hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,090 Commits 1,746 Branches 166 Tags
febebed15eb99d177f433232cf8ae5ed507c60f8
Commit Graph

24090 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
febebed15e Data flow: Use cached predicates from DataFlowImplCommon in FlowSummaryImpl.qll 2021-07-13 16:15:00 +02:00
Tom Hvitved
cb1b227c87 Merge pull request #6270 from hvitved/csharp/standalone-nuget-restore 
C#: Skip `dotnet restore` in standalone extraction when `nuget_restore: false` is set
 2021-07-13 13:36:40 +02:00
Rasmus Wriedt Larsen
1a59c9b64a Merge pull request #6204 from tausbn/python-ensmallen-localsourcenode 
Python: Clean up `LocalSourceNode` charpred
 2021-07-13 13:27:38 +02:00
Mathias Vorreiter Pedersen
1ed027e0d1 Merge pull request #6266 from erik-krogh/mootools-doc 
JS: add missing qldoc in MooTools.qll
 2021-07-13 10:39:21 +02:00
Anders Schack-Mulligen
be96647f78 Merge pull request #6256 from hvitved/dataflow/summary-node-type-join-order 
Data flow: Fix bad join-orders in `summaryNodeType`
 2021-07-13 10:24:30 +02:00
Erik Krogh Kristensen
cadbdcff0a add missing qldoc in MooTools.qll 2021-07-12 23:20:51 +02:00
Robert Marsh
61ee4af66c Merge pull request #6159 from MathiasVP/more-effective-barriers-in-bounded-predicate 
C++: More effective barriers in the `bounded` predicate for CWE-190
 2021-07-12 11:59:37 -07:00
Mathias Vorreiter Pedersen
7da7ec60d9 C++: Inline predicates from 'Bounded.qll'. 2021-07-12 19:09:33 +02:00
Mathias Vorreiter Pedersen
4fc60aedc6 C++: Relax the restrictions on when '%' is a barrier and accept test changes. 2021-07-12 17:39:12 +02:00
Mathias Vorreiter Pedersen
a6f1f8d3b6 C++: Add testcases demonstrating FPs from real code. 2021-07-12 17:39:12 +02:00
Mathias Vorreiter Pedersen
6a11aa7f2a Merge pull request #6154 from MathiasVP/more-random-sources-in-uncontrolled-arithmetic 
C++: Add more random sources in `cpp/uncontrolled-arithmetic`
 2021-07-12 17:37:44 +02:00
Tom Hvitved
6ba6d9931c C#: Skip dotnet restore in standalone extraction when nuget_restore: false is set 2021-07-12 15:16:16 +02:00
Mathias Vorreiter Pedersen
dec747f6f0 Merge branch 'main' into more-random-sources-in-uncontrolled-arithmetic 2021-07-12 13:48:48 +02:00
Mathias Vorreiter Pedersen
c47d680d65 Merge pull request #6168 from criemen/fix-warning 
C++: Fix warning from compile-query.
 2021-07-12 12:41:29 +02:00
Tom Hvitved
47d126e681 Data flow: Sync 2021-07-12 12:09:51 +02:00
Tom Hvitved
09daf86e33 Data flow: Fix bad join-orders in summaryNodeType 2021-07-12 12:09:06 +02:00
Mathias Vorreiter Pedersen
04dcef5ec4 C++: Include ComplementExpr as a sanitizer. 2021-07-12 11:53:47 +02:00
Cornelius Riemenschneider
d34f7b941a C++: Address code review. 2021-07-12 11:43:43 +02:00
Cornelius Riemenschneider
e821b8be99 C++: Fix warning from compile-query. 2021-07-12 11:43:43 +02:00
Mathias Vorreiter Pedersen
d2cc0d3925 C++: Fix annotations. 2021-07-12 11:30:43 +02:00
Tom Hvitved
db4c8dfd3c Merge pull request #6208 from hvitved/csharp/query-modules 
C#: Add `Query` suffix to libraries that should only be imported by queries
 2021-07-12 10:26:45 +02:00
Anders Schack-Mulligen
0e913a19aa Merge pull request #6220 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-12 09:54:18 +02:00
github-actions[bot]
56419bc74b Add changed framework coverage reports 2021-07-12 00:06:55 +00:00
Tom Hvitved
4de4753c67 C#: Remove Query.qll top-level modules 2021-07-04 09:35:27 +02:00
Tom Hvitved
c812d4e4e8 C#: Add Query suffix to libraries that should only be imported by queries 2021-07-04 09:35:26 +02:00
CodeQL CI
1d56748eed Merge pull request #6200 from yoff/pythonJS-make-expbtlib-private 
Approved by RasmusWL, esbena
 2021-07-02 09:09:18 -07:00
CodeQL CI
a25933aa56 Merge pull request #5926 from RasmusWL/small-cleanups 
Approved by tausbn
 2021-07-02 04:59:54 -07:00
Rasmus Wriedt Larsen
3c8c2d1da1 Merge pull request #6209 from yoff/python-add-redos-queryhelp 
Python: port redos .qhelp from js
 2021-07-02 13:42:39 +02:00
Rasmus Wriedt Larsen
81fab487a4 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-07-02 13:27:41 +02:00
Rasmus Wriedt Larsen
22c155687e Python: Fix code after removing getPostUpdateNode 2021-07-02 13:25:25 +02:00
Rasmus Wriedt Larsen
7a6eee50ff Revert "Python: Add getPostUpdateNode to DataFlow::Node" 
This reverts commit 9137f04bd3.
