Erik Krogh Kristensen
ccd706ea10
and pragmas to prevent bad join in RemoteFlowSource
2021-02-24 18:05:10 +01:00
Erik Krogh Kristensen
674b9ad4fe
use getALocalSource instead of smallstep in JQuery::legacyObjectSource
2021-02-24 18:04:50 +01:00
Erik Krogh Kristensen
69348b1914
remove redundant hasLocationInfo
2021-02-24 18:01:35 +01:00
Erik Krogh Kristensen
8443b8e421
cache Module::getAnExportedValue
2021-02-24 18:01:16 +01:00
Erik Krogh Kristensen
fd9d738d53
use Expr instead of mising DataFlow-nodes and Exprs in charpred
2021-02-24 18:00:55 +01:00
Erik Krogh Kristensen
8c19f7810d
replace forex with unique in DOM.qll
2021-02-24 17:59:38 +01:00
Cornelius Riemenschneider
cea1049745
Merge pull request #5249 from geoffw0/cleanupstr
...
C++: QLDoc Pure.qll
2021-02-24 16:42:41 +01:00
CodeQL CI
bf66bdbb95
Merge pull request #5253 from RasmusWL/no-getAnArg
...
Approved by tausbn
2021-02-24 06:34:31 -08:00
Rasmus Wriedt Larsen
d05a8b8c46
Python: Remove getAnArg in DataFlow::CallCfgNode
...
Until we've had further discussion on what is the right approach to
naming (internal discussion in https://github.com/github/codeql-python-team/issues/95 )
2021-02-24 14:58:48 +01:00
Felicity Chapman
a05904f812
Merge pull request #5216 from github/felicitymay-update-process
...
Remove personal assignment to writers
2021-02-24 12:59:08 +00:00
Tamás Vajk
fd4eca6039
Merge pull request #5254 from tamasvajk/feature/fix-merge
...
C#: Fix merge conflict (with + refactoring)
2021-02-24 12:07:34 +01:00
CodeQL CI
d2816b33e2
Merge pull request #5240 from erik-krogh/vsPerf
...
Approved by asgerf
2021-02-24 02:26:16 -08:00
Anders Schack-Mulligen
add960bc4d
Merge pull request #4880 from luchua-bc/java/sensitive-query-with-get
...
Java: Sensitive GET Query
2021-02-24 11:08:47 +01:00
Tamas Vajk
380058a4bd
C#: Fix merge conflict (with + refactoring)
2021-02-24 10:50:51 +01:00
yoff
8262f0343b
Merge pull request #5208 from RasmusWL/flask-clean-models
...
Python: Cleanup Flask models now that we have API graphs
2021-02-24 10:36:30 +01:00
Geoffrey White
358a8fee7d
C++: 'side-effect free'.
2021-02-24 09:25:11 +00:00
Rasmus Wriedt Larsen
5bb4a1a45a
Python: Use explicit argument specification instead of getAnArg
...
I've seen quite a few places where `getAnArg` leads to wrong behavior, and I
generally just don't like it.
2021-02-24 10:19:34 +01:00
yoff
c3d2001e85
Merge pull request #5251 from tausbn/python-port-missing-host-key-validation-query
...
Python: Port missing host key validation query
2021-02-24 08:43:52 +01:00
yo-h
1d654febfd
Merge pull request #5195 from aschackmull/java/cwe-548-test
...
Java: Add empty file to test.
2021-02-23 21:12:40 -05:00
Taus Brock-Nannestad
f241dbabab
Python: Clean up query a bit
2021-02-23 22:33:18 +01:00
Taus Brock-Nannestad
002d0fe565
Python: Port missing host key query
2021-02-23 22:26:03 +01:00
Rasmus Wriedt Larsen
358ade67e5
Merge pull request #5248 from tausbn/python-port-insecure-temporary-file
...
Python: Port `py/insecure-temporary-file`
2021-02-23 21:37:59 +01:00
Tamás Vajk
91928fa098
Merge pull request #5220 from tamasvajk/feature/limit-codescanning-csharp
...
Limit C# codeql analysis to the csharp folder
2021-02-23 21:05:38 +01:00
Tamás Vajk
e6532cbd75
Merge pull request #4695 from tamasvajk/feature/csharp9-with-expr
...
C#: Extract 'with' expressions
2021-02-23 21:04:51 +01:00
Geoffrey White
431a004127
C++: QLDoc.
