hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,032 Commits 1,741 Branches 165 Tags
57de628ab8f335804747b1a082f2caa9be00a2da
Commit Graph

2032 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Shannon
eefb45c94b Python: jinja2-without-escaping query: Clean up query and account for Template class in tests. 2018-11-28 10:46:44 +00:00
Mark Shannon
dff36e22ff Fix typo. 2018-11-28 10:46:44 +00:00
Mark Shannon
1080525d7d Python: Add missing test stub. 2018-11-28 10:45:48 +00:00
Mark Shannon
2518ac561e Python: Add change note for jinja2-autoescape query. 2018-11-28 10:45:48 +00:00
Mark Shannon
243280dc00 Python: New query to check for use of jinja2 templates without auto-escaping. 2018-11-28 10:45:19 +00:00
Max Schaefer
39f1c7904b JavaScript: Address review comments. 2018-11-28 09:44:58 +00:00
semmle-qlci
e66691a90c Merge pull request #551 from asger-semmle/js-extractor-shebang 
Approved by xiemaisi
 2018-11-28 08:49:44 +00:00
Max Schaefer
31d23b6295 JavaScript: Sort change notes alphabetically. 2018-11-28 08:16:31 +00:00
Max Schaefer
f9de1d44ca JavaScript: Add change notes. 2018-11-28 08:16:31 +00:00
Max Schaefer
f1c538a97b JavaScript: Restrict RemotePropertyInjection query to avoid double-reporting. 
This query now only flags user-controlled property and header writes, method calls are handled by the new unsafe/unvalidated method call queries.
 2018-11-28 08:16:31 +00:00
Max Schaefer
2889e07eb8 JavaScript: Add new query UnvalidatedDynamicMethodCall. 2018-11-28 08:16:31 +00:00
Dave Bartolomeo
5d997c7135 C++: Big QLDoc comment for ChiInstruction 2018-11-27 17:09:26 -08:00
Dave Bartolomeo
53cd5e9994 C++: Fix bug introduced by earlier commit 2018-11-27 14:57:58 -08:00
Dave Bartolomeo
7e6e6f00c1 C++: Fix IR for designated array initializers 2018-11-27 14:57:23 -08:00
Dave Bartolomeo
0a20f9ffbf C++: Print field names and element indices for aggregate literals in PrintAST 2018-11-27 13:26:18 -08:00
Dave Bartolomeo
90b79eb5f3 C++: Accept GVN test expectations with Chi nodes 2018-11-27 12:56:23 -08:00
Mark Shannon
31ac33e723 Merge pull request #528 from taus-semmle/python-flask-debug 
Python: Implement check for flask debug mode.
 2018-11-27 19:42:26 +00:00
Taus Brock-Nannestad
7f94c257a7 Change precision to high. 2018-11-27 19:02:44 +01:00
Taus
2b340b4804 Merge pull request #530 from markshannon/python-no-cert-validation 
New query to check for making a request without cert verification.
 2018-11-27 19:01:10 +01:00
Taus Brock-Nannestad
6ebf504d97 Update test results after stub change. 2018-11-27 16:59:19 +01:00
Taus Brock-Nannestad
8d341ab467 Fix stub file. 2018-11-27 16:56:09 +01:00
Asger F
623a80fe90 TS: declassify files with unrecognized shebang line 2018-11-27 14:59:03 +00:00
Taus Brock-Nannestad
b393d9ad04 Add change note. 2018-11-27 15:21:02 +01:00
Taus Brock-Nannestad
a4da245809 Python: Implement check for flask debug mode. 2018-11-27 15:14:38 +01:00
Max Schaefer
cf1e7cff3f JavaScript: Move an auxiliary predicate into shared library. 2018-11-27 12:03:25 +00:00
Mark Shannon
698957e2cf Python: Correct case of query name and improve help. 2018-11-27 11:32:40 +00:00
Geoffrey White
a85dfb1c4e Merge pull request #548 from jbj/security-tags-1.19 
C++: Update security tag in change note
 2018-11-27 11:13:56 +00:00
Jonas Jensen
c8e34bff6c C++: Update security tag in change note 
These two queries have the `security` tag in the `.ql` file, but it was
missing in the change note.
