hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
20,604 Commits 1,741 Branches 166 Tags
ee9613fa79d70cb87d142453ef617bd0358b33a9
Commit Graph

20604 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
ee9613fa79 import the Stages module from where it is used 2021-03-10 16:30:38 +01:00
Erik Krogh Kristensen
81efd726cb renamings - and simplifications of qldoc 2021-03-10 15:42:50 +01:00
Erik Krogh Kristensen
d3fca0a107 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-10 15:24:05 +01:00
Erik Krogh Kristensen
25ef3edb20 combine stages by introducing extended stages 2021-03-08 20:48:15 +01:00
Anders Schack-Mulligen
aeb13146d2 Merge pull request #5275 from Marcono1234/marcono1234/included-qhelp-files 
Use `.inc.qhelp` extension for included help files
 2021-03-08 16:26:32 +01:00
Chris Smowton
f9f143d62c Merge pull request #5347 from Marcono1234/marcono1234/simplify-tests 
Java: Simplify tests using InlineExpectationsTest
 2021-03-08 14:47:28 +00:00
Marcono1234
95aeb7b53f Fix .qhelp file name mismatch 2021-03-08 14:27:35 +01:00
Anders Schack-Mulligen
e63f81171c Merge pull request #5349 from p0wn4j/fix-nashorn-engine-1 
Java: Fix NashornScriptEngine detection in ScriptEngine query
 2021-03-08 13:23:36 +01:00
Chris Smowton
6cf15f49bb Replace hasTaintFlow=y with hasTaintFlow everywhere 2021-03-08 11:57:35 +00:00
Marcono1234
b7353f0bb0 Java: Simplify tests using InlineExpectationsTest 2021-03-08 11:49:52 +00:00
Mathias Vorreiter Pedersen
84554af7f5 Merge pull request #5356 from yoff/tests-amend-qldoc 
InlineExpectationTest: clarify the need for an empty `.expected` file
 2021-03-08 11:53:55 +01:00
Rasmus Lerchedahl Petersen
cc9a938054 InlineExpectationTest: clarify the nedd for an 
empty `.expected` file
 2021-03-08 09:18:47 +01:00
p0wn4j
6841f5f7c4 Java: Add NashornScriptEngine detection in ScriptEngine query 
Java: Add NashornScriptEngine detection in ScriptEngine query

Java: Add NashornScriptEngine detection in ScriptEngine query

Java: Add NashornScriptEngine detection in ScriptEngine query
 2021-03-06 16:19:07 +04:00
Tamás Vajk
23d994a4b4 Merge pull request #5197 from tamasvajk/feature/refactor-4 
C#: Enable nullability in Extraction.CSharp
 2021-03-05 16:24:19 +01:00
Anders Schack-Mulligen
cf4f55d9ab Merge pull request #5223 from smowton/smowton/feature/backward-dataflow-for-modelled-fluent-methods 
Java: Add backward dataflow edges through modelled function invocations
 2021-03-05 15:11:43 +01:00
Chris Smowton
012058a866 Apply review suggestions: use ArgumentNode.argumentOf, and change more uses of ValuePreservingCallable -> ValuePreservingMethod 2021-03-05 13:34:13 +00:00
Chris Smowton
eed357dc93 ValuePreservingCallable -> ValuePreservingMethod 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:28:35 +00:00
Chris Smowton
a37b98ca27 Value-preserving methods: handle generics in DataFlowUtil.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:15:06 +00:00
Chris Smowton
ca86925a45 Update java/ql/src/semmle/code/java/dataflow/FlowSteps.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:02:19 +00:00
Chris Smowton
45f3365d06 Apply suggestions from code review 
Note value-preserving functions can't be constructors

