codeql

mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	ed48efe5b4	recognize access to a query object through function calls	2020-06-30 15:52:08 +02:00
Jonas Jensen	f79299883a	Merge pull request #3831 from MathiasVP/remove-abstract-decl-var-call C++: Remove abstractness from DeclarationEntry, AccessHolder and Call	2020-06-30 10:21:55 +02:00
Anders Schack-Mulligen	13cb853af5	Merge pull request #3294 from ggolawski/ognl-injection CodeQL query to detect OGNL injections	2020-06-30 09:46:02 +02:00
Mathias Vorreiter Pedersen	acee9eb7ab	C++: Add comment to pseudo-abstract predicates	2020-06-30 09:19:47 +02:00
Mathias Vorreiter Pedersen	50709b235e	C++: Replace implication with disjunction in charpred for Call	2020-06-30 09:18:52 +02:00
Mathias Vorreiter Pedersen	667bb323ac	C++: Rename union types to follow the naming convention of IPA types (and make them private)	2020-06-30 08:40:46 +02:00
Tom Hvitved	b57cfc965a	Merge pull request #3804 from aschackmull/dataflow/dispatch-refactor Dataflow: Refactor dispatch with call context.	2020-06-30 08:28:27 +02:00
Anders Schack-Mulligen	d297ce2279	Merge pull request #3436 from artem-smotrakov/revocation-checking Java: Added a query for disabled certificate revocation checking	2020-06-29 16:42:36 +02:00
Anders Schack-Mulligen	b53b90501b	Merge pull request #3550 from luchua-bc/java-unsafe-cert-trust Java: CWE-273 Unsafe certificate trust	2020-06-29 16:39:39 +02:00
Anders Schack-Mulligen	0bd81eb4b8	Dataflow: Fix reference to viableCallable.	2020-06-29 16:22:58 +02:00
semmle-qlci	da8725aa5c	Merge pull request #3823 from dellalibera/js/fancy-log Approved by erik-krogh	2020-06-29 14:46:51 +01:00
semmle-qlci	b3e68ef81c	Merge pull request #3806 from erik-krogh/moreDownloads Approved by asgerf	2020-06-29 13:53:10 +01:00
Mathias Vorreiter Pedersen	6b27652b99	C++: Remove abstractness from a couple of AST classes	2020-06-29 10:27:16 +02:00
Erik Krogh Kristensen	27b2c02693	remove todo comment Co-authored-by: Asger F <asgerf@github.com>	2020-06-29 09:58:59 +02:00
ubuntu	bb06014f3d	Add fancy-log	2020-06-28 22:02:02 +02:00
Alessio Della Libera	ce32d646dc	Update javascript/ql/src/semmle/javascript/frameworks/Logging.qll Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2020-06-28 21:58:45 +02:00
Grzegorz Golawski	aff0e0eb25	Cleanup according to review comments.	2020-06-27 18:30:36 +02:00
Artem Smotrakov	f5f30ce25e	Java: Simplified the query for disabled certificate revocation checking Removed a dataflow cofiguration for setting a revocation checker. Instead, the query just checks if addCertPathChecker() or setCertPathCheckers() methods are called.	2020-06-27 11:37:20 +03:00
Artem Smotrakov	a2fa03e4f5	Java: Improved the query for disabled certificate revocation checking - Added a taint propagation step for List.of() methods - Added a testcase with one of the List.of() method - Simplified conditions - Fixed typos	2020-06-27 11:37:20 +03:00
Artem Smotrakov	06e3f101ce	Java: Added a query for disabled certificate revocation checking - Added experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql The query looks for PKIXParameters.setRevocationEnabled(false) calls. - Added RevocationCheckingLib.qll - Added a qhelp file with examples - Added tests in java/ql/test/experimental/Security/CWE/CWE-299	2020-06-27 11:37:20 +03:00
ubuntu	9135bbd5c8	JS: model fancy-log (and recognize the 'dir' log level)	2020-06-26 21:33:52 +02:00
Dave Bartolomeo	e00a8f7670	Merge pull request #3815 from jbj/getAPrimaryQlClass C++: getCanonicalQLClass -> getAPrimaryQlClass	2020-06-26 13:52:16 -04:00
