hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-28 01:51:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
33,317 Commits 1,761 Branches 168 Tags
562f2fe4bb44f7c55640a027f23ecaf0d0bbd704
Commit Graph

33317 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
562f2fe4bb Remove additional path-injection sinks 2022-03-10 15:33:32 +00:00
Esben Sparre Andreasen
23c63c9962 Add benjamin-button.md 2022-03-10 15:33:32 +00:00
Esben Sparre Andreasen
e1d4fa9c0c Remove pseudo-properties 2022-03-10 15:33:32 +00:00
Esben Sparre Andreasen
c9a31cf689 Remove 2020 sinks from SqlInjection.ql 2022-03-10 15:33:32 +00:00
Esben Sparre Andreasen
d1d145ba81 Remove 2020 sinks from Xss.ql 2022-03-10 15:33:32 +00:00
Esben Sparre Andreasen
f36e730caa Remove 2020 sinks from TaintedPath.ql 2022-03-10 15:33:32 +00:00
tombolton
79f02f7320 make query names consistent with those in the endpoint pipeline 2022-03-10 15:32:02 +00:00
tombolton
fdec904a7a add new security queries to extraction query 2022-03-10 11:21:35 +00:00
tombolton
b4964aa2d9 add new queries to mapping query 2022-03-10 11:21:29 +00:00
tombolton
489dfbc33a update column names in encoding query 2022-03-10 11:21:29 +00:00
Esben Sparre Andreasen
514557dfc7 make boosted version of js/code-injection 
Changes generated with:

```
tb boost src/Security/CWE-094/CodeInjection.ql CodeInjectionSink
```
 2022-03-10 11:21:29 +00:00
Esben Sparre Andreasen
c8a95bea1b Boost StoredXss and XssThroughDomATM 
Produced with:
```
javascript/ql$tb boost src/Security/CWE-079/StoredXss.ql XssSink
javascript/ql$ tb boost src/Security/CWE-079/XssThroughDom.ql XssSink
```
 2022-03-10 11:21:29 +00:00
Tom Hvitved
f5fbf50d7d Ruby: Fix incorrect parsing of ranges 2022-03-08 19:53:17 +01:00
Tom Hvitved
89c3d0535a Ruby: Add regex test that outputs all RegExpTerms 2022-03-08 19:53:17 +01:00
Tom Hvitved
073302f196 Ruby: Add another regex consistency test 2022-03-08 19:53:17 +01:00
Tom Hvitved
a70ed71c01 Merge pull request #8370 from hvitved/ruby/regex-group-name-off-by-one 
Ruby: Fix off-by-one error in `getGroupName`
 2022-03-08 19:52:32 +01:00
Tom Hvitved
5f48cc06bb Ruby: Fix off-by-one error in getGroupName 2022-03-08 15:59:47 +01:00
Tom Hvitved
6dd126b6e3 Ruby: Add regex group tests 2022-03-08 15:59:28 +01:00
Tom Hvitved
86121164c5 Merge pull request #8364 from hvitved/ruby/fix-regex-parse 
Ruby: Fix regex parsing of `/[|]/`
 2022-03-08 15:26:29 +01:00
Michael Nebel
ec75bbc748 Merge pull request #8203 from michaelnebel/csharp/extractor-option-buildless 
C#: Refactoring - Move some of the standalone extractor code to the Standalone project.
 2022-03-08 14:32:59 +01:00
Mathias Vorreiter Pedersen
9e7b0925c6 Merge pull request #8366 from jketema/code-duplication-deprecated 
C++: Mark everything in CodeDuplication.qll as deprecated
 2022-03-08 12:47:50 +00:00
Jeroen Ketema
3877598c12 C++: Remove cpp/duplicated-lines-in-files which was deprecated over a year ago 2022-03-08 12:58:19 +01:00
Jeroen Ketema
b039b91fd8 C++: Add change note 2022-03-08 12:36:11 +01:00
Jeroen Ketema
df1e810f13 C++: Remove duplicate code queries that were deprecated over a year ago 2022-03-08 12:28:41 +01:00
Jeroen Ketema
d2e2866276 C++: Also deprecate TDuplicationOrSimilarity 2022-03-08 12:26:07 +01:00
Jeroen Ketema
55351ce835 Update cpp/ql/src/external/CodeDuplication.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-08 11:57:05 +01:00
Jeroen Ketema
2e73e35747 Update cpp/ql/src/external/CodeDuplication.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-08 11:56:55 +01:00
Jeroen Ketema
81783e828e C++: Mark everything in CodeDuplication.qll as deprecated 
Although we earlier added a comment to the classes in noting that
they are deprecated, we did not properly mark the classes as actually
being deprecated.

