hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-23 19:32:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,346 Commits 1,686 Branches 158 Tags
93a67101e7a4b7d0c19666e0d7378f14911bb59e
Commit Graph

43346 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
93a67101e7 add a QL-for-QL query highlighting some issues with alert-texts 2022-09-13 15:24:15 +02:00
erik-krogh
338aead8cc add more guidance to the style-guide about alert messages 2022-09-13 15:22:43 +02:00
Erik Krogh Kristensen
46751e515c Merge pull request #10388 from erik-krogh/exportNew 
JS: recognize returning an instance of a class as exporting that class
 2022-09-13 13:45:16 +02:00
Erik Krogh Kristensen
2739b9cfd8 Merge pull request #10390 from erik-krogh/unmentionedGuard 
QL: add unmentioned guard class query
 2022-09-13 11:04:13 +02:00
Erik Krogh Kristensen
86417cec34 Merge pull request #10381 from erik-krogh/protoList 
JS: recognize a list of bad strings as a sanitizer for `js/prototype-polluting-assignment`
 2022-09-13 11:00:29 +02:00
Mathias Vorreiter Pedersen
7f6b400b78 Merge pull request #10366 from MathiasVP/use-use-flow-in-experimental 
C++: Use-use flow in `experimental`
 2022-09-13 09:30:48 +01:00
Erik Krogh Kristensen
dd5da79e46 recognize setters and getters of a class as exported 
Co-authored-by: Asger F <asgerf@github.com>
 2022-09-13 10:04:02 +02:00
erik-krogh
dd5db2e6d7 add to isSanitizerGuard 2022-09-13 07:27:51 +02:00
erik-krogh
3eb7675292 rename to DenyListInclusionGuard 2022-09-13 07:27:31 +02:00
erik-krogh
a567c132c1 fix all ql/unmentioned-guard 2022-09-12 22:42:46 +02:00
erik-krogh
9446cad32e add ql/unmentioned-guard class 2022-09-12 22:39:20 +02:00
Arthur Baars
e07e6c9053 Merge pull request #10382 from RasmusWL/ruby-typo-fix 
Ruby: Fix typo in QLDoc
 2022-09-12 19:04:37 +02:00
Erik Krogh Kristensen
bb3753a682 Merge pull request #10317 from erik-krogh/py-unqueryable 
PY: deprecate a bunch of unused code
 2022-09-12 17:44:59 +02:00
erik-krogh
ceda5f69fc recognize returning an instanceof of a class as exporting that class 2022-09-12 17:31:51 +02:00
Mathias Vorreiter Pedersen
6e4b3c242f Merge pull request #10377 from geoffw0/deprecate-pointsto 
C++: Put a warning on the PointsTo library.
 2022-09-12 16:25:40 +01:00
Edward Minnix III
eadb8a3988 Merge pull request #10106 from egregius313/egregius313/android-backup-allowed 
Java: Query to detect Android backup allowed
 2022-09-12 11:14:03 -04:00
Mathias Vorreiter Pedersen
d2b150eaf5 C++: Fix QLDoc on the model predicates used by the new experimental use-use code. 2022-09-12 16:00:49 +01:00
Mathias Vorreiter Pedersen
bb1c088fe0 C++: Undo changes to iterator models. 2022-09-12 15:58:49 +01:00
Cornelius Riemenschneider
a8a7909d33 Merge pull request #10364 from github/criemen/remove-legacy-tracing-specs 
Go: Remove the legacy tracer configuration files.