 2021-07-02 13:23:02 +02:00
Rasmus Wriedt Larsen
e56dfe75bd Python: AttrRef getOjbect/1 -> accesses/2 
See this thread for discussion:
https://github.com/github/codeql/pull/5926#discussion_r635384981
 2021-07-02 13:21:12 +02:00
CodeQL CI
38f763dd6a Merge pull request #6192 from asgerf/js/string-literals-as-source-nodes 
Approved by esbena
 2021-07-02 03:47:20 -07:00
Rasmus Lerchedahl Petersen
6f2642607e Python: make the import of RedosUtil public 
This mirrors `SuperlinearBacktracking.qll`
An alternative is to keep it private and import it again
in the query files.
 2021-07-02 12:32:04 +02:00
Chris Smowton
6823855e9c Merge pull request #6203 from smowton/smowton/admin/avoid-config-imports-from-qlls 
Java: Reduce DataFlow Configuration pollution from Random.qll and JexlInjection.qll
 2021-07-02 11:27:27 +01:00
Chris Smowton
ca1bf7791e Merge pull request #6210 from tamasvajk/fix/large-coverage-comment 
Fix markdown link in framework coverage PR comment
 2021-07-02 11:27:17 +01:00
Rasmus Lerchedahl Petersen
77c329fb0f Python/JS: Make much more private 2021-07-02 12:13:52 +02:00
Tamás Vajk
4a5fe75d8c Merge pull request #6207 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-02 12:00:31 +02:00
Asger Feldthaus
c3b7d85341 JS: Update test output after rebasing 2021-07-02 11:57:45 +02:00
Tamas Vajk
f3f069fed5 Fix markdown link in framework coverage PR comment 2021-07-02 11:56:00 +02:00
Asger Feldthaus
7249d2892a JS: Add comment to VueTemplateSink class 2021-07-02 11:55:56 +02:00
Asger Feldthaus
0105b829c4 JS: Update test output 2021-07-02 11:55:56 +02:00
Asger Feldthaus
6d9b96f6e8 JS: Dont use getALocalSource() when marking Vue template sinks 2021-07-02 11:55:56 +02:00
Asger Feldthaus
472b41f5e1 JS: Update React to handle string literals being SourceNodes 2021-07-02 11:55:56 +02:00
Asger Feldthaus
39c204ac39 JS: Treat string literals as source nodes 2021-07-02 11:55:56 +02:00
Rasmus Lerchedahl Petersen
1fc9638486 Python: port redos .qhelp from js 2021-07-02 11:36:46 +02:00
Chris Smowton
a51154a8ef Deduplicate Jexl configuration 2021-07-02 10:02:28 +01:00
Chris Smowton
d022c57903 Add change note 2021-07-02 10:02:28 +01:00
Chris Smowton
bbd3ecb768 Add docs to RandomQuery.qll 2021-07-02 10:02:28 +01:00
Chris Smowton
e661fc08d3 Split Android XSS sink defintions out of XSS.qll 
This removes one of the routes by which XSS.qll is always in scope, and so its dataflow configuration is too -- however it is still always in scope because JaxWS.qll imports it.
 2021-07-02 10:02:25 +01:00