hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,714 Commits 1,703 Branches 162 Tags
6a6cd61d8373a74790bc2c810f15aa31eeaed126
Commit Graph

33714 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paul1nh0
6a6cd61d83 automated using CodeQL for VSCode extension 2022-03-23 09:37:45 +08:00
Paul1nh0
f2728f5284 delete some unused code 2022-03-22 23:20:30 +08:00
Paul1nh0
afe4a8435f Using globalValueNumber to match same arguments 2022-03-22 21:14:07 +08:00
Paul1nh0
d476493c3e Add double-fetch.ql under CWE-362 directory 2022-03-22 19:08:44 +08:00
Paul1nh0
dd4e82126c remove to another directory 2022-03-22 19:06:53 +08:00
Paul1nh0
2dad2c477b query description added 2022-03-22 19:06:03 +08:00
Paul1nh0
85b22647ac Add query for double-fetch vulnerability 2022-03-16 18:16:49 +08:00
Erik Krogh Kristensen
b45f56ac08 Merge pull request #8431 from erik-krogh/deadCode 
Delete dead code
 2022-03-15 20:09:06 +01:00
Mathias Vorreiter Pedersen
57922f56ee Merge pull request #8424 from ihsinme/ihsinme-patch-fix077 
Detection reduction on request
 2022-03-15 16:17:47 +00:00
Mathias Vorreiter Pedersen
05758181bb Merge pull request #7884 from rdmarsh2/rdmarsh2/template-implicit-copy-constructor 
C++: fix hasImplicitCopyConstructor for templates
 2022-03-15 15:32:05 +00:00
Anna Railton
a08246a2a7 Merge pull request #8448 from github/annarailton-patch-1 
Add docstring to `ExtractEndpointMapping.ql`
 2022-03-15 14:54:45 +00:00
Anna Railton
739d94e8f9 Add docstring to ExtractEndpointMapping.ql 2022-03-15 12:50:51 +00:00
Erik Krogh Kristensen
3067231b1a Merge pull request #8253 from erik-krogh/domWrite 
JS: merge hasDominatingWrite and hasDominatingAssignment
 2022-03-15 13:37:00 +01:00
Erik Krogh Kristensen
154d0171d3 Merge pull request #8438 from erik-krogh/apiDisable 
JS: add some API-nodes to js/disabling-certificate-validation
 2022-03-15 12:56:59 +01:00
Mathias Vorreiter Pedersen
9f014be7c7 Merge pull request #8447 from MathiasVP/add-missing-security-severity 
C++: Add missing `security-severity` tags
 2022-03-15 11:29:28 +00:00
Joe Farebrother
8acd8ea01f Merge pull request #8446 from joefarebrother/sensitive-logging 
Java: Add security severity to sensitive logging query
 2022-03-15 11:17:46 +00:00
Mathias Vorreiter Pedersen
7337ebd569 C++: Add missing 'security-severity' tags. 2022-03-15 10:54:36 +00:00
Mathias Vorreiter Pedersen
9642e59349 Merge pull request #8382 from MathiasVP/use-taint-configuration-in-three-more-queries 
C++: Use a `TaintTracking::Configuration` in three more queries
 2022-03-15 10:43:05 +00:00
Joe Farebrother
e4a16cc700 Add security severity 2022-03-15 10:42:41 +00:00
Tony Torralba
6d5414281e Merge pull request #8437 from atorralba/atorralba/missing-security-severity-query 
Added MissingSecurityMetadata query
 2022-03-15 11:42:41 +01:00
Henry Mercer
f38b498eed Merge pull request #8433 from github/henrymercer/js-atm-remove-isEffectiveSinkWithOverridingScore 
JS: Remove `isEffectiveSinkWithOverridingScore` from ML-powered libraries
 2022-03-15 10:04:30 +00:00
Tony Torralba
6f484d3d64 Merge pull request #8440 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-03-15 10:58:27 +01:00
Tony Torralba
fd4c9fd543 Cover a missing @tag security when @security-severity is used 2022-03-15 10:39:42 +01:00
Tony Torralba
