hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
61,931 Commits 1,703 Branches 162 Tags
e85c4b5bf66ebefc1d5ca3838d173ffde0558c31
Commit Graph

61931 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
masterofnow
e85c4b5bf6 Update query from code review feedback to express it as a dataflow problem. 2023-12-20 18:28:16 +08:00
masterofnow
4a77f45aa6 Minor adjustment to resolve error for codeql version 2.15.4 2023-12-16 12:41:39 +08:00
masterofnow
99b273d308 Apply suggestions from code review 
Added suggestion from atorralba.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-16 12:00:45 +08:00
masterofnow
e1b8fabf7f Use global instead of local taint tracking. 2023-12-13 13:50:34 +08:00
masterofnow
8538c12267 Merge branch 'github:main' into LoadClassNoSignatureCheck 2023-12-13 13:47:40 +08:00
Tony Torralba
27be5ba14b Merge pull request #15073 from atorralba/atorralba/java/remove-invalid-ognl-sinks 
Java: Remove invalid OGNL sinks
 2023-12-12 16:52:31 +01:00
Owen Mansel-Chan
5675df842e Merge pull request #15054 from owen-mc/go/find-more-callees-for-captured-variables 
Go: Also follow jump steps when looking for a callee source
 2023-12-12 15:49:15 +00:00
Geoffrey White
609f92c7ac Merge pull request #13870 from geoffw0/commoncrypto1 
Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query
 2023-12-12 15:26:02 +00:00
Edward Minnix III
4d6521fd7a Merge pull request #13608 from egregius313/egregius313/weak-randomness 
Java: Add Weak Randomness Query (CWE-330/338)
 2023-12-12 09:40:11 -05:00
Tony Torralba
fad53a25c0 Update java/ql/lib/ext/struts2.model.yml 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2023-12-12 14:58:47 +01:00
Mathias Vorreiter Pedersen
3dea467dcc Merge pull request #15047 from MathiasVP/add-puns-for-addresses-of-arguments 
C++: Add `PostUpdateNode`s for addresses of outgoing arguments
 2023-12-12 13:55:13 +00:00
Mathias Vorreiter Pedersen
412ea67ba0 Merge pull request #15075 from MathiasVP/print-data-flow-relevant-IR 
C++: Add a `PropertyProvider` for only showing dataflow-relevant IR
 2023-12-12 13:51:11 +00:00
Tom Hvitved
3c2336e40b Merge pull request #15074 from hvitved/dataflow/get-node-type-cached 
Data flow: Use cached `nodeDataFlowType` instead of `getNodeType`
 2023-12-12 14:49:41 +01:00
Mathias Vorreiter Pedersen
97f2be9b82 C++: Fix QLDoc. 2023-12-12 13:45:18 +00:00
yoff
a39eb5efc9 Merge pull request #15051 from yoff/python/slightly-improve-tarslip 
Python: slightly improve tarslip logic
 2023-12-12 14:43:43 +01:00
Mathias Vorreiter Pedersen
1ad0e6524e Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintDataFlowRelevantIR.qll 2023-12-12 13:15:36 +00:00
Mathias Vorreiter Pedersen
11386494b7 C++: Factor out the property provider which hides instructions and operands out of the 'LocalFlowPropertyProvider' class and into a separate class. 2023-12-12 13:04:31 +00:00
Tom Hvitved
b3929e2375 Data flow: Use cached nodeDataFlowType instead of getNodeType 2023-12-12 13:46:39 +01:00
Tony Torralba
103110f9c2 Java: Remove invalid OGNL sinks 
Fixes #15053
 2023-12-12 13:39:51 +01:00
Alexander Eyers-Taylor
e87b3911dc Merge pull request #14910 from alexet/incorrect-scanf 
CPP: Add query for detecteing incorrect error checking for scanf
 2023-12-12 11:57:17 +00:00
Mathias Vorreiter Pedersen
4d430d5df0 Merge pull request #15037 from aschackmull/range/prunebounds 
Rangeanalysis: Prune range calculation.
