hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,991 Commits 1,697 Branches 161 Tags
56d6fc951cc5457264ac439fd0cbe8f94db6727f
Commit Graph

22991 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
56d6fc951c Fixed some QLDoc 2021-06-03 10:22:15 +02:00
Tony Torralba
ae0a00e30a Added change note 2021-06-03 10:21:59 +02:00
Tony Torralba
d476459727 Use InlineExpectationsTest 2021-06-02 12:15:26 +02:00
Tony Torralba
b30c92e69e Refactored into MvelInjection.qll using CSV models 2021-06-02 11:33:01 +02:00
Tony Torralba
59e6e1ffac Moved from experimental 2021-06-02 09:58:30 +02:00
Tamás Vajk
348fab82fd Merge pull request #5970 from tamasvajk/feature/csv-coverage-impr 
Improve error reporting in CI check for CSV coverage report comparison
 2021-06-02 09:03:35 +02:00
Jonas Jensen
7282ad90d0 Merge pull request #5854 from dbartol/dbartol/smart-pointers/side-effects 
C++: Generate side effect instructions for smart pointer indirections
 2021-06-01 16:57:05 +02:00
Dave Bartolomeo
da14647e5a Merge pull request #5522 from github/rdmarsh2/cpp/ssa-reuse 
C++: reuse unaliased SSA results when computing aliased SSA
 2021-06-01 10:17:54 -04:00
Henning Makholm
534e771309 Merge pull request #5934 from github/hmakholm/pr/monotonic-agg 
QL language reference: add monotonic aggregate example
 2021-06-01 13:10:50 +02:00
Tamás Vajk
e7a349be2d Merge pull request #5978 from tamasvajk/fix/change-note-workflow 
Fix change note workflow to handle paginated results
 2021-06-01 12:50:32 +02:00
Anders Schack-Mulligen
ce509eb7e1 Merge pull request #5927 from aschackmull/dataflow/flowthrough-dispatch-perf 
Dataflow: Improve performance in flow-through pruning
 2021-06-01 11:46:22 +02:00
Anders Schack-Mulligen
a4661e1aca Merge pull request #5704 from edvraa/regexj 
Java: Regex injection
 2021-06-01 11:45:59 +02:00
Erik Krogh Kristensen
0b225419a3 Merge pull request #5977 from security-prince/patch-1 
Adding reference link for csurf
 2021-06-01 11:07:36 +02:00
Tom Hvitved
5771b0420f Merge pull request #5936 from hvitved/csharp/cfg/perf-tweaks 
C#: Various CFG related performance tweaks
 2021-06-01 11:06:01 +02:00
Anders Schack-Mulligen
5d21c64247 Dataflow: qldoc fix. 2021-06-01 10:49:47 +02:00
Tamas Vajk
bc02f28ddd Fix change note workflow to handle paginated results 2021-06-01 10:44:44 +02:00
Jonas Jensen
2261085cfe Merge pull request #5973 from MathiasVP/more-uncontrolled-arith-improvements 
C++: More `cpp/uncontrolled-arithmetic` improvements
 2021-06-01 10:44:29 +02:00
Anders Schack-Mulligen
4f9a6c151b Dataflow: Code review fixes. 2021-06-01 10:29:17 +02:00
Mathias Vorreiter Pedersen
8765c33847 C++: Also check the number of parameters to keep the tests happy. 2021-06-01 10:17:57 +02:00
Ishaq Mohammed
96150a455d Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-06-01 13:47:43 +05:30
Ishaq Mohammed
975355de4a Adding reference link for csurf 2021-06-01 13:41:25 +05:30
Mathias Vorreiter Pedersen
615c805b2c C++: Only use std::rand as a source of randomness. 2021-06-01 09:28:06 +02:00
Henning Makholm
70b9739d2d QL language reference: add monotonic aggregate example 
It's easier to understand what's going on if we start with a
(contrived) example that _doesn't_ involve recursion.
