hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,706 Commits 1,703 Branches 162 Tags
c105d719523dd1bf680c320dbba5845c915fc657
Commit Graph

31706 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mc
c105d71952 Update InsecureTrustManager.qhelp 
Fixed typos and carried out and editorial review
 2022-01-20 10:24:46 +01:00
Tony Torralba
7a1a45f5f9 QLDoc 2022-01-20 10:24:46 +01:00
Tony Torralba
77c2b43560 Add change note and severity score 2022-01-20 10:24:43 +01:00
Tony Torralba
d58bb4753e Refactor tests 2022-01-20 10:23:19 +01:00
Tony Torralba
ab4dc30f54 Refactor into libraries 2022-01-20 10:23:18 +01:00
Tony Torralba
7cd05fb685 Move from experimental 2022-01-20 10:23:18 +01:00
Michael Nebel
547f492be0 Merge pull request #7577 from michaelnebel/csharp/line-pragma 
C#: Make support for Line span pragma
 2022-01-20 09:51:57 +01:00
Tom Hvitved
70f4efb834 Merge pull request #7646 from hvitved/csharp/roslyn-tuple-elements-workaround 
C#: Workaround Roslyn bug in `INamedTypeSymbol.TupleElements`
 2022-01-19 19:54:29 +01:00
Mathias Vorreiter Pedersen
40c8881575 Merge pull request #7472 from erik-krogh/redundant-aggregate 
QL-for-QL: Add a could-be-cast query
 2022-01-19 15:48:00 +00:00
Henry Mercer
58b1a6fd40 Merge pull request #7655 from github/henrymercer/bump-atm-query-pack-v0.0.6 
JS: Bump ML-powered query packs to v0.0.6
 2022-01-19 15:44:55 +00:00
Tom Hvitved
7e3f3c6e2a Merge pull request #7515 from hvitved/csharp/extraction-mode 
C#: Introduce extractor mode to identify DBs created with `codeql test run`
 2022-01-19 16:04:57 +01:00
Chris Smowton
162b3822dd Merge pull request #7613 from github/smowton/admin/tag-random-used-once 
Remove security-severity tag to java/random-used-once
 2022-01-19 14:43:08 +00:00
Henry Mercer
c134e6c9ef JS: Bump ML-powered query packs to v0.0.6 2022-01-19 14:40:42 +00:00
Chris Smowton
c63fcb2c69 Add change note 2022-01-19 14:13:45 +00:00
Chris Smowton
f0645a34b9 Remove security-severity tag instead 
This leaves the Java query in the same state as its C# cousin.
 2022-01-19 14:06:40 +00:00
Tom Hvitved
cb098df4ea Merge pull request #7334 from github/hmac/regexp-interpolations 
Ruby: Resolve simple string interpolations
 2022-01-19 14:43:58 +01:00
Mathias Vorreiter Pedersen
dfbde23821 Merge pull request #7627 from geoffw0/nullterm5 
C++: Fix branch related FPs in cpp/improper-null-termination.
 2022-01-19 13:30:05 +00:00
Tom Hvitved
dacb33d1dd C#: Adjust Roslyn workaround 2022-01-19 14:12:21 +01:00
Geoffrey White
0230494799 C++: Expand QLDoc comment. 2022-01-19 13:07:55 +00:00
Henry Mercer
061b9badfe Merge pull request #7649 from github/henrymercer/bump-atm-query-pack-v0.0.5 
JS: Bump ML-powered query packs to v0.0.5
 2022-01-19 13:00:41 +00:00
Michael Nebel
d7cd1cf0b9 C#: Address review comments. 2022-01-19 13:50:02 +01:00
Tom Hvitved
4f90b45dd7 C#: Address review comments 2022-01-19 13:46:22 +01:00
Tom Hvitved
c8509cc382 C#: Introduce extractor mode to identify DBs created with codeql test run 2022-01-19 13:46:22 +01:00
Henry Mercer
d467725ccd JS: Bump ML-powered query packs to v0.0.5 2022-01-19 12:08:33 +00:00
Michael Nebel
3df30545d3 Merge pull request #7628 from michaelnebel/csharp/issue-7609 
C#: Fix false positive alert for shadowing on record types.
