hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 04:40:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,510 Commits 1,773 Branches 168 Tags
d5f9cae57780e94cd8e4e5dd4663883acd8a06b3
Commit Graph

34510 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
d5f9cae577 Remove 2020 sinks from TaintedPath.ql 2022-04-10 08:33:32 +00:00
Esben Sparre Andreasen
ea13a999cc address review comments 2022-04-07 15:01:45 +02:00
Esben Sparre Andreasen
ea88253501 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-04-07 15:01:45 +02:00
Esben Sparre Andreasen
e2ad791983 fix semantic merge conflict 2022-04-07 15:01:45 +02:00
Esben Sparre Andreasen
a4a95f0cda rename new features 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
e6e06b9530 add more features 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
5ca8509759 improve feature documentation 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
a201b77b11 improve feature tests with more cases 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
afd10e3949 improve access path strings 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
510a394307 support import in getSimpleAccessPath 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
e0ea4c4ccb support await in getSimpleAccessPath 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
d4f3f6516c avoid using new feautes by default 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
b84e5af050 add CompareFeatures.ql 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
57812c6934 add generic tests for features 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
22bbe9cc5d Document EndpointFeatures.qll 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
62667f431c add ParameterAccessPathSimpleFromArgumentTraversal 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
8de583b51b improve getSimpleAccessPath 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
a1a93ec9ae refactor calleeAccessPath feature to class 2022-04-07 15:01:44 +02:00
Stephan Brandauer
ccf76c9567 refactor getACallBasedTokenFeature to class-use 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
31c5c97b7d Add CalleeAccessPathSimpleFromArgumentTraversal 2022-04-07 15:01:44 +02:00
Esben Sparre Andreasen
c6fb05636e refactor EndpointFeatures.ql to use classes 2022-04-07 15:01:44 +02:00
Anders Schack-Mulligen
c0f48b6c14 Merge pull request #8681 from JLLeitschuh/fix/JLL/os_check_bugs 
Java: Fix Local Temp File/Dir Incorrect Guard Logic
 2022-04-07 14:00:13 +02:00
Jeroen Ketema
319ff35bd7 Merge pull request #8692 from jketema/implied-cctor-source 
Revert "Revert "Merge pull request #8592 from jketema/implied-cctor-source""
 2022-04-07 13:38:39 +02:00
Jeroen Ketema
bfe9fb1721 Revert "Revert "Merge pull request #8592 from jketema/implied-cctor-source"" 
This reverts commit b1d9a070f4.
 2022-04-07 12:29:43 +02:00
Mathias Vorreiter Pedersen
a6f7bd102a Merge pull request #8691 from jketema/revert-8592 
Revert "Merge pull request #8592 from jketema/implied-cctor-source"
 2022-04-07 11:26:33 +01:00
Owen Mansel-Chan
32f96c84ed Merge pull request #8677 from github/RasmusWL/update-codeowners 
Remove @xcorail from CODEOWNERS
 2022-04-07 11:16:01 +01:00
Jeroen Ketema
b1d9a070f4 Revert "Merge pull request #8592 from jketema/implied-cctor-source" 
This reverts commit d4834cb7ff, reversing
changes made to 268a3fd1c5.
 2022-04-07 12:02:37 +02:00
Mathias Vorreiter Pedersen
d4834cb7ff Merge pull request #8592 from jketema/implied-cctor-source 
C++: Add tests for copy constructor calls with implied source
 2022-04-07 11:00:40 +01:00
Rasmus Wriedt Larsen
268a3fd1c5 Merge pull request #8680 from RasmusWL/subclass 
Python: Refactor how we find a `Class` from `API::Node`
 2022-04-07 11:52:52 +02:00
Rasmus Wriedt Larsen
e9df2f8fca Update CODEOWNERS 
remove extra blank line
 2022-04-07 11:51:23 +02:00
Rasmus Wriedt Larsen
142ca78c7d Update CODEOWNERS 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2022-04-07 11:28:42 +02:00
Rasmus Wriedt Larsen
218c698498 Update CODEOWNERS 
Co-authored-by: Chuan-kai Lin <cklin@github.com>
 2022-04-07 10:11:26 +02:00
Erik Krogh Kristensen
ef9b6a11a6 Merge pull request #8679 from erik-krogh/getUrl 
Java: rename existing getUrl predicate to getRepositoryUrl
 2022-04-07 10:01:14 +02:00
Michael Nebel
72d4c97463 Merge pull request #8628 from michaelnebel/csharp/generatedkind 
C#: Introduce generated flag as a part of the kind column for flow summaries
 2022-04-07 08:43:30 +02:00
Erik Krogh Kristensen
489d4cb908 add change-note 2022-04-06 23:23:50 +02:00
Jonathan Leitschuh
2753521650 Java: Fix Local Temp File/Dir Incorrect Guard Logic 
Resolves https://github.com/github/codeql/pull/8032#discussion_r841723906
 2022-04-06 12:16:09 -04:00
Erik Krogh Kristensen
563d0d6532 rename existing getUrl predicate to getRepositoryUrl 2022-04-06 15:32:33 +02:00
Rasmus Wriedt Larsen
f8f41428df Python: Minor refactor for FlaskViewClass 2022-04-06 15:15:42 +02:00
Rasmus Wriedt Larsen
1c2323eb85 Python: Refactor how we find a Class from API::Node 
Using `getAnImmediateUse` might give better performance than `getAUse`.

