hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,930 Commits 1,712 Branches 163 Tags
c2b1da00104585aecabcfa4c67cb4df64615571a
Commit Graph

24930 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
c2b1da0010 C++: Add FP testcase with an 'new' that has a 'std::nothrow&' parameter, but not a 'noexcept' specifier. This case was previously not reported because of the 'noexcept' specifier, and apparently the 'std::nothrow' case was broken all along. 2021-08-11 15:38:03 +02:00
Tom Hvitved
15db6dfb10 Merge pull request #6431 from hvitved/csharp/silence-xml-extraction 
C#: Silence XML extraction commands
 2021-08-09 09:36:23 +02:00
CodeQL CI
562ba49f4e Merge pull request #6406 from erik-krogh/cleanCfg 
Approved by asgerf
 2021-08-09 00:21:31 -07:00
Tamás Vajk
c1cf2a1c5f Merge pull request #5579 from edvraa/cookies 
C#: HttpOnly and Secure cookie queries
 2021-08-09 08:58:11 +02:00
Shati Patel
8bb47b91b9 Merge pull request #6426 from shati-patel/docs/cwe-coverage 
Docs: Make TOC more visible and add note about CWE coverage
 2021-08-05 15:01:29 +01:00
Shati Patel
97dd88661e Merge pull request #6427 from shati-patel/docs/vscode-tests 
Docs: Mention setting for running tests in VS Code (already shipped)
 2021-08-05 15:01:20 +01:00
Tom Hvitved
5b5ed97421 C#: Silence XML extraction commands 2021-08-05 15:24:01 +02:00
Tom Hvitved
4ee5cc5557 Merge pull request #6428 from hvitved/csharp/xss-nodes 
C#: Add missing `nodes` predicate to XSS queries
 2021-08-05 15:03:22 +02:00
Tom Hvitved
9eb3f28ef1 C#: Add missing nodes predicate to XSS queries 2021-08-05 13:53:52 +02:00
Tom Hvitved
6471092139 Merge pull request #6394 from github/p0/csharp-virtual-dispatch-limit 
C#: Guard against virtual dispatch branching too much.
 2021-08-05 13:20:14 +02:00
shati-patel
dbf49a8257 Docs: Mention setting for running tests in VS Code 2021-08-05 11:27:20 +01:00
shati-patel
09f3001048 Docs: Make TOC more visible and add note about CWE coverage 2021-08-05 10:55:41 +01:00
Anders Schack-Mulligen
c29353db80 Merge pull request #6424 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-05 09:48:53 +02:00
Tony Torralba
0356ed7f9e Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check 
Java: Promote Missing JWT signature check query from experimental
 2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen
1932f604dc Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb 
Add unsafe-deserialization support for Jabsorb
 2021-08-05 09:04:23 +02:00
Erik Krogh Kristensen
d3ea58002d fix a case in union where order wasn't necessarily preserved 2021-08-05 08:48:15 +02:00
Erik Krogh Kristensen
6ca53c8b25 a little more special casing in CFGExtractor union 2021-08-05 08:32:56 +02:00
CodeQL CI
475032780e Merge pull request #6311 from asgerf/js/dom-element-methods 
Approved by erik-krogh
 2021-08-04 23:18:34 -07:00
github-actions[bot]
9d13edb325 Add changed framework coverage reports 2021-08-05 00:08:17 +00:00
Erik Krogh Kristensen
7e422a656a remove unused imports 2021-08-04 23:41:36 +02:00
Erik Krogh Kristensen
ff9943906d micro optimize the hot loops by adding special cases and removing streams 2021-08-04 23:35:58 +02:00
Chris Smowton
1f08c3fe55 Move test files to appropriate package directories 2021-08-04 16:50:03 +01:00
Chris Smowton
5a42448888 Code review suggestions 
- Remove unneeded import
- Remove unnecessary `toLowerCase` call
 2021-08-04 16:08:07 +01:00
Chris Smowton
69549e9ce3 Add unsafe-deserialization support for Jabsorb 
This is partly extracted from https://github.com/github/codeql/pull/5954
 2021-08-04 15:35:50 +01:00
Asger Feldthaus
1b67b43b40 JS: Change note 2021-08-04 16:25:59 +02:00
Asger Feldthaus
00f4694616 JS: Recognize methods returning DOM objects 2021-08-04 16:25:56 +02:00
Anders Schack-Mulligen
5f9f857c34 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:23:21 +02:00
Anders Schack-Mulligen
78998d0ca1 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:22:56 +02:00
Anders Schack-Mulligen
6a09a5667d Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection 
Java: Promote JNDI Injection query from experimental
 2021-08-04 15:48:44 +02:00
Tony Torralba
bc9563c073 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:40:32 +02:00
Tony Torralba
989afb446e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:07:10 +02:00
Tony Torralba
a046d75ea6 Apply suggestions from code review 2021-08-04 13:15:49 +02:00
edvraa
e790ee7c2e Fix formatting 2021-08-04 14:06:27 +03:00
Tony Torralba
452fd9a8e3 Refactor to path query 2021-08-04 13:05:18 +02:00
Anders Schack-Mulligen
fe654dc8ee Merge pull request #6418 from github/cwe-918-add-sec-sev 
Update Security-Severity for CWE-918
 2021-08-04 13:04:40 +02:00
turbo
a8f84da7ac Update Security-Severity for CWE-918 2021-08-04 12:17:21 +02:00
Tony Torralba
b586f3ec9c Make the additional flow step abstract 2021-08-04 12:11:17 +02:00
Tony Torralba
f4bc4df8c1 Renamed JWTQuery so that it's named after the actual query name 2021-08-04 12:08:08 +02:00
Anders Schack-Mulligen
1a078c38ad Merge pull request #6412 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-04 09:58:34 +02:00
github-actions[bot]
8a2acda53c Add changed framework coverage reports 2021-08-04 00:07:10 +00:00
Erik Krogh Kristensen
fe551f1359 remove the last use of createCollection 2021-08-03 21:54:55 +02:00
Robert Marsh
55256d434d Merge pull request #6410 from geoffw0/uncontrolledarithtests 
C++: Clean up the test directories for cpp/uncontrolled-arithmetic
 2021-08-03 12:46:31 -07:00
Geoffrey White
e679eac008 C++: Rename test directories to match the test names, where possible. 2021-08-03 18:43:02 +01:00
Mathias Vorreiter Pedersen
8ce6335383 Merge pull request #6372 from geoffw0/uncontrolledarith 2021-08-03 17:53:39 +02:00
Erik Krogh Kristensen
85d6bfe044 move createCollection to the only place it is used 2021-08-03 16:55:44 +02:00
Erik Krogh Kristensen
ef5ea437c3 remove raw Object type where possible, and simplify accordingly 2021-08-03 16:55:38 +02:00
Geoffrey White
54253bc2eb C++: Resurrect underflow detection, but only on unsigned types. 2021-08-03 15:02:39 +01:00
Chris Smowton
eaf3d3cc03 Merge pull request #6162 from smowton/smowton/feature/jax-rs-content-type-sensitivity-fixes 
Jax-RS: implement content-type tracking
 2021-08-03 14:53:31 +01:00
Geoffrey White
23ba7dcf9c Merge pull request #6141 from ihsinme/ihsinme-patch-276 
CPP: Add a query to find incorrectly used exceptions. 2
 2021-08-03 14:46:39 +01:00
Anders Schack-Mulligen
7fb1e1578e Merge pull request #5894 from atorralba/atorralba/promote-ognl-injection 
Java: Promote OGNL Injection query from experimental
 2021-08-03 15:31:40 +02:00