hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,073 Commits 1,671 Branches 157 Tags
b513033e0f5f176289d30ff045f7af6947b0345c
Commit Graph

29073 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
b513033e0f Merge pull request #7021 from erik-krogh/cwe326 
JS: Add insufficient key size query
 2021-11-11 12:17:04 +01:00
Erik Krogh Kristensen
891694b50a Merge pull request #5908 from erik-krogh/protoLib 
JS: Add library input as source to js/prototype-polluting-assignment
 2021-11-11 12:04:05 +01:00
Erik Krogh Kristensen
140a70f9df Merge pull request #7029 from erik-krogh/cwe384 
JS: add js/session-fixation query
 2021-11-11 11:59:52 +01:00
Erik Krogh Kristensen
0bf055fbec Merge pull request #7103 from erik-krogh/add-cwe532-to-cleartextlogging 
JS: add CWE-532 to the js/clear-text-logging query
 2021-11-11 11:59:16 +01:00
Mathias Vorreiter Pedersen
bf9b8cfff0 Merge pull request #6947 from ihsinme/ihsinme-patch-077 
CPP: Add query for CWE-377 Insecure Temporary File
 2021-11-11 09:02:04 +00:00
Mathias Vorreiter Pedersen
e0b876d2f6 Merge pull request #7102 from MathiasVP/fix-map-test 
C++: Fix a testcase
 2021-11-10 13:51:10 +00:00
Mathias Vorreiter Pedersen
ccdaf49464 C++: Fix the same bug in the test for ordered maps. 2021-11-10 13:24:27 +00:00
Erik Krogh Kristensen
55434653f5 add CWE-532 to the clear-text-logging query 2021-11-10 14:15:49 +01:00
Mathias Vorreiter Pedersen
86d78b34aa C++: Use the correct variable in the 'test'. 2021-11-10 13:04:48 +00:00
Rasmus Wriedt Larsen
de926dc2a1 Merge pull request #7085 from yoff/python/model-aiopg 
Python: model aiopg
 2021-11-10 13:10:30 +01:00
Benjamin Muskalla
0f086056a1 Merge pull request #7100 from bmuskalla/bmuskalla/ioAsFile 
Java: Extract Commons IO into seperate file
 2021-11-10 12:04:12 +01:00
Rasmus Lerchedahl Petersen
92a7114b72 Python: Add API references 2021-11-10 11:06:58 +01:00
Rasmus Lerchedahl Petersen
c6d285dd2a Python: Fix test 2021-11-10 11:06:45 +01:00
yoff
a856395d56 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-10 10:51:40 +01:00
Benjamin Muskalla
f9fa22c14d Removed unused import 2021-11-10 10:21:54 +01:00
Benjamin Muskalla
1a751608de Extract Commons IO into seperate file 2021-11-10 10:15:27 +01:00
Tony Torralba
4da1dce811 Merge pull request #7099 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-11-10 08:54:11 +01:00
Erik Krogh Kristensen
ab5d9459c7 Update javascript/ql/src/Security/CWE-384/SessionFixation.qhelp 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2021-11-10 08:24:46 +01:00
ihsinme
a0448240aa Update InsecureTemporaryFile.expected 2021-11-10 09:23:51 +03:00
ihsinme
7514fe2b45 Update test.cpp 2021-11-10 09:22:58 +03:00
ihsinme
289d58745a Update InsecureTemporaryFile.ql 2021-11-10 09:22:03 +03:00
github-actions[bot]
f5426336c3 Add changed framework coverage reports 2021-11-10 00:09:06 +00:00
Tom Hvitved
8195ebf4b3 Merge pull request #7059 from hvitved/ruby/basic-store-step-postupdate 
Ruby: Fix `basicStoreStep`
 2021-11-09 15:16:07 +01:00
Benjamin Muskalla
40e47c0ea3 Merge pull request #7082 from bmuskalla/filterOutputStream 
Java: Model taint for `FilterOutputStream`
 2021-11-09 15:06:15 +01:00
Benjamin Muskalla
bfe2e2e0b9 Model taint for FilterOutputStream 2021-11-09 14:21:50 +01:00
Rasmus Wriedt Larsen