Since all the changed code is about `API::Node`s that are found after
doing `.getASubclass*()`, this change is OK.

It's also nice to align how we actually do this.
 2022-04-06 15:12:24 +02:00
Anders Schack-Mulligen
879b8a1200 Merge pull request #8676 from pwntester/java_hotspots_mods 
Make security-related TaintTracking Configuration public
 2022-04-06 14:40:14 +02:00
Erik Krogh Kristensen
943af17d10 Merge pull request #8619 from erik-krogh/atmSteps 
JS-ML: fix isKnownStepSrc such that it recognizes taint-steps
 2022-04-06 12:56:53 +02:00
Rasmus Wriedt Larsen
b99767ef52 Merge pull request #8668 from RasmusWL/use-instanceof 
Python: Rewrite concepts to use `extends ... instanceof ...`
 2022-04-06 12:09:12 +02:00
Anders Schack-Mulligen
bbb6d08071 Merge pull request #8661 from Marcono1234/marcono1234/getMethod-public-only 
Java: Fix reflection predicate for `getMethod` having non-public method result
 2022-04-06 12:03:14 +02:00
Alvaro Muñoz Sanchez
9ccd0e564b Add QLDocs 2022-04-06 12:00:41 +02:00
Rasmus Wriedt Larsen
4d2a3b38d2 Merge pull request #8511 from RasmusWL/use-query-suffix 
Python: Use `Query.qll` suffix for dataflow configuration definitions
 2022-04-06 11:59:29 +02:00
Rasmus Wriedt Larsen
2e9505e7f2 Remove @xcorail from CODEOWNERS 
Since @xcorail didn't have write access to this repo, that caused troubles with the CODEOWNERS file.
 2022-04-06 11:48:38 +02:00
Anders Schack-Mulligen
d0b5b99e74 Merge pull request #8611 from github/smowton/doc/switch-expr-accessors 
Java: make SwitchCase.getRuleExpression/Statement more consistent
 2022-04-06 11:16:40 +02:00
Tom Hvitved
31ec2988df Merge pull request #8674 from hvitved/csharp/useless-upcast-lambda-tests 
C#: Add more tests for `cs/useless-cast-to-self`
 2022-04-06 11:11:40 +02:00
Alvaro Muñoz Sanchez
19b8d51c0b Update CommandLineQuery 
Make TaintTracking configuration public
 2022-04-06 10:58:56 +02:00
Alvaro Muñoz Sanchez
abaa71e2c5 Update Sql Injection queries 
move java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll -> java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
 2022-04-06 10:57:14 +02:00