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 12:52:38 +00:00
Jonas Jensen
32f1da7455 Merge pull request #5327 from MathiasVP/less-field-to-obj-flow 
C++: Remove more field-to-object flow
 2021-03-05 13:16:21 +01:00
Tamas Vajk
c6b47647e1 Move the nullable disable warning region to the Type instead of the base CachedSymbol entity 2021-03-05 13:14:07 +01:00
Tamas Vajk
df9d54c994 Fix code review findings 2021-03-05 13:00:04 +01:00
Chris Smowton
990bdc20b0 Move value-preserving callable class into FlowSteps 2021-03-05 11:55:53 +00:00
CodeQL CI
a55246c9f4 Merge pull request #5330 from RasmusWL/fix-flask-taint-prop-to-methods 
Approved by yoff
 2021-03-05 03:17:41 -08:00
Anders Schack-Mulligen
0d7f6ced8f Merge pull request #5334 from Marcono1234/marcono1234/improve-constant-loop-condition 
Java: Improve constant-loop-condition
 2021-03-05 11:36:25 +01:00
CodeQL CI
d7b9251b0d Merge pull request #5262 from max-schaefer/event-handler-receiver-is-dom-element 
Approved by asgerf
 2021-03-05 02:04:59 -08:00
Anders Schack-Mulligen
00983c8967 Merge pull request #4965 from artem-smotrakov/jexl-injection 
Java: Query for detecting JEXL injections
 2021-03-05 10:52:36 +01:00
Anders Schack-Mulligen
20ccb52912 Merge pull request #4299 from torque59/play-framework 
Initial support for Java - Play Framework > 2.6.x
 2021-03-05 10:51:53 +01:00
Anders Schack-Mulligen
8d292070a4 Merge pull request #5272 from Marcono1234/marcono1234/simplify-own-member-access-checks 
Java: Simplify own member access checks
 2021-03-05 10:22:17 +01:00
Anders Schack-Mulligen
3565ba51b3 Merge pull request #5209 from smowton/smowton/feature/commons-misc-text 
Java: add models for miscellaneous text-processing utilities from Commons Lang
 2021-03-05 10:21:58 +01:00
yoff
d17246ce2b Merge pull request #5255 from RasmusWL/port-flask-debug 
Python: port py/flask-debug query
 2021-03-05 09:39:14 +01:00
Mathias Vorreiter Pedersen
c86fc223b9 C++: Fix comment and prevent false positives on chiOnlyPartiallyUpdatesLocation when Alias::getEndBitOffset doesn't have known value. 2021-03-05 08:53:24 +01:00
Mathias Vorreiter Pedersen
bd842403c8 C++: Add testcase 2021-03-05 08:06:22 +01:00
Francis Alexander
a35f6d030c Test fixes and change notes 2021-03-05 06:50:57 +05:30
Marcono1234
e9e9634306 Java: Improve constant-loop-condition 2021-03-04 23:33:29 +01:00
Taus
d2ed216670 Merge pull request #5280 from RasmusWL/highlight-tornado-uri 
Python: Highlight how request.uri works in Tornado
 2021-03-04 23:31:02 +01:00
Taus
0b446258f5 Merge pull request #5279 from RasmusWL/ensure-old-queries-not-used 
Python: Ensure old dataflow queries are not used
 2021-03-04 23:29:35 +01:00
Marcono1234
c8315577fe Java: Simplify own member access checks 2021-03-04 22:45:52 +01:00
Marcono1234
5a8ffa5a85 Use .inc.qhelp extension for included help files 2021-03-04 22:04:48 +01:00
Artem Smotrakov
7d52b53c24 Merge branch 'jexl-injection' of github.com:artem-smotrakov/ql into jexl-injection 2021-03-04 20:29:10 +01:00
Artem Smotrakov
0695b2a1fb Removed TaintedSpringRequestBody 2021-03-04 20:27:39 +01:00
Anders Schack-Mulligen
d685aff5e2 Merge pull request #5328 from owen-mc/correct-signature-in-comment 
Java: Correct signature and package in comment
 2021-03-04 17:03:35 +01:00
Mathias Vorreiter Pedersen
b399246d7f C++/C#: Sync identical files. 2021-03-04 16:34:35 +01:00
Mathias Vorreiter Pedersen
31690dee58 Fix comment. 2021-03-04 16:11:47 +01:00
Owen Mansel-Chan
96eaf2119f Correct signature and package in comment 
cf https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html#addCookie(javax.servlet.http.Cookie)
 2021-03-04 15:10:02 +00:00
Mathias Vorreiter Pedersen
6c14288fa7 C++: Use new predicate and accept test changes. 2021-03-04 16:05:38 +01:00
CodeQL CI
ad4b9372bd Merge pull request #5302 from RasmusWL/expectation-tests-allow-str-prefix 
Approved by MathiasVP, tausbn
 2021-03-04 06:48:57 -08:00
Mathias Vorreiter Pedersen
8a4cc3b5c2 C++: Sync identical files. 2021-03-04 15:38:36 +01:00
Mathias Vorreiter Pedersen
200d94777a C++: Add isPartialUpdate member predicate to ChiInstructions. 2021-03-04 15:37:47 +01:00