hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,269 Commits 1,684 Branches 159 Tags
d8cc82bdb1f745622367f28fbcda30e63efec0a1
Commit Graph

35269 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
d8cc82bdb1 add change-note 2022-05-04 16:14:59 +02:00
Erik Krogh Kristensen
df4bfef8c7 expand the qhelp for js/actions/injection 2022-05-04 16:14:59 +02:00
Erik Krogh Kristensen
48fb01f9f7 set js/actions/injection as a high precision warning query 2022-05-04 16:14:54 +02:00
Erik Krogh Kristensen
2a65d1d3ec move js/actions/injection out of experimental 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
fc6eedd07a generalize the file pattern for github/actions related YAML 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
bc470b89f1 leave a deprecated alias for Actions.qll 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
9db67d4988 move the Actions API out of experimental 2022-05-04 16:14:19 +02:00
Nick Rolfe
5f59e96fa9 Merge pull request #8975 from github/nickrolfe/flow_summary_joins 2022-05-04 14:24:45 +01:00
Nick Rolfe
276f8d40f9 Ruby: add comments to address review feedback 2022-05-04 12:07:46 +01:00
Mathias Vorreiter Pedersen
f499f8e946 Merge pull request #9029 from redsun82/swift-codeowners 
Swift: set @github/codeql-c as owner
 2022-05-04 11:34:51 +01:00
Tony Torralba
b876431950 Merge pull request #8706 from luchua-bc/java/unsafe-get-resource 
Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications
 2022-05-04 10:12:28 +02:00
Paolo Tranquilli
b7cdc4ae1f Swift: set @github/codeql-c as owner 2022-05-03 17:41:23 +02:00
Mathias Vorreiter Pedersen
b8fd07c0ac Merge pull request #9018 from geoffw0/xxe5 
C++: Support libxml2 in the XXE query
 2022-05-03 16:00:52 +01:00
Joe Farebrother
f65f833b11 Merge pull request #9020 from joefarebrother/predictable-seed 
Java: Add CWE-377 tag to java/predictable-seed
 2022-05-03 15:13:58 +01:00
Tony Torralba
02822c6284 Merge pull request #9013 from atorralba/atorralba/private-externalflow-imports 
Java: Make more ExternalFlow imports private
 2022-05-03 16:02:09 +02:00
Tony Torralba
9c92454fa7 Merge pull request #8872 from atorralba/atorralba/android-widget-flowstep 
Java: Add Editable.toString flow step
 2022-05-03 15:27:52 +02:00
Joe Farebrother
61f13817cf Add change note 2022-05-03 14:27:47 +01:00
Geoffrey White
d5be11bf14 C++: Address review comments. 2022-05-03 14:08:19 +01:00
Joe Farebrother
f7d0884db1 Java: Add cwe-377 tag to predictable-seed 2022-05-03 12:28:14 +01:00
yoff
56ed68b3eb Merge pull request #9001 from RasmusWL/files-refactoring 
Python: Flask: Improve `request.files` modeing
 2022-05-03 12:19:55 +02:00
Geoffrey White
9faa825304 C++: Add support for libxml2 in the query. 2022-05-03 11:19:13 +01:00
Anders Schack-Mulligen
249f771fad Merge pull request #8952 from cklin/fix-ql-comments-syntax 
Fix syntax errors in QL comments
 2022-05-03 11:15:56 +02:00
Jeroen Ketema
904ff1a569 Merge pull request #8943 from jbj/remove-gvn-imports 
C++: Remove import order workarounds
 2022-05-03 11:01:02 +02:00
Nick Rolfe
00bf352b50 Ruby: fix some flow summary join orders 
The flow summaries that are implemented with an abstract base class
restricting the method name, and child classes using that method name,
had unfortunate join orders:

r1 = JOIN Call::MethodCall::getMethodName#dispred#f0820431#ff WITH Call::MethodCall::getMethodName#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.0, (Lhs.1 ++ "_arg"), Rhs.1
 2022-05-03 09:58:40 +01:00
mc
58a2677cf7 Merge pull request #8860 from github/jf205-patch-1 
Fix broken link in analyzing-databases-with-the-codeql-cli.rst
 2022-05-03 09:56:49 +01:00
Mathias Vorreiter Pedersen
73886b1040 Merge pull request #8948 from geoffw0/xxe3 
C++: Add support for SAXParser to the CWE-611 XXE query.
