hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,923 Commits 1,742 Branches 166 Tags
96150a455d9e704f8ebdbbe22d015753a9651b71
Commit Graph

22923 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
haby0
caf5f4d605 modified comment 2021-05-18 19:10:03 +08:00
Erik Krogh Kristensen
1435ac715a add support for the clone library 2021-05-18 12:46:34 +02:00
Rasmus Wriedt Larsen
9156316b14 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-05-18 11:53:11 +02:00
Rasmus Wriedt Larsen
0ade23ab2a Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-05-18 11:49:59 +02:00
Erik Krogh Kristensen
cac0ab299b add writes to textContent on a <script /> as a sink for code-injection 2021-05-18 10:25:25 +02:00
Anders Schack-Mulligen
9b0e3b1950 Merge pull request #5814 from JLLeitschuh/feat/JLL/jackson_as_taint_step 
[Java] Add taint tracking through Jackson deserialization
 2021-05-18 09:31:16 +02:00
haby0
a0cd551bae Add filtering of String.format 2021-05-18 11:05:10 +08:00
luchua-bc
e652d8771c Update method name and qldoc 2021-05-17 20:36:15 +00:00
Henry Mercer
0ad69d11a8 Code Scanning selectors: Include diagnostic queries 2021-05-17 18:39:33 +01:00
Geoffrey White
3b29920255 C++: Replace getAChild with getAnArgument(). 2021-05-17 16:10:39 +01:00
Geoffrey White
09d00b133e C++: Acknowledge another not detected result in tests. 2021-05-17 15:53:03 +01:00
Geoffrey White
930b9fe3e5 C++: Add triple-DES to the bad algorithms list. 2021-05-17 15:51:17 +01:00
Geoffrey White
57354def9e C++: Real world diffs suggest that 'Cipher' should be an encryption word as well. 2021-05-17 15:36:27 +01:00
Geoffrey White
9e75f53798 C++: Prefer matches to regexpMatch. 2021-05-17 15:35:19 +01:00
Tom Hvitved
ae6326b1f3 Merge pull request #5882 from hvitved/csharp/autobuilder/shared-compilation 2021-05-17 16:05:08 +02:00
Tamas Vajk
6853f6affa C#: Fix type of temp foreach variable in IR 2021-05-17 15:53:57 +02:00
Mathias Vorreiter Pedersen
d46452e8de Merge pull request #5903 from MathiasVP/tainted-allocation-size-barrier 
C++: Add barriers to `cpp/uncontrolled-allocation-size`
 2021-05-17 15:24:45 +02:00
CodeQL CI
12b1bbe484 Merge pull request #5897 from erik-krogh/uid 
Approved by RasmusWL, esbena
 2021-05-17 06:01:04 -07:00
Anders Schack-Mulligen
77c93dcf26 Make private 2021-05-17 10:35:04 +02:00
Tom Hvitved
b142ecb1db C#: Address review comment 2021-05-17 10:33:06 +02:00
Mathias Vorreiter Pedersen
31091c66c1 C++: Add a test containing a guarded long. 2021-05-17 08:06:06 +02:00
Robert Marsh
d706d7b7a4 Merge pull request #5887 from MathiasVP/fewer-rand-sources-in-uncontrolled-arithmetic 
C++: Add more sanitizers to `cpp/uncontrolled-arithmetic`
 2021-05-14 15:35:56 -07:00
Ethan P
58c746e42b fix formatting 2021-05-14 14:09:07 -04:00
Ethan P
0e99d5e379 Add examples of both tracing mechanisms 2021-05-14 14:05:55 -04:00
Ethan Palm
6dd30ee5e2 clarify options for tracing 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-14 14:00:33 -04:00
Robin Neatherway
17b74319fa Merge pull request #5902 from github/rneatherway/lines-of-code-tags 
Add lines-of-code tags
 2021-05-14 17:16:50 +01:00
Ethan Palm
4cf695b5ab specify `--command` option 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-05-14 10:00:17 -04:00
Mathias Vorreiter Pedersen
58dde68b10 C++: Add change-note. 2021-05-14 14:16:00 +02:00
Mathias Vorreiter Pedersen
2d0a56128d C++: Prevent flow out of pointer-difference expressions. 2021-05-14 13:49:48 +02:00
Mathias Vorreiter Pedersen
c1d41b3169 C++: Add false positive result from pointer-difference expressions. 2021-05-14 13:47:23 +02:00
luchua-bc
1497fba6f2 Remove the isAdditionalTaintStep predicate 2021-05-14 11:43:49 +00:00
Mathias Vorreiter Pedersen
5031b73f35 C++: Add barrier to cpp/uncontrolled-allocation-size that blocks flow when overflow isn't possible. 2021-05-14 13:43:20 +02:00
CodeQL CI
af0d31695a Merge pull request #5862 from asgerf/js/has-underlying-type 
Approved by erik-krogh, max-schaefer
 2021-05-14 04:10:43 -07:00
Robin Neatherway
f378513ea3 Add lines-of-code tags 
This is a proposed method for advertising which queries are measuring
the lines of code in a project in a more robust manner than inspecting
the rule id.

Note that the python "LinesOfUserCode" query should _not_ have this
property, as otherwise the results of the two queries will be summed.
 2021-05-14 11:20:43 +01:00
haby0
498c99e26c Add left value, Add return expression tracing flow 2021-05-14 16:31:59 +08:00
Ethan P
406fb1e383 Update with Go custom build options 2021-05-13 17:29:34 -04:00
Erik Krogh Kristensen
9d60ec035f fix casing on the uid regexp 2021-05-13 23:04:30 +02:00
Erik Krogh Kristensen
662e335424 keep python in sync 2021-05-13 22:54:39 +02:00
Erik Krogh Kristensen
51067af784 add "uid" (and friends) as maybe being sensitive account info 2021-05-13 22:34:10 +02:00
Geoffrey White
9cdf838981 C++: Bug fix. 2021-05-13 16:20:52 +01:00
Geoffrey White
a9d57450c8 C++: Autoformat. 2021-05-13 16:19:09 +01:00
CodeQL CI
9b0c24abc2 Merge pull request #5876 from erik-krogh/moreAxios 
Approved by asgerf
 2021-05-13 08:03:33 -07:00
Geoffrey White
3a83ff54e6 C++: Add support for class methods. 2021-05-13 16:02:00 +01:00
Geoffrey White
2576075b98 C++: Repair result message. 2021-05-13 15:52:28 +01:00
Geoffrey White
5d1ef49f8f C++: Add support for enum constants. 2021-05-13 15:42:42 +01:00
Geoffrey White
e4d2c7cfc4 C++: Rewrite so that we look for additional evidence. 2021-05-13 13:19:39 +01:00
Geoffrey White
123889a671 C++: Fix 'triple DES' false positives. 2021-05-13 10:21:06 +01:00
haby0
02e415045f Delete RedirectBuilderFlowConfig 2021-05-13 15:48:15 +08:00
Geoffrey White
40cf29b625 C++: Rearrange the library. 2021-05-13 08:39:37 +01:00
haby0
effa2b162a Add spring url redirection detect 2021-05-13 09:55:37 +08:00