hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,844 Commits 1,741 Branches 166 Tags
9533f12e2427357f5ad2fffa3956caafbc4b2415
Commit Graph

24844 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
f5f255d93d JS: Rename getPrefix -> getNamespace 2021-08-03 08:51:35 +02:00
Asger F
ff17d298b0 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-08-03 08:45:56 +02:00
github-actions[bot]
cd65baf481 Add changed framework coverage reports 2021-08-03 00:07:34 +00:00
Ethan Palm
2c6977e5e2 Merge pull request #6327 from ethanpalm/cwe-coverage-tables 
CodeQL: Display CWE coverage information by language
 2021-08-02 18:00:01 -04:00
Erik Krogh Kristensen
87c0c60c22 don't report dummy authentication headers as hardcoded-crendentials 2021-08-02 22:56:14 +02:00
Erik Krogh Kristensen
f719e0ca1b remove nunjucks template URLs from the target-blank query 2021-08-02 22:46:59 +02:00
Ethan P
6a6993248d Add note to readme about CWE coverage tables 2021-08-02 13:34:26 -07:00
Chris Smowton
fad1622730 Merge pull request #5435 from haby0/DynamicallyLoadedClasses 
Java: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
 2021-08-02 16:04:30 +01:00
Tony Torralba
08bdd1aa7a Merge branch 'main' into atorralba/promote-ognl-injection 2021-08-02 16:05:38 +02:00
Tony Torralba
8b50b3d00f Add jackson-core to test dependencies 2021-08-02 16:04:49 +02:00
Geoffrey White
904db788ec Merge branch 'main' into impropnull 2021-08-02 15:00:12 +01:00
Chris Smowton
09a873138d Add missing qldoc 2021-08-02 14:48:42 +01:00
Chris Smowton
170bb43393 Update java/ql/test/library-tests/frameworks/json-java/test.ql 
Remove unnecessary import

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-02 14:46:38 +01:00
Chris Smowton
8a78075d3d Remove redundant method taint flow specifications 2021-08-02 14:30:31 +01:00
Mathias Vorreiter Pedersen
bbbbeda7c3 Merge pull request #6385 from MathiasVP/more-FieldConfiguration-sources 
C++: Fix missing local flow in AST dataflow
 2021-08-02 15:22:07 +02:00
Anders Schack-Mulligen
53e6ddfeb6 Merge pull request #6001 from atorralba/atorralba/promote-mvel-injection 
Java: Promote MVEL injection query from experimental
 2021-08-02 14:40:26 +02:00
Tony Torralba
f4b78ef3bd Fix stubs 2021-08-02 14:12:05 +02:00
Tony Torralba
9b384d84cc Merge branch 'main' into atorralba/promote-ognl-injection 2021-08-02 14:06:45 +02:00
Tony Torralba
351a24558d Add tests for JacksonSerializability 
Upgraded jackson stubs to 2.12
 2021-08-02 14:03:30 +02:00
Tony Torralba
632ae747c7 Fix JacksonModel duplicate row 2021-08-02 12:53:30 +02:00
Anders Schack-Mulligen
3b676d432f Merge pull request #5900 from artem-smotrakov/unsafe-jackson-deserialization 
Java: Unsafe deserialization with Jackson
 2021-08-02 12:45:30 +02:00
Anders Schack-Mulligen
0a1c754de8 Merge pull request #6395 from github/bmuskalla/fixTypoInVariables 
Fix typo in variables documentation
 2021-08-02 12:30:14 +02:00
Benjamin Muskalla
d678cdc815 Update variables.rst 2021-08-02 12:07:09 +02:00
Tom Hvitved
7a475eb0a2 C#: Fix CSV overrides logic 2021-08-02 10:35:21 +02:00
Tom Hvitved
df29538840 C#: Add test that exhibits bug in CSV overrides logic 2021-08-02 10:35:21 +02:00
Anders Schack-Mulligen
6c973b59ac Update java/ql/src/semmle/code/java/frameworks/Jackson.qll 2021-08-02 10:16:42 +02:00
Anders Schack-Mulligen
26881ec220 Merge pull request #6389 from github/yo-h-patch-1 
Java: update `frameworks.rst` with Jackson
 2021-08-02 10:07:02 +02:00
Tony Torralba
9fadb26325 Fix qhelp sample 2021-08-02 10:00:59 +02:00
Tony Torralba
4435853c8a Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-08-02 09:56:40 +02:00
ihsinme
098773dd10 Update FindIncorrectlyUsedSwitch.ql 2021-08-01 15:04:30 +03:00
ihsinme
80eb4907c0 Update FindIncorrectlyUsedSwitch.expected 2021-08-01 15:03:30 +03:00
ihsinme
5c71a7c024 Update test.c 2021-08-01 15:02:41 +03:00
Artem Smotrakov
7959e76da8 Better qldoc in UnsafeDeserializationQuery.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 09:30:59 +02:00
Fosstars
a4b0041120 Better looksLikeResolveClassStep() predicate 2021-07-30 09:28:03 +02:00
Fosstars
1d3eb570bf hasJsonTypeInfoAnnotation() should check fields recursively 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 08:30:40 +02:00
yo-h
6a18b33616 Java: update frameworks.rst with Jackson 
Updating manually maintained list with coverage in `JacksonSerializability.qll`
 2021-07-29 17:35:06 -04:00
Aditya Sharad
cb686ea802 Merge pull request #6388 from github/geoffw0-patch-2 
Update query-metadata-style-guide.md
 2021-07-29 10:20:26 -07:00
Geoffrey White
5e6e176f32 Update query-metadata-style-guide.md 
Add a note about the `@security-severity` tag.
 2021-07-29 17:53:31 +01:00
Mathias Vorreiter Pedersen
b1e5fbe2de Merge pull request #6377 from sashabu/sashabu/virtual 
C++: Allow querying virtual, override, and final declaration specifiers.
 2021-07-29 17:51:14 +02:00
Tony Torralba
3fcc9fae79 Refactor sinks to reuse code 2021-07-29 16:48:47 +02:00
Geoffrey White
417edab126 C++: Simplify out the 'effect' string. 2021-07-29 15:44:53 +01:00
Geoffrey White
7f621bc737 C++: Repair the tests that use subtraction so that the thing they're testing is preserved, and add two new explicit tests of behaviour on subtraction. 2021-07-29 15:36:43 +01:00
Tony Torralba
6e3b6dcb98 Imporve qhelp 2021-07-29 16:36:38 +02:00
Tony Torralba
bdf0f582a4 QLDoc improvements from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-29 16:34:21 +02:00
Tony Torralba
90b5e02b6e Improve qhelp 2021-07-29 16:28:10 +02:00
Geoffrey White
13823df5a1 C++: Remove underflow detection. 2021-07-29 15:22:18 +01:00
Geoffrey White
9e0411238b C++: Add some more test cases. 2021-07-29 15:15:26 +01:00
Mathias Vorreiter Pedersen
bbb38fd2aa C++: Accept more test changes. 2021-07-29 15:49:50 +02:00
Tony Torralba
2628d3dc39 Improve csv sink models 2021-07-29 15:36:18 +02:00
Tony Torralba
3edc8bc679 Doc improvements 2021-07-29 15:35:39 +02:00