hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 22:03:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,907 Commits 1,699 Branches 161 Tags
codeql-cli/latest
Commit Graph

85907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
James Fletcher
ff4a604119 Update docs/language/learn-ql/writing-queries/debugging-queries.rst 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-12-11 14:29:10 +00:00
Erik Krogh Kristensen
f537e28389 add pragma to internalBlocks predicate to fix performance 2019-12-11 15:19:30 +01:00
James Fletcher
b2db72d336 Apply suggestions from code review 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-12-11 14:13:56 +00:00
James Fletcher
2ce1c2bfee Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-11 12:44:35 +00:00
james
d6202da876 docs: address max's comments 2019-12-11 12:25:35 +00:00
James Fletcher
61576caede Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-11 12:20:38 +00:00
Asger F
063abb5cbc TS: Avoid name clash between tsconfig.json and type table 2019-12-11 12:15:44 +00:00
semmle-qlci
cb8e5fa3fc Merge pull request #2411 from asger-semmle/regexp-sanitizer-guards 
Approved by esbena, max-schaefer
 2019-12-11 12:00:21 +00:00
james
d56c02b1b7 docs: start work on debugging queries topic 2019-12-11 10:42:54 +00:00
Max Schaefer
1df3585c92 Merge pull request #204 from Semmle/rc/1.23 
Merge rc/1.23 into master
 2019-12-11 10:28:00 +00:00
Erik Krogh Kristensen
62512dd3e9 expand the js/exception-xss to handle more types of exceptional flow 2019-12-11 10:43:50 +01:00
Jonas Jensen
5a8407749f C#: autoformat fixup 2019-12-11 09:10:23 +01:00
Sauyon Lee
d3bf87d0f5 Merge pull request #203 from max/quieten-hard-coded-cred 
Make HardcodedCredentials query less noisy.
 2019-12-10 16:43:15 -08:00
yo-h
837b1e2f9b Merge pull request #2501 from hmakholm/test-extractors 
Prepare for `codeql test`:
 2019-12-10 16:49:14 -05:00
Calum Grant
3e0045f435 Merge pull request #2308 from hvitved/csharp/dataflow/types 
C#: Type-based pruning for data flow
 2019-12-10 20:16:20 +00:00
Max Schaefer
75d78b3f62 Reduce precision of HardcodedCredentials to "medium". 2019-12-10 16:12:48 +00:00
Geoffrey White
5ecfaed6b1 Merge pull request #2510 from jbj/getTempVariable-perf 
C++: Fix getTempVariable join order in IR
 2019-12-10 16:06:52 +00:00
Jonas Jensen
66876d0f63 C++: Compute isInCycle only for raw IR 
On wireshark/wireshark, `isInCycle` ran into a low-memory loop on the
`aliased_ssa` stage. It shouldn't be necessary to detect cycles after
the `raw` stage, so this commit moves cycle detection into the
`Construction` modules and makes it a no-op in `SSAConstruction.qll`.
 2019-12-10 16:03:39 +01:00
Erik Krogh Kristensen
267c4c07ed refactor EventEmitter model to use the ::Range pattern 2019-12-10 15:54:14 +01:00
Tom Hvitved
abcb6b8aab C#: Type-based pruning for data flow 2019-12-10 15:48:48 +01:00
Tom Hvitved
54088248a1 C#: Use source declarations in field flow 2019-12-10 15:46:31 +01:00
Tom Hvitved
a344707baa C#: Add more data flow tests 
Add tests that exhibit missing type pruning.
 2019-12-10 15:46:31 +01:00
Tom Hvitved
78ddb37a8c C#: Track type information in data flow 
This commit adds type information to data flow paths, by mapping node types onto
the smaller set of GVN types, and implementing `ppReprType()`.

The effect is a mere change in `DataFlow::PathNode::toString()`; no type-based
pruning is done yet.
 2019-12-10 15:46:28 +01:00
Max Schaefer
46c4670796 Make HardcodedCredentials query less noisy. 
Considering "cert" and "account" to be sensitive leads to a massive number of false positives, especially on cockroach and kubernetes.
