hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 09:48:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,923 Commits 1,720 Branches 163 Tags
96150a455d9e704f8ebdbbe22d015753a9651b71
Commit Graph

22923 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ishaq Mohammed
96150a455d Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-06-01 13:47:43 +05:30
Ishaq Mohammed
975355de4a Adding reference link for csurf 2021-06-01 13:41:25 +05:30
Mathias Vorreiter Pedersen
6d7b95c15d Merge pull request #5966 from erik-krogh/overrideConsistency 
CPP/C#: make some parameter names consistent with the names used in the super class
 2021-05-31 11:57:10 +02:00
Jonas Jensen
4e502d10d6 Merge pull request #5951 from MathiasVP/optimize-switcCase-getAStmt 
C++: Remove large antijoin in `SwitchCase.getAStmt`
 2021-05-31 11:50:32 +02:00
Taus
bae3728e3c Merge pull request #5945 from RasmusWL/minor-qldoc-cleanup 
Python: Minor QLDoc cleanup
 2021-05-31 11:40:44 +02:00
Taus
d9911a016e Merge pull request #5933 from RasmusWL/expand-use-of-input-test 
Python: Expand test of py/use-of-input
 2021-05-31 11:39:33 +02:00
Mathias Vorreiter Pedersen
b4e4c12d0f C++: Use a rank aggregate for a much better implementation. 2021-05-31 11:17:09 +02:00
Jonas Jensen
f97b8ad1d4 Merge pull request #5961 from MathiasVP/fix-FPs-in-incorrect-allocation-error-handling 
C++: Exclude custom `operator new` from `cpp/incorrect-allocation-error-handling`
 2021-05-31 10:54:59 +02:00
Mathias Vorreiter Pedersen
66d284ee59 Merge pull request #5766 from ihsinme/ihsinme-patch-267 
CPP: Add query for CWE-415 Double Free
 2021-05-31 10:51:32 +02:00
ihsinme
d808a5b131 Update cpp/ql/test/experimental/query-tests/Security/CWE/CWE-415/semmle/tests/test.c 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-31 11:16:38 +03:00
Mathias Vorreiter Pedersen
175fdbb105 C++: Replace exists(not ...) with not exists(...). 2021-05-31 09:54:24 +02:00
Henry Mercer
263699d8bc Merge pull request #5914 from github/henrymercer/code-scanning-diagnostic-queries 
Code Scanning selectors: Include diagnostic queries
 2021-05-28 18:53:11 +01:00
Mathias Vorreiter Pedersen
64975e5c1e Merge pull request #5842 from japroc/cpp-pqxx-sqli-sink 
C++: SqlPqxxTainted query searches for sql injections via pqxx connector to postgres
 2021-05-28 17:01:27 +02:00
Erik Krogh Kristensen
b947334eea CPP: make some parameter names consistent with the names used in the super class 2021-05-28 16:48:47 +02:00
Rasmus Wriedt Larsen
6e9d74403a Merge pull request #5963 from adityasharad/python/lines-of-user-code 
Python: Treat `py/summary/lines-of-user-code` as the primary summary metric
 2021-05-28 11:08:35 +02:00
Jonas Jensen
eda25bb402 Merge pull request #5962 from erik-krogh/getAPrimaryQlClass 
CPP/Java: Fix getAPrimaryQlClass implementations
 2021-05-28 09:31:16 +02:00
Aditya Sharad
b41a06a15c Python: Treat py/summary/lines-of-user-code as the primary summary metric 
Move the `lines-of-code` tag from `py/summary/lines-of-code`.
Code Scanning will eventually look for this tag.

