hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 09:48:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
30,082 Commits 1,720 Branches 163 Tags
f0e9b768f287ae55421fcfffae765e2f9a112ed0
Commit Graph

30082 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
f0e9b768f2 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-12-15 16:53:47 +01:00
Tony Torralba
65b6c16254 Fix stub after merge 2021-12-15 16:53:47 +01:00
Tony Torralba
6363ff3c08 QLDoc 2021-12-15 16:53:46 +01:00
Tony Torralba
7a1b854678 Add change note 2021-12-15 16:53:46 +01:00
Tony Torralba
85526d71da Add Fragment injection in PreferenceActivity query 2021-12-15 16:53:46 +01:00
Tony Torralba
701d12fb5b Add Fragment injection query 2021-12-15 16:53:45 +01:00
Tony Torralba
efb471687c Add stubs 2021-12-15 16:53:42 +01:00
Tom Hvitved
3bc6247ad8 Merge pull request #7378 from hvitved/ruby/module-infinite-loop 
Ruby: Prevent infinite recursion in module resolution library
 2021-12-15 16:27:36 +01:00
Tom Hvitved
c6696adfde Ruby: Add test case that would make old module resolution library diverge 2021-12-15 15:18:42 +01:00
Tom Hvitved
2187994f5c Ruby: Prevent infinite recursion in module resolution library 2021-12-15 15:15:19 +01:00
Tony Torralba
7e644d8d7b Merge pull request #6098 from atorralba/atorralba/entrypoint-field-steps 
Java: Preserve taint on field-read-steps on entrypoint types
 2021-12-15 14:51:38 +01:00
Tony Torralba
c1e4c05aa2 Update change note to new format 2021-12-15 13:08:34 +01:00
Tony Torralba
e2022f467c Update java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-12-15 13:00:16 +01:00
Tony Torralba
a3b25f0eb5 Don't consider subtypes of fields 2021-12-15 13:00:16 +01:00
Tony Torralba
47002a3bd7 Fix test 2021-12-15 13:00:16 +01:00
Tony Torralba
1426c5b406 Consider parameterized types 2021-12-15 13:00:16 +01:00
Tony Torralba
7ce9b04941 Add change note 2021-12-15 13:00:15 +01:00
Tony Torralba
5e80044f11 Preserve taint on field-read-steps on entrypoint types 2021-12-15 13:00:15 +01:00
Geoffrey White
9363d64166 Merge pull request #7395 from MathiasVP/fix-fp-in-pointless-self-comparison 
C++: Fix FP in `cpp/comparison-of-identical-expressions`
 2021-12-15 10:47:57 +00:00
Mathias Vorreiter Pedersen
65c301c39f Update cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BadAdditionOverflowCheck/templates.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-12-15 09:22:41 +00:00
Michael Nebel
0e7fdbeeab Merge pull request #7384 from michaelnebel/csharp-mad-xml 
C#: Convert XML related flow summaries to CSV and fix flow summaries test cases.
