hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-19 03:41:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,386 Commits 1,781 Branches 169 Tags
bbbb5268ce8077b800982b767e0b287d16df37a7
Commit Graph

32386 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
6388ac5f1d C++: Add tests. 2021-11-09 18:41:57 +00:00
Geoffrey White
d2b18d952d C++: Add qhelp. 2021-11-09 18:41:56 +00:00
Geoffrey White
bd1e708c5d C++: First version of cpp/non-https-url. 2021-11-09 18:33:49 +00:00
Rasmus Wriedt Larsen
985cd1ebdb Python: Port py/request-without-cert-validation to use API graphs 2021-11-09 16:37:50 +01:00
Rasmus Wriedt Larsen
59581690fd Python: Add py/request-without-cert-validation tests 2021-11-09 16:29:57 +01:00
Rasmus Wriedt Larsen
9710aeecbf Python/C#: Add CWE-1333 to redos queries 
As is already done in JS and Ruby.
 2021-11-09 16:10:38 +01:00
Anders Schack-Mulligen
1efe1e0d10 Java: Improve algorithm for subtyping of parameterized types. 2021-11-09 15:49:17 +01:00
Tom Hvitved
7178a98e45 Ruby: Rename pruneUseNode{Fwd,Rev} 2021-11-09 15:16:36 +01:00
Tom Hvitved
30251740e3 Ruby: Prune nodes before computing trackUseNode 2021-11-09 15:16:36 +01:00
Tom Hvitved
8195ebf4b3 Merge pull request #7059 from hvitved/ruby/basic-store-step-postupdate 
Ruby: Fix `basicStoreStep`
 2021-11-09 15:16:07 +01:00
Alex Ford
556cdbaa21 ruby: QL format 2021-11-09 14:09:11 +00:00
Alex Ford
37775407a9 ruby: drop a redundant bit of documentation 2021-11-09 14:07:00 +00:00
Alex Ford
340897f262 ruby: drop unnecessary variable 2021-11-09 14:06:21 +00:00
Alex Ford
a23750a9c7 ruby: inline some predicates 2021-11-09 14:06:21 +00:00
Benjamin Muskalla
40e47c0ea3 Merge pull request #7082 from bmuskalla/filterOutputStream 
Java: Model taint for `FilterOutputStream`
 2021-11-09 15:06:15 +01:00
Alex Ford
c65d1d9a50 ruby: CSRFProtectionDisabled.qhelp fixes 
Co-authored-by: Harry Maclean <hmac@github.com>
 2021-11-09 14:05:41 +00:00
Rasmus Wriedt Larsen
f70e4fea55 Python: Add interesting path-injection FP 2021-11-09 14:53:32 +01:00
Mathias Vorreiter Pedersen
10bca3544c C++: Change 'annotate_path_to_sink' so that you now annotate a ir-path with the previous node (instead of its source). This gives a better overview of the path. 2021-11-09 13:49:12 +00:00
Benjamin Muskalla
bfe2e2e0b9 Model taint for FilterOutputStream 2021-11-09 14:21:50 +01:00
Rasmus Wriedt Larsen
1e31416049 Merge pull request #7031 from yoff/python/taint-through-with 
Python: Taint through `async with`
 2021-11-09 14:08:07 +01:00
Alex Ford
c708b6b76f Merge pull request #7077 from github/ruby/downgrade-hardcoded-credentials 
Ruby: Downgrade `rb/hardcoded-credentials` precision from high to medium
 2021-11-09 12:08:10 +00:00
Rasmus Lerchedahl Petersen
ac5a46f24f Python: split test as suggested in review 2021-11-09 13:04:52 +01:00
yoff
5f4aad40c1 Update python/ql/test/experimental/meta/InlineTaintTest.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-09 13:00:35 +01:00
Rasmus Lerchedahl Petersen
aa1541a5c3 Python: add changenote 2021-11-09 12:57:36 +01:00
Rasmus Lerchedahl Petersen
a58c47b07b Python: model aiopg.sa 2021-11-09 12:49:57 +01:00
Rasmus Lerchedahl Petersen
