hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,629 Commits 1,684 Branches 159 Tags
cb1124b5ffbcdc0f6f0de66531794de4f2d00e4d
Commit Graph

35629 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ihsinme
185a60f034 Update test.cpp 2022-05-05 19:16:54 +03:00
ihsinme
2d4d7aa094 Update DangerousUseOfExceptionBlocks.ql 2022-05-05 18:40:29 +03:00
Tony Torralba
ca2959cf37 Merge pull request #8537 from atorralba/atorralba/unsafe_android_access_improvs 
Java: Improvements to UnsafeAndroidAccess
 2022-05-05 16:46:54 +02:00
yoff
6169ac6122 Merge pull request #7776 from RasmusWL/django-filefield-uploadto 
Python: Support Django FileField.upload_to
 2022-05-05 14:25:08 +02:00
Erik Krogh Kristensen
58db9226dc add missing word in qhelp 2022-05-05 14:24:45 +02:00
Michael Nebel
3c347cab98 C#: Update test output to reflect that the query is now a path-problem query. 2022-05-05 13:13:25 +02:00
Michael Nebel
2dc35c123a Java/Ruby: Sync files. 2022-05-05 13:08:55 +02:00
Michael Nebel
a8556f4d50 C#: Make sure that test output prints whether the summary is generated or not. 2022-05-05 13:07:22 +02:00
Erik Krogh Kristensen
2d7c7ff372 apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-05-05 13:03:35 +02:00
ihsinme
75244effc5 Update DangerousUseOfExceptionBlocks.ql 2022-05-05 13:27:17 +03:00
Mathias Vorreiter Pedersen
6f9752ead1 Merge pull request #9019 from geoffw0/xxe4 
C++: More XXE Tests
 2022-05-05 10:59:40 +01:00
Michael Nebel
e416a0629a C#: Add isAutoGenerated predicate to SummarizedCallable. 2022-05-05 11:54:04 +02:00
yoff
0c7184952b Merge pull request #9023 from RasmusWL/positional-docs 
Python: Clarify `getArg` is about positional arguments
 2022-05-05 11:28:17 +02:00
Arthur Baars
25d9ffd18c Merge pull request #9033 from github/aibaars/atm-label 
JS: exclude ATM folder from labeler
 2022-05-05 10:53:39 +02:00
Michael Nebel
13f142f143 C#: Convert xml injection query to a path problem. 2022-05-05 10:43:23 +02:00
Jonas Jensen
d747c6eaa9 Merge pull request #8930 from jbj/lower-case-variables-spec 
QL language reference: variables must be lowerId
 2022-05-05 10:02:16 +02:00
Michael Nebel
21eb5a1db5 Merge pull request #8894 from michaelnebel/csharp/upgrade-dotnet 
C#: Upgrade dotnet to 6.0.202.
 2022-05-05 09:42:23 +02:00
Erik Krogh Kristensen
bf6663ab12 run the autoformatter 2022-05-05 09:16:27 +02:00
Tom Hvitved
66a9759329 Merge pull request #8870 from hvitved/dataflow/expect-content 
Data flow: Introduce `expectsContent`
 2022-05-05 09:01:40 +02:00
Daniel Santos
33e85f8db8 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-04 11:43:56 -05:00
Paolo Tranquilli
10c5c8e71f Swift: add trapgen unit tests 
Closes: https://github.com/github/codeql-c-team/issues/981
 2022-05-04 18:20:06 +02:00
Tom Hvitved
8e33653d25 Merge pull request #9017 from hvitved/dataflow/subpaths-perf 
Data flow: Speedup `subpaths` predicate
 2022-05-04 16:37:52 +02:00
Erik Krogh Kristensen
0d8bef7e92 Merge pull request #6736 from erik-krogh/polyReplace 
JS: track flow through string replace calls that just replace single chars for js/polynomial-redos
 2022-05-04 16:30:20 +02:00
Erik Krogh Kristensen
8425eaf919 Merge pull request #8549 from erik-krogh/unreachableJoin 
JS: fix bad join in js/unreachable-method-overloads
 2022-05-04 16:28:06 +02:00
Erik Krogh Kristensen
b4d4b51bc7 Merge pull request #8147 from erik-krogh/cacheReg 
JS: cache RegExpCreationNode::getAReference
 2022-05-04 16:25:25 +02:00
Arthur Baars
c7b2da5e39 JS: exclude ATM folder from labeler 2022-05-04 16:16:19 +02:00
Nick Rolfe
5f59e96fa9 Merge pull request #8975 from github/nickrolfe/flow_summary_joins 2022-05-04 14:24:45 +01:00
Tom Hvitved
9cb63c0a5e Data flow: Sync files 2022-05-04 14:49:26 +02:00
Tom Hvitved
7f7742216c Address review comment 
This reverts commit 2b4fde74bb.
 2022-05-04 14:49:03 +02:00
Nick Rolfe
276f8d40f9 Ruby: add comments to address review feedback 2022-05-04 12:07:46 +01:00
Mathias Vorreiter Pedersen
f499f8e946 Merge pull request #9029 from redsun82/swift-codeowners 
Swift: set @github/codeql-c as owner
 2022-05-04 11:34:51 +01:00
Michael Nebel
5f1a176a02 Java: Sync CaptureModels implementation to only allow at most two reads and two stores. 2022-05-04 12:29:57 +02:00
Michael Nebel
a488d6b80c C#: Add an initial flow state to the model generator. 2022-05-04 12:27:34 +02:00
Tony Torralba
8601137602 Fix bad join order by moving WebViewRef::getAnAccess from callsites into predicates 2022-05-04 11:58:47 +02:00
Tony Torralba
3b1210eacb Update java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:31 +02:00
Tony Torralba
192017635a Update java/ql/src/change-notes/2022-03-24-unsafe-android-access-improvements.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:31 +02:00
Tony Torralba
49259a6575 Remove everything related to WebView CSV models 
This reverts commit c6c72eb.
 2022-05-04 10:53:31 +02:00
Tony Torralba
dce11f3984 Removed unnecessary imports 2022-05-04 10:53:30 +02:00
Tony Torralba
f5e72e6e33 Remove getUnderlyingExpr 2022-05-04 10:53:30 +02:00
Tony Torralba
7ba5a032ce Add tests and stubs for the new sources and flow steps 2022-05-04 10:53:30 +02:00
Tony Torralba
b678467e9d Move things around 2022-05-04 10:53:30 +02:00
Tony Torralba
d68311e26d Consider implicit this accesses in WebViewRef 2022-05-04 10:53:30 +02:00
Tony Torralba
51dfebf4c9 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:29 +02:00
Tony Torralba
b9859fe165 Add change note 2022-05-04 10:53:29 +02:00
Tony Torralba
91bdb4299f Improvements to UnsafeAndroidAccess 2022-05-04 10:53:29 +02:00
Tony Torralba
b876431950 Merge pull request #8706 from luchua-bc/java/unsafe-get-resource 
Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications
 2022-05-04 10:12:28 +02:00
Tom Hvitved
74e99302d6 Address review comments 2022-05-04 09:57:59 +02:00
Tom Hvitved
ac3bfa1788 Data flow: Mention expectsContent in dataflow.md 2022-05-04 09:57:59 +02:00
Tom Hvitved
da72ba46d4 Data flow: Add stub expectsContent for all languages 2022-05-04 09:57:59 +02:00
Tom Hvitved
6e2e8440eb Data flow: Sync files 2022-05-04 09:57:59 +02:00