1e31416049 Merge pull request #7031 from yoff/python/taint-through-with 
Python: Taint through `async with`
 2021-11-09 14:08:07 +01:00
Alex Ford
c708b6b76f Merge pull request #7077 from github/ruby/downgrade-hardcoded-credentials 
Ruby: Downgrade `rb/hardcoded-credentials` precision from high to medium
 2021-11-09 12:08:10 +00:00
Rasmus Lerchedahl Petersen
ac5a46f24f Python: split test as suggested in review 2021-11-09 13:04:52 +01:00
yoff
5f4aad40c1 Update python/ql/test/experimental/meta/InlineTaintTest.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-09 13:00:35 +01:00
Rasmus Lerchedahl Petersen
aa1541a5c3 Python: add changenote 2021-11-09 12:57:36 +01:00
Rasmus Lerchedahl Petersen
a58c47b07b Python: model aiopg.sa 2021-11-09 12:49:57 +01:00
Rasmus Lerchedahl Petersen
f53314019a Python: test aiopg.sa 2021-11-09 12:42:03 +01:00
CodeQL CI
d9d304fc13 Merge pull request #7076 from asgerf/js/tainted-path-regexp-guard2 
Approved by erik-krogh
 2021-11-09 03:40:37 -08:00
Rasmus Lerchedahl Petersen
cd332a75fc Python: model aiopg 2021-11-09 12:32:21 +01:00
Erik Krogh Kristensen
56a7c8b163 fix typo in change note 
Co-authored-by: Asger F <asgerf@github.com>
 2021-11-09 12:06:29 +01:00
Rasmus Lerchedahl Petersen
cb8f1b4593 Python: Add tests for aiopg 2021-11-09 11:49:31 +01:00
Geoffrey White
d9e02e83fe Merge pull request #6825 from MathiasVP/use-shared-ssa-in-ir-dataflow 
C++: Redesign IR dataflow using the shared SSA library
 2021-11-09 10:19:50 +00:00
James Fletcher
1bacce487e Merge pull request #7056 from jf205/sarif-query-help 
Add new option to database analyze tutorial
 2021-11-09 10:19:29 +00:00
CodeQL CI
954fd8d6f7 Merge pull request #7081 from github/revert-6924-js/skip-files-with-unsupported-encoding 
Approved by esbena
 2021-11-09 02:18:16 -08:00
Erik Krogh Kristensen
8727060ca7 add comment about modes of operation 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-09 11:15:12 +01:00
Asger F
0c6680b2c0 Revert "JS: Skip files with unsupported file encoding" 2021-11-09 09:07:54 +00:00
ihsinme
55fe01018f Update InsecureTemporaryFile.ql 2021-11-09 09:33:33 +03:00
Asger Feldthaus
f14f9449ee JS: Use getAMatchedString instead of getConstantString 2021-11-08 15:35:35 +01:00
Asger Feldthaus
b3e64f1669 JS: Add test 2021-11-08 15:32:43 +01:00
Erik Krogh Kristensen
330c2c42b5 Merge pull request #7075 from erik-krogh/cwe297 
JS: add cwe-297 to `js/disabling-certificate-validation`
 2021-11-08 14:35:58 +01:00
Erik Krogh Kristensen
5cafb86c88 Merge pull request #7074 from erik-krogh/cwe942 
JS: add cwe-942 to `js/cors-misconfiguration-for-credentials`
 2021-11-08 14:35:53 +01:00
Rasmus Lerchedahl Petersen
3f4c2ba24e Python: Support debugging inline taint tests 
The module `Conf` is created so that it can be imported
without importing the query predicates from the same file.
 2021-11-08 14:08:11 +01:00
Anders Schack-Mulligen
1e0eb2f6e4 Merge pull request #7072 from aschackmull/java/nomagic-synchsetunsynchget 
Java: Fix bad magic in SynchSetUnsynchGet.
 2021-11-08 13:48:22 +01:00
Alex Ford
2581efc18a ruby: downgrade rb/hardcoded-credentials precision from high to medium 2021-11-08 12:32:38 +00:00
Erik Krogh Kristensen
a2175a3207 add cwe-297 to js/disabling-certificate-validation 2021-11-08 13:26:53 +01:00