All predicates - except for 3 - depend on the classes being functional,
which they no longer are, so mark those a deprecated as well. The three
remaining predicates (`FunctionDeclarationEntry`, `numberOfSourceMethods`,
and `whitelistedLineForDuplication`) seem to be helpers, and are likely
not used when the library is not used, so mark those as deprecated as
well.
 2022-03-08 11:38:01 +01:00
Erik Krogh Kristensen
4734f1916e Merge pull request #7598 from erik-krogh/fieldOnlyUsedInCharPred 
QL: field only used in charPred
 2022-03-08 11:25:57 +01:00
Rasmus Wriedt Larsen
cbe3964a87 Merge pull request #8275 from haby0/py/add-ssrf-sinks 
Python: Add Server-side Request Forgery sinks
 2022-03-08 11:06:52 +01:00
Tom Hvitved
3bc8d0878f Ruby: Add regex consistency queries 2022-03-08 10:10:14 +01:00
Tom Hvitved
6d4eecff14 Ruby: Fix regex parsing of /[|]/ 2022-03-08 09:52:06 +01:00
Tom Hvitved
a7442b7a2b Ruby: Add regex test case for /[|]/ 2022-03-08 09:51:39 +01:00
Tom Hvitved
6aad8d6897 Merge pull request #8302 from aibaars/type-tracking-smallstep 
Ruby: TypeTracker: add smallstep for functions that return their arguments
 2022-03-07 17:26:45 +01:00
Mathias Vorreiter Pedersen
c7d624d314 Merge pull request #8247 from ihsinme/ihsinme-patch-80 
CPP: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
 2022-03-07 11:00:29 +00:00
Geoffrey White
e7dca435a9 Merge pull request #6950 from ihsinme/ihsinme-patch-078 
CPP: Add query for CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
 2022-03-07 10:55:29 +00:00
Arthur Baars
200a965fda Update expected output 2022-03-07 11:51:54 +01:00
Arthur Baars
95027e746c Ruby: TypeTracker: add smallstep for functions that return their arguments 2022-03-07 11:51:54 +01:00
Tom Hvitved
9c4c35141a Ruby: Update type tracker test 2022-03-07 11:51:54 +01:00
Tom Hvitved
64b458b166 Merge pull request #8319 from hvitved/csharp/recursive-qltest-extraction-change-note 
C#: Add change note about recursive `codeql test run` extraction
 2022-03-07 11:43:11 +01:00
Tom Hvitved
c1db0a9429 Merge pull request #8317 from hvitved/typetracker/jump-step 
Ruby/Python: Clear call contexts after jump steps in type tracking
 2022-03-07 11:38:51 +01:00
Tom Bolton
173f45f316 Merge pull request #8334 from github/tombolton/add-mapping-query 
JS: Add query that maps queries to sink type
 2022-03-07 10:35:37 +00:00
Mathias Vorreiter Pedersen
027c8247ae Merge pull request #8310 from jketema/update-stats 
C++: Update the DB scheme stats file
 2022-03-07 09:11:53 +00:00
Tony Torralba
08ce128d64 Merge pull request #8325 from JLLeitschuh/feat/JLL/improve_compile_time_constant 
[Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue
 2022-03-07 09:32:59 +01:00
haby0
7e6666bc63 Merge branch 'main' into py/add-ssrf-sinks 2022-03-07 12:09:14 +08:00
Tiferet Gazit
bbc712fdb3 Merge pull request #8297 from erik-krogh/atmPerf 
JS: Fix ATM timeout on NodeJS
 2022-03-04 10:41:35 -08:00
Mathias Vorreiter Pedersen
624795cbbf Merge pull request #8059 from rdmarsh2/rdmarsh2/cpp/insufficient-key-strength 
C++: new query for insufficient key strength
 2022-03-04 17:11:44 +00:00
Robert Marsh
280fdbfc1b C++: accept test output from perf improvement 
The last commit removed some source nodes from the dataflow graph, which
changed the test expectations slightly. No result changes occurred.
 2022-03-04 11:39:10 -05:00
Jonathan Leitschuh
38897f2ec1 Fixup tests from code review changes 2022-03-04 09:33:51 -05:00
Jonathan Leitschuh
17b6e66814 Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-03-04 09:29:57 -05:00