hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
25,375 Commits 1,741 Branches 165 Tags
f7ad89449527ca59adee723c19e2c8d8539e7a2b
Commit Graph

25375 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
abb819ed88 JS: Fix insecure randomness 2021-08-12 09:30:43 +02:00
Asger Feldthaus
5638a33199 JS: Remove obsolete module prefix 2021-08-12 09:30:43 +02:00
Asger Feldthaus
f6da030572 JS: Migrate to *Query.qll convention 2021-08-12 09:30:18 +02:00
CodeQL CI
8fe2a43fd9 Merge pull request #6433 from asgerf/js/tainted-url-suffix 
Approved by erik-krogh
 2021-08-12 00:28:46 -07:00
James Fletcher
3bd918972e fix markup 2021-08-12 08:16:20 +01:00
yo-h
bd3a24d568 Java: add org.json package to known frameworks 2021-08-11 20:03:32 -04:00
Sarita Iyer
186e011a4b Added codeql packs info for use in VS code 2021-08-11 15:47:27 -04:00
Alexandre Boulgakov
00466e4bb0 Merge pull request #6464 from sashabu/sashabu/auto 
C++: Expose trailing return type presence.
 2021-08-11 18:43:39 +01:00
Chris Smowton
7a2704373f Merge pull request #5943 from joefarebrother/java-stub 
[Java] Add stubbing script
 2021-08-11 16:11:53 +01:00
Alexandre Boulgakov
490498899b C++: Expose trailing return type presence. 2021-08-11 16:04:07 +01:00
Geoffrey White
3f72a1abea Merge pull request #6471 from MathiasVP/fix-fp-in-incorrect-allocation-error-handling 
C++: Fix false-positive in 'cpp/incorrect-allocation-error-handling'
 2021-08-11 15:56:55 +01:00
CodeQL CI
c8ded7ebf6 Merge pull request #6459 from erik-krogh/oreq 
Approved by asgerf
 2021-08-11 07:40:13 -07:00
Mathias Vorreiter Pedersen
8d594dbf08 Update cpp/ql/test/query-tests/Security/CWE/CWE-570/test.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-08-11 16:18:18 +02:00
Benjamin Muskalla
8aba0b04bc Add QLDoc for all shared libraries 2021-08-11 16:07:24 +02:00
Mathias Vorreiter Pedersen
0d1884d7a6 C++: Fix FP and accept test changes. 2021-08-11 15:38:57 +02:00
Mathias Vorreiter Pedersen
c2b1da0010 C++: Add FP testcase with an 'new' that has a 'std::nothrow&' parameter, but not a 'noexcept' specifier. This case was previously not reported because of the 'noexcept' specifier, and apparently the 'std::nothrow' case was broken all along. 2021-08-11 15:38:03 +02:00
Benjamin Muskalla
26ffe6c03d Add tests for telemetry queries 2021-08-11 15:32:09 +02:00
Benjamin Muskalla
6287e6d8e9 Filter unused API callsites 2021-08-11 15:31:56 +02:00
Benjamin Muskalla
ec7f4d18e1 Avoid duplicates and support modular runtime 2021-08-11 15:31:33 +02:00
Mathias Vorreiter Pedersen
89ce25f247 Merge pull request #6083 from ihsinme/ihsinme-patch-275 
CPP: Add query for CWE-783 Operator Precedence Logic Error When Use Bitwise Or Logical Operations
 2021-08-11 14:40:09 +02:00
ihsinme
6d24047626 Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-11 14:34:20 +03:00
Chris Smowton
d45d58804b Merge pull request #6466 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-11 07:56:55 +01:00
github-actions[bot]
5db82651fe Add changed framework coverage reports 2021-08-11 00:13:37 +00:00
jorgectf
e6ce10b5c5 Merge remote-tracking branch 'origin/main' into jty/python/nosqlInjection 2021-08-10 20:01:08 +02:00
Joe Farebrother
7462180dcd Improve handling or array types 2021-08-10 16:52:38 +01:00
Joe Farebrother
207c753f6f Update model for getAll 2021-08-10 15:05:02 +01:00
Tamas Vajk
243424063a Add pragma inline to getMember/Method/Callable 2021-08-10 13:25:56 +02:00
Tamas Vajk
51661bfa62 Add pragma noinline to fix uselessUpcast check 2021-08-10 13:24:30 +02:00
Owen Mansel-Chan
2000985509 Remove duplicate test 2021-08-10 11:58:28 +01:00
Owen Mansel-Chan
a55a32f50a Add more missing models 
And corresponding tests
 2021-08-10 11:35:20 +01:00
Erik Krogh Kristensen
01a202fa10 fix cfg and dataflow for logical compound assignments 2021-08-10 12:17:59 +02:00
Benjamin Muskalla
8127f63b1e Only include APIs without support 2021-08-10 12:05:16 +02:00
Benjamin Muskalla
26d4269071 Use FlowSources for coverage tracking 2021-08-10 12:02:56 +02:00
Benjamin Muskalla
c48586ff80 Implement coverage tracking using dataflow nodes 2021-08-10 11:38:01 +02:00
Benjamin Muskalla
5b55a83aaa Use basename for jars 2021-08-10 11:37:19 +02:00
Tom Hvitved
d658ef1dcd Merge pull request #6449 from hvitved/python/contains-in-scope-perf 
Python: Avoid bad join in `AstExtended::AstNode::containsInScope`
 2021-08-10 10:27:00 +02:00
Chris Smowton
cb73100717 Merge pull request #6458 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-10 09:23:53 +01:00
Chris Smowton
9f9c76390f Nudge CI 2021-08-10 09:12:18 +01:00
Asger Feldthaus
d83f5a9cd7 JS: Update StringConcatenation tests after handling 0-arg join calls 2021-08-10 08:56:36 +02:00
Asger Feldthaus
a3e56dea5e JS: Factor out StringOps::substringMethodName 2021-08-10 08:55:04 +02:00
Asger Feldthaus
1074d409fb JS: Autoformat 2021-08-10 08:55:03 +02:00
Asger Feldthaus
6ef83f8015 JS: Change note 2021-08-10 08:55:03 +02:00
Asger Feldthaus
f1bcfa287b JS: Add more tests 2021-08-10 08:55:03 +02:00
Asger Feldthaus
4efea4316e JS: Use TaintedUrlSuffix flow label in jQuery xss 2021-08-10 08:55:03 +02:00
Asger F
077aa05336 Merge pull request #6448 from asgerf/js/handlebars-extraction-preliminary 
JS: Update locations in Angular2 test
 2021-08-10 08:50:18 +02:00
github-actions[bot]
22fe354aab Add changed framework coverage reports 2021-08-10 00:07:47 +00:00
Owen Mansel-Chan
54fdfe3906 Make helper functions more consistent 2021-08-09 17:18:03 +01:00
Owen Mansel-Chan
2d31bb8d64 Remove toString taint propagation 
We do not do this for other overrides of toString
 2021-08-09 17:18:02 +01:00
Owen Mansel-Chan
487a46ae77 Improve treatment of new and old package name 2021-08-09 16:25:11 +01:00
Chris Smowton
021e405294 Elaborate change note a little 2021-08-09 15:33:21 +01:00