hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,394 Commits 1,741 Branches 165 Tags
b7774b2a82ea1d034cf269c9f87d005e5d212665
Commit Graph

15394 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
8e8c65a164 Merge pull request #4146 from jbj/partiallyDefinesVariableAt 
C++: Fix two join orders in FlowVar.qll
 2020-09-02 13:11:29 +02:00
Erik Krogh Kristensen
a24db09418 only flag unused array-destructs if it is the last variable 2020-09-02 11:40:35 +02:00
CodeQL CI
48a1ee6233 Merge pull request #4130 from erik-krogh/bbFix 
Approved by asgerf
 2020-09-02 10:38:50 +01:00
Calum Grant
29b3759655 Merge pull request #3961 from tausbn/python-add-typetracker 
Python: Add type tracker and step summary implementation.
 2020-09-02 09:42:14 +01:00
Jonas Jensen
db45b29806 Merge pull request #4102 from rdmarsh2/rdmarsh2/cpp/input-iterators-1 
C++: Basic input iterator models
 2020-09-02 07:57:35 +02:00
ubuntu
042d07161c Rename getQueryCall to getQueryCallSink 2020-09-01 22:43:31 +02:00
ubuntu
15562e4814 Update LdapjsSearchOptions 2020-09-01 22:28:58 +02:00
ubuntu
e2e55455c1 Update LdapjsSearchOptions and getQueryCall 2020-09-01 22:23:07 +02:00
Robert Marsh
015bf6e879 C++: Add reverse flow when this ptr is returned 2020-09-01 13:08:44 -07:00
Robert Marsh
2a57fa22e3 C++: handle reference args to iterator operators 2020-09-01 12:52:01 -07:00
Alessio Della Libera
8f00acd4e2 Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 21:00:49 +02:00
Alessio Della Libera
78ebcee570 Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 21:00:38 +02:00
Alessio Della Libera
b86b9ba510 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 21:00:21 +02:00
Alessio Della Libera
28729915d7 Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 20:56:25 +02:00
Alessio Della Libera
1b50477fae Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 20:55:44 +02:00
Alessio Della Libera
44e728016b Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-01 20:54:58 +02:00
Erik Krogh Kristensen
6cbdc7ad8f autoformat 2020-09-01 20:16:49 +02:00
Anders Schack-Mulligen
cc61e6117e Merge pull request #3542 from porcupineyhairs/mongoJava 
Java : add MongoDB injection sinks
 2020-09-01 16:19:17 +02:00
CodeQL CI
311e62f21d Merge pull request #4081 from aschackmull/java/dispatch-ctx-this-param 
Approved by aibaars
 2020-09-01 15:06:47 +01:00
Ian Lynagh
1cba09dde2 C++: Remove some remnants of the extractor CFG 2020-09-01 14:49:36 +01:00
yoff
caa680c72e Merge pull request #4149 from RasmusWL/python-more-additional-taint-steps 
Python: more additional taint steps
 2020-09-01 14:38:33 +02:00
Taus Brock-Nannestad
6a96c53d15 Python: Add missing getNode invocation 2020-09-01 14:04:31 +02:00
Taus Brock-Nannestad
26d14aba98 Python: Use nodeFrom/nodeTo instead of pred/succ 2020-09-01 14:00:30 +02:00
CodeQL CI
b9a6183ec2 Merge pull request #4175 from aschackmull/java/adjust-cwe-089-qltest 
Approved by aibaars
 2020-09-01 12:43:56 +01:00
Erik Krogh Kristensen
2628c05e43 split out comment over multiple lines 2020-09-01 13:12:44 +02:00
Erik Krogh Kristensen
c6947320ea use isAsyncOrGenerator instead of isOrdinary 2020-09-01 13:11:44 +02:00
Arthur Baars
2729d109a5 Merge pull request #4123 from aschackmull/java/records-dataflow 
Java: Add data flow for record getters.
 2020-09-01 13:02:24 +02:00
Anders Schack-Mulligen
e5d7208c12 Java: Adjust a few qltests. 2020-09-01 12:49:09 +02:00
Arthur Baars
aedfa47cb4 Add missing QHelp files 2020-09-01 12:46:57 +02:00
Rasmus Wriedt Larsen
c5e3333d10 Python: Update expected tests after last commit 
I'm pushing too fast it seems
 2020-09-01 12:01:34 +02:00
Rasmus Wriedt Larsen
e0cfe8123e Python: Update comments for new taint tests 
I see I didn't keep them up to date as I implemented things
 2020-09-01 11:58:26 +02:00
Rasmus Wriedt Larsen
cda88a5e64 Python: Refactor: use DataFlow::Node.asExpr() 2020-09-01 11:53:06 +02:00
Rasmus Wriedt Larsen
ddc55a18cf Python: Fix taint handling of copy.deepcopy 
(test results didn't change)

Thanks @yoff 👍
 2020-09-01 11:50:46 +02:00
Rasmus Wriedt Larsen
e5a361c230 Python: Better taint tests for copy.deepcopy 2020-09-01 11:50:33 +02:00
Mathias Vorreiter Pedersen
aa3b268525 Merge pull request #4162 from jbj/ssa-ref-parameters 
C++: SSA and range analysis for reference parameters
 2020-09-01 11:48:41 +02:00
Anders Schack-Mulligen
82692876d8 Java: Add some test cases. 2020-09-01 11:24:30 +02:00
Anders Schack-Mulligen
c25dd4be8c Merge pull request #3363 from ggolawski/xslt-injection 
CodeQL query to detect XSLT injections
 2020-09-01 11:03:19 +02:00
Anders Schack-Mulligen
1dae99e4a5 Merge pull request #3543 from porcupineyhairs/WebsocketReadAsSource 
Java: add websocket reads as remote flow source.
 2020-09-01 10:58:02 +02:00
Anders Schack-Mulligen
beca44ec2f Merge pull request #4172 from rvermeulen/java/xss-sink-extensible 
Java: Customizable XSS analysis
 2020-09-01 09:27:50 +02:00
Robert Marsh
87b657054f C++: reverse flow for iterator operator qualifiers 2020-08-31 14:53:05 -07:00
Robert Marsh
d4cf92e374 C++: Improve non-member iterator operator detection 2020-08-31 14:52:29 -07:00
Robert Marsh
10005dd199 Merge branch 'main' into rdmarsh2/cpp/input-iterators-1Merge changes to input/output models for functions that return thisand resolve conflicting changes to taint tests. 2020-08-31 14:49:01 -07:00
Remco Vermeulen
2bdd3d7712 Apply qldoc suggestions 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-08-31 17:28:51 +02:00
Taus Brock-Nannestad
ec64606d5a Python: Remove CopyStep branch type 2020-08-31 17:23:02 +02:00
Taus Brock-Nannestad
eb6443df21 Merge branch 'python-add-typetracker' of github.com:tausbn/ql into python-add-typetracker 2020-08-31 17:22:13 +02:00
Taus
8e1f99af99 Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-08-31 17:20:12 +02:00
Taus Brock-Nannestad
3547c70d35 Python: Add tests with redefinition of fields/variables 2020-08-31 17:17:37 +02:00
Taus Brock-Nannestad
06103f4ff2 Python: Consistently use attribute/attr 2020-08-31 17:16:31 +02:00
CodeQL CI
35494ab97c Merge pull request #4171 from max-schaefer/js/promise-flow-public 
Approved by erik-krogh
 2020-08-31 15:15:27 +01:00
CodeQL CI
79e87a6c3d Merge pull request #4088 from aschackmull/java/string-formatted 
Approved by aibaars
 2020-08-31 15:02:49 +01:00