semmle-qlci	3aefb7fad9	Merge pull request #3613 from erik-krogh/Reassigned Approved by asgerf	2020-06-26 17:05:45 +01:00
Jonas Jensen	a22fb7662e	C++: Autoformat fixup	2020-06-26 16:57:06 +02:00
semmle-qlci	b015c735d0	Merge pull request #3809 from max-schaefer/util-deprecate Approved by asgerf	2020-06-26 14:20:14 +01:00
semmle-qlci	1b4df57426	Merge pull request #3731 from asger-semmle/js/monorepo-bugfixes Approved by erik-krogh	2020-06-26 14:18:35 +01:00
Erik Krogh Kristensen	0b050204ad	add missing dot in qldoc	2020-06-26 15:07:12 +02:00
Mathias Vorreiter Pedersen	beb66299e9	Merge pull request #3796 from dbartol/codeql-c-analysis-team/40/2 C++: QLDoc for all of `Instruction.qll`	2020-06-26 14:04:48 +02:00
Erik Krogh Kristensen	e4fe236d37	autoformat	2020-06-26 13:59:06 +02:00
Dave Bartolomeo	11c702331a	Merge pull request #3795 from rdmarsh2/rdmarsh/cpp/add-qldoc-3 C++: QLDoc for PrintAST and AST-based range analysis	2020-06-26 07:38:10 -04:00
Rasmus Wriedt Larsen	3f0975f5a1	Merge pull request #3770 from tausbn/python-add-a-bunch-of-documentation Python: Add a bunch of documentation.	2020-06-26 13:30:45 +02:00
Jonas Jensen	c1b26d71c3	C++: getCanonicalQLClass -> getAPrimaryQlClass Also updated the QLDoc for `getAPrimaryQlClass` to match the Go version.	2020-06-26 13:20:36 +02:00
Taus	e5d23b2082	Merge pull request #3801 from RasmusWL/python-3521-revived Python: Add support for detecting XSLT Injection (#3521 revived)	2020-06-26 13:05:28 +02:00
Max Schaefer	640c194c92	JavaScript: Model `util.deprecate` as a pre call-graph step.	2020-06-26 11:47:19 +01:00
Max Schaefer	712a216461	Add self-verifying type-tracking tests.	2020-06-26 11:47:19 +01:00
Rasmus Wriedt Larsen	b164f2695d	Python: One more minor doc fix from review	2020-06-26 12:08:12 +02:00
Rasmus Wriedt Larsen	08384e30af	Python: Minor doc fixes from review	2020-06-26 12:06:31 +02:00
Jonas Jensen	9d8052a434	Merge pull request #3813 from MathiasVP/is-argument-for-parameter-join-order C++: Improve join order for AliasAnalysis::isArgumentForParameter	2020-06-26 11:34:33 +02:00
Calum Grant	8725e09053	Merge pull request #3798 from hvitved/csharp/dataflow/async-tests C#: Move async data-flow tests from local to global	2020-06-26 10:14:28 +01:00
semmle-qlci	f81fc77e9e	Merge pull request #3782 from erik-krogh/promiseSteps Approved by asgerf	2020-06-26 10:11:10 +01:00
Mathias Vorreiter Pedersen	63752dddef	C++/C#: Sync identical files	2020-06-26 09:08:44 +02:00
Mathias Vorreiter Pedersen	3af679e83d	C++: Put unique around getEnclosingFunction, and specialize function argument, to improve join order.	2020-06-26 09:08:35 +02:00
semmle-qlci	92cc59b47b	Merge pull request #3800 from esbena/js/npmlog Approved by erik-krogh	2020-06-26 07:54:08 +01:00
Dave Bartolomeo	7e3f2dbe4c	C++: Improve QLDoc for `getElementSize()`	2020-06-25 17:04:32 -04:00
Erik Krogh Kristensen	7cb6516bc4	make internal predicates within `DominatingPaths` smaller.	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	1ec2c549d2	autoformat	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	8b3ca73c1c	autoformat	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	081b03c8f4	add tests that access-path domination can happen within a statement	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	47d52870f2	Use a ControlFlowNode based API to determine domination	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	926f2c139f	require that a write must dominate the enclosing stmt of a read	2020-06-25 23:00:52 +02:00

1 2 3 4 5 ...

13903 Commits