2021-02-23 19:10:03 +00:00
Taus Brock-Nannestad
b8ce5e969e
Python: Port py/insecure-temporary-file
2021-02-23 20:02:22 +01:00
yoff
9eed17f647
Merge pull request #5152 from RasmusWL/improve-pyyaml-support
...
Python: Improve pyyaml support
2021-02-23 19:58:04 +01:00
CodeQL CI
c5ae8d2c53
Merge pull request #5210 from erik-krogh/barrierPerf
...
Approved by asgerf
2021-02-23 07:29:27 -08:00
luchua-bc
56e3b301e9
Resolve ambiguous method access
2021-02-23 15:18:07 +00:00
Rasmus Wriedt Larsen
6e2445cce6
Python: Apply suggestions from code review
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2021-02-23 15:19:29 +01:00
Rasmus Wriedt Larsen
42de872bfa
Python: Add INTERNAL annotation to Response::InstanceSource
...
Since we need to reserve the flexibility to change this setup within the next
few months, we don't want to commit to keeping this extension point around for
the 12 months that the normal API deprecation cycle requires.
2021-02-23 15:10:58 +01:00
Rasmus Wriedt Larsen
8ebedf26d2
Python: Add comment for MethodView being known subclass
2021-02-23 15:08:07 +01:00
Anders Schack-Mulligen
b1bed2731d
Merge pull request #5172 from smowton/smowton/feature/commons-strbuilder
...
Java: Add support for commons-lang's StrBuilder class
2021-02-23 14:39:11 +01:00
Taus
53711dc82f
Merge pull request #5238 from RasmusWL/no-flow-default-value
...
Python: Highlight missing flow from default value in functions
2021-02-23 13:27:41 +01:00
CodeQL CI
3f7f963ed5
Merge pull request #5227 from erik-krogh/infTest
...
Approved by asgerf
2021-02-23 04:03:18 -08:00
Erik Krogh Kristensen
539ef49b11
change join order for SystemCommandExecutors - and use ApiGraphs::getACall
2021-02-23 12:49:25 +01:00
Erik Krogh Kristensen
56405f40b0
change join order for summarizedHigherOrderCall
2021-02-23 12:48:24 +01:00
Erik Krogh Kristensen
b3aa358177
outline callee computation - to avoid many joins on getACall
2021-02-23 12:48:20 +01:00
CodeQL CI
2551aace89
Merge pull request #5236 from asgerf/js/html-invalid-attr-name
...
Approved by erik-krogh
2021-02-23 02:03:29 -08:00
Erik Krogh Kristensen
aa6cde2fe0
remove magic from inGuard
2021-02-23 10:03:21 +01:00
Erik Krogh Kristensen
69d6df7834
make globalVarRef non recursive
2021-02-23 10:03:17 +01:00
Erik Krogh Kristensen
06091e5312
cache AstNode::getParent
2021-02-23 09:52:58 +01:00
Erik Krogh Kristensen
b4e6f92505
rearange ArrayIndexingStep to avoid #shared predicate
2021-02-23 09:52:50 +01:00
yo-h
6213c20bc3
Merge pull request #5136 from aschackmull/java/csv-models
...
Java: Add support for framework modelling through csv data.
2021-02-22 19:00:41 -05:00
CodeQL CI
73e7b54bf1
Merge pull request #5214 from tausbn/actions-add-change-note-checker
...
Approved by adityasharad
2021-02-22 11:24:51 -08:00
Geoffrey White
362c12caea
Merge pull request #5217 from MathiasVP/model-bsd-sockets-part-3
...
C++: Implement models for poll, accept and select
2021-02-22 18:34:59 +00:00
Owen Mansel-Chan
110f4072fd
Merge pull request #5222 from owen-mc/update-go-supported-frameworks
...
Update supported go frameworks
2021-02-22 15:49:54 +00:00
Owen Mansel-Chan
31d6dbb9da
Update supported go frameworks
2021-02-22 15:38:56 +00:00
Rasmus Wriedt Larsen
e160c855ad
Merge pull request #5233 from yoff/python-for-tuple-iteration
...
Python: `for`-iteration of tuples
2021-02-22 15:28:13 +01:00
Rasmus Wriedt Larsen
127e778970
Merge pull request #5215 from github/RasmusWL/fix-acronym-style
...
Style Guide: Fix two-letter acronym
2021-02-22 15:05:26 +01:00