hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,948 Commits 1,746 Branches 166 Tags
c70997febfc4ea1f4e1ca7f4b11d58f2947892ee
Commit Graph

9948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
c70997febf JS: address review comments for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
eaff78b37e JS: change severity to warning 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
1de1c15919 JS: minor fixups 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
2ad9b843ae JS: fix FP for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
cfd567f01d JS: fix FP for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
9e247921fc JS: add FP tests for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
fef918ac13 JS: add query "Unsafe jQuery plugin" 2020-01-31 19:33:04 +01:00
semmle-qlci
d995d5a4a0 Merge pull request #2716 from esbena/js/additional-koa-requests 
Approved by erik-krogh
 2020-01-31 18:30:42 +00:00
Anders Schack-Mulligen
3b81c3b95c Merge pull request #2651 from ggolawski/java-ldap-injection 
Java LDAP Injection (CWE-90)
 2020-01-31 16:43:52 +01:00
Geoffrey White
c24651c4f8 Merge pull request #2728 from alexet/remove-recursion 
CPP: Avoid uncessary recursion in printf.qll
 2020-01-31 15:38:25 +00:00
alexet
cd688367c7 CPP: Avoid uncessary recursion 2020-01-31 12:47:03 +00:00
Rasmus Wriedt Larsen
72fddaf5ed Merge pull request #2733 from tausbn/python-add-stringvalue 
Python: Extend `Value` API.
 2020-01-31 13:12:14 +01:00
Taus Brock-Nannestad
ba2bbf1788 Python: Extend Value API. 
Adds