 2022-09-12 15:55:12 +02:00
Tamás Vajk
4569b9585f Merge pull request #10313 from tamasvajk/kotlin-fix-vararg 
Kotlin: Fix `vararg` extraction outside of method call
 2022-09-12 15:54:50 +02:00
Tamás Vajk
ed772e54d1 Merge pull request #10328 from tamasvajk/kotlin-kfunction-fix 
Kotlin: fix `KFunctionX.invoke` extraction
 2022-09-12 15:54:33 +02:00
erik-krogh
05ef76cbca add change-note 2022-09-12 15:41:28 +02:00
Geoffrey White
842af4bf74 C++: Specifically suggest DataFlow as an alternative. 2022-09-12 14:25:45 +01:00
AlexDenisov
be21b26d46 Merge pull request #10045 from github/alexdenisov/swift-cwe-757 
Swift: CWE-757: insecure TLS configuration
 2022-09-12 15:25:15 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Rasmus Wriedt Larsen
03cc4a2f7a Ruby: Fix typo in QLDoc 2022-09-12 14:35:20 +02:00
AlexDenisov
568eb3a118 Update swift/ql/src/queries/Security/CWE-757/InsecureTLS.qhelp 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-09-12 14:00:29 +02:00
erik-krogh
98243118b2 recognize a list of bad strings as a sanitizer for js/prototype-polluting-assignment 2022-09-12 13:41:07 +02:00
Erik Krogh Kristensen
3384521fb6 Merge pull request #10357 from erik-krogh/typos 
make a shared library of the typo database
 2022-09-12 11:24:03 +02:00
Erik Krogh Kristensen
cb95e8f263 Merge pull request #10351 from erik-krogh/moreMains 
JS: find a main module in more cases
 2022-09-12 11:01:17 +02:00
Arthur Baars
7ca2e4c51f Merge pull request #9953 from aibaars/update-grammar 
Update tree-sitter-ruby
 2022-09-12 10:51:37 +02:00
Mathias Vorreiter Pedersen
c988547e9c C++: Accept test changes. 2022-09-11 18:31:53 +01:00
Geoffrey White
8ac3e10896 C++: Put a warning on the PointsTo library. 2022-09-09 18:03:23 +01:00
Mathias Vorreiter Pedersen
6dcfe0348b C++: Copy over the required changes to non-experimental libraries. 2022-09-09 17:26:58 +01:00
Mathias Vorreiter Pedersen
5509562fe6 C++: Repair a few broken models that were incorrectly a pointer 
as tainted (instead of the pointee), or vice versa. Because of
existing dataflow pointer/pointee conflation we never noticed that,
but since this PR removes those imprecisions we now need to update
these models.
 2022-09-09 17:04:36 +01:00
Ed Minnix
817f12cae6 Updated expectations file with new message 
The warning message for the `android:allowBackup` query was updated.
This updates the message in the expectations file.
 2022-09-09 11:35:48 -04:00
Ian Lynagh
c7e3051edd Merge pull request #10239 from tamasvajk/kotlin-fix-declaration-stack 
Kotlin: Fix declaration stack
 2022-09-09 16:03:31 +01:00
Tamás Vajk
05fcbdd9e3 Merge pull request #10365 from tamasvajk/kotlin-fix-isUnspecialised-2 
Kotlin: Fix `isUnspecialised` to handle generic classes inside generic methods
 2022-09-09 16:27:19 +02:00
Edward Minnix III
08a17b355e allowBackup documentation updates 
Make error messages and descriptions clearer about application backups not being disabled, rather than focusing on `android:allowBackup` specifically.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-09 09:30:49 -04:00
Mathias Vorreiter Pedersen
6d313ace2d C++: Copy the new use-use flow code to experimental. 2022-09-09 14:20:10 +01:00
Rasmus Wriedt Larsen
89a331f186 Merge pull request #10359 from tausbn/python-clean-up-import-resolution 
Python: Clean up module resolution
 2022-09-09 15:09:43 +02:00
Tamas Vajk
b8b0fd8a74 Kotlin: Fix isUnspecialised to handle generic classes inside generic methods 2022-09-09 14:32:38 +02:00
Tony Torralba
569fad667a Merge pull request #10360 from atorralba/atorralba/fix-taint-implicit-reads 
Dataflow: Fix implicit reads in taint tracking when FlowStates are used
 2022-09-09 14:28:39 +02:00
erik-krogh
5010f89683 move resolveMainPath into a separate helper predicate 2022-09-09 14:26:07 +02:00
erik-krogh
6a2fa2e37d add -dev to the codeql/typos version 2022-09-09 12:33:43 +02:00
Cornelius Riemenschneider
bc7fcaa06f Go: Remove the legacy tracer configuration files. 2022-09-09 11:13:01 +02:00
Tamas Vajk
3267d7c96e Kotlin: Add test case with various nested generics 2022-09-09 11:09:50 +02:00
Michael Nebel
15db520a58 Merge pull request #10362 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-09-09 11:06:09 +02:00
Tony Torralba
1078cf091e Add change notes for all languages 2022-09-09 10:28:36 +02:00
Erik Krogh Kristensen
9893650f7c Merge pull request #8604 from erik-krogh/httpNode 
JS: refactor most library models away from AST nodes
 2022-09-09 10:04:17 +02:00