hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-07 03:30:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,591 Commits 1,676 Branches 157 Tags
ce85ac3ce12fe446ae0ae780d625da6fcbfc2fdb
Commit Graph

16591 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
ce85ac3ce1 Python: Remove solved TODO 2020-10-13 10:15:03 +02:00
Rasmus Wriedt Larsen
2e430325be Python: Refactor argument matching to use set literals 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-13 10:05:35 +02:00
Rasmus Wriedt Larsen
d26a89b95e Python: Fix QLDoc for RouteSetup 2020-10-06 11:35:18 +02:00
Rasmus Wriedt Larsen
b82727d0b8 Python: Consider routed parameter if URL pattern unknown 2020-10-06 11:03:25 +02:00
Rasmus Wriedt Larsen
16bad003a0 Python: Add test for routed params with unknown url pattern 2020-10-06 10:58:46 +02:00
Rasmus Wriedt Larsen
f03a8a838b Python: Make any routed parameter a RemoteFlowSource 
I'm not 100% sure whether this approach makes everything too magic, but I like
the fact that you can't _forget_ to make routed params remove-flow sources.
 2020-10-06 03:03:14 +02:00
Rasmus Wriedt Larsen
b78c665f34 Python: Model RouteSetup for flask 2020-10-06 03:03:13 +02:00
Rasmus Wriedt Larsen
d27e6955b4 Python: Add test setup for HTTP::Server::RouteSetup 2020-10-06 03:03:06 +02:00
Rasmus Wriedt Larsen
ebc3d32ff1 Python: Add concept for HTTP server modeling 
If we want to separate out into a file, we can always do this with

```
import experimental.semmle.python.HTTP as HTTP
```
 2020-10-06 03:02:32 +02:00
Rasmus Wriedt Larsen
9f1aa8ca0c Python: Expose getParameter on ParameterNode 2020-10-06 03:02:31 +02:00
Rasmus Wriedt Larsen
d7526c40ba Python: Copy old flask tests to new dataflow setup 2020-10-06 03:02:30 +02:00
CodeQL CI
339c0721c5 Merge pull request #4344 from esbena/js/fixup-cwe-20-to-cwe-020 
Approved by erik-krogh
 2020-10-05 12:30:53 -07:00
CodeQL CI
e95b665556 Merge pull request #4363 from erik-krogh/nosql-api 
Approved by max-schaefer
 2020-10-05 12:01:34 -07:00
Jonas Jensen
6b2ae5d1ad Merge pull request #4393 from MathiasVP/no-more-flow-into-read-side-effect 
C++: No more flow into ReadSideEffect instructions
 2020-10-05 19:46:32 +02:00
Robert Marsh
b7dcd5c557 Merge pull request #4395 from geoffw0/modelbeginend 
C++: Merge StdSequenceContainerBeginEnd into the general BeginOrEndFunction
 2020-10-05 12:22:27 -04:00
Jonas Jensen
297f1c75e4 Merge pull request #4345 from geoffw0/map 
C++: Models for std::pair, std::map and std::unordered_map
 2020-10-05 15:28:10 +02:00
Mathias Vorreiter Pedersen
a6d7b1f9d9 Update cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-10-05 15:21:15 +02:00
Mathias Vorreiter Pedersen
e95aefe0b2 C++: Now that PrimaryArgumentNode is an OperandNode we want a specialized toString on it 2020-10-05 15:13:33 +02:00
Erik Krogh Kristensen
2753a4f379 Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-10-05 15:11:04 +02:00
Tom Hvitved
4ec14b1b02 Merge pull request #4399 from hvitved/csharp/error-type-population 
C#: Handle population of error types
 2020-10-05 15:04:50 +02:00
CodeQL CI
48fa8aacd5 Merge pull request #4403 from asgerf/js/remove-tslint-dependency 
Approved by erik-krogh
 2020-10-05 05:58:48 -07:00
Mathias Vorreiter Pedersen
d162c3d8c6 C++: Accept more test changes 2020-10-05 14:29:57 +02:00
Geoffrey White
855d2b50d7 C++: Correct test comments. 2020-10-05 13:00:51 +01:00
Anders Schack-Mulligen
30f29e0ba7 Merge pull request #4320 from aibaars/multipart-request 
Java: add Spring::MultipartRequest as taint source
 2020-10-05 13:45:06 +02:00
Geoffrey White
c757813d65 Merge branch 'main' into map 2020-10-05 12:32:49 +01:00
Anders Schack-Mulligen
e660ac54da Merge pull request #4358 from joefarebrother/format-taint 
Java: Add taint steps through string formatting methods
 2020-10-05 13:25:54 +02:00
Mathias Vorreiter Pedersen
6c87b08c69 C++: Respond to review comments: 
- ArgumentNode is now abstract
- PrimaryArgumentNode is now an OperandNode.
