hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 10:10:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,062 Commits 1,673 Branches 157 Tags
90d0cff3845cea63fc6a79f65260ec9fc60298ea
Commit Graph

17062 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
90d0cff384 Python: Use flask routing 2020-10-21 00:30:16 +02:00
Rasmus Lerchedahl Petersen
383d846396 Python: address review 
- smooth out future merge
- keyword argument for execute
 2020-10-21 00:15:05 +02:00
Rasmus Lerchedahl Petersen
e1dfbc0486 Python: address review 2020-10-20 23:59:44 +02:00
yoff
01845d1278 Update python/ql/src/experimental/semmle/python/frameworks/Django.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-20 21:43:15 +02:00
Rasmus Lerchedahl Petersen
5990241c8f Python: Support django models (with some caveats) 2020-10-20 03:20:00 +02:00
Rasmus Lerchedahl Petersen
d7308bddf2 Python: Add django sink with concept test 2020-10-19 21:34:55 +02:00
Rasmus Lerchedahl Petersen
646ced2a1d Python: Add concept test scaffold 2020-10-19 10:58:57 +02:00
Rasmus Lerchedahl Petersen
f17720f587 Python: Add test and fix filename 2020-10-19 10:58:57 +02:00
Rasmus Lerchedahl Petersen
d76b2c0023 Python: Add concept and port query 2020-10-19 10:58:57 +02:00
Chris Smowton
3e03db178f Merge pull request #4483 from smowton/smowton/admin/droid-webview-pr-rebase 
Rebase of #3706
 2020-10-19 09:29:04 +01:00
Mathias Vorreiter Pedersen
7942d7332a Merge pull request #4501 from dbartol/dbartol/PrintPartialFlow 
C++: Annotate IR with partial flow info
 2020-10-18 17:48:54 +02:00
Dave Bartolomeo
100f13f202 C++: Annotate IR with partial flow info 
I've added one more property to the annotations provided by `PrintIRLocalFlow.qll`: The `pflow` property will now be emitted for any operand or instruction for which `configuration.hasPartialFlow` determines that there is partial flow to that node. This requires that partial flow be enabled via overriding `Configuration::explorationLimit()` in order to display. Otherwise, you'll still just get the local flow info as before.
 2020-10-17 13:17:08 -04:00
Robert Marsh
7f2aa81d0b Merge pull request #4498 from dbartol/dbartol/PrintCallTargets 
C++: Print static call target for `Call` instruction in dumps
 2020-10-16 16:46:33 -04:00
Dave Bartolomeo
6a6eadcf50 C++: Print static call target for Call instruction in dumps 2020-10-16 11:53:27 -04:00
Chris Smowton
5a480bfb13 Give query an id and PathGraph query predicates 2020-10-16 16:19:58 +01:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Tom Hvitved
d91ea55f0c Merge pull request #4440 from aschackmull/dataflow/adaptive-field-precision 
Dataflow: Adaptive field flow precision
 2020-10-16 15:08:56 +02:00
CodeQL CI
1d9b0ce059 Merge pull request #4460 from max-schaefer/js/unsafe-shell-command-construction-infeasible-paths 
Approved by asgerf
 2020-10-16 05:05:29 -07:00
Anders Schack-Mulligen
2b19a48030 Merge pull request #3880 from hvitved/dataflow/precise-aps 
Data flow: Precise access paths
 2020-10-16 13:54:35 +02:00
Anders Schack-Mulligen
b352605d12 Dataflow: Code review fixes. 2020-10-16 13:45:51 +02:00
Anders Schack-Mulligen
664f04020f Revert "Dataflow: Count callables instead of nodes for fieldFlowBranchLimit." 
This reverts commit 1501a40de8.
 2020-10-16 12:51:50 +02:00
Anders Schack-Mulligen
1501a40de8 Dataflow: Count callables instead of nodes for fieldFlowBranchLimit. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
6aae51fa4f Dataflow: Sync. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
8f055f56b8 Dataflow: Adaptive field flow precision. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
b0f0f89dbc Dataflow: Minor pruning improvements. 2020-10-16 12:51:17 +02:00
Tom Hvitved
27fc610c0d Python: Update expected test output 2020-10-16 09:09:06 +02:00
Tom Hvitved
5f01fda1ef Data flow: Sync files 2020-10-16 09:05:02 +02:00
Tom Hvitved
82e56d4ebb Data flow: Simplify pathStep and pathIntoCallable 2020-10-16 09:05:02 +02:00
Anders Schack-Mulligen
94f110f739 Sync. 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
b4ecfaeda3 Dataflow: Remove inconsistent AccessPath.getType(). 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
d88c551f64 Dataflow: qldoc fix 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
98f10b29b8 Dataflow: Simplify SCC: remove some apa params. 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
4e2f786040 Dataflow: Precalculate AccessPath to avoid massive recursion. 2020-10-16 09:05:01 +02:00
Mathias Vorreiter Pedersen
ca534ccb03 C++: Update inline expectation comments 2020-10-16 09:05:01 +02:00
Tom Hvitved
570b624eb7 C++: Update expected test output 2020-10-16 09:05:01 +02:00
Tom Hvitved
d48a6a5555 C#: Update expected test output 2020-10-16 09:04:58 +02:00
Tom Hvitved
d608138c0c Data flow: Sync files 2020-10-16 09:03:13 +02:00
Tom Hvitved
a35a178080 Data flow: Precise access paths 2020-10-16 09:03:13 +02:00
Tom Hvitved
0dc066c515 Data flow: Rename AccessPath to AccessPathApprox 2020-10-16 09:03:13 +02:00
Aditya Sharad
a92a701c35 Merge pull request #4479 from github/lgtm.com 
Merge lgtm.com back into main
 2020-10-15 10:19:25 -07:00
Mathias Vorreiter Pedersen
da9e33a72c Merge pull request #4477 from dbartol/dbartol/PrintIRLocalFlow 
C++: Add ability to dump local dataflow info in IR dumps
 2020-10-15 17:38:16 +02:00
Rasmus Wriedt Larsen
5142bfaf01 Merge pull request #4453 from yoff/python-port-unsafe-deserialization 
Python: port unsafe deserialization
 2020-10-15 17:26:31 +02:00
Rasmus Wriedt Larsen
58baec5b06 Merge pull request #4364 from yoff/SharedDataflow_ArgumentPassing 
Python: Shared dataflow, argument passing
 2020-10-15 17:10:59 +02:00
Joe Farebrother
388f60f818 Merge pull request #4430 from joefarebrother/tainttrackingutils-refactor 
Java: Refactor part of TaintTrackingUtil.qll
 2020-10-15 16:05:38 +01:00
Rasmus Lerchedahl Petersen
89f5352324 Python: fix QL format 2020-10-15 16:41:41 +02:00
Dave Bartolomeo
f32a7be874 Fix formatting 2020-10-15 10:16:13 -04:00
luchua-bc
b359802dd4 Replace non-ASCII apostrophe in Java stub classes 2020-10-15 14:53:32 +01:00
luchua-bc
6f6ec9d51a Change the source class type and simplify the data-flow step 2020-10-15 14:53:32 +01:00
luchua-bc
f5e9690594 Update the doc comments 2020-10-15 14:53:32 +01:00
luchua-bc
c7750fd8c2 Fine tune the query 2020-10-15 14:53:32 +01:00