hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 13:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
29,770 Commits 1,740 Branches 165 Tags
b2016bddac4cdae9b97dc9eb4ea4e8dd44643523
Commit Graph

29770 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
f4555ed1a2 Merge pull request #7242 from geoffw0/sslquery 2021-11-30 07:01:33 +00:00
github-actions[bot]
66e086f92f Add changed framework coverage reports 2021-11-30 00:09:58 +00:00
Chris Smowton
27f40e08e5 Merge pull request #7007 from JLLeitschuh/feat/JLL/improve_ratpack_support 
Java: Ratpack HTTP Framework Additional Modeling
 2021-11-29 16:20:53 +00:00
Rasmus Wriedt Larsen
d557f6fd2e Merge pull request #7101 from RasmusWL/python-ids 
Python: Fix some query-ids
 2021-11-29 16:12:57 +01:00
yoff
41b7922c7d Merge pull request #7089 from RasmusWL/redos-cwe-1333 
Python/C#: Add CWE-1333 to redos queries
 2021-11-29 16:09:39 +01:00
yoff
19802ccb73 Merge pull request #7046 from RasmusWL/django-own-json-response 
Python: Add test with custom django json response (FP)
 2021-11-29 16:05:20 +01:00
Arthur Baars
1e026ef45e AST: merge Case and CaseMatch classes 2021-11-29 16:00:17 +01:00
yoff
e63f9141e5 Merge pull request #7233 from RasmusWL/fix-cleartext-logging-cwes 
JS/Py: Fix cleartext logging CWEs
 2021-11-29 15:58:10 +01:00
Arthur Baars
f8a62c4c82 Address comments 2021-11-29 15:06:16 +01:00
Geoffrey White
88fb1a18cb C++: Correct the doc. 2021-11-29 13:09:12 +00:00
Erik Krogh Kristensen
c13cad7e87 Merge branch 'main' into apiLabel2 2021-11-29 13:43:11 +01:00
Geoffrey White
d79337774d Update cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.qhelp 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-11-29 12:33:05 +00:00
Michael Nebel
e476cde985 Merge pull request #7255 from michaelnebel/csharp-effecpublic-flowsummary 
C#: Only include effectively public declarations in flow summaries
 2021-11-29 12:52:26 +01:00
Michael Nebel
e1539889ef C#: Update flow summaries tests 2021-11-29 11:35:02 +01:00
Michael Nebel
e24b15bbe7 C#: Only create flow summaries for declarations that are effectively public 2021-11-29 11:34:21 +01:00
Michael Nebel
9239d4042e Merge pull request #7230 from michaelnebel/csharp-update-netcoreapp-stub 
C#: Update the Microsoft.NETCore.App stub
 2021-11-29 10:08:59 +01:00
Tom Hvitved
fdc94365b4 Merge pull request #7178 from michaelnebel/csharp-flowsummary-pp-csv 
C#: Initial implementation of csv printing in FlowSummaries test
 2021-11-29 09:59:33 +01:00
Michael Nebel
d4f3a6d4bb C#: Review comments. Keep the TContent type pribate 2021-11-26 15:38:33 +01:00
Anders Schack-Mulligen
00ee34c0a0 Merge pull request #7237 from hvitved/dataflow/consistency-config 
Data flow: Introduce `ConsistencyConfiguration` class
 2021-11-26 12:49:25 +01:00
Anders Schack-Mulligen
57fd397cb3 Merge pull request #7239 from smowton/smowton/fix/useless-comparison-surrogates 
Range analysis and useless-comparison query: don't treat all unicode surrogates as if they are U+FFFD
 2021-11-26 09:00:36 +01:00
Chris Smowton
d3a4dadc7d Merge pull request #7240 from smowton/smowton/admin/derecognise-xxe-secure-processing 
Note that FEATURE_SECURE_PROCESSING isn't a sufficient defence against XXE
 2021-11-25 19:31:06 +00:00
Henry Mercer
aa9a8a0e22 Merge pull request #7244 from github/henrymercer/atm-specify-ml-models-globs 
JS: [Internal only] Add ML models specification to ATM query pack definition
 2021-11-25 18:20:45 +00:00
Chris Smowton
36bb84d97f Copyedit change note 2021-11-25 12:55:55 -05:00
Jonathan Leitschuh
1ddf5fb133 Java: Ratpack HTTP Framework Additional Modeling 
Adds models for `ratpack.func.Pair`, and `ratpack.exec.Result`.
