hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,951 Commits 1,712 Branches 163 Tags
ce509eb7e1982dd26d03c4310632bc2649a85246
Commit Graph

22951 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
ce509eb7e1 Merge pull request #5927 from aschackmull/dataflow/flowthrough-dispatch-perf 
Dataflow: Improve performance in flow-through pruning
 2021-06-01 11:46:22 +02:00
Anders Schack-Mulligen
a4661e1aca Merge pull request #5704 from edvraa/regexj 
Java: Regex injection
 2021-06-01 11:45:59 +02:00
Erik Krogh Kristensen
0b225419a3 Merge pull request #5977 from security-prince/patch-1 
Adding reference link for csurf
 2021-06-01 11:07:36 +02:00
Tom Hvitved
5771b0420f Merge pull request #5936 from hvitved/csharp/cfg/perf-tweaks 
C#: Various CFG related performance tweaks
 2021-06-01 11:06:01 +02:00
Anders Schack-Mulligen
5d21c64247 Dataflow: qldoc fix. 2021-06-01 10:49:47 +02:00
Jonas Jensen
2261085cfe Merge pull request #5973 from MathiasVP/more-uncontrolled-arith-improvements 
C++: More `cpp/uncontrolled-arithmetic` improvements
 2021-06-01 10:44:29 +02:00
Anders Schack-Mulligen
4f9a6c151b Dataflow: Code review fixes. 2021-06-01 10:29:17 +02:00
Mathias Vorreiter Pedersen
8765c33847 C++: Also check the number of parameters to keep the tests happy. 2021-06-01 10:17:57 +02:00
Ishaq Mohammed
96150a455d Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-06-01 13:47:43 +05:30
Ishaq Mohammed
975355de4a Adding reference link for csurf 2021-06-01 13:41:25 +05:30
Mathias Vorreiter Pedersen
615c805b2c C++: Only use std::rand as a source of randomness. 2021-06-01 09:28:06 +02:00
Mathias Vorreiter Pedersen
41c93d92d7 C++: Remove FPs from right shifts and explicitly bounded random functions. 2021-05-31 15:40:02 +02:00
Mathias Vorreiter Pedersen
10755ece88 C++: Add testcase with bounded randomness source. 2021-05-31 15:33:39 +02:00
Anders Schack-Mulligen
683f853fa5 Dataflow: Fix another bad join order. 2021-05-31 15:14:13 +02:00
Mathias Vorreiter Pedersen
6d7b95c15d Merge pull request #5966 from erik-krogh/overrideConsistency 
CPP/C#: make some parameter names consistent with the names used in the super class
 2021-05-31 11:57:10 +02:00
Jonas Jensen
4e502d10d6 Merge pull request #5951 from MathiasVP/optimize-switcCase-getAStmt 
C++: Remove large antijoin in `SwitchCase.getAStmt`
 2021-05-31 11:50:32 +02:00
Taus
bae3728e3c Merge pull request #5945 from RasmusWL/minor-qldoc-cleanup 
Python: Minor QLDoc cleanup
 2021-05-31 11:40:44 +02:00
Taus
d9911a016e Merge pull request #5933 from RasmusWL/expand-use-of-input-test 
Python: Expand test of py/use-of-input
 2021-05-31 11:39:33 +02:00
Mathias Vorreiter Pedersen
b4e4c12d0f C++: Use a rank aggregate for a much better implementation. 2021-05-31 11:17:09 +02:00
Jonas Jensen
f97b8ad1d4 Merge pull request #5961 from MathiasVP/fix-FPs-in-incorrect-allocation-error-handling 
C++: Exclude custom `operator new` from `cpp/incorrect-allocation-error-handling`
 2021-05-31 10:54:59 +02:00
Mathias Vorreiter Pedersen
66d284ee59 Merge pull request #5766 from ihsinme/ihsinme-patch-267 
CPP: Add query for CWE-415 Double Free
 2021-05-31 10:51:32 +02:00
ihsinme
d808a5b131 Update cpp/ql/test/experimental/query-tests/Security/CWE/CWE-415/semmle/tests/test.c 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-31 11:16:38 +03:00
Mathias Vorreiter Pedersen
175fdbb105 C++: Replace exists(not ...) with not exists(...). 2021-05-31 09:54:24 +02:00
Henry Mercer
263699d8bc Merge pull request #5914 from github/henrymercer/code-scanning-diagnostic-queries 
Code Scanning selectors: Include diagnostic queries
 2021-05-28 18:53:11 +01:00
Mathias Vorreiter Pedersen
64975e5c1e Merge pull request #5842 from japroc/cpp-pqxx-sqli-sink 
C++: SqlPqxxTainted query searches for sql injections via pqxx connector to postgres
 2021-05-28 17:01:27 +02:00
Erik Krogh Kristensen
b947334eea CPP: make some parameter names consistent with the names used in the super class 2021-05-28 16:48:47 +02:00
Rasmus Wriedt Larsen
6e9d74403a Merge pull request #5963 from adityasharad/python/lines-of-user-code 
Python: Treat `py/summary/lines-of-user-code` as the primary summary metric
 2021-05-28 11:08:35 +02:00
Jonas Jensen
eda25bb402 Merge pull request #5962 from erik-krogh/getAPrimaryQlClass 
CPP/Java: Fix getAPrimaryQlClass implementations
 2021-05-28 09:31:16 +02:00
Aditya Sharad
b41a06a15c Python: Treat py/summary/lines-of-user-code as the primary summary metric 
Move the `lines-of-code` tag from `py/summary/lines-of-code`.
Code Scanning will eventually look for this tag.

