hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,459 Commits 1,693 Branches 161 Tags
cf9ab83deeb24a9cc8b1f291489f3d77ffb7d5a3
Commit Graph

25459 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
cf9ab83dee Merge pull request #6498 from bananabr/main 
Approved by asgerf
 2021-08-31 08:46:11 +02:00
CodeQL CI
c3e122f5fc Merge pull request #6569 from erik-krogh/packageJsonModule 
Approved by asgerf
 2021-08-31 08:23:45 +02:00
Benjamin Muskalla
09aaa8f78e Merge pull request #6562 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-30 21:31:02 +02:00
Tom Hvitved
05b45da42f Merge pull request #6556 from hvitved/csharp/insecure-sql-conn-flow 
C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`
codeql-cli/v2.6.1 		2021-08-30 11:31:22 +02:00
Tom Hvitved
7dbdfeb161 Merge pull request #6548 from hvitved/csharp/dataflow/tests 
C#: Update call-context data-flow tests
 2021-08-30 11:30:55 +02:00
Erik Krogh Kristensen
486b283c20 support the "module" field in package.json files 2021-08-30 11:05:32 +02:00
github-actions[bot]
b28e956dd2 Add changed framework coverage reports 2021-08-30 00:08:31 +00:00
Andrew Eisenberg
bf15b18f22 Merge pull request #6565 from github/dbartol/suite-helpers-incomatbility 2021-08-27 12:40:11 -07:00
Dave Bartolomeo
ede2ae11e9 Fix incompatibility with release CLI 
This fixes #6563, in which a customer reports being unable to run a query suite despite following the "Getting Started with the CodeQL CLI" instructions. The problem is that the released versions of the CodeQL CLI incorrectly disallow any reference to a library pack from within a .qls file. This is a CLI bug that will be fixed in the next CLI release, but since our policy is to make `github/codeql`'s `main` branch compatible with the latest released CLI, we need to work around this for now by pretending `codeql/suite-helpers` is a query pack.
 2021-08-27 14:17:48 -04:00
Edoardo Pirovano
48829450bb Merge pull request #6560 from edoardopirovano/bump-js-packs 
JS: Release new version of library and upgrade pack
 2021-08-26 16:53:29 +01:00
Edoardo Pirovano
29e75aed75 JS: Release new version of library and upgrade pack 2021-08-26 15:54:54 +01:00
Chris Smowton
7a0555ecb3 Merge pull request #6357 from artem-smotrakov/static-iv 
Java: Static initialization vector
 2021-08-26 13:45:43 +01:00
Chris Smowton
4e243f9277 Merge pull request #6555 from bmuskalla/objectsAsCsv 
Java: Migrate `Objects` flow to CSV model
 2021-08-26 13:45:16 +01:00
Alexandre Boulgakov
f18e8a4d95 Merge pull request #6541 from sashabu/sashabu/init 
C++: Add support for default member initializers.
 2021-08-26 13:29:56 +01:00
Benjamin Muskalla
9ca3b4661a Fix return value for requireNonNullElse 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-26 14:03:55 +02:00
Tom Hvitved
7e1efbdd8e C#: Use data flow instead of taint tracking in InsecureSQLConnection.ql 2021-08-26 13:48:57 +02:00
Tom Hvitved
592a42231f C#: Fix test for InsecureSQLConnection.ql 2021-08-26 13:48:56 +02:00
Alexandre Boulgakov
10bc2568b7 C++: Add support for default member initializers. 2021-08-26 12:32:30 +01:00
yoff
7b204cebbe Merge pull request #6551 from erik-krogh/redosUnicode 
JS/Python: use toUnicode in ReDoSUtil.qll
 2021-08-26 12:41:11 +02:00
Benjamin Muskalla
8abb9fb045 Replace Objects model 2021-08-26 12:06:56 +02:00
Benjamin Muskalla
4e2c148e80 Model Objects API as CSV 2021-08-26 12:06:47 +02:00
Fosstars
1dd4bf00ac Simplify StaticInitializationVectorSource 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-26 09:42:23 +02:00
Daniel Santos
b8ce5a63c5 Remove unncessary results 
Simplifies query to improve performance by removing unnecessary results.