Improve moels for `ratpack.exec.Promise`.

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-11-25 12:55:32 -05:00
Henry Mercer
29eb66d772 JS: Add ML models to .gitignore 2021-11-25 17:06:37 +00:00
Henry Mercer
2af509595b JS: Add ML models specification to ATM query pack definition 
This will allow us to resolve the ATM machine learning models that will
be distributed within this pack.
 2021-11-25 16:42:38 +00:00
Chris Smowton
7ac5791c49 Update charLiterals.expected 2021-11-25 16:13:06 +00:00
Geoffrey White
f96968975b C++: Change note. 2021-11-25 15:49:41 +00:00
Geoffrey White
e98ab5d2c2 C++: Add security-severity tag and provisional precision. 2021-11-25 15:49:40 +00:00
Geoffrey White
e9ce29664e C++: Qldoc. 2021-11-25 15:48:12 +00:00
Chris Smowton
ce63549425 Apply review comments 2021-11-25 15:20:35 +00:00
Chris Smowton
db39c0b8be CharacterLiteral.getCodePointValue: fix handling of surrogates 2021-11-25 14:07:21 +00:00
Geoffrey White
1d358c5f77 C++: Change note. 2021-11-25 14:04:47 +00:00
Anders Schack-Mulligen
a06642944f Merge pull request #7232 from aschackmull/dataflow/perf 
Data flow: Performance tuning
 2021-11-25 15:01:01 +01:00
Geoffrey White
f5b40731d6 C++: Add security-severity tag and provisional precision. 2021-11-25 13:59:21 +00:00
Arthur Baars
e801d9636a Ruby: add ruby/ruby to the dataset-measure CI job 2021-11-25 14:10:15 +01:00
Tom Hvitved
dc0b0445ed Merge pull request #7185 from hvitved/csharp/ssa/consistency-queries 
C#: Enable SSA consistency queries
 2021-11-25 14:04:01 +01:00
Chris Smowton
9540beeda9 Update java/ql/test/query-tests/security/CWE-611/DocumentBuilderTests.java 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-11-25 12:52:08 +00:00
Arthur Baars
8b0bc677f4 Remove PatternGuard class 2021-11-25 13:50:19 +01:00
Arthur Baars
dca1e34cd8 Temporarily allow CFG inconsistencies 2021-11-25 13:42:59 +01:00
Arthur Baars
16e1e97ff0 Add test data for case-in expressions 2021-11-25 13:25:33 +01:00
Arthur Baars
af4c3122ca Test case for **nil parameter 2021-11-25 13:25:00 +01:00
Arthur Baars
078a2aa03b Update AST library 2021-11-25 13:24:51 +01:00
Chris Smowton
9eb9eb606e Note that FEATURE_SECURE_PROCESSING isn't a sufficient defence against XXE 2021-11-25 12:22:48 +00:00
Arthur Baars
ec0bd24b64 Update diagnostic tests 2021-11-25 12:55:50 +01:00
Arthur Baars
5b560b12e9 Create upgrade script 2021-11-25 12:55:43 +01:00
Anders Schack-Mulligen
609d6011a2 Merge pull request #7229 from smowton/smowton/admin/document-xxe-sanitisation-policy 
Document XXE sanitisation policy
 2021-11-25 10:55:25 +01:00
Tom Hvitved
6cb00992e8 Data flow: Introduce ConsistencyConfiguration class 2021-11-25 10:01:47 +01:00
CodeQL CI
d3da790191 Merge pull request #6873 from erik-krogh/explicit-this 
Approved by esbena
 2021-11-24 15:23:35 -08:00
Chris Smowton
3c8f6e3c07 Merge pull request #6717 from luchua-bc/java/thread-resource-abuse 
Java: CWE-400 - Query to detect uncontrolled thread resource consumption
 2021-11-24 18:59:41 +00:00