hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-06 05:57:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,345 Commits 1,777 Branches 169 Tags
cf9d289df56cebc64d4fbd71f1e161bcce0460d0
Commit Graph

34345 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
cf9d289df5 Remove 2020 sinks from SqlInjection.ql 2022-04-01 18:00:36 +00:00
Esben Sparre Andreasen
209744e83a Remove 2020 sinks from Xss.ql 2022-04-01 18:00:36 +00:00
Esben Sparre Andreasen
2feed51e00 Remove 2020 sinks from TaintedPath.ql 2022-04-01 18:00:36 +00:00
Esben Sparre Andreasen
11944625ac address review comments 2022-04-01 14:33:30 +02:00
Esben Sparre Andreasen
c7873ac3de Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-04-01 14:08:58 +02:00
Esben Sparre Andreasen
ba350116f3 fix semantic merge conflict 2022-04-01 09:31:49 +02:00
Esben Sparre Andreasen
602ea4aa0b rename new features 2022-04-01 09:06:01 +02:00
Esben Sparre Andreasen
76e965211f add more features 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
1a8abeec06 improve feature documentation 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
278e325026 improve feature tests with more cases 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
d1f8eb408f improve access path strings 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
71211841b8 support import in getSimpleAccessPath 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
51062dd8a7 support await in getSimpleAccessPath 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
125fe7f506 avoid using new feautes by default 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
a50aa3554f add CompareFeatures.ql 2022-04-01 08:51:30 +02:00
Esben Sparre Andreasen
94f2b1db19 add generic tests for features 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
232230c81c Document EndpointFeatures.qll 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
a9bd191f85 add ParameterAccessPathSimpleFromArgumentTraversal 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
4d1ceda93a improve getSimpleAccessPath 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
0ab7da0550 refactor calleeAccessPath feature to class 2022-04-01 08:51:29 +02:00
Stephan Brandauer
b27c9ce47c refactor getACallBasedTokenFeature to class-use 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
1510d6c501 Add CalleeAccessPathSimpleFromArgumentTraversal 2022-04-01 08:51:29 +02:00
Esben Sparre Andreasen
9b97fc4562 refactor EndpointFeatures.ql to use classes 2022-04-01 08:51:29 +02:00
Chris Smowton
9309a652df Merge pull request #8493 from JLLeitschuh/feat/JLL/test_assertion_guard_preconditions 
[Java]: Add precondition support for testing library asserts
 2022-03-31 22:30:09 +01:00
Chris Smowton
9bcf466aa8 Accept expected test result improvement 2022-03-31 15:19:08 +01:00
Chris Smowton
2829770003 Autoformat and fix typo 2022-03-31 14:11:09 +01:00
Anders Schack-Mulligen
f1ec2e3260 Merge pull request #8426 from atorralba/atorralba/missing-severities 
Java: Add missing security-severity scores
 2022-03-31 14:53:47 +02:00
Chris Smowton
fa8791f1d5 Merge pull request #8620 from jketema/doc-typo-fix 
CLI docs: make the running text match the example
 2022-03-31 12:36:51 +01:00
Anders Schack-Mulligen
8d9ce5fb4c Merge pull request #8625 from aschackmull/java/qldoc-casing-fix 
Java: Fix acronym casing in qldoc referring to Java class names.
 2022-03-31 13:33:11 +02:00
Tom Hvitved
9c90385846 Merge pull request #8624 from hvitved/ruby/fix-import 
Ruby: Fix broken import
 2022-03-31 12:51:50 +02:00
Anders Schack-Mulligen
f28da00ec4 Java: Fix qldoc as followup to https://github.com/github/codeql/pull/8323 2022-03-31 12:50:36 +02:00
Tom Hvitved
40986bfcb1 Ruby: Fix broken import 2022-03-31 12:32:03 +02:00
Michael Nebel
27b1d1e1e0 Merge pull request #8348 from michaelnebel/csharp/externalapi-telemetry 
C#: ExternalAPI implementation for Telemetry.
 2022-03-31 11:36:07 +02:00
Geoffrey White
146318dbc1 Merge pull request #8580 from geoffw0/privdata 
C++: Port PrivateData.qll from C# and use it in cpp/cleartext-transmission
 2022-03-31 10:12:46 +01:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization 
Incomplete url string sanitization
 2022-03-31 10:59:51 +02:00
Jeroen Ketema
85e2367769 CLI docs: make the running text match the example 2022-03-31 10:14:30 +02:00
Arthur Baars
7e866ed376 Merge pull request #8617 from cklin/qldoc-coverage-new-language 
QLdoc check: handle new languages gracefully
 2022-03-31 10:00:36 +02:00
Chuan-kai Lin
1ff0fda5d1 QLdoc check: handle new languages gracefully 2022-03-30 14:58:13 -07:00
Chuan-kai Lin
48015e5a2e Merge pull request #8597 from cklin/run-js-ml-tests 
JS: Fix expected test output for ATM queries
 2022-03-30 13:10:02 -07:00
Chuan-kai Lin
a8dabb238d JS: Fix expected test output for ATM queries 2022-03-30 11:35:17 -07:00
Nick Rolfe
fa1bb82701 Merge pull request #8610 from github/nickrolfe/re-fix-location-join-order 
Ruby: undo accidental revert of #8538
 2022-03-30 16:31:52 +01:00
Nick Rolfe
10b75bff76 Ruby: undo accidental revert of 13be9919 2022-03-30 16:02:12 +01:00
Chris Smowton
9675f34cf5 Merge pull request #8257 from luchua-bc/java/insecure-webview-resource-response 
Java: CWE-200 Query to detect insecure WebResourceResponse implementation
 2022-03-30 15:56:27 +01:00
Arthur Baars
031d183bdf Merge pull request #8532 from aibaars/regex-refactor-2 
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
 2022-03-30 16:38:47 +02:00
Dave Bartolomeo
70c44734e6 Merge pull request #8445 from dbartol/dbartol/ir-range/semantic-scratch 
Sign, Modulus, and Range analysis for C++ using sharable semantic layer
 2022-03-30 07:08:09 -04:00
Dave Bartolomeo
e2396a5e03 Remove PrintIR tests for range analysis 
These were only used for debugging, and don't actually make good tests.
 2022-03-30 06:45:28 -04:00
Dave Bartolomeo
19789fa738 Merge remote-tracking branch 'upstream/main' into semantic-scratch 2022-03-30 06:39:14 -04:00
Nick Rolfe
a274af2b16 Merge pull request #7985 from github/nickrolfe/constant_regexp 
Ruby: separate constant propagation of regexps from strings
 2022-03-30 11:37:33 +01:00
Robert Marsh
8d21c8b7c5 Merge pull request #8423 from 4B5F5F4B/main 
[CPP][Linux Kernel]Add ql to detect CVE-2017-5123
 2022-03-29 15:10:15 -04:00
luchua-bc
fa2a6a7da3 Remove unnecessary taint step and update qldoc 2022-03-29 17:52:49 +00:00