hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-02 01:08:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,486 Commits 1,673 Branches 157 Tags
af36718dc63edabe37d48ee445ee46dd2f454aff
Commit Graph

16486 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
af36718dc6 C#: QL doc adjustments 2020-10-07 15:15:18 +02:00
Tom Hvitved
1a93090778 C#: Improve guards SSA logic in the context of control-flow splitting 2020-10-02 18:00:34 +02:00
Tom Hvitved
f1d6f7cd0c C#: Model assertions in the CFG 2020-10-02 17:56:41 +02:00
Tom Hvitved
17f0ac4b20 C#: Add more CFG assertion tests 2020-10-02 15:35:33 +02:00
Tom Hvitved
55d25d90fa Merge pull request #4386 from hvitved/csharp/remove-deprecated-queries 
C#: Remove deprecated external queries
 2020-10-02 15:12:33 +02:00
Chris Smowton
aa707e9370 Merge pull request #4381 from smowton/smowton/admin/fix-owasp-broken-links 
Fix OWASP broken links
 2020-10-02 08:51:36 +01:00
Tom Hvitved
bc68578c8b C#: Remove deprecated external queries 2020-10-01 21:11:47 +02:00
Jonas Jensen
48c6f34f91 Merge pull request #4372 from matt-gretton-dann/cpp20-constinit 
Add support for Variable.is_constinit()
 2020-10-01 20:19:56 +02:00
Aditya Sharad
f7f05476a2 Merge pull request #4375 from adityasharad/javascript/client-side-url-redirect-regexp 
JavaScript: Track taint through RegExp.prototype.exec for URL redirection
 2020-10-01 09:55:19 -07:00
Ian Lynagh
e555b6b2a8 Merge pull request #4380 from github/igfoo/unnamed 
C++: Accept test changes in unnamed entity naming
 2020-10-01 17:16:20 +01:00
Anders Schack-Mulligen
c027f3bd2b Merge pull request #4324 from tamasvajk/feature/unsigned-sign-analysis 
Handle unsigned types in sign analysis (C# and Java)
 2020-10-01 15:11:49 +02:00
CodeQL CI
36450a8998 Merge pull request #4338 from erik-krogh/nodejs-server-request-data 
Approved by asgerf
 2020-10-01 06:00:17 -07:00
Erik Krogh Kristensen
d54a057457 Merge pull request #4377 from erik-krogh/babelCrash 
JS: prevent crash when TemplateLiteral is used in import
 2020-10-01 14:58:45 +02:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Erik Krogh Kristensen
4dec2171da add http request server data as a RemoteFlowSource 2020-10-01 13:21:56 +02:00
CodeQL CI
0158e2ffef Merge pull request #4374 from max-schaefer/js/api-graph 
Approved by erik-krogh
 2020-10-01 03:33:45 -07:00
Max Schaefer
7f075202c6 Merge pull request #4367 from erik-krogh/sql-api 
JS: Fixing an API-graph gotcha in `SQL.qll`
 2020-10-01 11:33:01 +01:00
Erik Krogh Kristensen
fbd62abd64 prevent crash when TemplateLiteral is used in import 2020-10-01 11:26:49 +02:00
Aditya Sharad
e712d16e7e JavaScript: Track taint through RegExp.prototype.exec for URL redirection 
Regexp literals are currently handled, but not `RegExp` objects.