- `StringValue` as a new class,
- `Value::booleanValue` which returns the boolean interpretation of the given
  value, and
- `ClassValue::str` which returns the value of the `str` class, depending on the
  Python version.
 2020-01-31 12:33:02 +01:00
Max Schaefer
7855a0b657 Merge pull request #2732 from aschackmull/java/upgrades-qlpack 
Java: Add qlpack.yml in upgrades.
 2020-01-31 10:53:50 +00:00
Anders Schack-Mulligen
18a8c2b220 Java: Add qlpack.yml in upgrades. 2020-01-31 11:39:46 +01:00
semmle-qlci
f8d0b4e602 Merge pull request #2618 from erik-krogh/ExceptionalPromise 
Approved by asgerf
 2020-01-31 07:59:09 +00:00
yo-h
7ca7bdfc46 Merge pull request #2725 from aschackmull/java/sqlinjection-number-barrier 
Java: Add java.lang.Number as a sanitizer for SQL injection.
 2020-01-30 18:25:24 -05:00
yo-h
b542b08c95 Merge pull request #2726 from aschackmull/java/outputstream-write-taint 
Java: Improve taint for OutputStream.write and InputStream.read.
 2020-01-30 18:24:00 -05:00
yo-h
563be9f817 Merge pull request #2719 from aschackmull/java/deprecate-parexpr 
Java: Deprecate ParExpr
 2020-01-30 18:23:13 -05:00
Grzegorz Golawski
3fd8d9eb5c Rename CWE-90 into CWE-090 2020-01-30 22:33:20 +01:00
Grzegorz Golawski
db55ec250a Rename CWE-90 to CWE-090 2020-01-30 22:32:36 +01:00
ggolawski
d065ebddde Merge pull request #3 from aschackmull/java/pr-2651-unittest 
Java: Add unit test for ldap injection.
 2020-01-30 22:23:20 +01:00
Robert Marsh
209a30688a Merge pull request #2718 from jbj/DefaultTaintTracking-isUserInput 
C++: Fix mapping of sources from Expr to Node
 2020-01-30 16:22:48 -05:00
Robert Marsh
b2a87f64eb Merge pull request #2696 from dbartol/dbartol/Indirections 
C++/C#: Alias analysis of indirect parameters
 2020-01-30 11:43:26 -05:00
Anders Schack-Mulligen
2a0a568cbb Java: Remove duplicate class. 2020-01-30 17:04:35 +01:00
yo-h
dd517a433a Merge pull request #2671 from aschackmull/java/null-flow 
Java: Allow null literals as sources in data flow.
 2020-01-30 09:47:46 -05:00
Taus
b89273402d Merge pull request #2701 from RasmusWL/python-modernise-metrics 
Python: modernise import related queries
 2020-01-30 14:37:39 +01:00
Anders Schack-Mulligen
9bea581a23 Java: Improve taint for OutputStream.write and InputStream.read. 2020-01-30 14:29:56 +01:00
semmle-qlci
3158b8401a Merge pull request #2705 from erik-krogh/CVE75 
Approved by asgerf
 2020-01-30 13:07:05 +00:00
semmle-qlci
120b50f497 Merge pull request #2708 from asger-semmle/js/react-flow-through-imports 
Approved by esbena
 2020-01-30 13:05:07 +00:00
Anders Schack-Mulligen
a167577551 Java: Add java.lang.Number as a sanitizer for SQL injection. 2020-01-30 12:01:36 +01:00
Jonas Jensen
d0ac846cac Merge pull request #2721 from aschackmull/java/taintgetter-changenote 
Java/C++/C#: Add change note for taint-getters.
 2020-01-30 11:42:37 +01:00
Jonas Jensen
148e87c61d C++: Put AliasedSSA.qll in new qlformat style 2020-01-30 11:38:16 +01:00
Anders Schack-Mulligen
ea3d7b1b2f Java: Adjust stubs and unit test. 2020-01-30 11:27:33 +01:00
Anders Schack-Mulligen
d8b842298c Java: Autoformat. 2020-01-30 10:54:54 +01:00
Anders Schack-Mulligen
843fd37c75 Java: Add change note. 2020-01-30 10:52:16 +01:00
Anders Schack-Mulligen
75c549baa1 Java: Deprecate ParExpr. 2020-01-30 10:52:16 +01:00
Anders Schack-Mulligen
b7a8d0e903 Apply suggestions from code review 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-01-30 10:41:13 +01:00
Jonas Jensen
f0f752844e Merge remote-tracking branch 'upstream/master' into dbartol/Indirections 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
	csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll
 2020-01-30 10:26:44 +01:00
Jonas Jensen
c4d2163321 Merge pull request #2673 from aschackmull/ql/autoformat-comparisonterm 
Java/C++/C#: Autoformat comparison terms
 2020-01-30 08:47:50 +01:00
Dave Bartolomeo
790cbf0d6b C#: Fix bad merge 2020-01-29 17:32:15 -07:00
Dave Bartolomeo
6249446ba0 Merge remote-tracking branch 'upstream/master' into dbartol/Indirections 2020-01-29 17:29:44 -07:00
Dave Bartolomeo
46c414b53f C++: Document regular expressions in InlineExpectationsTest 2020-01-29 13:24:55 -07:00
Dave Bartolomeo
1277881294 C++: Document InlineExpectationsTest 2020-01-29 13:07:34 -07:00
Esben Sparre Andreasen
31743c42e5 Update javascript/ql/src/semmle/javascript/frameworks/Koa.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-29 20:28:29 +01:00
ggolawski
ebd2b932e8 Update java/ql/src/Security/CWE/CWE-90/LdapInjection.qhelp 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-29 20:05:20 +01:00
Robert Marsh
37570c7750 Merge pull request #2676 from jbj/dataflow-partial-chi 
C++: data flow through partial chi operands where type is known
 2020-01-29 13:44:06 -05:00
Jonas Jensen
52d2bebd1c C++: Taint through most partial chi operands 
This changes the flow to be taint rather than data flow, and it extends
it to include chi instructions with unknown type as long as they're not
for the `AliasedVirtualVariable`.

We're losing three good test results because these tests are not
affected by `DefaultTaintTracking.qll`. The taint step added here can
later be ported to `TaintTrackingUtil.qll` to recover these results, but
we probably want a better API than transitive-closure search through
instructions before doing that.
 2020-01-29 18:02:03 +01:00
Geoffrey White
f673791fe8 Merge pull request #2717 from jbj/DefaultTaintTracking-memcpy 
C++: Add taint from gets through memcpy
 2020-01-29 16:28:45 +00:00
Mathias Vorreiter Pedersen
bbb0e212e3 Merge pull request #2720 from jbj/taint-diff-import 
C++: Always use the old library for the diff test
 2020-01-29 17:20:31 +01:00