hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,574 Commits 1,741 Branches 165 Tags
b4c3ea41d13caceaffc2b7bcbcdc39b0cf4e266b
Commit Graph

14574 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
3e13056140 Python: Address most review comments 2020-07-31 17:20:58 +02:00
Tamás Vajk
c8dc2ee611 Merge pull request #3993 from tamasvajk/remove-noise 
Turn off C# auto-compile on topmost folder
 2020-07-31 16:59:36 +02:00
Tamas Vajk
17e256b2c7 C#: Add VS Code tasks to build and test the C# bits 2020-07-31 16:56:51 +02:00
Rasmus Lerchedahl Petersen
e8ce62e211 Python: Fix missing flow annotation 2020-07-31 15:28:27 +02:00
Rasmus Lerchedahl Petersen
e13cf2e126 Python: fix formatting 2020-07-31 14:25:09 +02:00
Tom Hvitved
54ce73b40e Merge pull request #3995 from hvitved/csharp/fix-alerts 
C#: Fix a few alerts
 2020-07-31 14:07:35 +02:00
Rasmus Lerchedahl Petersen
29493f5bd7 Python: Make the coverage test a path query 2020-07-31 12:38:57 +02:00
CodeQL CI
18fa6b613d Merge pull request #3998 from ceh-forks/ceh-fix-typos 
Approved by shati-patel
 2020-07-31 11:08:58 +01:00
Emil Hessman
246ae575be Fix typos 2020-07-31 06:59:55 +02:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Rasmus Lerchedahl Petersen
133e18edd9 Python: Annotate missing flow 2020-07-30 18:13:39 +02:00
Rasmus Lerchedahl Petersen
1467d6b419 Python: Test all expressions that incur dataflow 2020-07-30 17:51:17 +02:00
semmle-qlci
5b1d25591e Merge pull request #3979 from max-schaefer/js/more-comand-injection-models 
Approved by asgerf
 2020-07-30 15:10:46 +01:00
Tom Hvitved
e08e7cdf34 C#: Fix a few alerts 2020-07-30 16:03:36 +02:00
Tom Hvitved
07f1e133f3 C#: More type-based adjustment of library-flow access paths 
This change removes the restriction that only access paths of length 1 can
have the head adjusted, based on type information from the call to the relevant
library-code callable.
 2020-07-30 15:48:41 +02:00
Shati Patel
437baf160e Merge pull request #3973 from shati-patel/sd-189 
Add basic LGTM tutorials to CodeQL sphinx project
 2020-07-30 14:37:48 +01:00
Tamas Vajk
0ea5f347f7 Turn off C# auto-compile on topmost folder 
If the C# extension is installed, then it reports 25k+ errors on the C# extractor until it is properly built. This is pure noise because the solution would be opened and built from the correct subdirectory. This commit disables the C# compilation altogether.