The intent is to treat the number of lines of user code for Python as the summary of
how much code was analysed, ignoring both external libraries and generated code.
This matches the current baseline metric the CodeQL Action computes for Python.
We'll revisit this decision, and the baseline, if necessary.
 2021-05-27 13:20:24 -07:00
Erik Krogh Kristensen
79989cc3f4 CPP/Java: Fix getAPrimaryQlClass implementations 2021-05-27 21:36:27 +02:00
Rasmus Wriedt Larsen
ab73b10869 Merge pull request #5959 from github/igfoo/ReturnValueIgnored_python 
python: Correct the ReturnValueIgnored.qhelp docs
 2021-05-27 11:51:42 +02:00
Mathias Vorreiter Pedersen
4107e350cb C++: Add qldoc to NoThrowType. 2021-05-27 11:39:03 +02:00
Mathias Vorreiter Pedersen
71a860a356 C++: Exclude custom operator new allocators from the ThrowingAllocator class. 2021-05-27 11:23:11 +02:00
Evgenii Protsenko
efa657d47c C++: SqlPqxxTainted.ql Add namespace check 2021-05-27 00:13:54 +03:00
Mathias Vorreiter Pedersen
e01d7127e2 Merge pull request #5958 from github/igfoo/ReturnValueIgnored 
C++: Update the ReturnValueIgnored.qhelp docs to match the code
 2021-05-26 19:04:41 +02:00
Ian Lynagh
f0bec74ce3 python: Correct the ReturnValueIgnored.qhelp docs 2021-05-26 17:40:57 +01:00
Ian Lynagh
f9ede97fcd C++: Update the ReturnValueIgnored.qhelp docs to match the code 2021-05-26 17:38:49 +01:00
Rasmus Wriedt Larsen
795a1c7006 Merge pull request #5443 from jorgectf/jorgectf/python/ldapInjection 
Python: Add LDAP Injection query
 2021-05-26 11:52:31 +02:00
Rasmus Wriedt Larsen
f807c2f52b Python: autoformat 2021-05-26 11:07:48 +02:00
Rasmus Wriedt Larsen
d5f2846394 Merge branch 'main' into jorgectf/python/ldapInjection 2021-05-26 11:01:48 +02:00
ihsinme
9088475339 Update DoubleFree.qhelp 2021-05-26 09:44:03 +03:00
ihsinme
2909dde179 Update test.c 2021-05-26 09:31:15 +03:00
ihsinme
fbf95df537 Update DoubleFree.c 2021-05-26 09:27:20 +03:00
ihsinme
7c2100efd9 Apply suggestions from code review 
thanks for your corrections.
and of course sorry for my text.

Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-26 09:15:46 +03:00
Evgenii Protsenko
55045626df C++: SqlPqxxTainted.ql style fixes 2021-05-25 22:38:27 +03:00
Mathias Vorreiter Pedersen
b2bdf95a9d C++: Remove large antijoin in SwitchCase.getAStmt(). 2021-05-25 17:25:42 +02:00
Geoffrey White
2fd461e984 Merge pull request #5938 from MathiasVP/promote-access-of-memory-location-after-end-of-buffer-using-strncat 
C++: Promote `cpp/access-memory-location-after-end-buffer-strncat` out of experimental
 2021-05-25 14:36:53 +01:00
Tamás Vajk
1997f500c2 Merge pull request #5832 from tamasvajk/feature/csv-coverage-report 
Java: github action for CSV coverage report
 2021-05-25 14:51:19 +02:00
Anders Schack-Mulligen
d05f524759 Merge pull request #5941 from aschackmull/java/virt-disp-perf 
Java: Improve performance of virtual dispatch calculation.
 2021-05-25 14:44:51 +02:00
Rasmus Wriedt Larsen
35793a10bb Merge pull request #5889 from japroc/python-clickhouse-driver 
Python: Implement module ClickHouseDriver.qll
 2021-05-25 14:25:28 +02:00