 2021-05-31 21:23:08 +02:00
Mathias Vorreiter Pedersen
41c93d92d7 C++: Remove FPs from right shifts and explicitly bounded random functions. 2021-05-31 15:40:02 +02:00
Mathias Vorreiter Pedersen
10755ece88 C++: Add testcase with bounded randomness source. 2021-05-31 15:33:39 +02:00
Anders Schack-Mulligen
683f853fa5 Dataflow: Fix another bad join order. 2021-05-31 15:14:13 +02:00
Mathias Vorreiter Pedersen
6d7b95c15d Merge pull request #5966 from erik-krogh/overrideConsistency 
CPP/C#: make some parameter names consistent with the names used in the super class
 2021-05-31 11:57:10 +02:00
Jonas Jensen
4e502d10d6 Merge pull request #5951 from MathiasVP/optimize-switcCase-getAStmt 
C++: Remove large antijoin in `SwitchCase.getAStmt`
 2021-05-31 11:50:32 +02:00
Taus
bae3728e3c Merge pull request #5945 from RasmusWL/minor-qldoc-cleanup 
Python: Minor QLDoc cleanup
 2021-05-31 11:40:44 +02:00
Taus
d9911a016e Merge pull request #5933 from RasmusWL/expand-use-of-input-test 
Python: Expand test of py/use-of-input
 2021-05-31 11:39:33 +02:00
Mathias Vorreiter Pedersen
b4e4c12d0f C++: Use a rank aggregate for a much better implementation. 2021-05-31 11:17:09 +02:00
Jonas Jensen
f97b8ad1d4 Merge pull request #5961 from MathiasVP/fix-FPs-in-incorrect-allocation-error-handling 
C++: Exclude custom `operator new` from `cpp/incorrect-allocation-error-handling`
 2021-05-31 10:54:59 +02:00
Mathias Vorreiter Pedersen
66d284ee59 Merge pull request #5766 from ihsinme/ihsinme-patch-267 
CPP: Add query for CWE-415 Double Free
 2021-05-31 10:51:32 +02:00
ihsinme
d808a5b131 Update cpp/ql/test/experimental/query-tests/Security/CWE/CWE-415/semmle/tests/test.c 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-31 11:16:38 +03:00
Mathias Vorreiter Pedersen
175fdbb105 C++: Replace exists(not ...) with not exists(...). 2021-05-31 09:54:24 +02:00
Tamas Vajk
18931e39c8 Improve error reporting in CI check for CSV coverage report comparison 2021-05-31 09:52:14 +02:00
Henry Mercer
263699d8bc Merge pull request #5914 from github/henrymercer/code-scanning-diagnostic-queries 
Code Scanning selectors: Include diagnostic queries
 2021-05-28 18:53:11 +01:00
Mathias Vorreiter Pedersen
64975e5c1e Merge pull request #5842 from japroc/cpp-pqxx-sqli-sink 
C++: SqlPqxxTainted query searches for sql injections via pqxx connector to postgres
 2021-05-28 17:01:27 +02:00
Erik Krogh Kristensen
b947334eea CPP: make some parameter names consistent with the names used in the super class 2021-05-28 16:48:47 +02:00
Rasmus Wriedt Larsen
6e9d74403a Merge pull request #5963 from adityasharad/python/lines-of-user-code 
Python: Treat `py/summary/lines-of-user-code` as the primary summary metric
 2021-05-28 11:08:35 +02:00
Jonas Jensen
eda25bb402 Merge pull request #5962 from erik-krogh/getAPrimaryQlClass 
CPP/Java: Fix getAPrimaryQlClass implementations
 2021-05-28 09:31:16 +02:00
Aditya Sharad
b41a06a15c Python: Treat py/summary/lines-of-user-code as the primary summary metric 
Move the `lines-of-code` tag from `py/summary/lines-of-code`.
Code Scanning will eventually look for this tag.

The intent is to treat the number of lines of user code for Python as the summary of
how much code was analysed, ignoring both external libraries and generated code.
This matches the current baseline metric the CodeQL Action computes for Python.
We'll revisit this decision, and the baseline, if necessary.
 2021-05-27 13:20:24 -07:00
Erik Krogh Kristensen
79989cc3f4 CPP/Java: Fix getAPrimaryQlClass implementations 2021-05-27 21:36:27 +02:00
Rasmus Wriedt Larsen
ab73b10869 Merge pull request #5959 from github/igfoo/ReturnValueIgnored_python 
python: Correct the ReturnValueIgnored.qhelp docs
 2021-05-27 11:51:42 +02:00
Mathias Vorreiter Pedersen
4107e350cb C++: Add qldoc to NoThrowType. 2021-05-27 11:39:03 +02:00
Mathias Vorreiter Pedersen
71a860a356 C++: Exclude custom operator new allocators from the ThrowingAllocator class. 2021-05-27 11:23:11 +02:00
Evgenii Protsenko
efa657d47c C++: SqlPqxxTainted.ql Add namespace check 2021-05-27 00:13:54 +03:00
Mathias Vorreiter Pedersen
e01d7127e2 Merge pull request #5958 from github/igfoo/ReturnValueIgnored 
C++: Update the ReturnValueIgnored.qhelp docs to match the code
 2021-05-26 19:04:41 +02:00
Ian Lynagh
f0bec74ce3 python: Correct the ReturnValueIgnored.qhelp docs 2021-05-26 17:40:57 +01:00
Ian Lynagh
f9ede97fcd C++: Update the ReturnValueIgnored.qhelp docs to match the code 2021-05-26 17:38:49 +01:00