hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,471 Commits 1,714 Branches 163 Tags
aca905fa3604127340ab9f7bd409057591969917
Commit Graph

24471 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
aca905fa36 Prevent class-could-be-static alerts regarding JUnit Nested tests 2021-07-26 09:35:26 +01:00
Robert Marsh
0e9d36b922 Merge pull request #6335 from geoffw0/toctou2 
C++: Improvements to the cpp/toctou-race-condition query
 2021-07-22 12:49:32 -07:00
Taus
74f1992aaf Merge pull request #6352 from tausbn/mergeback-rc/3.2-to-main 
Mergeback `rc/3.2` to `main`
 2021-07-22 19:58:29 +02:00
Chris Smowton
5c917b4a23 Merge pull request #6353 from sauyon/sauyon/java/model-constructors 
Java: Add models for collection constructors
 2021-07-22 16:27:59 +01:00
Rasmus Wriedt Larsen
f71c99af22 Merge pull request #5444 from jorgectf/jorgectf/python/ldapimproperauth 
Python: Add LDAP Improper Authentication query
 2021-07-22 17:00:09 +02:00
Sauyon Lee
fd02dcdf2e Java: Add models for collection constructors 2021-07-22 07:23:26 -07:00
Rasmus Wriedt Larsen
42a997cbcb Python: Fix deprecation warning 2021-07-22 15:59:13 +02:00
Rasmus Wriedt Larsen
71e6db8a01 Merge branch 'main' into jorgectf/python/ldapimproperauth 2021-07-22 15:57:43 +02:00
Taus
6ea8ef5d16 Merge branch 'rc/3.2' into mergeback-rc/3.2-to-main 2021-07-22 13:52:56 +00:00
Taus
08f480a556 Merge pull request #6351 from tausbn/python-hotfix-localsourcenode-typetrackingnode 
Python: Hotfix `LocalSourceNode`
codeql-cli/v2.5.9 		2021-07-22 15:47:59 +02:00
Rasmus Wriedt Larsen
802d9bda83 Merge pull request #5680 from mrthankyou/python-use-sqlalchemy 
Python: Add SqlAlchemy model
 2021-07-22 15:31:39 +02:00
Mathias Vorreiter Pedersen
f6f9c8af65 Merge pull request #6350 from MathiasVP/mergeback-2021-07-22 
Mergeback `rc/3.2`
 2021-07-22 15:13:44 +02:00
Taus
020c6e3b3b Python: Update change note 2021-07-22 13:11:29 +00:00
Taus
badf6311c9 Python: Remove flow between globals... 
... in a local scope. Or rather, remove these from the `hasLocalSource`
relation.

This prevents a quadratic blowup when the same global is mentioned
_a lot_ of times within a single function scope.
 2021-07-22 13:10:40 +00:00
Taus
ed794f42b5 Python: Soft revert TypeTrackingNode 
Temporarily instates `TypeTrackingNode` as an alias of `LocalSourceNode`
as having it as a separate class lead to performance regressions.

