hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 03:00:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,101 Commits 1,676 Branches 157 Tags
dcd96083e8d48a27e6bedf8f0a1e5ee30a3f9720
Commit Graph

58101 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
dcd96083e8 Python: Move StackTraceExposure to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
f75e65c67d Python: Move LogInjection to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
88cf9c99b0 Python: Move CodeInjection to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
05573904a5 Python: Move LdapInjection to new dataflow API 
We could have switched to a stateful config, but I tried to keep changes
as straight forward as possible.
 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
c360346e9e Python: Move ReflectedXss to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
b30142c1d7 Python: Move CommandInjection to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
700841e9b0 Python: Move UnsafeShellCommandConstruction to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
d4e4e2d426 Python: Move TarSlip to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
e97032909a Python: Move PathInjection to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
245c24077d Python: Move SqlInjection to new dataflow API 2023-08-28 15:27:49 +02:00
yoff
2e981e330b Merge pull request #14059 from RasmusWL/fix-loginjection-tests 
Python: Fix stdlib sinks in LogInjection query
 2023-08-28 14:44:51 +02:00
yoff
6e05246daa Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
Rasmus Wriedt Larsen
c807ab4216 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-08-28 14:04:22 +02:00
yoff
826b8e6aa5 Merge pull request #14067 from RasmusWL/modern-dataflowquerytests 
Python: Adopt tests to new `DataflowQueryTest`
 2023-08-28 13:54:34 +02:00
Michael Nebel
e7dbe9f289 Merge pull request #14028 from michaelnebel/csharp/dependencygetfiles 
C#: Improve GetFiles in the Dependency Manager.
 2023-08-28 12:53:28 +02:00
Rasmus Wriedt Larsen
38b78128c0 Merge pull request #13990 from RasmusWL/experimental-cleanup 
Python: Port old experimental points-to based queries
 2023-08-28 12:11:17 +02:00
Rasmus Wriedt Larsen
889cb7a95b Python: Adopt tests to new DataflowQueryTest 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:44:01 +02:00
Rasmus Wriedt Larsen
9c44235782 Python: Modernize DataflowQueryTest.qll 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:40:41 +02:00
Rasmus Wriedt Larsen
7cba6cd1d8 Python: Update .expected files 
Due to change in path-graph, and including LHS of assignments
 2023-08-28 11:33:44 +02:00
Rasmus Wriedt Larsen
0f242475f2 Merge branch 'main' into experimental-cleanup 2023-08-28 11:01:22 +02:00
Rasmus Wriedt Larsen
0dca8a5d86 Python: Remove old points-to modeling file 
Since all of this was ported already
 2023-08-28 10:40:45 +02:00
Rasmus Wriedt Larsen
39e2b133e9 Python: Fix naming 2023-08-28 10:40:33 +02:00
Alex Ford
9957e2683b Merge pull request #13313 from maikypedia/maikypedia/ldap-improper-auth 
Ruby: Add Improper LDAP Authentication query (CWE-287)
 2023-08-25 20:52:34 +01:00
Alex Ford
ae635c609f Ruby: autoformat 2023-08-25 17:11:07 +01:00
Rasmus Wriedt Larsen
bf9a0dab2a Python: Fix stdlib sinks in LogInjection query 2023-08-25 17:04:48 +02:00
Rasmus Wriedt Larsen
7852429df2 Python: Accept LogInjection .expected changes 
I don't know how this had gone unnoticed for so long, but I realized when I tried to run this query locally
 2023-08-25 17:04:40 +02:00
Shati Patel
c5612ae522 Merge pull request #14051 from github/shati-patel/mrva-results-view 
Docs: Update screenshots of variant analysis results view
 2023-08-25 15:42:49 +01:00
Mathias Vorreiter Pedersen
68bccfdb93 Merge pull request #14013 from alexet/only-taint-argv-indirections 
CPP:Only taint argv indirections
 2023-08-25 15:19:51 +01:00
Michael Nebel
02b8adf717 C#: Address review comments and some light re-factoring. 2023-08-25 15:33:54 +02:00
Maiky
ffd618d6cc Revert "Add "" and nil as sources" 
This reverts commit 664c1eba72.
