hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-17 10:51:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
23,837 Commits 1,780 Branches 169 Tags
89cea5cc1aa8214a02485189f3f3494de8086989
Commit Graph

23837 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sharad
b41a06a15c Python: Treat py/summary/lines-of-user-code as the primary summary metric 
Move the `lines-of-code` tag from `py/summary/lines-of-code`.
Code Scanning will eventually look for this tag.

The intent is to treat the number of lines of user code for Python as the summary of
how much code was analysed, ignoring both external libraries and generated code.
This matches the current baseline metric the CodeQL Action computes for Python.
We'll revisit this decision, and the baseline, if necessary.
 2021-05-27 13:20:24 -07:00
Erik Krogh Kristensen
79989cc3f4 CPP/Java: Fix getAPrimaryQlClass implementations 2021-05-27 21:36:27 +02:00
Rasmus Wriedt Larsen
ab73b10869 Merge pull request #5959 from github/igfoo/ReturnValueIgnored_python 
python: Correct the ReturnValueIgnored.qhelp docs
 2021-05-27 11:51:42 +02:00
Mathias Vorreiter Pedersen
4107e350cb C++: Add qldoc to NoThrowType. 2021-05-27 11:39:03 +02:00
Mathias Vorreiter Pedersen
71a860a356 C++: Exclude custom operator new allocators from the ThrowingAllocator class. 2021-05-27 11:23:11 +02:00
Evgenii Protsenko
efa657d47c C++: SqlPqxxTainted.ql Add namespace check 2021-05-27 00:13:54 +03:00
Mathias Vorreiter Pedersen
e01d7127e2 Merge pull request #5958 from github/igfoo/ReturnValueIgnored 
C++: Update the ReturnValueIgnored.qhelp docs to match the code
 2021-05-26 19:04:41 +02:00
Ian Lynagh
f0bec74ce3 python: Correct the ReturnValueIgnored.qhelp docs 2021-05-26 17:40:57 +01:00
Ian Lynagh
f9ede97fcd C++: Update the ReturnValueIgnored.qhelp docs to match the code 2021-05-26 17:38:49 +01:00
Rasmus Wriedt Larsen
795a1c7006 Merge pull request #5443 from jorgectf/jorgectf/python/ldapInjection 
Python: Add LDAP Injection query
 2021-05-26 11:52:31 +02:00
Rasmus Wriedt Larsen
f807c2f52b Python: autoformat 2021-05-26 11:07:48 +02:00
Rasmus Wriedt Larsen
d5f2846394 Merge branch 'main' into jorgectf/python/ldapInjection 2021-05-26 11:01:48 +02:00
ihsinme
9088475339 Update DoubleFree.qhelp 2021-05-26 09:44:03 +03:00
ihsinme
2909dde179 Update test.c 2021-05-26 09:31:15 +03:00
ihsinme
fbf95df537 Update DoubleFree.c 2021-05-26 09:27:20 +03:00
ihsinme
7c2100efd9 Apply suggestions from code review 
thanks for your corrections.
and of course sorry for my text.

Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-26 09:15:46 +03:00
Evgenii Protsenko
55045626df C++: SqlPqxxTainted.ql style fixes 2021-05-25 22:38:27 +03:00
Mathias Vorreiter Pedersen
b2bdf95a9d C++: Remove large antijoin in SwitchCase.getAStmt(). 2021-05-25 17:25:42 +02:00
Timo Mueller
75f6ec1f0d Updated test cases to include test for java10+ CREDENTIALS_FILTER_PATTERN constant 2021-05-25 17:08:58 +02:00
Timo Mueller
72901e3724 Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment 2021-05-25 16:41:17 +02:00
Timo Mueller
59ebe08c78 Added stup for RMIConnectorServer for valid test case 2021-05-25 16:40:41 +02:00
Rasmus Wriedt Larsen
1b3f857a2f Python: Promote ClickHouse SQL models 2021-05-25 16:27:23 +02:00
Rasmus Wriedt Larsen
eb1da152a0 Python: Rewrite ClickHouse SQL lib modeling 
This did turn into a few changes, that maybe could have been split into
separate PRs 🤷

