hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,139 Commits 1,712 Branches 163 Tags
56ff8cf0844ad235aacccd66f092db2b88f05434
Commit Graph

14139 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luke Cartey
56ff8cf084 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-12 13:12:06 +01:00
lcartey@github.com
6b6172fa5b Java: ExternalAPIs: Further review comments 
- Extra qldoc
 - Remove unnecessary module
 2020-08-12 09:21:14 +01:00
lcartey@github.com
e1d4b98923 Java: Add further missing </p> to qhelp 2020-08-11 15:28:55 +01:00
lcartey@github.com
8a65dd2cd6 Java: Address review comments 2020-08-11 15:28:06 +01:00
Luke Cartey
5a96ee1a7b Remove parameter names from signatures 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:41:40 +01:00
Luke Cartey
368572f1f0 Update java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:40:59 +01:00
Luke Cartey
7928a02424 Add missing full stop. 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-08-04 09:40:51 +01:00
Luke Cartey
e0c081a2af Add missing </p> tag 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-04 09:40:28 +01:00
lcartey@github.com
b242a61701 Java: Untrusted data used in external APIs 
This commit adds two queries for identifying external APIs which are
used with untrusted data.

These queries are intended to facilitate a security review of the
application, and will report any external API which is called with
untrusted data. The purpose of this is to:
 - review how untrusted data flows through this application
 - identify opportunities to improve taint modeling of sinks and taint
   steps.
As a result this is not suitable for integration into a developer
workflow, as it will likely have high false positive rate, but it may
help identify false negatives for other queries.
 2020-07-03 17:32:08 +01:00
semmle-qlci
04a0d47ab9 Merge pull request #3870 from hvitved/csharp/cfg/cond-out-param 
Approved by calumgrant
 2020-07-02 18:48:05 +01:00
Taus
ba634af86e Merge pull request #3362 from RasmusWL/python-keyword-only-args 
Python: properly support keyword only arguments
 2020-07-02 18:21:59 +02:00
semmle-qlci
b5c8f2238b Merge pull request #3805 from esbena/js/seal-freeze-flow 
Approved by asgerf
 2020-07-02 13:54:54 +01:00
Rasmus Wriedt Larsen
513c2974bd Merge branch 'master' into python-keyword-only-args 2020-07-02 14:48:32 +02:00
Rasmus Wriedt Larsen
b2f8638ff0 Python: Update dbscheme with new comment 2020-07-02 14:17:55 +02:00
Taus
eecc3ca5dd Merge pull request #3503 from RasmusWL/python-fix-django-taint-sinks 
Python: Fix django taint sinks
 2020-07-02 13:32:35 +02:00
Tom Hvitved
527a099a26 C#: Fix CFG for conditional method calls with out parameters 2020-07-02 13:12:53 +02:00
Tom Hvitved
090205d9e9 C#: Add CFG test for conditional call to method with out parameter 2020-07-02 13:09:40 +02:00
semmle-qlci
97128b1475 Merge pull request #3829 from asger-semmle/js/xss-substr 
Approved by erik-krogh
 2020-07-02 11:58:32 +01:00
Rasmus Wriedt Larsen
26b7a301d6 Merge branch 'master' into python-keyword-only-args 2020-07-02 12:27:02 +02:00
Tom Hvitved
d01904d404 Merge pull request #3846 from hvitved/csharp/autobuilder-refactor 
C#: Factor C++ parts out of autobuilder
 2020-07-02 12:02:04 +02:00
Rasmus Wriedt Larsen
67be45f045 Merge branch 'master' into python-fix-django-taint-sinks 2020-07-02 11:55:42 +02:00
Rasmus Wriedt Larsen
9a82927187 Python: Autoformat 2020-07-02 11:54:41 +02:00
Rasmus Wriedt Larsen
a947d151e5 Python: Django changes now backwards compatible deprecation 2020-07-02 11:53:25 +02:00
Rasmus Wriedt Larsen
4a7bfbe091 Python: Use .matches instead of .indexOf() = 0 2020-07-02 11:43:23 +02:00
Anders Schack-Mulligen
50fee5c4a1 Merge pull request #3817 from Marcono1234/patch-1 
Fix outdated query console link
 2020-07-02 11:41:19 +02:00
semmle-qlci
0bf1f75274 Merge pull request #3850 from aschackmull/dataflow/doc 
Approved by hvitved
 2020-07-02 09:04:35 +01:00
semmle-qlci
bfb734e1d7 Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3 
Approved by erik-krogh
 2020-07-02 08:30:45 +01:00
Anders Schack-Mulligen
c78427569e Update docs/ql-libraries/dataflow/dataflow.md 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2020-07-02 09:24:33 +02:00
Jonas Jensen
2bd84a3a5e Merge pull request #3865 from geoffw0/bufferwrite-fixup 
C++: 'modelling' -> 'modeling' part 2.
