hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,684 Commits 1,740 Branches 165 Tags
9ed14b438e0b86bc4e4c2f0b3429dee4afa00a6c
Commit Graph

24684 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Ethan P
96de32bd2a Add conceptual information "Creating and working with CodeQL packs" 2021-07-20 14:01:30 -04:00
Geoffrey White
473198a6ef C++: Accept any check followed by a 'sensitive' use such as 'chmod'. 2021-07-20 18:11:05 +01:00
Aditya Sharad
46fbb2a3cc Merge pull request #6334 from github/security-severity-docs 
Update CodeQL docs for security-severity levels
 2021-07-20 09:58:19 -07:00
Geoffrey White
c6d8abc9b1 C++: Add a couple more testcases. 2021-07-20 17:52:59 +01:00
Mathias Vorreiter Pedersen
a006a7fb24 Revert "Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis" 
This reverts commit e3e7b00986, reversing
changes made to 8ccdd4fb9f.
 2021-07-20 18:06:49 +02:00
Anders Schack-Mulligen
77d53676ba Java: Remove deprecated ParExpr. 2021-07-20 15:27:31 +02:00
Geoffrey White
5d1c7841a6 C++: Change note. 2021-07-20 14:14:01 +01:00
Tony Torralba
68df8028d2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-20 14:47:16 +02:00
Arthur Baars
890adf97d6 Merge pull request #6333 from github/rc/3.2 
Merge rc/3.2 to main
 2021-07-20 12:19:20 +02:00
Geoffrey White
ae944b268a C++: Restrict the 'check' to stat / access only as these are by far the more reliable results. 2021-07-20 11:18:00 +01:00
James Fletcher
a365d4fb34 update docs for security-severity 2021-07-20 11:00:13 +01:00
Rasmus Wriedt Larsen
5a489a386a Merge pull request #6329 from havron/qhelp-typo 
Fix qhelp typo in RequestWithoutValidation
 2021-07-20 10:18:35 +02:00
Artem Smotrakov
158a75e5a1 Import UnsafeDeserializationQuery in unsafeDeserialization.ql 2021-07-20 10:14:50 +02:00
Anders Schack-Mulligen
47528b3379 Merge pull request #6332 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-20 09:27:59 +02:00
github-actions[bot]
bed08a6f4f Add changed framework coverage reports 2021-07-20 00:06:37 +00:00
Ethan P
1cf5386824 Create publishing-and-using-codeql-packs.rst 2021-07-19 18:42:01 -04:00
Ethan P
a5cbc560e3 Add conceptual info for creating and working with CodeQL packs 2021-07-19 18:41:44 -04:00
Aditya Sharad
48778ce9a4 Merge pull request #6160 from timoles/patch-1 
Add information for generating qhelp files locally
 2021-07-19 14:14:22 -07:00
Sam Havron
733e5b45bf Fix qhelp typo in RequestWithoutValidation 2021-07-19 16:01:06 -04:00
Timo Müller
b24c096a76 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-07-19 21:12:59 +02:00
Aditya Sharad
20fa8e49c8 Merge pull request #6326 from adityasharad/codeowners/codeql-tools 
Codeowners: Add reviewer teams for CodeQL tools and associated docs
 2021-07-19 11:15:58 -07:00
Aditya Sharad
94b2b174c1 Merge pull request #6177 from skyzyx/patch-1 
Update getting-started-with-the-codeql-cli.rst
 2021-07-19 10:58:43 -07:00
Geoffrey White
ab4b2c2342 C++: Fix 'rename'. 2021-07-19 18:58:39 +01:00
Geoffrey White
95ec8f5394 C++: Add support for '_wfsopen'. 2021-07-19 18:36:09 +01:00
Aditya Sharad
c26a4d315d Codeowners: Add reviewer teams for CodeQL tools and associated docs 2021-07-19 10:35:59 -07:00
Chris Smowton
7819d32784 Make MediaType stub constants actually constant 
This is required to use them in annotations
 2021-07-19 18:28:30 +01:00
Chris Smowton
a0297d51e5 Note fixed test result 
the Optional type has now been modelled
 2021-07-19 18:28:06 +01:00
Chris Smowton
82ea2592ad Spring HTTP: Fix test mistakes 
Classes without RestController and methods without GetMapping or similar were never going to be detected.
 2021-07-19 18:21:13 +01:00
Chris Smowton
392e405f5d Add Spring-XSS test 
This covers the cases currently exercised in https://github.com/github/codeql-securitylab/blob/main/java/ql/src/pwntester/security/RestXSS.ql
 2021-07-19 18:21:11 +01:00
Chris Smowton
16c5952167 Add and improve Spring-web stubs 2021-07-19 18:20:37 +01:00
Arthur Baars
43c68eae94 Merge pull request #6324 from github/aibaars/include-diagnostic-summary 
Code Scanning selectors: Include diagnostic and summary metric queries
 2021-07-19 17:16:48 +02:00
Arthur Baars
ed054acd8e Merge pull request #6305 from intrigus-lgtm/patch-5 
C# remove spurious spaces in <code> tag
 2021-07-19 17:09:36 +02:00
Arthur Baars
d960ef2dac Code Scanning selectors: Include diagnostic and summary metric queries 2021-07-19 17:05:43 +02:00
Geoffrey White
c85edb6c03 C++: Use [, ] in the query. 2021-07-19 15:24:25 +01:00
Geoffrey White
7684796d63 C++: Fix handling of the 'stat' pointer argument. 2021-07-19 15:13:19 +01:00
Mathias Vorreiter Pedersen
7bc18abbb0 Merge pull request #6150 from geoffw0/toctou 
C++: Tests for cpp/toctou-race-condition
 2021-07-19 15:51:35 +02:00
Tony Torralba
70081b6a1e Refactor MvelInjection.qll 2021-07-19 15:36:35 +02:00
Artem Smotrakov
47e4cf4180 Make UnsafeDeserializationSink public 2021-07-19 15:34:33 +02:00
Geoffrey White
0c029898bb C++: Autoformat. 2021-07-19 13:58:25 +01:00
Geoffrey White
49bbfefb4d C++: Fix uses of 'rename' in tests. 2021-07-19 13:57:16 +01:00
Tony Torralba
46faf68d64 Decouple MvelInjection.qll to reuse the taint tracking configuration 2021-07-19 13:50:03 +02:00
Tony Torralba
5ca8b380e9 Merge branch 'main' into atorralba/promote-mvel-injection 2021-07-19 13:45:10 +02:00
Artem Smotrakov
035f7ac669 Refactored libs for unsafe deserialization 2021-07-19 13:19:36 +02:00
Anders Schack-Mulligen
db76b12f3f Merge pull request #6313 from aschackmull/java/fix-csv-dispatch 
Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable.
 2021-07-19 12:49:31 +02:00
Artem Smotrakov
e02530749b Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-19 11:52:12 +02:00
Anders Schack-Mulligen
0b89f96055 Merge pull request #6318 from Marcono1234/patch-1 
Java: Fix documentation mistake for `ProtoPom`
 2021-07-19 11:25:06 +02:00
Anders Schack-Mulligen
d1f21a854a Merge pull request #6042 from joefarebrother/spring-http 
[Java] Model spring `http` package
 2021-07-19 11:24:41 +02:00
Taus
12f7921c92 Merge pull request #6304 from RasmusWL/more-snippets 
Python: Add more snippets
 2021-07-19 11:23:24 +02:00
Anders Schack-Mulligen
c32a75a1b3 Merge pull request #6183 from smowton/smowton/feature/javax-json-models 
Add models of the jakarta/javax.json package
 2021-07-19 11:19:21 +02:00