 2020-09-30 15:13:02 -07:00
Matthew Gretton-Dann
e0ca4dafb8 Add support for Variable.is_constinit() 2020-09-30 16:31:45 +01:00
Geoffrey White
282d3e8f7e Merge pull request #4322 from jbj/range-analysis-custom-defs 
C++: Support custom defs in SimpleRangeAnalysis
 2020-09-30 15:43:32 +01:00
Taus
32bf7d6bdf Merge pull request #4256 from fatenhealy/Noblowfish 
CWE-327 BrokenCryptoAlgorithm recommendation to AES instead of Blowfish
 2020-09-30 16:15:46 +02:00
Erik Krogh Kristensen
bfb653a34a rename getAReference to getAnImmediateUse 2020-09-30 15:15:49 +02:00
Erik Krogh Kristensen
eb973b39fe Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-30 15:12:17 +02:00
Faten Healy
03d8fc7296 changed to AES 2020-09-30 22:18:36 +10:00
Taus
d694777894 Merge pull request #4369 from RasmusWL/python-ospathjoin-taintstep 
Python: Add taint-step for os.path.join
 2020-09-30 13:35:16 +02:00
Erik Krogh Kristensen
b24e959033 add getAnInvocation to the ApiGraphs API 2020-09-30 13:33:36 +02:00
Erik Krogh Kristensen
b720bfdd11 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-09-30 13:26:51 +02:00
Jonas Jensen
b1c826e5c0 Merge pull request #4135 from rdmarsh2/rdmarsh2/cpp/output-iterators-1 
C++: Output iterators in AST taint tracking
 2020-09-30 12:54:55 +02:00
Rasmus Wriedt Larsen
1595fed2d6 Python: Add preliminary taint tests for pathlib 2020-09-30 11:44:37 +02:00
Rasmus Wriedt Larsen
0542c3b91e Python: Model os.path.join and add taint-step 2020-09-30 11:42:36 +02:00
Rasmus Wriedt Larsen
efa2484718 Python: Add taint test for os.path.join 
Surprisingly the first two just worked, due to our very general handling of any
`join` methods :D
 2020-09-30 11:35:21 +02:00
Rasmus Wriedt Larsen
aa6fad558c Python: Minor cleanup in taint-step tests 2020-09-30 11:15:53 +02:00
Erik Krogh Kristensen
e0b25798ff remove type-tracking from getAReference, and rewrite qldocs 2020-09-30 10:36:08 +02:00
Jonas Jensen
68f6d93325 C++: Autoformat fixup 2020-09-30 09:49:56 +02:00
Anders Schack-Mulligen
8d4f7e2db7 Merge pull request #4366 from joefarebrother/field-rvalue-lvalue 
Java: Make `FieldRead` and `FieldWrite` extend `RValue` and `LValue`
 2020-09-30 07:55:24 +02:00
Ian Lynagh
d5f8cbc50c C++: Accept test changes in unnamed entity naming 2020-09-29 17:30:33 +01:00
Erik Krogh Kristensen
65441705ef renamings based on review 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
c3f5a6dcac introduce API::Node::getACall() 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
69f4ac25c4 renamings based on review 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
1596436f7e rename getASourceUse to getAReference 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
adc05022f3 update comment in test case 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-29 18:21:41 +02:00
Erik Krogh Kristensen
3857331657 avoid .getReturn().getAUse().(DataFlow::InvokeNode) in the SQL model 2020-09-29 17:08:09 +02:00
Erik Krogh Kristensen
deae9256dd add convenience method to API graphs 2020-09-29 17:08:00 +02:00
Joe
d184aa7c06 Make FieldRead and FieldWrite extend LValue and RValue 2020-09-29 15:24:51 +01:00
yoff
60c310d1bf Merge pull request #4361 from RasmusWL/python-new-flask-perf-fix 
Python: Hotfix performance problem with flask methods
 2020-09-29 15:41:14 +02:00
CodeQL CI
d7add29dc2 Merge pull request #4359 from erik-krogh/cookieWrites 
Approved by esbena
 2020-09-29 06:32:01 -07:00
CodeQL CI
910c19e613 Merge pull request #4348 from erik-krogh/needle 
Approved by esbena
 2020-09-29 02:57:32 -07:00
Erik Krogh Kristensen
51f1f03f5f add change note for js/missing-token-validation 2020-09-29 11:56:10 +02:00
CodeQL CI
11f39a9d88 Merge pull request #4342 from erik-krogh/track-where-prop 
Approved by asgerf
 2020-09-29 02:09:53 -07:00