hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-26 17:28:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,837 Commits 1,721 Branches 163 Tags
fa94fedfc30ce461c15273772fb6ff19f81648ad
Commit Graph

21837 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
edvraa
fa94fedfc3 simple dataflow for sensitive name 2021-05-03 00:36:26 +03:00
edvraa
97bc7e38d2 check for sensitive property name 2021-05-03 00:31:29 +03:00
edvraa
7ab91bb185 Inline getOptionsArgument 2021-05-03 00:09:15 +03:00
edvraa
3aec9c1a41 Cookies without HttpOnly 2021-04-27 16:28:32 +03:00
CodeQL CI
578ce1e512 Merge pull request #5683 from asgerf/js/typescript-template-literal-type-crash 
Approved by erik-krogh
 2021-04-15 05:11:11 -07:00
Chris Smowton
fa36ba901a Merge pull request #5471 from artem-smotrakov/el-injection 
Java: Query for detecting Jakarta Expression Language injections
 2021-04-15 12:39:34 +01:00
Asger Feldthaus
f8570bb293 JS: Update TRAP 2021-04-15 10:16:46 +01:00
Asger Feldthaus
cb736c8c82 JS: Change note 2021-04-15 09:37:57 +01:00
Tom Hvitved
972cc47f67 Merge pull request #5673 from hvitved/csharp/customizations 
C#: Add `Customizations.qll`
 2021-04-15 10:24:29 +02:00
Asger Feldthaus
b4a2a9db25 JS: Fix extraction of non-substitution template literal types 2021-04-15 09:23:45 +01:00
CodeQL CI
4be183c7f6 Merge pull request #5675 from erik-krogh/libXss 
Approved by esbena
 2021-04-14 14:34:23 -07:00
Robert Marsh
fe57876fd8 Merge pull request #5643 from dbartol/smart-pointers/side-effect-refactor 
C++: Refactor some side effect generation code
 2021-04-14 09:59:41 -07:00
Artem Smotrakov
97186b3d30 Added comments for tests 2021-04-14 19:30:58 +03:00
Andrew Eisenberg
56ba0f080a Merge pull request #5659 from github/aeisenberg/mark-as-stale 
Actions: Add workflow for marking stale questions
 2021-04-14 08:37:55 -07:00
Andrew Eisenberg
392adf2a25 Workflows: Remove dry-run flag for labeller 2021-04-14 08:25:34 -07:00
Dave Bartolomeo
b29f35f564 Fix formatting 2021-04-14 11:15:16 -04:00
Geoffrey White
64fed4cb10 Merge pull request #5677 from MathiasVP/fix-duplicate-ids-in-experimental 
C++: Fix duplicate names in experimental queries
 2021-04-14 15:58:49 +01:00
Jonas Jensen
b4f01c9afa Merge pull request #5578 from MathiasVP/ast-flow-smart-pointers 
C++: AST dataflow through smart pointers
 2021-04-14 16:39:05 +02:00
Mathias Vorreiter Pedersen
53a320a810 C++: Fix duplicate names. 2021-04-14 16:33:18 +02:00
yoff
447f339857 Merge pull request #5641 from tausbn/python-use-localsourcenode-in-typetrackers 
Python: Use API graphs in PEP249 support
 2021-04-14 15:39:49 +02:00
Mathias Vorreiter Pedersen
92508beb82 Merge pull request #5600 from ihsinme/ihsinme-patch-258 
CPP: Add query for CWE-691 Insufficient Control Flow Management When Using Bit Operations
 2021-04-14 14:55:30 +02:00
Anders Schack-Mulligen
f43d427875 Merge pull request #5645 from Marcono1234/marcono1234/primary-ql-class 
Java: Override getAPrimaryQlClass() for more classes
 2021-04-14 14:51:29 +02:00
Mathias Vorreiter Pedersen
bc7cc2f7ce C++: Remove rule that wasn't needed. 2021-04-14 14:50:27 +02:00
Mathias Vorreiter Pedersen
da36508714 Revert "C++: As response to the review comments this commit adds a reference-to-pointer state to AddressFlow. A call to an unwrapper function now adds a pointer -> reference-to-pointer transition, and a ReferenceDereference adds a reference-to-pointer -> pointer transition." 
This reverts commit 5aeaab7c6d.
