hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 14:36:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,790 Commits 1,711 Branches 163 Tags
c4e244eb80204cd511152274404ce859f6eb69ca
Commit Graph

22790 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
c4e244eb80 Python: Add getAwaited to API::Node 
I _really_ wanted to call this `.await()`, but that did not fit in with
the convention, or the corresponding `getPromised` in JS.

54f191cfe3/javascript/ql/src/semmle/javascript/ApiGraphs.qll (L184)
 2021-05-21 17:11:20 +02:00
Rasmus Wriedt Larsen
e29b7568bf Python: Add missing QLDoc for subclass label 2021-05-21 16:17:17 +02:00
Rasmus Wriedt Larsen
2408573a0a Python: Add API graph test for calling coroutines 2021-05-21 16:08:15 +02:00
Rasmus Wriedt Larsen
7a5fd02442 Python: API graph tests: add --max-import-depth=1 
Before this, I ended up extracting 454 modules locally 😱
 2021-05-21 15:58:15 +02:00
Rasmus Wriedt Larsen
9a4709c134 Python: API graph tests: Disallow results outside project 
Running the tests locally would result in thousands of results before
this 😱
 2021-05-21 15:57:10 +02:00
Rasmus Wriedt Larsen
0292ca6b67 Merge pull request #5880 from tausbn/python-limit-builtins 
Python: Limit set of globals that may be built-ins
 2021-05-20 14:47:22 +02:00
Tom Hvitved
2a7ceb2e19 Merge pull request #5928 from hvitved/python/type-tracker-split 
Python: Split up `(small)step` into intra/interprocedural predicates
 2021-05-20 14:13:44 +02:00
Tom Hvitved
1fc95a68ca Python: Add more type tracking QL doc 2021-05-20 13:47:23 +02:00
Taus
c4bb3c27e0 Python: Update python/ql/src/semmle/python/ApiGraphs.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-05-20 13:14:09 +02:00
CodeQL CI
17afbdf258 Merge pull request #5635 from RasmusWL/port-weak-crypto-algorithm 
Approved by yoff
 2021-05-20 01:22:32 -07:00
Tom Hvitved
f63c1d2383 Python: Split up (small)step into intra/interprocedural predicates 2021-05-19 19:59:25 +02:00
Rasmus Wriedt Larsen
753dca91b1 Python: weak-crypto: Make algorithm selection less brittle 
As discussed in https://github.com/github/codeql/pull/5635#discussion_r633477154
 2021-05-19 17:47:09 +02:00
Rasmus Wriedt Larsen
22d4d7956a Python: Fix typo in QLDoc 2021-05-19 17:47:05 +02:00
Rasmus Wriedt Larsen
8d1e7da851 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-05-19 17:42:46 +02:00
Taus
75a43e76e8 Python: Address review comments. 
- Removes the version check on the set of built-in names.
- Renames the predicate used to represent said set.
- Documents how these lists of names were obtained.
- Gets rid of a superfluous import.
 2021-05-19 11:54:47 +00:00
Mathias Vorreiter Pedersen
c4f604bafe Merge pull request #5896 from geoffw0/weak_crypto 
C++: Improve cpp/weak-cryptographic-algorithm
 2021-05-19 13:17:13 +02:00
Alexander Eyers-Taylor
c80495fbdd Merge pull request #5851 from github/alexet/patch 
Use only_bind_out to force a good join order.
