hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 14:36:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,695 Commits 1,711 Branches 163 Tags
4f9a6c151bb6c045d262b4e0da893ddfe562b563
Commit Graph

22695 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
4f9a6c151b Dataflow: Code review fixes. 2021-06-01 10:29:17 +02:00
Anders Schack-Mulligen
683f853fa5 Dataflow: Fix another bad join order. 2021-05-31 15:14:13 +02:00
Anders Schack-Mulligen
017bf68906 Dataflow: Fix bad join order. 2021-05-25 11:40:53 +02:00
Anders Schack-Mulligen
4406b8e339 Dataflow: Sync. 2021-05-19 19:22:36 +02:00
Anders Schack-Mulligen
bb258813a1 Dataflow: Improve performance for dispatch-join in flow-through. 2021-05-19 19:20:57 +02:00
Chris Smowton
0c970b5f1f Merge pull request #5802 from luchua-bc/java/rhino-injection 
Java: CWE-094 Rhino code injection
 2021-05-18 19:25:53 +01:00
luchua-bc
02aa9c6fc7 Optimize the sink and update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
d4323a4a54 Update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
9d392263a5 Refactor inconsistent method names 2021-05-18 16:12:23 +00:00
luchua-bc
2fa249a8eb Update method name and qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
2c1374bdcf Use inline implementation for ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
0ac8453398 Allow all arguments of methods in ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
e4699f7fa9 Optimize the query 2021-05-18 16:12:22 +00:00
luchua-bc
d664aa6d6a Include more scenarios and update qldoc 2021-05-18 16:12:22 +00:00
luchua-bc
852bcfb5c7 Refactor the ScriptEngine query and the Rhino code injection query into one 2021-05-18 16:12:22 +00:00
luchua-bc
b0b5338359 Rhino code injection 2021-05-18 16:12:22 +00:00
Ethan Palm
9deaace756 Merge pull request #5898 from ethanpalm/go-build-commands 
Docs: Document Go tracer support
 2021-05-18 11:49:31 -04:00
Ethan Palm
610e041e28 Add reviewer feedback 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2021-05-18 11:42:08 -04:00
Chris Smowton
4230869ee2 Merge pull request #5819 from luchua-bc/java/jpython-injection 
Java: CWE-094 Jython code injection
 2021-05-18 16:38:40 +01:00
Chris Smowton
71f540a755 Merge pull request #5844 from haby0/SpringRedirects 
[Java] CWE-601 Spring url redirection detect
 2021-05-18 16:37:40 +01:00
luchua-bc
2a0721b2ae Optimize the sink and update method name 2021-05-18 12:18:14 +00:00
CodeQL CI
1d120824ac Merge pull request #5920 from erik-krogh/clone 
Approved by esbena
 2021-05-18 05:13:57 -07:00
haby0
e46de44473 Solve errors caused by private ownership 2021-05-18 19:56:32 +08:00
Erik Krogh Kristensen
06514a2bb6 move clone model to Extend.qll 2021-05-18 13:16:41 +02:00
haby0
caf5f4d605 modified comment 2021-05-18 19:10:03 +08:00
Erik Krogh Kristensen
1435ac715a add support for the clone library 2021-05-18 12:46:34 +02:00
Anders Schack-Mulligen
9b0e3b1950 Merge pull request #5814 from JLLeitschuh/feat/JLL/jackson_as_taint_step 
[Java] Add taint tracking through Jackson deserialization
 2021-05-18 09:31:16 +02:00
haby0
a0cd551bae Add filtering of String.format 2021-05-18 11:05:10 +08:00
luchua-bc
e652d8771c Update method name and qldoc 2021-05-17 20:36:15 +00:00
Tom Hvitved
ae6326b1f3 Merge pull request #5882 from hvitved/csharp/autobuilder/shared-compilation 2021-05-17 16:05:08 +02:00
Mathias Vorreiter Pedersen
d46452e8de Merge pull request #5903 from MathiasVP/tainted-allocation-size-barrier 
C++: Add barriers to `cpp/uncontrolled-allocation-size`
 2021-05-17 15:24:45 +02:00
CodeQL CI
12b1bbe484 Merge pull request #5897 from erik-krogh/uid 
Approved by RasmusWL, esbena
 2021-05-17 06:01:04 -07:00
Anders Schack-Mulligen
77c93dcf26 Make private 2021-05-17 10:35:04 +02:00
Tom Hvitved
b142ecb1db C#: Address review comment 2021-05-17 10:33:06 +02:00
Mathias Vorreiter Pedersen
31091c66c1 C++: Add a test containing a guarded long. 2021-05-17 08:06:06 +02:00
Robert Marsh
d706d7b7a4 Merge pull request #5887 from MathiasVP/fewer-rand-sources-in-uncontrolled-arithmetic 
C++: Add more sanitizers to `cpp/uncontrolled-arithmetic`
 2021-05-14 15:35:56 -07:00
Ethan P
58c746e42b fix formatting 2021-05-14 14:09:07 -04:00
Ethan P
0e99d5e379 Add examples of both tracing mechanisms 2021-05-14 14:05:55 -04:00
Ethan Palm
6dd30ee5e2 clarify options for tracing 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-14 14:00:33 -04:00
Robin Neatherway
17b74319fa Merge pull request #5902 from github/rneatherway/lines-of-code-tags 
Add lines-of-code tags
 2021-05-14 17:16:50 +01:00
Ethan Palm
4cf695b5ab specify `--command` option 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-05-14 10:00:17 -04:00
Mathias Vorreiter Pedersen
58dde68b10 C++: Add change-note. 2021-05-14 14:16:00 +02:00
Mathias Vorreiter Pedersen
2d0a56128d C++: Prevent flow out of pointer-difference expressions. 2021-05-14 13:49:48 +02:00
Mathias Vorreiter Pedersen
c1d41b3169 C++: Add false positive result from pointer-difference expressions. 2021-05-14 13:47:23 +02:00
luchua-bc
1497fba6f2 Remove the isAdditionalTaintStep predicate 2021-05-14 11:43:49 +00:00
Mathias Vorreiter Pedersen
5031b73f35 C++: Add barrier to cpp/uncontrolled-allocation-size that blocks flow when overflow isn't possible. 2021-05-14 13:43:20 +02:00
CodeQL CI
af0d31695a Merge pull request #5862 from asgerf/js/has-underlying-type 
Approved by erik-krogh, max-schaefer
 2021-05-14 04:10:43 -07:00
Robin Neatherway
f378513ea3 Add lines-of-code tags 
This is a proposed method for advertising which queries are measuring
the lines of code in a project in a more robust manner than inspecting
the rule id.

Note that the python "LinesOfUserCode" query should _not_ have this
property, as otherwise the results of the two queries will be summed.
 2021-05-14 11:20:43 +01:00
haby0
498c99e26c Add left value, Add return expression tracing flow 2021-05-14 16:31:59 +08:00
Ethan P
406fb1e383 Update with Go custom build options 2021-05-13 17:29:34 -04:00