 2018-11-27 11:03:42 +01:00
Dave Bartolomeo
689002a22e C++: Fix handling of Chi instructions in sign analysis 2018-11-26 16:46:39 -08:00
Robert Marsh
f4ce7b9648 C++: respond to further PR review comments 2018-11-26 16:16:46 -08:00
Robert Marsh
7ef0d5e98d C++: respond to technical nits 2018-11-26 15:47:47 -08:00
Dave Bartolomeo
2b9afe95e8 C++: Accept test output after rebase 2018-11-26 12:08:19 -08:00
Robert Marsh
799eb06eea C++: add AliasedDefinition for aliased SSA 2018-11-26 12:08:19 -08:00
Robert Marsh
3ee033d96e C++: IR sanity fixes for Chi nodes 2018-11-26 12:08:19 -08:00
Robert Marsh
b401cd97f2 C++: use UnmodeledDefinition in UnmodeledUse 2018-11-26 12:08:19 -08:00
Robert Marsh
927f935e62 C++: hook ChiInstructions into the operand graph 2018-11-26 12:08:19 -08:00
Robert Marsh
a33b59103a C++: insert Chi nodes in the IR successor relation 
This commit adds Chi nodes to the successor relation and accounts for
them in the CFG, but does not add them to the SSA data graph. Chi nodes
are inserted for partial writes to any VirtualVariable, regardless of
whether the partial write reaches any uses.
 2018-11-26 12:08:18 -08:00
Dave Bartolomeo
1fb36ff7e7 C++: Add conservative side effects for function calls 2018-11-26 12:08:18 -08:00
Robert Marsh
f9ed39915f C++: recompute IRBlock membership at each stage 
This enables the addition of new instructions in later phases of IR
construction; in particular, aliasing write instructions and inference
instructions.
 2018-11-26 12:08:18 -08:00
Aditya Sharad
7aef8fa945 Merge pull request #547 from pavgust/fix/cwe-497-performance 
C++: Refactor CWE-497 for clarity and performance
 2018-11-26 17:13:27 +00:00
Mark Shannon
516b29d2c9 Merge pull request #544 from pavgust/fix/python-hotfixes 
Pull recent Python fixes to RC branch
 2018-11-26 16:18:13 +00:00
Max Schaefer
8e54c7ab6c Merge pull request #503 from asger-semmle/unsafe-global-object-access 
JS: add method name injection query
 2018-11-26 15:56:20 +00:00
Aditya Sharad
38095e2f96 Python: Add QL for VS workspace settings file. 2018-11-26 15:10:12 +00:00
Tom Hvitved
7dc0a8132e Merge pull request #513 from calumgrant/cs/cwe-134 
C#: New query cs/uncontrolled-format-string
 2018-11-26 14:58:54 +01:00
Max Schaefer
a1772a9ae4 Merge pull request #543 from markshannon/python-backward-compat-default 
Python: Add default.qll for backwards compatibility with older queries and libraries.
 2018-11-26 11:27:17 +00:00
Mark Shannon
4d8f5e1020 Python: Add default.qll for backwards compatibility with older queries and libraries. 2018-11-26 11:25:28 +00:00
Arthur Baars
8d7ace25bf Merge pull request #535 from adityasharad/merge/master-next-231118 
Merge master into next.
 2018-11-25 20:19:23 +01:00
Taus
f0fbed76e7 Merge pull request #539 from markshannon/python-path-fix-siblings 
Python: Fix parents relation for path queries.
 2018-11-23 17:59:04 +01:00
Aditya Sharad
c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
Taus
3cee874ee3 Merge pull request #536 from markshannon/python-more-shell-injection 
Python: Some additional sinks for command injection.
 2018-11-23 17:12:20 +01:00