- ArgumentIndirectionNode is now merged into SideEffectArgumentNode.
 2020-10-05 12:54:11 +02:00
Asger Feldthaus
fee99105da JS: Remove tslint dependency 2020-10-05 11:53:58 +01:00
CodeQL CI
43b2c90538 Merge pull request #4400 from max-schaefer/js/api-graph-classrefs 
Approved by asgerf
 2020-10-05 03:12:23 -07:00
Mathias Vorreiter Pedersen
4c14f5dbb7 Merge branch 'main' into no-more-flow-into-read-side-effect 2020-10-05 11:03:42 +02:00
Tom Hvitved
4d62033a15 C#: Handle population of error types 2020-10-05 10:14:13 +02:00
Mathias Vorreiter Pedersen
d38121f54a Merge pull request #4394 from geoffw0/oddsends2 
C++: Clean up and add to taint tests
 2020-10-05 09:16:50 +02:00
Erik Krogh Kristensen
856ad07694 join-order improvement in NoSQL.qll 2020-10-03 22:07:34 +02:00
Arthur Baars
78c58c2415 Merge pull request #4384 from tausbn/python-fix-package-locations 
Python: Fix `hasLocationInfo` for packages
 2020-10-02 20:48:43 +02:00
Alexander Eyers-Taylor
754d82c325 Merge pull request #4382 from github/alexet-patch-1 
Fix the name of the vscode extension recommendation
 2020-10-02 18:33:36 +01:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Geoffrey White
1efe461a98 C++: Move the rest of of StdSequenceContainerBeginEnd into BeginOrEndFunction. 2020-10-02 18:03:46 +01:00
Geoffrey White
8d5bd2289b C++: Remove parts of StdSequenceContainerBeginEnd in favour of BeginOrEndFunction. 2020-10-02 18:03:46 +01:00
Geoffrey White
8d5febf9c4 C++: Add a couple more test cases that have been discussed. 2020-10-02 18:03:07 +01:00
Geoffrey White
cc170bd513 C++: Test layout. 2020-10-02 18:03:07 +01:00
Geoffrey White
2dc8fba7fe C++: Remove StdMapBeginEnd as we now have a general model BeginOrEndFunction in main. 2020-10-02 16:39:23 +01:00
Geoffrey White
0d6bd6facb Merge branch 'main' into map 2020-10-02 16:24:03 +01:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Geoffrey White
28ab092e9f C++: Add 'tainted' markers to standalone_iterators.cpp test. 2020-10-02 15:54:26 +01:00
Taus
fce76e2799 Merge pull request #4354 from RasmusWL/python-command-execution-modeling 
Python: Better command execution modeling
 2020-10-02 16:14:34 +02:00
Taus
2e4a61428d Merge pull request #4346 from RasmusWL/python-add-implicit-init-test 
Python: add test for implicit __init__.py files
 2020-10-02 16:13:25 +02:00
Mathias Vorreiter Pedersen
072e1967c1 C++: Accept more tests 2020-10-02 15:51:29 +02:00
Tom Hvitved
55d25d90fa Merge pull request #4386 from hvitved/csharp/remove-deprecated-queries 
C#: Remove deprecated external queries
 2020-10-02 15:12:33 +02:00
Rasmus Wriedt Larsen
e5b9ac8d9c Python: Use getCommand as tag in ConceptsTest 2020-10-02 14:12:41 +02:00