hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 05:43:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,342 Commits 1,697 Branches 161 Tags
a62997463f3cb2b4c2abd3d4a91c76fb5e187d58
Commit Graph

22342 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
a62997463f Remove unused imports; use set literals in hasName 2021-05-06 09:18:48 +02:00
Tony Torralba
ed5619498c WIP: XPath Injection promotion 2021-05-06 09:18:48 +02:00
Felicity Chapman
8b2009cfb1 Minor updates to qhelp file 2021-05-05 12:36:29 +01:00
Jonas Jensen
390ee3a6b8 Merge pull request #5829 from MathiasVP/reorder-get-instruction-opcode 
C++: Reorder getInstructionOpcode
 2021-05-05 11:13:15 +02:00
Mathias Vorreiter Pedersen
066cdb55d7 C++: Add qldoc explaining column order. 2021-05-05 09:30:12 +02:00
Mathias Vorreiter Pedersen
f03c99ab03 Merge pull request #5835 from hmakholm/hmakholm/pr/blowup-fix 
CPP: fix semi-unused variables in WrongInDetectingAndHandlingMemoryAllocationErrors.q
 2021-05-05 08:15:37 +02:00
Henning Makholm
4964ce347b CPP: fix semi-unused variables in WrongInDetectingAndHandlingMemoryAllocationErrors.ql 
The fact that `aex` and `it` was each used in just one disjunct of the
exists() body caused the optimizer to generate perfectly horrible
code, including a pointless cartesian product between them that caused
the evaluation to blow up.

Fix it such that each variable is logically scoped. That makes the
compiler much happier.
 2021-05-05 02:31:11 +02:00
CodeQL CI
95f26aadd3 Merge pull request #5681 from yoff/python-support-pathlib 
Approved by tausbn
 2021-05-04 09:20:24 -07:00
Robert Marsh
5ee74d269a Merge pull request #5822 from MathiasVP/more-cwe-tags-in-code-scanning 
C++: Add more CWE tags to queries in the Code Scanning suite
 2021-05-04 09:01:00 -07:00
Mathias Vorreiter Pedersen
d5793418f9 C++: Remove parent CWE tags. 2021-05-04 14:39:23 +02:00
CodeQL CI
b160badbf6 Merge pull request #5768 from erik-krogh/cacheMore 
Approved by esbena
 2021-05-04 04:16:15 -07:00
Tamás Vajk
05c045070e Merge pull request #5810 from tamasvajk/feature/culture 
C#: Use invariant culture in the extractor
 2021-05-04 13:09:38 +02:00
Mathias Vorreiter Pedersen
568724bffd C#: Fix getInstructionOpcode to make sure IRConstruction.qll compiles for C#. 2021-05-04 13:00:40 +02:00
Mathias Vorreiter Pedersen
ded377bcd2 C++: Reorder getInstructionOpcode to produce better RA. 2021-05-04 12:13:34 +02:00
Tamas Vajk
c547907784 C#: Use invariant culture in the extractor 2021-05-04 11:17:33 +02:00
Anders Schack-Mulligen
5bcf810a7c Merge pull request #5821 from JarLob/patch-1 
Update UncaughtServletException.qhelp
 2021-05-04 10:39:02 +02:00
Anders Schack-Mulligen
9ee9186a1a Merge pull request #5825 from github/yo-h/java-diagnostic-queries 
Java: split extractor diagnostics query into two
 2021-05-04 10:12:32 +02:00
CodeQL CI
6931d9a6f7 Merge pull request #5785 from edvraa/httponlyjs 
Approved by esbena
 2021-05-03 23:14:26 -07:00
yo-h
edf1a90161 Java: split extractor diagnostics query into two 2021-05-03 20:27:07 -04:00
edvraa
6fa2f1e653 update test message 2021-05-04 00:32:01 +03:00
Taus
483199878d Merge pull request #5793 from RasmusWL/fix-qldoc 
Python: Minor fix to Django RawSQL QLDoc
 2021-05-03 18:18:02 +02:00
Mathias Vorreiter Pedersen
2912c2e7f5 C++: Add more CWE tags to queries in the code scanning suite. 2021-05-03 16:58:47 +02:00
Edwin
27c680e28b Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-03 16:41:09 +03:00
Jaroslav Lobačevski
38bce39baa Update UncaughtServletException.qhelp 
There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.