 2020-07-02 08:37:19 +02:00
Jonas Jensen
62a656de0f Merge pull request #3860 from dbartol/codeql-c-analysis-team/40/2 
C++: QLDoc cleanup
 2020-07-02 08:32:44 +02:00
semmle-qlci
45ef3ec4a8 Merge pull request #3619 from erik-krogh/CWE022-Correctness 
Approved by asgerf
 2020-07-01 20:07:58 +01:00
Tom Hvitved
398a95c65f C#: Remove unused field 2020-07-01 20:06:46 +02:00
Tom Hvitved
498ee9b5f5 C#: Factor C++ parts out of autobuilder 2020-07-01 20:06:46 +02:00
Geoffrey White
a260df9035 C++: 'modelling' -> 'modeling'. 2020-07-01 17:49:22 +01:00
Mathias Vorreiter Pedersen
bb9c8881d6 Merge pull request #3786 from geoffw0/bufferwritecleanup 
C++: Clean up BufferWrite.qll
 2020-07-01 18:33:26 +02:00
Dave Bartolomeo
f0215d1748 C++: Fix typo 2020-07-01 11:57:56 -04:00
Geoffrey White
8d8e47dc29 C++: QLDoc other straightforward model implementations. 2020-07-01 16:25:24 +01:00
Geoffrey White
e39c115746 C++: QLDoc Strcpy (as demanded by the tests). 2020-07-01 16:23:50 +01:00
semmle-qlci
66a6fe7317 Merge pull request #3853 from max-schaefer/js/canonical-names 
Approved by asgerf
 2020-07-01 16:08:59 +01:00
Dave Bartolomeo
566d7fad63 C++: Autoformat some more 2020-07-01 10:14:35 -04:00
Shati Patel
6429fe48aa Merge pull request #3862 from shati-patel/shati-patel-patch-1 
Small terminology update
 2020-07-01 14:58:50 +01:00
Max Schaefer
a6d8073987 JavaScript: Make getADefinition and getAnAccess available on all CanonicalNames. 2020-07-01 14:42:03 +01:00
Esben Sparre Andreasen
3ca6031ae5 JS: rename predicate 2020-07-01 15:27:28 +02:00
Esben Sparre Andreasen
75451e349a JS: teach the dataflow library identity functions Object.freeze/seal 2020-07-01 15:27:28 +02:00
Esben Sparre Andreasen
33c52761d4 JS: more dataflow and global access path testing 2020-07-01 15:26:25 +02:00
Anders Schack-Mulligen
20aed81476 Merge pull request #3863 from intrigus-lgtm/patch-2 
Fix typo, add Oxford comma
 2020-07-01 15:01:49 +02:00
intrigus-lgtm
cabd275baa Fix typo, add Oxford comma 2020-07-01 14:49:09 +02:00
Anders Schack-Mulligen
4aac70d3da Dataflow: update doc based on review. 2020-07-01 14:45:49 +02:00
Shati Patel
5af5f40ae1 Small terminology update 2020-07-01 13:41:50 +01:00
Anders Schack-Mulligen
7d057598d8 Merge pull request #3857 from jbj/flowthrough-bigstep-perf 
C++: Remove big-step relation in flow-through code
 2020-07-01 14:23:23 +02:00