 2021-12-15 09:51:20 +01:00
Harry Maclean
062f7fe390 Merge pull request #7340 from github/hmac/private-methods 
Ruby: handle private module methods
 2021-12-15 21:07:49 +13:00
Harry Maclean
a32711245f Ruby: Further speed up private method modelling 2021-12-15 17:38:52 +13:00
Tom Hvitved
15caaa7ad6 Merge pull request #7377 from hvitved/csharp/overriable-class 
C#: Introduce class `Overridable`
 2021-12-14 20:01:12 +01:00
Mathias Vorreiter Pedersen
310353060e C++: Also fix the FP in 'cpp/comparison-canceling-subexpr'. 2021-12-14 17:08:10 +00:00
Mathias Vorreiter Pedersen
b2082cc3da C++: Fix false positive in 'cpp/cpp/comparison-of-identical-expressions'. 2021-12-14 16:39:25 +00:00
Mathias Vorreiter Pedersen
9d14a85f3f C++: Add false positive. 2021-12-14 16:38:19 +00:00
Alex Ford
861ae856b3 Merge pull request #7391 from github/ruby/callnode-more-predicates 
Ruby: Add `getBlock` and `getNumberOfArguments` predicates to `DataFlow::CallNode`
 2021-12-14 16:10:13 +00:00
Michael Nebel
edf472b9ed C#: Convert System.Xml.XmlReader flow to CSV format. 2021-12-14 16:01:40 +01:00
Michael Nebel
a04920f241 C#: Convert System.Xml.XmlDocument flow to CSV format. 2021-12-14 15:56:55 +01:00
Michael Nebel
4bf2a514ac C#: XmlDocument only has instance Load methods. 2021-12-14 15:55:28 +01:00
Michael Nebel
376ee33707 C#: Convert System.Xml.XmlNode flow to CSV format. 2021-12-14 15:55:23 +01:00
Michael Nebel
4a71aa2165 C#: Update the flow summaries test expected output. 2021-12-14 15:53:16 +01:00
Michael Nebel
fc3299801b C#: Fix issue with summary tests, such that the output is compatiable with flow summary interpreter. 2021-12-14 15:53:16 +01:00
Michael Nebel
2cac729598 C#: Convert System.Xml.XmlNamedNodeMap flow to CSV format. 2021-12-14 15:53:11 +01:00
Michael Nebel
c5728b2951 Merge pull request #7389 from michaelnebel/csharp-mad-io 
C#: Convert flow summaries to CSV for System.IO.*
 2021-12-14 15:49:08 +01:00
Bas van Schaik
80b9ccff2b Merge pull request #7388 from github/sj-patch-log4j-query-description 
Clarify Log4jJndiInjection.ql query name and help
 2021-12-14 14:32:17 +00:00
Tony Torralba
68a0efaf0c Formatting 2021-12-14 14:53:38 +01:00
Alex Ford
3262a14f22 Ruby: use DataFlow::CallNode#getBlock to remove a cast 2021-12-14 13:23:38 +00:00
Tom Hvitved
b524a6104d Merge pull request #7368 from github/hvitved-patch-1 
Update creating-codeql-databases.rst
 2021-12-14 14:12:21 +01:00
Michael Nebel
b921fc62b8 C#: Some manual modifications to the System.IO flow summaries. 2021-12-14 14:02:25 +01:00
Alex Ford
f3dcccb64b Ruby: Add getBlock and getNumberOfArguments predicates to DataFlow::CallNode 2021-12-14 12:58:15 +00:00
Michael Nebel
c1cf44b342 C#: Remove unneeded imports. 2021-12-14 13:47:57 +01:00
Michael Nebel
16bcb4ec86 C#: Convert System.IO.Path flow to CSV format. 2021-12-14 13:44:27 +01:00
Michael Nebel
ca5c6923da C#: Convert System.IO.Compression flow to CSV format. 2021-12-14 13:37:08 +01:00
Bas van Schaik
d85ed9ea7a Clarify Log4jJndiInjection.ql query help 2021-12-14 12:32:36 +00:00
Michael Nebel
45e416b87b C#: Convert System.IO.Stream flow to CSV format. 2021-12-14 13:28:25 +01:00
Michael Nebel
dd1ae0bbb5 C#: Convert System.IO.MemoryStream flow to CSV format. 2021-12-14 13:23:26 +01:00
Chris Smowton
85ff57bae6 Merge pull request #7354 from atorralba/atorralba/log4j-rce-experimental-query 
Java: Experimental query for Log4j JNDI Injection
 2021-12-14 11:32:13 +00:00
Tom Hvitved
a9c438924e C#: Introduce class Overridable 
The class `Overridable` generalizes the existing class `Virtualizable` by also
including accessors. This allows for quite a bit of code to be simplified.
 2021-12-14 10:52:13 +01:00