 2023-08-25 15:23:55 +02:00
AlexDenisov
0fe7740dda Merge pull request #14052 from github/sashabu/swift-logging-compiler 
Swift: Route compiler diagnostics through our log.
 2023-08-25 14:47:24 +02:00
Alex Eyers-Taylor
1afcf8c8a8 Add changenotes. 2023-08-25 13:05:10 +01:00
Alex Eyers-Taylor
9f8fbf8a1a CPP: Update tests for argv change 2023-08-25 13:05:10 +01:00
Alex Eyers-Taylor
45ddb4832c CPP: Make wordexp take an indirect argument. 2023-08-25 13:05:10 +01:00
Alex Eyers-Taylor
a2f2b6c33f CPP:Only consider **argv as tainted. 2023-08-25 13:05:10 +01:00
Michael Nebel
61a523510e C#: Only use small files during file content reference analysis. 2023-08-25 14:04:52 +02:00
Michael Nebel
a81d982c90 C#: Fetch file info fewer times and make dependencies more clear. 2023-08-25 14:04:52 +02:00
Tony Torralba
6573b1f772 Merge pull request #14056 from atorralba/atorralba/java/jenkins-stapler-regenerate 
Java: Re-generate Jenkins and Stapler models
 2023-08-25 13:15:21 +02:00
Tom Hvitved
42fd9f0c54 Merge pull request #14047 from hvitved/dataflow/join-fix 
Data flow: Fix a bad join order
 2023-08-25 12:18:24 +02:00
Ian Lynagh
a7de0f96e2 Merge pull request #14049 from igfoo/igfoo/kot1.9.10 
Kotlin: We now support 1.9.10
 2023-08-25 11:11:14 +01:00
Rasmus Lerchedahl Petersen
ad49eada48 Python: Do not alter codeql-workspaces.yml 
And remove the qlpack referred to therein.
Instead we rename and duplicate the extesion file
that this qlpack pointed to.
These two extension files are kept in sync by `identical-files.json`.
 2023-08-25 11:46:41 +02:00
Tony Torralba
5367fb99d9 Manually update a couple of models affected by the nested name change 2023-08-25 11:25:40 +02:00
Mathias Vorreiter Pedersen
2fd627b460 Merge pull request #13827 from geoffw0/closuremodels 
Swift: Model withUnsafeBytes and similar closure methods
 2023-08-25 10:01:52 +01:00
Tony Torralba
50a9c31b4a Merge pull request #14055 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-08-25 10:04:51 +02:00
Tony Torralba
2ed01d06b4 Java: Re-generate Jenkins and Stapler models 
Re-generated the Jenkins and Stapler models to pick up the changes from github/codeql#14032
 2023-08-25 10:01:28 +02:00
github-actions[bot]
c9d64b6b4f Add changed framework coverage reports 2023-08-25 00:14:40 +00:00
yoff
a834703195 Merge pull request #13779 from geoffw0/pythonparsemode 
Python: Understand multiple parse mode flags specified in a regular expression string
 2023-08-24 21:20:45 +02:00
Tom Hvitved
763216b932 Merge pull request #14045 from hvitved/csharp/standalone-resolve-target-framework 
C#: Favor DLLs with most recent .NET Core target framework when resolving dependencies in standalone
 2023-08-24 20:56:26 +02:00
Alexandre Boulgakov
7e05551f16 Swift: Check whether a SourceLoc is valid before using it. 2023-08-24 18:14:34 +01:00
Ian Lynagh
5dff1852e1 Kotlin: We now support 1.9.10 2023-08-24 17:36:45 +01:00