 2022-01-19 12:24:57 +01:00
Tom Hvitved
71ddd00a6c C#: Workaround Roslyn bug in INamedTypeSymbol.TupleElements 2022-01-19 11:33:03 +01:00
Michael Nebel
edafdc8fde C#: Added change note. 2022-01-19 11:04:53 +01:00
Michael Nebel
194da454b1 C#: Add record deconstruct method as an exception from the bad practice rule. 2022-01-19 11:04:53 +01:00
Michael Nebel
2eea6ca5fd C#: Example record type with autogenerated Deconstruct method. 2022-01-19 11:04:53 +01:00
Mathias Vorreiter Pedersen
bdfde88e99 Merge pull request #7630 from JarLob/patch-2 
C++: Reduce FPs in IncorrectPrivilegeAssignment.ql
 2022-01-19 09:49:43 +00:00
Michael Nebel
55f787bcae Merge pull request #7605 from michaelnebel/csharp/record-struct 
C#: Support for record structs
 2022-01-19 10:39:52 +01:00
Harry Maclean
994fcf54b5 Merge pull request #7126 from jeffgran/jg/graphql-ruby 
Ruby: Add support for GraphQL
 2022-01-19 22:19:30 +13:00
Harry Maclean
08d48b9375 Add top-level doc comment to GraphQL.qll 2022-01-19 21:42:46 +13:00
Tony Torralba
b2c7175ac5 Merge pull request #7641 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-19 09:34:01 +01:00
Tom Hvitved
f02aeafef1 Ruby: Move regex/non-regex split into TAstNode to convey disjointness 2022-01-19 09:22:01 +01:00
github-actions[bot]
f7240be136 Add changed framework coverage reports 2022-01-19 00:09:52 +00:00
Jaroslav Lobačevski
a1b0315d90 Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 2022-01-19 00:52:10 +01:00
Harry Maclean
4f7f92490a Distinguish regex components from strings 
Create a set of classes for components of regex literals,
separate from those of string literals. This allows us to special-case
components of free-spacing regexes (ones with the /x flag) to not have a
`getValueText()`.

This in turn is useful because our regex parser can't handle free-spacing
regexes, so excluding them ensures that we don't generate erroneous
ReDoS alerts.
 2022-01-19 11:23:40 +13:00
Jaroslav Lobačevski
3fa2516898 Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 2022-01-18 21:47:55 +01:00
Jaroslav Lobačevski
d1c89562b8 Apply suggestions from code review 2022-01-18 21:45:13 +01:00
Chris Smowton
84097468cc Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch 
Java: CWE-552 Query to detect unsafe request dispatcher usage
 2022-01-18 18:19:20 +00:00
Henry Mercer
63672ca394 Merge pull request #7616 from github/henrymercer/js-atm-add-query-help 
JS: Add query help for ML-powered queries
 2022-01-18 18:11:53 +00:00
Chris Smowton
1e32514600 Avoid using this for a non-extending supertype, and remove needless casts 2022-01-18 17:20:40 +00:00
Chris Smowton
d744cf9053 Clean up guard logic: 
* Always sanitize after the second guard, not the first
* Only check basic-block dominance in one place
* One BarrierGuard extension per final guard
 2022-01-18 17:10:06 +00:00
Chris Smowton
748008ad51 Remove dangling reference to UnsafeRequestPath.java 2022-01-18 17:08:38 +00:00
luchua-bc
a3d65a8ed0 Update recommendation in qldoc and make examples more comprehendible 2022-01-18 17:01:26 +00:00
Geoffrey White
982fb8f73a C++: Add change note. 2022-01-18 16:38:44 +00:00
Robert Marsh
024bd27485 Merge pull request #7578 from MathiasVP/store-dest-should-not-be-use 
C++: Store destinations should not be uses for dataflow SSA
 2022-01-18 11:36:15 -05:00
Jeff Gran
47697f59c1 Ruby: Add classes for detecting user input from graphql-ruby 2022-01-18 09:13:58 -07:00
CodeQL CI
1912c56f82 Merge pull request #7631 from RasmusWL/sqlalchemy-scoped-session 
Approved by tausbn
 2022-01-18 14:31:49 +00:00