In the hopes that this will be resolved in the near future, I have left
the current `TypeTrackingNode` implementation in situ, but hidden inside
a `FutureWork` private module.
 2021-07-22 13:10:07 +00:00
Mathias Vorreiter Pedersen
e34261accf Merge branch 'rc/3.2' into mergeback-2021-07-22 2021-07-22 14:40:22 +02:00
Geoffrey White
7fdac2a792 Merge pull request #6347 from MathiasVP/import-gvn-to-prevent-ir-reevaluation 
C++: Import 'GVN' in 'Overflow.qll' to prevent IR reevaluation.
codeql-cli/v2.5.8 		2021-07-22 13:37:03 +01:00
Taus
b8a40bb7f1 Merge pull request #6348 from tausbn/python-hotfix-disable-redos-queries 
Python: Hotfix: Disable ReDoS queries
 2021-07-22 13:32:14 +02:00
Taus
bfe42ae146 Python: Update change note 2021-07-22 11:10:08 +00:00
Taus
e9a4114c04 Python: Hotfix: Disable ReDoS queries 2021-07-22 10:58:49 +00:00
Geoffrey White
a4c137fae5 C++: Add '_fsopen' as well. 2021-07-22 11:31:41 +01:00
Mathias Vorreiter Pedersen
39144ee02b C++: Import 'GVN' in 'Overflow.qll' to prevent IR reevaluation. 2021-07-22 11:35:16 +02:00
Chris Smowton
e2a533c7de Merge pull request #6346 from aschackmull/java/perf-fix 
Java: Fix bad magic.
 2021-07-22 10:15:16 +01:00
Chris Smowton
605f037af8 Merge pull request #6247 from p0wn4j/spring-responseentity-redirect-sink 
[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink
 2021-07-22 09:45:30 +01:00
Anders Schack-Mulligen
dcfc027b5f Java: Fix bad magic. 2021-07-22 10:12:49 +02:00
Chris Smowton
c568a9463a Remove <> qualifier from ResponseEntity name 
This was an extractor bug that was fixed recently
 2021-07-21 17:58:06 +01:00
Geoffrey White
fa0f5d08a2 Merge branch 'main' into toctou2 2021-07-21 16:21:29 +01:00
Mathias Vorreiter Pedersen
73ee7409f6 Merge pull request #6342 from MathiasVP/fix-fp-in-uninitialized-local 
C++: Fix FP in `cpp/uninitialized-local`
 2021-07-21 14:46:57 +02:00
Anders Schack-Mulligen
22f6b021ba Merge pull request #6338 from aschackmull/java/cleanup-deprecated 
Java: Remove deprecated ParExpr.
 2021-07-21 11:36:40 +02:00
Geoffrey White
daed988108 Merge pull request #6341 from MathiasVP/mergeback-2021-07-21 
Mergeback `rc/3.2`
 2021-07-21 10:35:07 +01:00
Mathias Vorreiter Pedersen
e536cecefe C++: Fix FP caused by a variable missing type information. 2021-07-21 11:04:23 +02:00
Mathias Vorreiter Pedersen
6d0290809d Merge branch 'rc/3.2' into mergeback-2021-07-21 2021-07-21 10:23:58 +02:00
Pavel Avgustinov
2d9600de4a Merge pull request #6340 from MathiasVP/revert-path-sensitive-stackvariablereachability 
C++: Revert #6004
 2021-07-21 09:17:56 +01:00
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Geoffrey White
473198a6ef C++: Accept any check followed by a 'sensitive' use such as 'chmod'. 2021-07-20 18:11:05 +01:00
Aditya Sharad
46fbb2a3cc Merge pull request #6334 from github/security-severity-docs 
Update CodeQL docs for security-severity levels
 2021-07-20 09:58:19 -07:00
Geoffrey White
c6d8abc9b1 C++: Add a couple more testcases. 2021-07-20 17:52:59 +01:00
Mathias Vorreiter Pedersen
a006a7fb24 Revert "Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis" 
This reverts commit e3e7b00986, reversing
changes made to 8ccdd4fb9f.
 2021-07-20 18:06:49 +02:00
Anders Schack-Mulligen
77d53676ba Java: Remove deprecated ParExpr. 2021-07-20 15:27:31 +02:00
Geoffrey White
5d1c7841a6 C++: Change note. 2021-07-20 14:14:01 +01:00
Arthur Baars
890adf97d6 Merge pull request #6333 from github/rc/3.2 
Merge rc/3.2 to main
 2021-07-20 12:19:20 +02:00
Geoffrey White
ae944b268a C++: Restrict the 'check' to stat / access only as these are by far the more reliable results. 2021-07-20 11:18:00 +01:00
James Fletcher
a365d4fb34 update docs for security-severity 2021-07-20 11:00:13 +01:00
Rasmus Wriedt Larsen
5a489a386a Merge pull request #6329 from havron/qhelp-typo 
Fix qhelp typo in RequestWithoutValidation
 2021-07-20 10:18:35 +02:00
Anders Schack-Mulligen
47528b3379 Merge pull request #6332 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-20 09:27:59 +02:00
github-actions[bot]
bed08a6f4f Add changed framework coverage reports 2021-07-20 00:06:37 +00:00
Aditya Sharad
48778ce9a4 Merge pull request #6160 from timoles/patch-1 
Add information for generating qhelp files locally
 2021-07-19 14:14:22 -07:00
Sam Havron
733e5b45bf Fix qhelp typo in RequestWithoutValidation 2021-07-19 16:01:06 -04:00
Timo Müller
b24c096a76 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-07-19 21:12:59 +02:00
Aditya Sharad
20fa8e49c8 Merge pull request #6326 from adityasharad/codeowners/codeql-tools 
Codeowners: Add reviewer teams for CodeQL tools and associated docs
 2021-07-19 11:15:58 -07:00