 2020-07-30 15:26:16 +02:00
Tom Hvitved
632713c475 Merge pull request #3986 from hvitved/csharp/null-maybe-null-coalescing-assignment 
C#: Fix false-positives in `cs/dereferenced-value-may-be-null`
 2020-07-30 14:20:00 +02:00
Tom Hvitved
05307b8757 C#: Remove more FPs in cs/dereferenced-value-may-be-null 2020-07-30 12:16:59 +02:00
Tom Hvitved
4f4d9d35be C#: Add more nullness tests 2020-07-30 12:15:49 +02:00
Shati Patel
4da74dea28 Update C# example 2020-07-30 10:57:17 +01:00
Shati Patel
0a4b828432 Update docs/language/learn-ql/java/basic-query-java.rst 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-07-30 11:55:28 +02:00
Shati Patel
9aaf20e6f2 Update docs/language/learn-ql/java/basic-query-java.rst 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-07-30 11:55:14 +02:00
Robert Marsh
ddbec50c07 Merge pull request #3990 from MathiasVP/mathiasvp/fix-qldoc-SemanticStackVariable 
C++: Fix QLDoc for `SemanticStackVariable`
 2020-07-29 12:27:29 -07:00
Tom Hvitved
bec415c5c1 Merge pull request #3988 from hvitved/csharp/collection-flow-change-note 
C#: Add change note
 2020-07-29 19:58:54 +02:00
Arthur Baars
5bad003c0c Add qlpack.yml files for example queries 2020-07-29 16:57:04 +02:00
Mathias Vorreiter Pedersen
978bf3aefc C++: Make QLDoc comment represent a valid C++ template 2020-07-29 15:59:19 +02:00
Tom Hvitved
f91043e08e C#: Add change note 2020-07-29 10:27:40 +02:00
Tom Hvitved
4345b167ec Merge pull request #3935 from github/henrymercer/fix-broken-doc-link 
C#: Fix broken link to ECMA-335
 2020-07-29 10:04:08 +02:00
Marcono1234
5942bc6a43 Improve InsecureJavaMail.qhelp references 2020-07-29 01:45:27 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
Tom Hvitved
d39a33655f C#: Fix false-positives in cs/dereferenced-value-may-be-null 
Dereferencing an expression of a nullable type should only be reported when
the expression is not clearly non-null.
 2020-07-28 16:27:36 +02:00
Shati Patel
a79f09f1de Add basic query for Go 2020-07-28 15:25:59 +02:00
Shati Patel
8e8c43a25b Add basic query for JavaScript 2020-07-28 13:54:06 +02:00
Shati Patel
9edf1646c9 Add basic queries for C#, Java, and Python 2020-07-28 12:18:45 +02:00
Shati Patel
0f3599039f Update docs/language/learn-ql/cpp/basic-query-cpp.rst 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-07-28 11:49:17 +02:00
Tom Hvitved
ce2368de96 C#: Add tests for null-coalescing assignment 2020-07-28 11:07:47 +02:00
Tom Hvitved
c5a4a6be05 Merge pull request #3871 from hvitved/csharp/autobuilder/dotnet-delegate 
C#: Introduce delegate type in autobuilder
 2020-07-27 16:51:24 +02:00
Taus
f40242dc3f Merge pull request #3396 from porcupineyhairs/python-ssti 
Python : Add query to detect Server Side Template Injection
 2020-07-27 14:43:39 +02:00
Max Schaefer
91762ec274 JavaScript: Add partial model for opener. 
3.5M weekly downloads.

Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
 2020-07-27 11:42:32 +01:00
Max Schaefer
9aa26fa4bc JavaScript: Add model for foreground-child. 
>1M weekly downloads, so seems worth doing.
 2020-07-27 11:37:06 +01:00
Max Schaefer
2f842042ea JavaScript: Model another execa function relevant for command injection. 2020-07-27 11:34:04 +01:00
Tom Hvitved
f5c1de8a17 Merge pull request #3960 from calumgrant/cs/tag-inefficient-containskey 
C#: Fix tags typo
 2020-07-27 11:44:58 +02:00
Calum Grant
09f45ac9fe Merge pull request #3877 from calumgrant/cs/autobuilder-alerts 
C#: Make fields readonly
 2020-07-27 10:43:04 +01:00
Shati Patel
db09ca7b68 Update queries + outdated note 2020-07-27 11:42:10 +02:00
Shati Patel
bb05db5c98 Convert C/C++ article 2020-07-24 12:07:17 +02:00
Porcupiney Hairs
7a71ca3e0f fix tests. 2020-07-24 00:57:19 +05:30
Rasmus Wriedt Larsen
c49311e69e Python: Fix JinjaSSTISinks.expected 2020-07-23 20:11:27 +02:00
Rasmus Wriedt Larsen
03d22fa8e3 Python: Fix filenames in qhelp 2020-07-23 17:32:01 +02:00
Rasmus Wriedt Larsen
e283d289fd Python: Update TemplateInjection.qhelp 
Moved things around so there is only a single `<example>` tag (and had to rewrite contents a bit).
 2020-07-23 17:23:26 +02:00