 2022-05-03 09:42:10 +01:00
Tony Torralba
c66e583aea Make more ExternalFlow imports private 2022-05-03 10:31:29 +02:00
Erik Krogh Kristensen
806dacb0e3 Merge pull request #8989 from erik-krogh/mentionAll 
JS/RB: have `ApiGraphModelsSpecific.qll` mention all the required predicates
 2022-05-03 09:42:41 +02:00
Tony Torralba
5c574906fe Merge pull request #9010 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-03 09:23:53 +02:00
github-actions[bot]
433beaf637 Add changed framework coverage reports 2022-05-03 00:15:34 +00:00
Anders Schack-Mulligen
86516b157b Merge pull request #8884 from JLLeitschuh/feat/JLL/additional-file-taint-flow 
Java: Add additional `File` taint value flow models
 2022-05-02 16:30:45 +02:00
Rasmus Wriedt Larsen
7e1be3172e Python: Add change-note 2022-05-02 14:24:13 +02:00
Rasmus Wriedt Larsen
de4390cdf6 Python: Improve Flask request.files handling even more 2022-05-02 14:19:45 +02:00
Rasmus Wriedt Larsen
fb0133d276 Python: Fix Flask request.files modeling 2022-05-02 14:14:58 +02:00
Rasmus Wriedt Larsen
0c62916af5 Python: Highlight problem with Flask request.files modeling 2022-05-02 14:14:53 +02:00
yoff
1d44694280 Merge pull request #8732 from RasmusWL/dataflow-imports 
Python: Don't re-export `python` under `DataFlow::`
 2022-05-02 12:08:28 +02:00
Taus
231def026f Merge pull request #8890 from tausbn/python-add-global-attribute-writes 
Python: Add support for global attribute writes
 2022-05-02 12:03:41 +02:00
yoff
c67b06b1fd Update python/ql/test/experimental/dataflow/typetracking/attribute_tests.py 
Co-authored-by: Taus <tausbn@github.com>
 2022-05-02 11:36:58 +02:00
Tom Hvitved
29f30a19e7 Merge pull request #8955 from hvitved/csharp/useless-cast-fp 
C#: Add FP test for `cs/useless-cast-to-self`
 2022-05-02 10:32:28 +02:00
Anders Schack-Mulligen
b2e9555075 Merge pull request #8345 from jorgectf/mybatis-new-sinks 
Java: Add `MyBatis`' `Providers` sinks
 2022-05-02 09:44:28 +02:00
Erik Krogh Kristensen
f87312d4ba have ApiGraphModelsSpecific.qll mention all the required predicates/types 2022-04-30 20:29:44 +02:00
luchua-bc
920a7cd2e6 Put back the taint step removed during merge 2022-04-29 20:29:04 +00:00
Geoffrey White
034c4faf19 Merge branch 'main' into xxe3 2022-04-29 21:06:16 +01:00
Jonathan Leitschuh
c8e0d7f847 Summary model for File should include overriden methods 2022-04-29 14:51:26 -04:00
Henry Mercer
811a2c0053 Merge pull request #8957 from github/henrymercer/upgrade-codeql-action 
Use codeql-action/upload-sarif@main in CSV coverage metrics workflow
 2022-04-29 17:06:21 +01:00
Geoffrey White
614a7650a6 Merge pull request #8775 from porcupineyhairs/cpam 
CPP: PAM Authorization Bypass
 2022-04-29 14:55:33 +01:00
Jorge
37b051a851 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-04-29 14:44:17 +02:00
AlexDenisov
5c6e5173ad Merge pull request #8959 from AlexDenisov/alexdenisov/pip-install-from-bazel 
Swift: teach bazel to install python dependencies
 2022-04-29 14:31:37 +02:00
Paolo Tranquilli
8fc78fae74 Merge pull request #8960 from redsun82/swift-cc-wrappers 
Swift: cc wrapper rules
 2022-04-29 14:30:54 +02:00
Geoffrey White
812a24fc18 C++: Add test cases for libxml2. 2022-04-29 13:23:29 +01:00