 2021-08-25 17:33:45 -05:00
Erik Krogh Kristensen
0cc19d914e use toUnicode in ReDoSUtil.qll 2021-08-25 22:21:43 +02:00
Andrew Eisenberg
039b655f7f Merge pull request #6544 from github/aeisenberg/pack/javascript 
Packaging: Rafactor Javascript core libraries
 2021-08-25 13:17:34 -07:00
Andrew Eisenberg
5609c3d1b5 Packaging: Fix identical files script 2021-08-25 12:17:27 -07:00
Andrew Eisenberg
45d1fa7f01 Packaging: Rafactor Javascript core libraries 
Extract the external facing `qll` files into the codeql/javascript-all
query pack.
 2021-08-25 12:15:56 -07:00
Andrew Eisenberg
48344d9ffc Merge pull request #6545 from github/aeisenberg/pack/python 
Packaging: Rafactor Python core libraries
 2021-08-25 12:04:44 -07:00
Artem Smotrakov
23e2322635 Simplify ArrayUpdate 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-25 19:43:43 +02:00
Artem Smotrakov
f41828e5db Better qldoc in StaticInitializationVectorQuery.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-25 19:38:33 +02:00
Daniel Santos
cd40de7464 Update javascript/ql/src/experimental/Security/CWE-079/ClipboardXss.ql 
Typo fix

Co-authored-by: Asger F <asgerf@github.com>
 2021-08-25 09:40:55 -05:00
CodeQL CI
1daeea5696 Merge pull request #6472 from erik-krogh/apiPromise 
Approved by asgerf
 2021-08-25 14:45:03 +01:00
CodeQL CI
170a069657 Merge pull request #6403 from asgerf/js/handlebars-extraction 
Approved by erik-krogh
 2021-08-25 13:54:52 +01:00
Fosstars
f97c8bb049 Removed sanitizer in StaticInitializationVectorConfig 2021-08-25 12:40:48 +02:00
Fosstars
86b7b2b86d Updated qldoc for ArrayUpdate 2021-08-25 12:14:36 +02:00
Fosstars
c80a1da483 Don't consider copyOf() and clone() in ArrayUpdate 2021-08-25 12:11:34 +02:00
Asger Feldthaus
87843a3794 JS: Autoformatttt 2021-08-25 10:37:37 +02:00
Tom Hvitved
01f7fdfea5 C#: Update call-context data-flow tests 2021-08-25 10:34:53 +02:00
Erik Krogh Kristensen
c664d7cfb3 add a getMaybePromisifiedCall method in API graphs, and use it to model child_process 2021-08-25 10:27:09 +02:00
Jonas Jensen
abdf993e47 Merge pull request #6537 from andersfugmann/implicit_downcast_involving_references 
Implicit downcast involving references
 2021-08-25 09:45:32 +02:00
Anders Peter Fugmann
67a267d971 Update cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-25 08:58:44 +02:00
Andrew Eisenberg
e23df94748 Packaging: Fix identical files script 2021-08-24 16:12:43 -07:00
Andrew Eisenberg
8f73c6968a Merge pull request #6542 from github/aeisenberg/pack/move-external 
Java: Move the ExternalArtifact.qll module to the library pack
 2021-08-24 16:07:26 -07:00
yo-h
2b4635c4e0 Merge pull request #6539 from smowton/smowton/admin/downgrade-sql-unescaped 
Downgrade precision of java/concatenated-sql-query
 2021-08-24 17:22:01 -04:00
Andrew Eisenberg
3660c64328 Packaging: Rafactor Python core libraries 
Extract the external facing `qll` files into the codeql/python-all
query pack.
 2021-08-24 13:23:45 -07:00
Andrew Eisenberg
7f3066cd64 Java: Move the ExternalArtifact.qll module to the library pack 2021-08-24 13:01:02 -07:00
Chris Smowton
2689c13bde Merge pull request #6485 from Marcono1234/marcono1234/field-initializer-fix 
Java: Fix Field.getInitializer() matching non-initializer assignments
 2021-08-24 20:52:02 +01:00
Geoffrey White
8f38ab0116 Merge pull request #6540 from jbj/ctime-weaken-claims 
C++:Lower potentially-dangerous-function precision
 2021-08-24 17:01:23 +01:00
Jonas Jensen
19ee64d9ad C++:Lower potentially-dangerous-function precision 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
 2021-08-24 17:14:42 +02:00
yoff
2f5ed03798 Merge pull request #6323 from RasmusWL/sec-test-layout 
Python: Restructure security tests to contain query name
 2021-08-24 16:50:08 +02:00