* Rename `ClickHouseDriver` => `ClickhouseDriver`, to better follow
  import name in `.qll` name
* Rewrote modeling to use API graphs
* Split modeling of `aioch` into separate `.qll` file, which does re-use
  the `getExecuteMethodName` predicate. I feel that sharing code between
  the modeling like this was the best approach, and stuck the
  `INTERNAL: Do not use.` labels on both modules.
* I also added handling of keyword arguments (see change in .py files)
 2021-05-25 16:13:31 +02:00
Rasmus Wriedt Larsen
c9a9535dbc Python: Use ConceptsTests for ClickHouse SQL libs 
This did reveal a few places where we do not detect the incoming SQL
 2021-05-25 16:10:06 +02:00
Geoffrey White
2fd461e984 Merge pull request #5938 from MathiasVP/promote-access-of-memory-location-after-end-of-buffer-using-strncat 
C++: Promote `cpp/access-memory-location-after-end-buffer-strncat` out of experimental
 2021-05-25 14:36:53 +01:00
Tamás Vajk
1997f500c2 Merge pull request #5832 from tamasvajk/feature/csv-coverage-report 
Java: github action for CSV coverage report
 2021-05-25 14:51:19 +02:00
Anders Schack-Mulligen
d05f524759 Merge pull request #5941 from aschackmull/java/virt-disp-perf 
Java: Improve performance of virtual dispatch calculation.
 2021-05-25 14:44:51 +02:00
Rasmus Wriedt Larsen
ee3477c20a Python: Remove dummy clickhouse SQL injection query 2021-05-25 14:27:29 +02:00
Rasmus Wriedt Larsen
35793a10bb Merge pull request #5889 from japroc/python-clickhouse-driver 
Python: Implement module ClickHouseDriver.qll
 2021-05-25 14:25:28 +02:00
Mathias Vorreiter Pedersen
78cc8f01d6 C++: Shorter description. 2021-05-25 14:11:03 +02:00
Tamas Vajk
70b3066bb8 Add regenerated CSV reports 2021-05-25 13:38:22 +02:00
Tamas Vajk
8880d0055e Fix file formatting 2021-05-25 13:33:26 +02:00
Tamas Vajk
b17ffbd2a4 Include all .ql and .qll files in PR path triggers 2021-05-25 13:33:26 +02:00
Tamas Vajk
d4f1cbe8d8 Add updated coverage report 2021-05-25 13:33:26 +02:00
Tamas Vajk
511486d045 Rework file diff (show line differences) 2021-05-25 13:33:26 +02:00
Tamas Vajk
ce53586002 Refactor file comparison 2021-05-25 13:33:26 +02:00
Tamas Vajk
3db22ba482 Add Java coverage report files 2021-05-25 13:33:26 +02:00
Tamas Vajk
f09352620f Add comparison step to workflow 2021-05-25 13:33:26 +02:00
Tamas Vajk
f1911e338d Move and generate files to documentation folder + clean up after the script is executed 2021-05-25 13:33:26 +02:00
Tamas Vajk
6dc46ec1ee Add org.apache.commons.io to frameworks, and handle overlapping package prefixes 2021-05-25 13:33:25 +02:00
Tamas Vajk
663e6a8d73 Use non-breaking hyphen in CWE identifier 2021-05-25 13:33:25 +02:00
Tamas Vajk
dda401f62a Inline CSV table into RST page 2021-05-25 13:33:25 +02:00
Tamas Vajk
2e67a3216c Add option to manually trigger the workflow 2021-05-25 13:33:25 +02:00
Tamas Vajk
1297d1c744 Add framework and cwe static data 2021-05-25 13:33:25 +02:00
Tamas Vajk
2adb3e992a Code quality improvements on coverage report generator script 2021-05-25 13:33:25 +02:00
Tamas Vajk
d0a46eb7b7 Adjust formatting 2021-05-25 13:33:25 +02:00
Tamas Vajk
f26dba67ac Adjust 'Total' label to 'Totals' 2021-05-25 13:33:25 +02:00
Tamas Vajk
564fca0da4 Adjust workflow triggers and uploads 2021-05-25 13:33:25 +02:00
Tamas Vajk
ef414681be Add RST documentation page 2021-05-25 13:33:25 +02:00
Tamas Vajk
beea36191b Add CSV file with framework and CWE info to be used in RST file 2021-05-25 13:33:25 +02:00