hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 10:10:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,526 Commits 1,673 Branches 157 Tags
e660ac54da863fd46660cb23e4cbde322b91a7df
Commit Graph

16526 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
e660ac54da Merge pull request #4358 from joefarebrother/format-taint 
Java: Add taint steps through string formatting methods
 2020-10-05 13:25:54 +02:00
CodeQL CI
43b2c90538 Merge pull request #4400 from max-schaefer/js/api-graph-classrefs 
Approved by asgerf
 2020-10-05 03:12:23 -07:00
Mathias Vorreiter Pedersen
d38121f54a Merge pull request #4394 from geoffw0/oddsends2 
C++: Clean up and add to taint tests
 2020-10-05 09:16:50 +02:00
Arthur Baars
78c58c2415 Merge pull request #4384 from tausbn/python-fix-package-locations 
Python: Fix `hasLocationInfo` for packages
 2020-10-02 20:48:43 +02:00
Alexander Eyers-Taylor
754d82c325 Merge pull request #4382 from github/alexet-patch-1 
Fix the name of the vscode extension recommendation
 2020-10-02 18:33:36 +01:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Geoffrey White
8d5febf9c4 C++: Add a couple more test cases that have been discussed. 2020-10-02 18:03:07 +01:00
Geoffrey White
cc170bd513 C++: Test layout. 2020-10-02 18:03:07 +01:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Geoffrey White
28ab092e9f C++: Add 'tainted' markers to standalone_iterators.cpp test. 2020-10-02 15:54:26 +01:00
Taus
fce76e2799 Merge pull request #4354 from RasmusWL/python-command-execution-modeling 
Python: Better command execution modeling
 2020-10-02 16:14:34 +02:00
Taus
2e4a61428d Merge pull request #4346 from RasmusWL/python-add-implicit-init-test 
Python: add test for implicit __init__.py files
 2020-10-02 16:13:25 +02:00
Tom Hvitved
55d25d90fa Merge pull request #4386 from hvitved/csharp/remove-deprecated-queries 
C#: Remove deprecated external queries
 2020-10-02 15:12:33 +02:00
Rasmus Wriedt Larsen
e5b9ac8d9c Python: Use getCommand as tag in ConceptsTest 2020-10-02 14:12:41 +02:00
Rasmus Wriedt Larsen
eb67986916 Python: Exlucde only command injection sinks in os and subprocess 2020-10-02 14:11:07 +02:00
Rasmus Wriedt Larsen
68eacef23c Python: Refactor OsExecCall and friends for better readability 2020-10-02 13:38:54 +02:00
Rasmus Wriedt Larsen
de07d9e5d9 Python: Highlight that os.popen is not only problem for extra alerts 2020-10-02 13:34:33 +02:00
Taus Brock-Nannestad
b5d05f99c9 Python: Fix test output 2020-10-02 12:04:43 +02:00
Max Schaefer
98e93a7b9d JavaScript: Improve API-graph support for function-style classes. 2020-10-02 09:25:51 +01:00
Chris Smowton
aa707e9370 Merge pull request #4381 from smowton/smowton/admin/fix-owasp-broken-links 
Fix OWASP broken links
 2020-10-02 08:51:36 +01:00
Tom Hvitved
bc68578c8b C#: Remove deprecated external queries 2020-10-01 21:11:47 +02:00
Jonas Jensen
48c6f34f91 Merge pull request #4372 from matt-gretton-dann/cpp20-constinit 
Add support for Variable.is_constinit()
 2020-10-01 20:19:56 +02:00
Aditya Sharad
f7f05476a2 Merge pull request #4375 from adityasharad/javascript/client-side-url-redirect-regexp 
JavaScript: Track taint through RegExp.prototype.exec for URL redirection
 2020-10-01 09:55:19 -07:00
Ian Lynagh
e555b6b2a8 Merge pull request #4380 from github/igfoo/unnamed 
C++: Accept test changes in unnamed entity naming
 2020-10-01 17:16:20 +01:00
Taus Brock-Nannestad
75f4051cb5 Python: Fix hasLocationInfo for packages 2020-10-01 17:21:53 +02:00
Joe
ca4781eb78 Java: Remove use of StringFormatMethod in TaintTrackingUtils 2020-10-01 15:58:32 +01:00
Alexander Eyers-Taylor
5ce0974eb2 Fix the name of the vscode extension recommendation 
The name is case sensitive so it didn't work before.