The intent is to treat the number of lines of user code for Python as the summary of
how much code was analysed, ignoring both external libraries and generated code.
This matches the current baseline metric the CodeQL Action computes for Python.
We'll revisit this decision, and the baseline, if necessary.
 2021-05-27 13:20:24 -07:00
Erik Krogh Kristensen
79989cc3f4 CPP/Java: Fix getAPrimaryQlClass implementations 2021-05-27 21:36:27 +02:00
Rasmus Wriedt Larsen
ab73b10869 Merge pull request #5959 from github/igfoo/ReturnValueIgnored_python 
python: Correct the ReturnValueIgnored.qhelp docs
 2021-05-27 11:51:42 +02:00
Mathias Vorreiter Pedersen
4107e350cb C++: Add qldoc to NoThrowType. 2021-05-27 11:39:03 +02:00
Mathias Vorreiter Pedersen
71a860a356 C++: Exclude custom operator new allocators from the ThrowingAllocator class. 2021-05-27 11:23:11 +02:00
Evgenii Protsenko
efa657d47c C++: SqlPqxxTainted.ql Add namespace check 2021-05-27 00:13:54 +03:00
Mathias Vorreiter Pedersen
e01d7127e2 Merge pull request #5958 from github/igfoo/ReturnValueIgnored 
C++: Update the ReturnValueIgnored.qhelp docs to match the code
 2021-05-26 19:04:41 +02:00
Ian Lynagh
f0bec74ce3 python: Correct the ReturnValueIgnored.qhelp docs 2021-05-26 17:40:57 +01:00
Ian Lynagh
f9ede97fcd C++: Update the ReturnValueIgnored.qhelp docs to match the code 2021-05-26 17:38:49 +01:00
Rasmus Wriedt Larsen
795a1c7006 Merge pull request #5443 from jorgectf/jorgectf/python/ldapInjection 
Python: Add LDAP Injection query
 2021-05-26 11:52:31 +02:00
Rasmus Wriedt Larsen
f807c2f52b Python: autoformat 2021-05-26 11:07:48 +02:00
Rasmus Wriedt Larsen
d5f2846394 Merge branch 'main' into jorgectf/python/ldapInjection 2021-05-26 11:01:48 +02:00
ihsinme
9088475339 Update DoubleFree.qhelp 2021-05-26 09:44:03 +03:00
ihsinme
2909dde179 Update test.c 2021-05-26 09:31:15 +03:00
ihsinme
fbf95df537 Update DoubleFree.c 2021-05-26 09:27:20 +03:00
ihsinme
7c2100efd9 Apply suggestions from code review 
thanks for your corrections.
and of course sorry for my text.

Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-26 09:15:46 +03:00
Evgenii Protsenko
55045626df C++: SqlPqxxTainted.ql style fixes 2021-05-25 22:38:27 +03:00
Mathias Vorreiter Pedersen
b2bdf95a9d C++: Remove large antijoin in SwitchCase.getAStmt(). 2021-05-25 17:25:42 +02:00
Geoffrey White
2fd461e984 Merge pull request #5938 from MathiasVP/promote-access-of-memory-location-after-end-of-buffer-using-strncat 
C++: Promote `cpp/access-memory-location-after-end-buffer-strncat` out of experimental
 2021-05-25 14:36:53 +01:00
Tamás Vajk
1997f500c2 Merge pull request #5832 from tamasvajk/feature/csv-coverage-report 
Java: github action for CSV coverage report
 2021-05-25 14:51:19 +02:00
Anders Schack-Mulligen
d05f524759 Merge pull request #5941 from aschackmull/java/virt-disp-perf 
Java: Improve performance of virtual dispatch calculation.
 2021-05-25 14:44:51 +02:00
Rasmus Wriedt Larsen
35793a10bb Merge pull request #5889 from japroc/python-clickhouse-driver 
Python: Implement module ClickHouseDriver.qll
 2021-05-25 14:25:28 +02:00
Mathias Vorreiter Pedersen
78cc8f01d6 C++: Shorter description. 2021-05-25 14:11:03 +02:00
Tamas Vajk
70b3066bb8 Add regenerated CSV reports 2021-05-25 13:38:22 +02:00
Tamas Vajk
8880d0055e Fix file formatting 2021-05-25 13:33:26 +02:00
Tamas Vajk
b17ffbd2a4 Include all .ql and .qll files in PR path triggers 2021-05-25 13:33:26 +02:00
Tamas Vajk
d4f1cbe8d8 Add updated coverage report 2021-05-25 13:33:26 +02:00
Tamas Vajk
511486d045 Rework file diff (show line differences) 2021-05-25 13:33:26 +02:00
Tamas Vajk
ce53586002 Refactor file comparison 2021-05-25 13:33:26 +02:00
Tamas Vajk
3db22ba482 Add Java coverage report files 2021-05-25 13:33:26 +02:00
Tamas Vajk
f09352620f Add comparison step to workflow 2021-05-25 13:33:26 +02:00
Tamas Vajk
f1911e338d Move and generate files to documentation folder + clean up after the script is executed 2021-05-25 13:33:26 +02:00
Tamas Vajk
6dc46ec1ee Add org.apache.commons.io to frameworks, and handle overlapping package prefixes 2021-05-25 13:33:25 +02:00
Tamas Vajk
663e6a8d73 Use non-breaking hyphen in CWE identifier 2021-05-25 13:33:25 +02:00