction's 'escapesSqlArgument' predicate. 2021-09-21 12:14:45 +01:00
Edoardo Pirovano
5a28a796af Update documentation to reflect changes to database analyze 2021-09-21 10:16:12 +01:00
yoff
4adb0c75bd Merge pull request #6589 from RasmusWL/promote-sqlalchemy 
Python: Promote modeling of SQLAlchemy
 2021-09-21 11:08:41 +02:00
Rasmus Wriedt Larsen
4a16be2cba Merge pull request #6557 from yoff/python/port-modification-of-default-value 
Python: port modification of default value
 2021-09-21 10:12:12 +02:00
Rasmus Wriedt Larsen
f8e6ba633a Python: Fix .expected for new subpaths query predicate 2021-09-21 09:40:13 +02:00
Rasmus Wriedt Larsen
c7c8e2f3e3 Merge branch 'main' into promote-sqlalchemy 2021-09-21 09:36:07 +02:00
Anders Schack-Mulligen
eaf05305ff Merge pull request #6709 from aschackmull/java/local-taint-collections 
Java: Add container flow to the local taint flow relation.
 2021-09-20 16:04:45 +02:00
Anders Schack-Mulligen
044623a360 Dataflow: Sync. 2021-09-20 14:58:28 +02:00