 2021-05-19 12:00:07 +01:00
CodeQL CI
9bdfdb02d3 Merge pull request #5916 from erik-krogh/scriptSink 
Approved by esbena
 2021-05-19 03:46:17 -07:00
Geoffrey White
aaae717328 Merge branch 'main' into weak_crypto 2021-05-19 11:19:08 +01:00
CodeQL CI
c793ac933a Merge pull request #5921 from erik-krogh/expressChain 
Approved by esbena
 2021-05-19 03:17:40 -07:00
Geoffrey White
e985204a62 C++: Add change note. 2021-05-19 11:14:23 +01:00
CodeQL CI
23e8092452 Merge pull request #5864 from RasmusWL/some-framework-modeling 
Approved by tausbn
 2021-05-19 02:31:06 -07:00
Geoffrey White
e66b5559a4 Merge pull request #5924 from MathiasVP/cleanup-modelFlow 
C++: Remove a disjunction from `modelFlow`
 2021-05-19 10:12:20 +01:00
Geoffrey White
99833f16e1 Merge pull request #5923 from MathiasVP/range-analysis-in-overflow-static 
C++: Add range analysis to `cpp/static-buffer-overflow`
 2021-05-19 10:12:02 +01:00
Mathias Vorreiter Pedersen
4d00513606 C++: Use the isParameterDerefOrQualifierObject predicate to remove a disjunction. 2021-05-19 10:47:04 +02:00
Mathias Vorreiter Pedersen
741eed93b2 C++: Replace minimum(any(...)) with a min aggregate. Also removed the min aggregate further down since it's no longer needed. 2021-05-19 09:03:05 +02:00
yoff
60da193620 Update python/ql/src/semmle/python/frameworks/Cryptodome.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-05-19 08:08:59 +02:00
Erik Krogh Kristensen
9a1f80aa93 accept updated test output for express test 2021-05-18 22:23:29 +02:00
Erik Krogh Kristensen
e9d2dd0b57 support the chaining methods on Express apps 2021-05-18 22:23:27 +02:00
Chris Smowton
0c970b5f1f Merge pull request #5802 from luchua-bc/java/rhino-injection 
Java: CWE-094 Rhino code injection
 2021-05-18 19:25:53 +01:00
Mathias Vorreiter Pedersen
6103aabdce C++: Add change-note. 2021-05-18 19:17:11 +02:00
luchua-bc
02aa9c6fc7 Optimize the sink and update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
d4323a4a54 Update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
9d392263a5 Refactor inconsistent method names 2021-05-18 16:12:23 +00:00
luchua-bc
2fa249a8eb Update method name and qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
2c1374bdcf Use inline implementation for ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
0ac8453398 Allow all arguments of methods in ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
e4699f7fa9 Optimize the query 2021-05-18 16:12:22 +00:00
luchua-bc
d664aa6d6a Include more scenarios and update qldoc 2021-05-18 16:12:22 +00:00
luchua-bc
852bcfb5c7 Refactor the ScriptEngine query and the Rhino code injection query into one 2021-05-18 16:12:22 +00:00
luchua-bc
b0b5338359 Rhino code injection 2021-05-18 16:12:22 +00:00
Mathias Vorreiter Pedersen
26c4a66dc4 C++: Add range analysis to fix FPs. 2021-05-18 17:54:30 +02:00
Mathias Vorreiter Pedersen
df9981de4f C++: Add testcases with false positives. 2021-05-18 17:53:20 +02:00
Ethan Palm
9deaace756 Merge pull request #5898 from ethanpalm/go-build-commands 
Docs: Document Go tracer support
 2021-05-18 11:49:31 -04:00
Ethan Palm
610e041e28 Add reviewer feedback 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2021-05-18 11:42:08 -04:00
Chris Smowton
4230869ee2 Merge pull request #5819 from luchua-bc/java/jpython-injection 
Java: CWE-094 Jython code injection
 2021-05-18 16:38:40 +01:00
Chris Smowton
71f540a755 Merge pull request #5844 from haby0/SpringRedirects 
[Java] CWE-601 Spring url redirection detect
 2021-05-18 16:37:40 +01:00
Geoffrey White
cdf261b54b C++: In fact it's just not good enough to get additional evidence from the declaring type. 2021-05-18 14:31:19 +01:00
Geoffrey White
88dc0861ac C++: Fix copy-paste error. 2021-05-18 14:27:31 +01:00
Geoffrey White
c7382ee06d C++: Repair for function call macros. 2021-05-18 14:27:08 +01:00