 2021-05-03 15:06:57 +03:00
edvraa
cef845ac47 Support string expressions 2021-05-03 13:46:56 +03:00
edvraa
ea38f0d3bd a new test for simple flow 2021-05-03 12:19:05 +03:00
edvraa
000826af11 typo 2021-05-03 12:18:43 +03:00
Tom Hvitved
bb1cb73675 Merge pull request #5795 from hvitved/csharp/implicit-constructor-inits 
C#: Extract implicit constructor initializer calls
 2021-05-03 10:21:04 +02:00
Tom Hvitved
b77b3da8d6 C#: Add change note 2021-05-03 09:40:13 +02:00
Jonas Jensen
c05ef1225c Merge pull request #5803 from MathiasVP/no-magic-in-getUnspecifiedType 
C++: Add nomagic to getUnspecifiedType
 2021-05-03 09:03:58 +02:00
edvraa
65183cde80 Move to experimental 2021-05-03 09:59:52 +03:00
edvraa
bd99114cd6 Comments added 2021-05-03 09:55:04 +03:00
edvraa
a24c1c8114 fix comment 2021-05-03 00:36:38 +03:00
edvraa
fa94fedfc3 simple dataflow for sensitive name 2021-05-03 00:36:26 +03:00
edvraa
97bc7e38d2 check for sensitive property name 2021-05-03 00:31:29 +03:00
edvraa
7ab91bb185 Inline getOptionsArgument 2021-05-03 00:09:15 +03:00
Chris Smowton
b2c0259197 Merge pull request #5631 from haby0/UseOfLessTrustedSource 
[Java] CWE-348: Using a client-supplied IP address in a security check
 2021-04-30 15:20:53 +01:00
haby0
fdcc517b9f UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck" 2021-04-30 17:43:34 +08:00
haby0
f41301f8f5 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:55:17 +08:00
haby0
0691cac5ab Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:54:41 +08:00
haby0
8142810455 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:54:28 +08:00
Tom Hvitved
ecd40e5cae Merge pull request #5808 from intrigus-lgtm/fix-lambda-typos 
Fix typo.
 2021-04-30 09:08:28 +02:00
haby0
711a74c9c9 Eliminate false positives\ 2021-04-30 10:31:40 +08:00
intrigus
08731fc6cf Fix typo. 2021-04-29 20:26:34 +02:00
Chris Smowton
ad9ea40954 Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse 
[Java] JWT without signature check.
 2021-04-29 14:41:11 +01:00
Geoffrey White
c4069362ce Merge pull request #5804 from MathiasVP/improve-detect-and-handle-memory-allocation-errors 
C++: Improve qhelp and tests for cpp/detect-and-handle-memory-allocation-errors
 2021-04-29 14:34:41 +01:00
haby0
e813257431 use hardCode 2021-04-29 21:23:52 +08:00
Anders Schack-Mulligen
404a6c1506 Merge pull request #5805 from smowton/smowton/admin/spring-setter-method-docs 
Document `SpringProperty::getSetterMethod`.
 2021-04-29 15:10:58 +02:00
Anders Schack-Mulligen
c78285e557 Merge pull request #5784 from Marcono1234/marcono1234/switch-expr-stmt-parent 
Java: Add StmtParent as superclass of SwitchExpr
 2021-04-29 15:02:05 +02:00
Tom Hvitved
c3890a9435 C#: Adjust CFG for instance constructors 2021-04-29 14:05:42 +02:00