hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 10:04:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
25,515 Commits 1,740 Branches 164 Tags
51243454c890c3c58c0d9ba767dfec8a030ba2ed
Commit Graph

25515 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
38319a4832 C/C++: Make Content public as DataFlow::Content. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
aa82d0b815 Java: Make Content public as DataFlow::Content. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
80880320d5 Dataflow: Sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
b7ac329ba1 DataFlow: Add support for configuration-specific implicit reads. 2021-06-21 14:41:19 +02:00
Mathias Vorreiter Pedersen
238c483e5b C++: Make any non-overflowing arithmetic operation a barrier. 2021-06-21 14:05:34 +02:00
Mathias Vorreiter Pedersen
18e5d3cce8 C++: Add false positive with multiplication. 2021-06-21 14:04:27 +02:00
Chris Smowton
e2aaae8181 Increase test fieldFlowBranchLimit to 1000 
Might as well head off future failures in this test

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-21 12:51:37 +01:00
Chris Smowton
c5eef7be8c Increase field flow branch limit in Jax-RS tests 
This fixes apparently-missing results by allowing the dataflow library to persist even when there are many Map implementations possibly available.
 2021-06-21 12:46:13 +01:00
Geoffrey White
6f808c9e4c C++: Update change note. 2021-06-21 12:32:48 +01:00
Geoffrey White
79198974dc Merge branch 'main' into weak-crypto3 2021-06-21 11:55:29 +01:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
Geoffrey White
90e2a2d222 C++: Change note. 2021-06-21 11:30:12 +01:00
Asger Feldthaus
0754ed2b5c JS: Change note 2021-06-21 11:46:44 +02:00
Rasmus Wriedt Larsen
d6ec4d30fc Python: Twisted refactor of getRequestParamIndex 2021-06-21 10:54:28 +02:00
Rasmus Wriedt Larsen
8208aebd7e Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-06-21 10:43:25 +02:00
Shati Patel
bbb5a39c02 Merge pull request #6072 from shati-patel/shati-patel/vs-code-setting 
[Already shipped] Docs: Update setting in CodeQL for VS Code
 2021-06-21 08:34:14 +01:00
Taus
3aea270e10 Python: Autoformat 2021-06-18 18:30:27 +00:00
yo-h
26a04d6659 Merge pull request #6108 from tamasvajk/fix/coverage-commenter 
Fix diff in the framework coverage PR comment
 2021-06-18 14:02:15 -04:00
Taus
aeac03663f Python: Remove old ClickHouseDriver.qll 
The merge must've gone wrong some way, as this file is not supposed to
exist in `experimental` anymore.
 2021-06-18 17:41:09 +00:00
Taus
348b20ca9d Merge branch 'main' of https://github.com/github/codeql into python-a-few-minor-cleanups 2021-06-18 17:38:43 +00:00
Taus
9351688da8 Python: asCfgNode cleanup 2021-06-18 17:22:42 +00:00
Taus
c386f4a009 Python: Clean up py/insecure-protocol 
Going all the way to the AST layer seemed excessive to me, so I rewrote
it to do most of the logic at the data-flow layer. In principle this
_could_ result in more names being computed (due to splitting), but in
practice I don't expect this make a big difference.
 2021-06-18 17:22:42 +00:00
Taus
f24a9a46d9 Python: add getAnAttributeWrite 2021-06-18 17:22:42 +00:00
Taus
c78ba476cf Python: Clean up a few verbose casts 2021-06-18 17:22:42 +00:00
Tamas Vajk
b3f44f457a Fix diff in the framework coverage PR comment 2021-06-18 16:33:50 +02:00
haby0
1750efad2a fix 2021-06-18 21:46:48 +08:00
haby0
dca737190b Modify JShellInjection.expected 2021-06-18 21:36:45 +08:00
haby0
2b77f7d1bc Modify isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
a71757f0f4 Update java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-06-18 21:36:44 +08:00
haby0
bfe0d40987 using isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
3a2a99e289 Fix 1 2021-06-18 21:36:44 +08:00
haby0
ed0aabef46 add isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
921b8e80a2 Jshell Injection 2021-06-18 21:36:44 +08:00
Mathias Vorreiter Pedersen
17df8e44d0 C++: Convert 'cpp/tainted-arithmetic' to a 'path-problem' query. 2021-06-18 14:56:17 +02:00
AlonaHlobina
ac35438b5f Update versions-compilers.rst 2021-06-18 15:35:37 +03:00
CodeQL CI
081fd28090 Merge pull request #6102 from RasmusWL/js-qhelp-fixup 
Approved by erik-krogh
 2021-06-18 04:52:48 -07:00
Chris Smowton
6302187a5d Merge pull request #5957 from haby0/java/BeanShellInjection 
Java: BeanShell Injection
 2021-06-18 12:38:51 +01:00
Jonas Jensen
f829fff2ad Merge pull request #6100 from github/AlonaHlobina-patch-2 
Update C/C++ Clang and GCC versions.rst
 2021-06-18 13:10:29 +02:00
AlonaHlobina
288a314108 Update versions-compilers.rst 2021-06-18 13:35:11 +03:00
Rasmus Wriedt Larsen
968a0921d4 JS: Fix secure example inclusion in InsecureDownload.qhelp 2021-06-18 12:12:06 +02:00
Anders Schack-Mulligen
7eb6da3888 Merge pull request #5772 from smowton/smowton/feature/apache-tuple-flow 
Add models for Apache Commons Lang's tuple types
 2021-06-18 11:25:07 +02:00
AlonaHlobina
bd820458f5 Update docs/codeql/support/reusables/versions-compilers.rst 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-06-18 12:24:34 +03:00
haby0
a73cb3f04a Fix error 2021-06-18 17:22:26 +08:00
CodeQL CI
1ffd9c9ba7 Merge pull request #6086 from asgerf/js/knex 
Approved by esbena
 2021-06-18 01:58:21 -07:00
Calum Grant
32f6a465b0 Merge pull request #6080 from github/calumgrant/security-severities 
Update security-severity scores
 2021-06-18 09:40:40 +01:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00
AlonaHlobina
9c5ba8d4f6 Adding C++20 Beta support.rst 2021-06-18 10:56:11 +03:00
haby0
0d18e4ff9c BeanShell Injection 2021-06-18 15:54:13 +08:00
AlonaHlobina
9feda2ddd6 Update C/C++ Clang and GCC versions.rst 2021-06-18 10:46:22 +03:00
Tamás Vajk
0545bcfbd2 Merge pull request #6028 from github/tamasvajk/feature/csv-coverage-report-comment 
Add CSV coverage PR commenter
 2021-06-18 09:32:45 +02:00