hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-12 10:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
25,515 Commits 1,740 Branches 164 Tags
51243454c890c3c58c0d9ba767dfec8a030ba2ed
Commit Graph

25515 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
haby0
95c33a240f Update java/change-notes/2021-05-17-add-unsafe-deserialization-sinks.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-17 18:49:16 +08:00
Tony Torralba
3e4ccaf9a8 Move from experimental to standard 2021-05-17 10:41:54 +02:00
Anders Schack-Mulligen
77c93dcf26 Make private 2021-05-17 10:35:04 +02:00
Tom Hvitved
b142ecb1db C#: Address review comment 2021-05-17 10:33:06 +02:00
haby0
58d774ae85 add change notes 2021-05-17 14:52:05 +08:00
Mathias Vorreiter Pedersen
31091c66c1 C++: Add a test containing a guarded long. 2021-05-17 08:06:06 +02:00
Robert Marsh
d706d7b7a4 Merge pull request #5887 from MathiasVP/fewer-rand-sources-in-uncontrolled-arithmetic 
C++: Add more sanitizers to `cpp/uncontrolled-arithmetic`
 2021-05-14 15:35:56 -07:00
Marcono1234
e205e4bbce Java: Add change note for close resource query changes 2021-05-14 22:31:14 +02:00
Marcono1234
73c7e15580 Java: Add back StringInputStream to CloseReader.ql 2021-05-14 22:25:00 +02:00
Ethan P
58c746e42b fix formatting 2021-05-14 14:09:07 -04:00
Ethan P
0e99d5e379 Add examples of both tracing mechanisms 2021-05-14 14:05:55 -04:00
Ethan Palm
6dd30ee5e2 clarify options for tracing 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-14 14:00:33 -04:00
Robin Neatherway
17b74319fa Merge pull request #5902 from github/rneatherway/lines-of-code-tags 
Add lines-of-code tags
 2021-05-14 17:16:50 +01:00
Ethan Palm
4cf695b5ab specify `--command` option 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-05-14 10:00:17 -04:00
Mathias Vorreiter Pedersen
58dde68b10 C++: Add change-note. 2021-05-14 14:16:00 +02:00
Mathias Vorreiter Pedersen
2d0a56128d C++: Prevent flow out of pointer-difference expressions. 2021-05-14 13:49:48 +02:00
Mathias Vorreiter Pedersen
c1d41b3169 C++: Add false positive result from pointer-difference expressions. 2021-05-14 13:47:23 +02:00
luchua-bc
1497fba6f2 Remove the isAdditionalTaintStep predicate 2021-05-14 11:43:49 +00:00
Mathias Vorreiter Pedersen
5031b73f35 C++: Add barrier to cpp/uncontrolled-allocation-size that blocks flow when overflow isn't possible. 2021-05-14 13:43:20 +02:00
Erik Krogh Kristensen
3766678d60 move RegexpMetaChars into Regexp.qll 2021-05-14 13:23:36 +02:00
CodeQL CI
af0d31695a Merge pull request #5862 from asgerf/js/has-underlying-type 
Approved by erik-krogh, max-schaefer
 2021-05-14 04:10:43 -07:00
Robin Neatherway
f378513ea3 Add lines-of-code tags 
This is a proposed method for advertising which queries are measuring
the lines of code in a project in a more robust manner than inspecting
the rule id.

Note that the python "LinesOfUserCode" query should _not_ have this
property, as otherwise the results of the two queries will be summed.
 2021-05-14 11:20:43 +01:00
haby0
60fc607449 Modify ql 2021-05-14 18:17:05 +08:00
Erik Krogh Kristensen
33641c84f6 recognize sanitizing string replace call for regexp-injection 2021-05-14 11:58:27 +02:00
haby0
498c99e26c Add left value, Add return expression tracing flow 2021-05-14 16:31:59 +08:00
Ethan P
406fb1e383 Update with Go custom build options 2021-05-13 17:29:34 -04:00
Erik Krogh Kristensen
9d60ec035f fix casing on the uid regexp 2021-05-13 23:04:30 +02:00
Erik Krogh Kristensen
662e335424 keep python in sync 2021-05-13 22:54:39 +02:00
Erik Krogh Kristensen
51067af784 add "uid" (and friends) as maybe being sensitive account info 2021-05-13 22:34:10 +02:00
Geoffrey White
9cdf838981 C++: Bug fix. 2021-05-13 16:20:52 +01:00
Geoffrey White
a9d57450c8 C++: Autoformat. 2021-05-13 16:19:09 +01:00
CodeQL CI
9b0c24abc2 Merge pull request #5876 from erik-krogh/moreAxios 
Approved by asgerf
 2021-05-13 08:03:33 -07:00
Geoffrey White
3a83ff54e6 C++: Add support for class methods. 2021-05-13 16:02:00 +01:00
Geoffrey White
2576075b98 C++: Repair result message. 2021-05-13 15:52:28 +01:00
Geoffrey White
5d1ef49f8f C++: Add support for enum constants. 2021-05-13 15:42:42 +01:00
Tony Torralba
132a187586 Add missing QLDoc 2021-05-13 16:29:29 +02:00
Tony Torralba
50e1b42581 Add missing QLDoc 2021-05-13 15:37:16 +02:00
Tony Torralba
1fbdf6ecd0 Add change note 2021-05-13 15:13:25 +02:00
Tony Torralba
db732918af Add taint step for setExpression 2021-05-13 15:01:36 +02:00
Geoffrey White
e4d2c7cfc4 C++: Rewrite so that we look for additional evidence. 2021-05-13 13:19:39 +01:00
Geoffrey White
123889a671 C++: Fix 'triple DES' false positives. 2021-05-13 10:21:06 +01:00
haby0
02e415045f Delete RedirectBuilderFlowConfig 2021-05-13 15:48:15 +08:00
Geoffrey White
40cf29b625 C++: Rearrange the library. 2021-05-13 08:39:37 +01:00
haby0
effa2b162a Add spring url redirection detect 2021-05-13 09:55:37 +08:00
Taus
79cfe5aca2 Python: Limit py/use-of-input to Python 2 2021-05-12 21:23:16 +00:00
Taus
fad55b3635 Python: Reimplement py/use-of-input 2021-05-12 21:09:51 +00:00
Evgenii Protsenko
470e3eb089 [python] ClickHouseDriver.qll: add support for subclasses 2021-05-13 00:03:53 +03:00
Erik Krogh Kristensen
34fbafafde remove redundant "put" case 2021-05-12 22:34:44 +02:00
Evgenii Protsenko
2efa0ad105 [C++] Implement module ClickHouseDriver.qll 2021-05-12 22:36:24 +03:00
Taus
fe12e620dd Python: Avoid clobbering range in test 
This was an unwanted interaction between two unrelated tests, so I
switched to a different built-in in the second test. I also added a test
case that shows an unfortunate side effect of this more restricted
handling of built-ins.
 2021-05-12 18:42:10 +00:00