hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-31 03:21:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
33,333 Commits 1,763 Branches 168 Tags
e044bbab73d8500408bc4920fae558c8eaed2690
Commit Graph

33333 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
e044bbab73 Remove NoSQL sinks since September 2018 2022-03-09 14:57:49 +00:00
Esben Sparre Andreasen
fff6670495 Remove additional Xss sinks 2022-03-09 14:57:49 +00:00
Esben Sparre Andreasen
f9825b4e1a Remove additional SQL sinks 2022-03-09 14:57:49 +00:00
Esben Sparre Andreasen
94b20748e3 Remove additional path-injection sinks 2022-03-09 14:57:49 +00:00
Esben Sparre Andreasen
6caa4aac4f Add benjamin-button.md 2022-03-09 14:57:49 +00:00
Esben Sparre Andreasen
4e5e3f5174 Remove pseudo-properties 2022-03-09 14:57:49 +00:00
Esben Sparre Andreasen
97c30a2458 Remove 2020 sinks from SqlInjection.ql 2022-03-09 14:57:49 +00:00
Esben Sparre Andreasen
c4e28b6e02 Remove 2020 sinks from Xss.ql 2022-03-09 14:57:49 +00:00
Esben Sparre Andreasen
d8974b55b7 Remove 2020 sinks from TaintedPath.ql 2022-03-09 14:57:48 +00:00
Mathias Vorreiter Pedersen
17cec52af8 Merge pull request #8385 from erik-krogh/orderByConst 
QL: add query detecting ordering by a constant
 2022-03-09 14:18:35 +00:00
Michael Nebel
fbe8f75903 Merge pull request #8038 from michaelnebel/csharp/gvn-cfecomparison 
C#: Refactor Structural Comparison for Control Flow Elements.
 2022-03-09 13:36:42 +01:00
Michael Nebel
d0cb984f9e Merge pull request #6 from hvitved/csharp/gvn-cfecomparison 
C#: Code review suggestions
 2022-03-09 12:11:23 +01:00
Tom Hvitved
c51ddd0d35 C#: Code review suggestions 2022-03-09 10:50:53 +01:00
Tom Hvitved
275902d558 Merge pull request #8373 from hvitved/ruby/regex-multiples-parse-fix 
Ruby: Fix incorrect parsing of ranges
 2022-03-09 10:30:01 +01:00
Tom Hvitved
f5fbf50d7d Ruby: Fix incorrect parsing of ranges 2022-03-08 19:53:17 +01:00
Tom Hvitved
89c3d0535a Ruby: Add regex test that outputs all RegExpTerms 2022-03-08 19:53:17 +01:00
Tom Hvitved
073302f196 Ruby: Add another regex consistency test 2022-03-08 19:53:17 +01:00
Tom Hvitved
a70ed71c01 Merge pull request #8370 from hvitved/ruby/regex-group-name-off-by-one 
Ruby: Fix off-by-one error in `getGroupName`
 2022-03-08 19:52:32 +01:00
Tom Hvitved
5f48cc06bb Ruby: Fix off-by-one error in getGroupName 2022-03-08 15:59:47 +01:00
Tom Hvitved
6dd126b6e3 Ruby: Add regex group tests 2022-03-08 15:59:28 +01:00
Tom Hvitved
86121164c5 Merge pull request #8364 from hvitved/ruby/fix-regex-parse 
Ruby: Fix regex parsing of `/[|]/`
 2022-03-08 15:26:29 +01:00
Michael Nebel
ec75bbc748 Merge pull request #8203 from michaelnebel/csharp/extractor-option-buildless 
C#: Refactoring - Move some of the standalone extractor code to the Standalone project.
 2022-03-08 14:32:59 +01:00
Mathias Vorreiter Pedersen
9e7b0925c6 Merge pull request #8366 from jketema/code-duplication-deprecated 
C++: Mark everything in CodeDuplication.qll as deprecated
 2022-03-08 12:47:50 +00:00
Jeroen Ketema
3877598c12 C++: Remove cpp/duplicated-lines-in-files which was deprecated over a year ago 2022-03-08 12:58:19 +01:00
Jeroen Ketema
b039b91fd8 C++: Add change note 2022-03-08 12:36:11 +01:00
Jeroen Ketema
df1e810f13 C++: Remove duplicate code queries that were deprecated over a year ago 2022-03-08 12:28:41 +01:00
Jeroen Ketema
d2e2866276 C++: Also deprecate TDuplicationOrSimilarity 2022-03-08 12:26:07 +01:00
Jeroen Ketema
55351ce835 Update cpp/ql/src/external/CodeDuplication.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-08 11:57:05 +01:00
Jeroen Ketema
2e73e35747 Update cpp/ql/src/external/CodeDuplication.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-08 11:56:55 +01:00
Jeroen Ketema
81783e828e C++: Mark everything in CodeDuplication.qll as deprecated 
Although we earlier added a comment to the classes in noting that
they are deprecated, we did not properly mark the classes as actually
being deprecated.

