hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,353 Commits 1,746 Branches 166 Tags
ce4b192caaf29f663fb77cd7063d5f310ea03946
Commit Graph

24353 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cornelius Riemenschneider
e821b8be99 C++: Fix warning from compile-query. 2021-07-12 11:43:43 +02:00
Mathias Vorreiter Pedersen
d2cc0d3925 C++: Fix annotations. 2021-07-12 11:30:43 +02:00
Erik Krogh Kristensen
bef7e61e76 add support for the fast-json-stringify library 2021-07-12 11:13:01 +02:00
Erik Krogh Kristensen
40aa970db3 add support for the strip-json-comments library 2021-07-12 11:08:50 +02:00
Erik Krogh Kristensen
23c3be6860 add support for the json-cycle library 2021-07-12 11:03:39 +02:00
Asger Feldthaus
5df961c4ed JS: Add change note 2021-07-12 10:53:41 +02:00
Erik Krogh Kristensen
94cbc4b2c0 add step through the fclone library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
f99a33598f add support for the safe-stable-stringify library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
d6300bced3 add support for the replicator library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
babf657d9d add support for the teleport-javascript library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
9261b7f859 add support for the flatted library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
1792c9a611 add taint step through the prettyjson library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
0bfff1eb7e add support for the json5 library 2021-07-12 10:51:42 +02:00
Erik Krogh Kristensen
cb3bd4901b add taint step through the json2csv library 2021-07-12 10:51:42 +02:00
Tom Hvitved
db4c8dfd3c Merge pull request #6208 from hvitved/csharp/query-modules 
C#: Add `Query` suffix to libraries that should only be imported by queries
 2021-07-12 10:26:45 +02:00
Anders Schack-Mulligen
0e913a19aa Merge pull request #6220 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-12 09:54:18 +02:00
github-actions[bot]
56419bc74b Add changed framework coverage reports 2021-07-12 00:06:55 +00:00
Erik Krogh Kristensen
440e4b9a92 enable unicode support in the Python ReDoS query 2021-07-11 21:28:40 +02:00
ihsinme
eedcb0171d Add files via upload 2021-07-05 11:14:51 +03:00
ihsinme
b10bdf1475 Add files via upload 2021-07-05 11:13:05 +03:00
Tom Hvitved
4de4753c67 C#: Remove Query.qll top-level modules 2021-07-04 09:35:27 +02:00
Tom Hvitved
c812d4e4e8 C#: Add Query suffix to libraries that should only be imported by queries 2021-07-04 09:35:26 +02:00
Taus
a65d40e36f Merge branch 'main' into python-add-typetrackingnode 2021-07-02 20:55:37 +02:00
Taus
55d822cc56 Python: Add TypeTrackingNode 
Splits `ModuleVariableNode` away from `LocalSourceNode`, instead
creating a class `TypeTrackingNode` that encapsulates both of these.

This means we no longer have module variable nodes as part of
`LocalSourceNode` (which is good, since they have no "local" aspect to
them), and hence we can have `LocalSourceNode` inherit directly from
`ExprNode` (which makes the API a bit nicer).

Unfortunately these are breaking changes, so we can't actually fulfil
the above two desiderata until the `track` and `backtrack` methods on
`LocalSourceNode` have been fully deprecated. For this reason, we
preserve the present implementation of `LocalSourceNode`, and instead
lay the foundation for switching over in the future, by deprecating
`track` and `backtrack` on `LocalSourceNode`.
 2021-07-02 18:00:33 +00:00
CodeQL CI
1d56748eed Merge pull request #6200 from yoff/pythonJS-make-expbtlib-private 
Approved by RasmusWL, esbena
 2021-07-02 09:09:18 -07:00
Joe Farebrother
4d459f24d9 Fix up tests and update models 2021-07-02 14:46:33 +01:00
Joe Farebrother
fc017b7934 Use ArrayElement of in flow step specifications 2021-07-02 14:46:31 +01:00
Joe Farebrother
15415931ce Use Argument ranges in CSV rows 2021-07-02 14:46:03 +01:00
Joe Farebrother
5325622813 Convert sql-related flow steps to CSV 2021-07-02 14:46:03 +01:00
Anders Schack-Mulligen
3c6604daa7 Java: Fix subtypes interpretation. 2021-07-02 14:43:56 +02:00
Anders Schack-Mulligen
6813a79423 Java: Add test for override of Map.put highlighting problem. 2021-07-02 14:41:59 +02:00
Anders Schack-Mulligen
55ebbc3e01 Java: Add signature to Map.put. 2021-07-02 14:41:32 +02:00
Geoffrey White
cfbfe924ef C++: Replace cached with more efficient QL. 2021-07-02 13:03:46 +01:00
CodeQL CI
a25933aa56 Merge pull request #5926 from RasmusWL/small-cleanups 
Approved by tausbn
 2021-07-02 04:59:54 -07:00
Asger Feldthaus
457ce14ca6 JS: Summarize steps into captured variables 2021-07-02 13:42:42 +02:00
Rasmus Wriedt Larsen
3c8c2d1da1 Merge pull request #6209 from yoff/python-add-redos-queryhelp 
Python: port redos .qhelp from js
 2021-07-02 13:42:39 +02:00
Asger Feldthaus
093ff41170 JS: Update tests 2021-07-02 13:31:17 +02:00
Rasmus Wriedt Larsen
81fab487a4 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-07-02 13:27:41 +02:00
Rasmus Wriedt Larsen
22c155687e Python: Fix code after removing getPostUpdateNode 2021-07-02 13:25:25 +02:00
Rasmus Wriedt Larsen
7a6eee50ff Revert "Python: Add getPostUpdateNode to DataFlow::Node" 
This reverts commit 9137f04bd3.
 2021-07-02 13:23:02 +02:00
Rasmus Wriedt Larsen
e56dfe75bd Python: AttrRef getOjbect/1 -> accesses/2 
See this thread for discussion:
https://github.com/github/codeql/pull/5926#discussion_r635384981
 2021-07-02 13:21:12 +02:00
Asger Feldthaus
ff49aaa684 JS: Do not capture own variables 2021-07-02 13:17:32 +02:00
Asger Feldthaus
8befb03cb9 JS: Add test case with spurious call/return flow 2021-07-02 13:17:32 +02:00
CodeQL CI
38f763dd6a Merge pull request #6192 from asgerf/js/string-literals-as-source-nodes 
Approved by esbena
 2021-07-02 03:47:20 -07:00
Rasmus Lerchedahl Petersen
6f2642607e Python: make the import of RedosUtil public 
This mirrors `SuperlinearBacktracking.qll`
An alternative is to keep it private and import it again
in the query files.
 2021-07-02 12:32:04 +02:00
Chris Smowton
6823855e9c Merge pull request #6203 from smowton/smowton/admin/avoid-config-imports-from-qlls 
Java: Reduce DataFlow Configuration pollution from Random.qll and JexlInjection.qll
 2021-07-02 11:27:27 +01:00
Chris Smowton
ca1bf7791e Merge pull request #6210 from tamasvajk/fix/large-coverage-comment 
Fix markdown link in framework coverage PR comment
 2021-07-02 11:27:17 +01:00
Rasmus Lerchedahl Petersen
77c329fb0f Python/JS: Make much more private 2021-07-02 12:13:52 +02:00
Tamás Vajk
4a5fe75d8c Merge pull request #6207 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-02 12:00:31 +02:00
Asger Feldthaus
c3b7d85341 JS: Update test output after rebasing 2021-07-02 11:57:45 +02:00