82b2fd2d23 Exclude queries without precision 2022-03-15 10:22:10 +01:00
Mathias Vorreiter Pedersen
7e0e7d5004 Merge branch 'main' into use-taint-configuration-in-three-more-queries 2022-03-15 09:06:55 +00:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Tony Torralba
18165cbb46 Exclude examples folder 2022-03-15 09:14:11 +01:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper 
Rename all upper-case variables, and all lower-case modules
 2022-03-15 09:00:37 +01:00
github-actions[bot]
b10adfc8da Add changed framework coverage reports 2022-03-15 00:13:15 +00:00
Arthur Baars
3311fedda7 Merge pull request #8365 from aibaars/qldoc-test 
CI: add QLdoc test
 2022-03-14 23:36:01 +01:00
Erik Krogh Kristensen
195ce9c58a add some API-nodes to js/disabling-certificate-validation 2022-03-14 21:33:13 +01:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 
Post-release preparation for codeql-cli-2.8.3
 2022-03-14 21:05:09 +01:00
Tom Hvitved
d3d20c69dd Merge pull request #8425 from hvitved/csharp/structural-comparision-fix 
C#: Avoid combinatorial explosion in structural comparison library
 2022-03-14 20:10:40 +01:00
Henry Mercer
5102cadf8e Merge pull request #8404 from github/codeql-ci/js-atm-new-release 
JS: Bump version numbers of ML-powered packs after 0.1.0 release
 2022-03-14 17:32:37 +00:00
Tony Torralba
03f3535188 Added MissingSecuritySeverity query 2022-03-14 17:53:08 +01:00
Michael Nebel
bcdbfefb2b Merge pull request #8329 from michaelnebel/csharp/model-generator 
C#: Capture Summary models.
 2022-03-14 16:10:05 +01:00
Erik Krogh Kristensen
c93f29b1a1 fix typo in change note 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-14 16:03:45 +01:00
Joe Farebrother
d4b5eed3e4 Merge pull request #8410 from joefarebrother/sensitive-logging 
Java: Promote Sensitive Logging query
 2022-03-14 14:50:26 +00:00
Henry Mercer
8b1b2af2d8 JS: Remove isEffectiveSinkWithOverridingScore 
This was previously used in the ATM external API query, but is now dead
code.
 2022-03-14 14:25:36 +00:00
Erik Krogh Kristensen
8c28b93427 QL: rename query to ql/name-casing 2022-03-14 15:03:58 +01:00
Erik Krogh Kristensen
87987872c6 QL: use an/a correctly in the alert message 2022-03-14 15:03:07 +01:00
Erik Krogh Kristensen
93fcfc3012 QL: use negative char classes to generalize query to detect e.g. underscores 2022-03-14 15:00:27 +01:00
Mathias Vorreiter Pedersen
7593ebaa62 C++: Use 'getAstVariable' now that 'getASTVariable' is deprecated. 2022-03-14 13:38:27 +00:00
Chris Smowton
9f02ca0db2 Merge pull request #8357 from p0wn4j/jdbc-url-ssrf-sink 
Java: Add JDBC connection SSRF sinks
 2022-03-14 13:27:34 +00:00
Chris Smowton
ca8237b9de Make comment into qldoc 2022-03-14 13:14:31 +00:00
Mathias Vorreiter Pedersen
50b77761f1 C++: Port the 'predictable' barrier from 'DefaultTaintTracking' to 'cpp/unclear-array-index-validation' to prevent an explosion of new results. 2022-03-14 13:14:07 +00:00
Joe Farebrother
e4b762b5c5 Improve qldoc; make taint tracking 2022-03-14 13:10:34 +00:00
Michael Nebel
21bcaf6a0e C#/Java: After remaining code after rebase. 2022-03-14 14:08:49 +01:00
Michael Nebel
74352925e4 C#/Java: Remove inline from returnNodeEnclosingCallable. 2022-03-14 13:50:55 +01:00
Michael Nebel
48dc9d7057 C#/Java: Move containerContent to DataFlowPrivate. 2022-03-14 13:50:55 +01:00