All predicates - except for 3 - depend on the classes being functional,
which they no longer are, so mark those a deprecated as well. The three
remaining predicates (`FunctionDeclarationEntry`, `numberOfSourceMethods`,
and `whitelistedLineForDuplication`) seem to be helpers, and are likely
not used when the library is not used, so mark those as deprecated as
well.
 2022-03-08 11:38:01 +01:00
Erik Krogh Kristensen
4734f1916e Merge pull request #7598 from erik-krogh/fieldOnlyUsedInCharPred 
QL: field only used in charPred
 2022-03-08 11:25:57 +01:00
Rasmus Wriedt Larsen
cbe3964a87 Merge pull request #8275 from haby0/py/add-ssrf-sinks 
Python: Add Server-side Request Forgery sinks
 2022-03-08 11:06:52 +01:00
Tom Hvitved
3bc8d0878f Ruby: Add regex consistency queries 2022-03-08 10:10:14 +01:00
Tom Hvitved
6d4eecff14 Ruby: Fix regex parsing of /[|]/ 2022-03-08 09:52:06 +01:00
Tom Hvitved
a7442b7a2b Ruby: Add regex test case for /[|]/ 2022-03-08 09:51:39 +01:00
Tom Hvitved
6aad8d6897 Merge pull request #8302 from aibaars/type-tracking-smallstep 
Ruby: TypeTracker: add smallstep for functions that return their arguments
 2022-03-07 17:26:45 +01:00
Mathias Vorreiter Pedersen
c7d624d314 Merge pull request #8247 from ihsinme/ihsinme-patch-80 
CPP: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
 2022-03-07 11:00:29 +00:00
Geoffrey White
e7dca435a9 Merge pull request #6950 from ihsinme/ihsinme-patch-078 
CPP: Add query for CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
 2022-03-07 10:55:29 +00:00
Arthur Baars
200a965fda Update expected output 2022-03-07 11:51:54 +01:00
Arthur Baars
95027e746c Ruby: TypeTracker: add smallstep for functions that return their arguments 2022-03-07 11:51:54 +01:00
Tom Hvitved
9c4c35141a Ruby: Update type tracker test 2022-03-07 11:51:54 +01:00
Tom Hvitved
64b458b166 Merge pull request #8319 from hvitved/csharp/recursive-qltest-extraction-change-note 
C#: Add change note about recursive `codeql test run` extraction
 2022-03-07 11:43:11 +01:00
Tom Hvitved
c1db0a9429 Merge pull request #8317 from hvitved/typetracker/jump-step 
Ruby/Python: Clear call contexts after jump steps in type tracking
 2022-03-07 11:38:51 +01:00
Tom Bolton
173f45f316 Merge pull request #8334 from github/tombolton/add-mapping-query 
JS: Add query that maps queries to sink type
 2022-03-07 10:35:37 +00:00
Mathias Vorreiter Pedersen
027c8247ae Merge pull request #8310 from jketema/update-stats 
C++: Update the DB scheme stats file
 2022-03-07 09:11:53 +00:00
Tony Torralba
08ce128d64 Merge pull request #8325 from JLLeitschuh/feat/JLL/improve_compile_time_constant 
[Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue
 2022-03-07 09:32:59 +01:00
haby0
7e6666bc63 Merge branch 'main' into py/add-ssrf-sinks 2022-03-07 12:09:14 +08:00
Erik Krogh Kristensen
9c759a987e QL: add query detecting ordering by a constant 2022-03-06 17:02:19 +01:00
Tiferet Gazit
bbc712fdb3 Merge pull request #8297 from erik-krogh/atmPerf 
JS: Fix ATM timeout on NodeJS
 2022-03-04 10:41:35 -08:00
Mathias Vorreiter Pedersen
624795cbbf Merge pull request #8059 from rdmarsh2/rdmarsh2/cpp/insufficient-key-strength 
C++: new query for insufficient key strength
 2022-03-04 17:11:44 +00:00