 2023-12-12 11:18:26 +00:00
Mathias Vorreiter Pedersen
cec785c8cc C++: Respond to review comments. 2023-12-12 11:16:41 +00:00
Mathias Vorreiter Pedersen
f284fde93c C++: Update QLDoc. 2023-12-12 11:09:36 +00:00
Mathias Vorreiter Pedersen
a6104ad878 C++: Fix test annotations. 2023-12-12 11:06:18 +00:00
Rasmus Wriedt Larsen
42a6309f25 Merge pull request #15071 from github/RasmusWL/generate-code-scanning-query-list 
Add @RasmusWL as CODEOWNER of a misc file
 2023-12-12 10:53:11 +01:00
Jeroen Ketema
611a177c3c Merge pull request #15066 from jketema/ql-test 
C++: Update test for CLI changes
 2023-12-12 10:36:57 +01:00
Rasmus Wriedt Larsen
aa6a455ece Update CODEOWNERS 2023-12-12 10:31:36 +01:00
Tom Hvitved
9b043a10cc Merge pull request #15063 from hvitved/csharp/use-scratch-dir 
C#: Use `CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR` instead of `Path.GetTempPath`
 2023-12-12 08:16:04 +01:00
Owen Mansel-Chan
0fb58caa8c Update go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2023-12-11 20:42:48 +00:00
Edward Minnix III
06eef93f89 Docs review suggestions 2023-12-11 11:18:40 -05:00
Edward Minnix III
ce20c4ae03 Docs review suggestions 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-12-11 11:18:40 -05:00
Ed Minnix
7362158229 Fix test case 2023-12-11 11:18:40 -05:00
Ed Minnix
1271cd3348 Remove unnecessary crypto sinks 2023-12-11 11:18:40 -05:00
Ed Minnix
3ca039bc8f Rename to InsecureRandomness 2023-12-11 11:18:40 -05:00
Ed Minnix
6e70e6c85a Use pre-exisiting type for SecureRandom 2023-12-11 11:18:39 -05:00
Edward Minnix III
4678302edb Update query metadata 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-12-11 11:18:39 -05:00
Ed Minnix
bbf99375c7 Alter cookie sinks to instead focus on creation of a cookie 2023-12-11 11:18:39 -05:00
Ed Minnix
4bdf2b5e18 Bump change note date 2023-12-11 11:18:39 -05:00
Ed Minnix
b9d2a26e6e Move ESAPI models into the Weak Randomness query 
These models don't need to apply to all queries. So instead they are
better suited to be within the weak randomness query itself.
 2023-12-11 11:18:39 -05:00
Ed Minnix
7f3995f524 Remove extra encryption-iv models 2023-12-11 11:18:39 -05:00
Ed Minnix
7241e0920c Replace convertBytesToString with models 2023-12-11 11:18:39 -05:00
Ed Minnix
e9ca4a25d4 Update to new MethodCall name 2023-12-11 11:18:39 -05:00
Ed Minnix
a1e9564cc5 Add more sources 2023-12-11 11:18:39 -05:00
Ed Minnix
b8b2de2f3c Remove use of crypto-parameter sink kind 2023-12-11 11:18:39 -05:00
Ed Minnix
646254c9b2 Add credentials sinks from SensitiveApi 2023-12-11 11:18:39 -05:00
Ed Minnix
057a74d914 Remove unnused class 2023-12-11 11:18:39 -05:00
Ed Minnix
fb875f5095 More variety of test cases 2023-12-11 11:18:39 -05:00
Ed Minnix
ba3c38c226 Restrict addCookie to specific interface 2023-12-11 11:18:38 -05:00
Ed Minnix
dc3e4cd928 Refactored method accesses to the RandomDataSource library 2023-12-11 11:18:38 -05:00
Ed Minnix
ce7690b53f Make imports private 2023-12-11 11:18:38 -05:00