 2021-04-14 14:41:22 +02:00
Chris Smowton
591ac38c31 Merge pull request #5591 from Marcono1234/marcono1234/member-nested-type 
Java: Add MemberType
 2021-04-14 12:29:54 +01:00
Taus
54c79bff74 Merge pull request #5666 from RasmusWL/django-refactor 
Python: Refactoring and exposing of Django views/fields/forms
 2021-04-14 13:07:20 +02:00
Rasmus Wriedt Larsen
44d2bf42d7 Merge pull request #5671 from tausbn/python-use-api-graphs-in-werkzeug 
Python: Use API graphs in Werkzeug
 2021-04-14 12:57:58 +02:00
Erik Krogh Kristensen
fd23e0bdda use more API nodes in XmlParsers, and recognize more results from parsing XML 2021-04-14 11:48:31 +02:00
Anders Schack-Mulligen
3b6cd0f681 Merge pull request #5661 from smowton/smowton/cleanup/call-is-exprparent 
Make Call a subclass of ExprParent.
 2021-04-14 10:49:33 +02:00
Rasmus Wriedt Larsen
9de8085571 Merge pull request #5665 from tausbn/python-use-api-graphs-in-tornado 
Python: Tornado cleanup using API graphs
 2021-04-14 10:22:21 +02:00
Rasmus Wriedt Larsen
2d0c9b6bf2 Merge pull request #5670 from tausbn/python-use-api-graphs-in-dill 
Python: Use API graphs in Dill model
 2021-04-14 10:08:02 +02:00
Rasmus Wriedt Larsen
55723618a9 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-04-14 10:05:50 +02:00
Chris Smowton
2965a1f204 Use Thread$State as an inner-class example 
Map<>$Entry currently has odd generic notation that may be about to change.
 2021-04-14 08:43:05 +01:00
Chris Smowton
5158e7964e Add change note 2021-04-14 08:25:12 +01:00
Tom Hvitved
36fe72246b C#: Add change note 2021-04-14 09:22:16 +02:00
Tom Hvitved
4810308b16 C#: Add Customizations.qll 2021-04-14 09:16:31 +02:00
Robert Marsh
419d25cbcf Merge pull request #5325 from ihsinme/ihsinme-patch-245 
CPP: Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type
 2021-04-13 13:24:39 -07:00
Taus
981c5deb57 Merge pull request #5639 from tausbn/python-api-graphs-missing-builtins 
Python: Add missing builtins to `API::builtin`
 2021-04-13 21:27:52 +02:00
Marcono1234
d853f0c400 Java: Add MemberType 2021-04-13 18:55:20 +02:00
Taus
a6bb9ebb9f Python: Re-introduce abstract toString 
This seems like the easier solution in the short run.
 2021-04-13 16:08:41 +00:00
Taus
079c7e089d Python: Autoformat 2021-04-13 16:05:45 +00:00
Taus
273e8ce4ef Python: Add change note 2021-04-13 16:04:07 +00:00
Taus
5f7d3d0d36 Python: Use API graphs in Werkzeug 2021-04-13 15:57:21 +00:00
Taus
2890fe6d61 Python: Use API graphs in Dill model 
If only all rewrites were this smooth...
 2021-04-13 15:26:54 +00:00
Marcono1234
89a5acf6e8 Java: Revert overriding XMLFile.getAPrimaryQlClass() 
Library file has to be kept in sync with the other languages, however except
cpp none of them have the getAPrimaryQlClass() predicate declared in a
superclass. Therefore for simplicity revert the change for Java.
 2021-04-13 17:09:15 +02:00
Taus
a404faa302 Python: Use American English in change note 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-04-13 15:05:44 +02:00
Taus
7825a2cdfc Python: Add change note 2021-04-13 12:48:45 +00:00
Taus
1a4845f417 Python: Restrict types a bit 
The `CallCfgNode` restrictions are familiar and useful.

Restricting `InstanceSource` to extend `LocalSourceNode` is novel, but I
think it makes sense. It will act as a good reminder to anyone extending
`InstanceSource` that the node in question is a `LocalSourceNode`, which
will be enforced by the return type of the internal type tracker anyway.
 2021-04-13 12:28:38 +00:00
Taus
f93b68d4dc Python: Get rid of _attr methods 2021-04-13 12:25:38 +00:00
Taus
98d936d8b3 Python: Tornado cleanup using API graphs 
I wasn't able to roll out API graphs as widely in Tornado as I had
hoped, since we're lacking the "def" part. This means most of the
`InstanceSource` machinery will have to stay.
 2021-04-13 12:25:38 +00:00