 2020-10-01 14:40:45 +01:00
Anders Schack-Mulligen
c027f3bd2b Merge pull request #4324 from tamasvajk/feature/unsigned-sign-analysis 
Handle unsigned types in sign analysis (C# and Java)
 2020-10-01 15:11:49 +02:00
CodeQL CI
36450a8998 Merge pull request #4338 from erik-krogh/nodejs-server-request-data 
Approved by asgerf
 2020-10-01 06:00:17 -07:00
Erik Krogh Kristensen
d54a057457 Merge pull request #4377 from erik-krogh/babelCrash 
JS: prevent crash when TemplateLiteral is used in import
 2020-10-01 14:58:45 +02:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Erik Krogh Kristensen
4dec2171da add http request server data as a RemoteFlowSource 2020-10-01 13:21:56 +02:00
Rasmus Wriedt Larsen
3247b300ae Python: Fix problem with missing use-use flow 2020-10-01 12:55:11 +02:00
Rasmus Wriedt Larsen
9b3509f0ba Python: Highlight problem with missing use-use flow 2020-10-01 12:51:44 +02:00
CodeQL CI
0158e2ffef Merge pull request #4374 from max-schaefer/js/api-graph 
Approved by erik-krogh
 2020-10-01 03:33:45 -07:00
Max Schaefer
7f075202c6 Merge pull request #4367 from erik-krogh/sql-api 
JS: Fixing an API-graph gotcha in `SQL.qll`
 2020-10-01 11:33:01 +01:00
Erik Krogh Kristensen
fbd62abd64 prevent crash when TemplateLiteral is used in import 2020-10-01 11:26:49 +02:00
Aditya Sharad
e712d16e7e JavaScript: Track taint through RegExp.prototype.exec for URL redirection 
Regexp literals are currently handled, but not `RegExp` objects.
 2020-09-30 15:13:02 -07:00
Rasmus Wriedt Larsen
428c2a3fda Merge branch 'main' into python-command-execution-modeling 2020-09-30 17:38:59 +02:00
Matthew Gretton-Dann
e0ca4dafb8 Add support for Variable.is_constinit() 2020-09-30 16:31:45 +01:00
Rasmus Wriedt Larsen
c4a2e1d6d1 Python: Rewrite attribute lookup helpers for better performance 
Not that they actually had a huge problem right now, just that using the old
pattern HAS lead to bad performance in the past. See
https://github.com/github/codeql/pull/4361
 2020-09-30 17:31:20 +02:00
Geoffrey White
282d3e8f7e Merge pull request #4322 from jbj/range-analysis-custom-defs 
C++: Support custom defs in SimpleRangeAnalysis
 2020-09-30 15:43:32 +01:00
Taus
32bf7d6bdf Merge pull request #4256 from fatenhealy/Noblowfish 
CWE-327 BrokenCryptoAlgorithm recommendation to AES instead of Blowfish
 2020-09-30 16:15:46 +02:00
Erik Krogh Kristensen
bfb653a34a rename getAReference to getAnImmediateUse 2020-09-30 15:15:49 +02:00
Erik Krogh Kristensen
eb973b39fe Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-30 15:12:17 +02:00
Faten Healy
03d8fc7296 changed to AES 2020-09-30 22:18:36 +10:00
Rasmus Wriedt Larsen
4adc26eb62 Python: Fix command injection example code 
`subprocess.Popen(["ls", "-la"], shell=True)` correspond to running `sh -c "ls" -la`

So it doesn't follow the pattern of the rest of the test file.
 2020-09-30 13:38:37 +02:00
Taus
d694777894 Merge pull request #4369 from RasmusWL/python-ospathjoin-taintstep 
Python: Add taint-step for os.path.join
 2020-09-30 13:35:16 +02:00
Erik Krogh Kristensen
b24e959033 add getAnInvocation to the ApiGraphs API 2020-09-30 13:33:36 +02:00