f53314019a Python: test aiopg.sa 2021-11-09 12:42:03 +01:00
CodeQL CI
d9d304fc13 Merge pull request #7076 from asgerf/js/tainted-path-regexp-guard2 
Approved by erik-krogh
 2021-11-09 03:40:37 -08:00
Rasmus Lerchedahl Petersen
cd332a75fc Python: model aiopg 2021-11-09 12:32:21 +01:00
Erik Krogh Kristensen
56a7c8b163 fix typo in change note 
Co-authored-by: Asger F <asgerf@github.com>
 2021-11-09 12:06:29 +01:00
Asger F
4b82840e9d Revert "JS: Skip files with unsupported file encoding" codeql-cli/v2.7.1 2021-11-09 10:57:01 +00:00
Rasmus Lerchedahl Petersen
cb8f1b4593 Python: Add tests for aiopg 2021-11-09 11:49:31 +01:00
Geoffrey White
d9e02e83fe Merge pull request #6825 from MathiasVP/use-shared-ssa-in-ir-dataflow 
C++: Redesign IR dataflow using the shared SSA library
 2021-11-09 10:19:50 +00:00
James Fletcher
1bacce487e Merge pull request #7056 from jf205/sarif-query-help 
Add new option to database analyze tutorial
 2021-11-09 10:19:29 +00:00
CodeQL CI
954fd8d6f7 Merge pull request #7081 from github/revert-6924-js/skip-files-with-unsupported-encoding 
Approved by esbena
 2021-11-09 02:18:16 -08:00
Erik Krogh Kristensen
8727060ca7 add comment about modes of operation 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-09 11:15:12 +01:00
Asger Feldthaus
87aa39cef2 JS: Limited tracking of object literals with methods 2021-11-09 11:06:41 +01:00
Asger F
0c6680b2c0 Revert "JS: Skip files with unsupported file encoding" 2021-11-09 09:07:54 +00:00
ihsinme
55fe01018f Update InsecureTemporaryFile.ql 2021-11-09 09:33:33 +03:00
Asger Feldthaus
f14f9449ee JS: Use getAMatchedString instead of getConstantString 2021-11-08 15:35:35 +01:00
Asger Feldthaus
b3e64f1669 JS: Add test 2021-11-08 15:32:43 +01:00
Erik Krogh Kristensen
330c2c42b5 Merge pull request #7075 from erik-krogh/cwe297 
JS: add cwe-297 to `js/disabling-certificate-validation`
 2021-11-08 14:35:58 +01:00
Erik Krogh Kristensen
5cafb86c88 Merge pull request #7074 from erik-krogh/cwe942 
JS: add cwe-942 to `js/cors-misconfiguration-for-credentials`
 2021-11-08 14:35:53 +01:00
Rasmus Lerchedahl Petersen
3f4c2ba24e Python: Support debugging inline taint tests 
The module `Conf` is created so that it can be imported
without importing the query predicates from the same file.
 2021-11-08 14:08:11 +01:00
Anders Schack-Mulligen
1e0eb2f6e4 Merge pull request #7072 from aschackmull/java/nomagic-synchsetunsynchget 
Java: Fix bad magic in SynchSetUnsynchGet.
 2021-11-08 13:48:22 +01:00
Alex Ford
2581efc18a ruby: downgrade rb/hardcoded-credentials precision from high to medium 2021-11-08 12:32:38 +00:00
Erik Krogh Kristensen
a2175a3207 add cwe-297 to js/disabling-certificate-validation 2021-11-08 13:26:53 +01:00
Erik Krogh Kristensen
507c8addb2 add cwe-942 to js/cors-misconfiguration-for-credentials 2021-11-08 13:12:19 +01:00
Cornelius Riemenschneider
76d2665132 Merge pull request #7071 from github/criemen/simplify-csharp-tracing-config 
C#: Remove macos compatibility stanzas from tracing config.
 2021-11-08 13:11:44 +01:00
james
96ff2f5125 use correct type of link 2021-11-08 12:06:20 +00:00
james
dfe77f844f fix errors in debugging-data-flow-queries-using-partial-flow.rst 2021-11-08 11:59:53 +00:00