 2019-12-10 14:14:36 +00:00
Erik Krogh Kristensen
c4fd80d12b some review feedback 2019-12-10 14:53:01 +01:00
Jonas Jensen
7c151644f5 C++: Fix getTempVariable join order in IR 
This join order seems to have broken so it took forever on
wireshark/wireshark.
 2019-12-10 13:43:36 +01:00
Erik Krogh Kristensen
e5d465da9a documentation fixes from @max-schaefer 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-10 12:01:51 +01:00
Erik Krogh Kristensen
59bafab6c3 update test to not use private class 2019-12-10 10:39:01 +01:00
Erik Krogh Kristensen
72cf14989a update expected output of test 2019-12-10 10:33:37 +01:00
Max Schaefer
7894eb3a60 Merge pull request #202 from sauyon/incomplete-hostname-fix 
IncompleteHostname: disallow unescaped dot before TLD
 2019-12-10 08:17:32 +00:00
Jonathan Leitschuh
229622459c Update InsecureDependencyResolution with code review comments 2019-12-09 20:37:53 -05:00
Jonathan Leitschuh
f341234edb Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
Co-Authored-By: yo-h <55373593+yo-h@users.noreply.github.com>
 2019-12-09 19:17:23 -05:00
Robert Marsh
18e7eff43c C++: autoformat 2019-12-09 13:47:38 -08:00
Robert Marsh
b9f8c39fe2 C++: respond to PR comments 2019-12-09 10:55:56 -08:00
Sauyon Lee
10907c8b04 IncompleteHostnameRegexp: disallow unescaped dot before TLD 2019-12-09 08:47:17 -08:00
Geoffrey White
1c2f36930d Merge pull request #2504 from jbj/1.23-legacy-suites 
C++: Add new queries in 1.23 to legacy suites
 2019-12-09 16:02:42 +00:00
Jonas Jensen
9bbebfc01f C++: Add new queries to C suite too 2019-12-09 17:00:33 +01:00
Erik Krogh Kristensen
60a825cf66 fix tabs and spaces 2019-12-09 16:06:17 +01:00
Jonas Jensen
ff7b6e2ce7 C++: Add new queries in 1.23 to legacy suites 
I didn't add `JapaneseEraDate.ql` since it's not displayed on LGTM by
default.
 2019-12-09 15:36:51 +01:00
Erik Krogh Kristensen
110302678c add model for EventEmitter in NodeJS, and base the Electron::IPC model on top of the new EventEmitter model 2019-12-09 14:27:35 +01:00
Calum Grant
3049bf2c85 Merge pull request #2358 from cldrn/ASPNetPagesValidateRequest 
Adds CodeQL query to check for Pages with disabled built-in validation
 2019-12-09 13:05:03 +00:00
Max Schaefer
7876c37998 Merge pull request #14 from henrymercer/fix-contributing-link 
Fix Code of Conduct link in CONTRIBUTING.md
 2019-12-09 12:55:33 +00:00
Henry Mercer
3c08314782 Fix Code of Conduct link in CONTRIBUTING.md 2019-12-09 12:42:46 +00:00
shati-patel
bc2e15c133 Merge pull request #2503 from jf205/support-notes 
CodeQL support docs: remove some full stops
 2019-12-09 12:32:16 +00:00
james
07f35e8b58 docs: remove some full stops 2019-12-09 12:26:53 +00:00
James Fletcher
61d4a87aa4 Merge pull request #2499 from felicitymay/1.23/update-supported-versions 
Update supported versions for 1.23 release
 2019-12-09 12:23:59 +00:00
Tom Hvitved
c562d6757c Merge pull request #2500 from shati-patel/typo 
Fix typos
 2019-12-09 13:06:39 +01:00
Tom Hvitved
25265bddc7 Merge pull request #2494 from calumgrant/cs/roslyn-3.4 
C#: Upgrade Roslyn to 3.4
 2019-12-09 12:21:30 +01:00
Sauyon Lee
bc8974d32d Merge pull request #201 from max/update-data-flow 
Update data flow and taint-tracking libraries
 2019-12-06 18:26:27 -08:00
Henning Makholm
073563a19b Python tests: explicitly specify --lang2 for python2 tests 
This allows them to work with the `LegacyQltLanguage.PYTHON3` extraction recipe.
 2019-12-07 02:38:02 +01:00