hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 10:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,691 Branches 160 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benjamin Muskalla
830c2dc90a Merge pull request #7603 from bmuskalla/commonsIoModel 
Java: Replace Commons IO model
 2022-01-21 11:42:27 +01:00
yoff
5b9ae9cede Merge pull request #7659 from RasmusWL/move-regex-injection-files 
Python: Move regex injection configuration files
 2022-01-21 11:42:06 +01:00
Tony Torralba
0846d1f7b6 Merge pull request #7691 from atorralba/atorralba/fix-recursion-entrypointfieldstep 
Java: Fix recursion in `entrypointFieldStep`
 2022-01-21 11:37:58 +01:00
Tony Torralba
3f6e035016 Docs improvements 2022-01-21 11:37:02 +01:00
yoff
4fd0ada9a8 Merge pull request #7652 from RasmusWL/cleartext-remove-fps 
Python: Remove usernames as sensitive source for cleartext queries
 2022-01-21 11:30:40 +01:00
Erik Krogh Kristensen
f9d5cbf017 update qhelp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2022-01-21 11:26:58 +01:00
Tony Torralba
d22632ef78 Fix recursion in entrypointFieldStep 
When using local taint tracking to define a RemoteFlowSource, a recursion was created because entrypointFieldStep adds new RemoteFlowSources and was a local taint step. This is fixed by converting entrypointFieldStep into a defaultAdditionalTaintStep instead of a localAdditionalTaintStep, i.e. it will only affect global taint tracking from now on.
 2022-01-21 10:48:13 +01:00
Erik Krogh Kristensen
debebb2b8c rewrite the qhelp for js/insecure-dependency 2022-01-21 10:41:08 +01:00
Tom Hvitved
f9b906d1e2 C#: Update uses of RequiredSummaryComponentStack 2022-01-21 09:42:16 +01:00
Tom Hvitved
cba733136c Data flow: Sync 2022-01-21 09:42:16 +01:00
Tom Hvitved
f1a2b21e44 Data flow: Restructure RequiredSummaryComponentStack 2022-01-21 09:42:16 +01:00
Rasmus Lerchedahl Petersen
a5bc5373d0 python: Rewrite path injection to use flow state 
This removes the FP cause by chaining
This PR also removes `ChainedConfigs12.qll`,
as we hope to solve future problems via flow states.
 2022-01-21 09:26:48 +01:00
Tom Hvitved
aa9cfebc65 Ruby: Replace getValueText with getConstantValue 2022-01-21 09:19:19 +01:00
CodeQL CI
b02f1c87a1 Merge pull request #7679 from erik-krogh/ql-doc-style 
Approved by esbena
 2022-01-20 23:43:44 -08:00
CodeQL CI
2287b6e549 Merge pull request #7675 from erik-krogh/move-url-sink-to-customizations 
Approved by esbena
 2022-01-20 23:43:15 -08:00
Aditya Sharad
ccc6291844 Merge rc/3.3 into rc/3.4 
Conflicts in *-support.rst resolved in favour of rc/3.3, which has a new paragraph.
Enterprise version numbers updated to LGTM Enterprise 1.30 and CodeQL 2.7.6.
 2022-01-20 15:49:10 -08:00
Erik Krogh Kristensen
504e7a161d simplify an redundant any() expression 2022-01-20 22:34:26 +01:00
Erik Krogh Kristensen
99994eeeb1 use set literals instead of big disjunctions 2022-01-20 22:33:40 +01:00
Erik Krogh Kristensen
15c1ce722a Merge pull request #7678 from erik-krogh/use-set 
JS: use more set literals
 2022-01-20 21:03:48 +01:00
shati-patel
8fc429caf4 Emphasize use case for installing pack deps 2022-01-20 19:03:30 +00:00
Mathias Vorreiter Pedersen
bd1720f797 C++: Add change note. 2022-01-20 18:27:09 +00:00
Mathias Vorreiter Pedersen
e689f6bad2 C++: Use the IR for 'cpp/return-stack-allocated-memory'. 2022-01-20 18:22:49 +00:00
Tom Hvitved
cbea5eaeaa C#: Simplify argument/parameter positions for captured variables 2022-01-20 17:08:12 +01:00
Tony Torralba
6fe0b78978 Remove PendingIntentAsField step and add SliceProviderLifecycle step 2022-01-20 16:52:07 +01:00
Andrew Eisenberg
534f8999b6 Update docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-20 07:09:34 -08:00
Erik Krogh Kristensen
2bffe56580 update expected output 2022-01-20 16:06:57 +01:00
Erik Krogh Kristensen
3155114e36 use more set literals 2022-01-20 16:06:34 +01:00
Anders Schack-Mulligen
fede7dd238 Merge pull request #7676 from aschackmull/java/instanceaccessnode 
Java: Add data flow node encapsulating instance accesses.
 2022-01-20 15:40:21 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Erik Krogh Kristensen
5780161b2c fix most issues found by ql/class-doc-style in JS 2022-01-20 15:10:16 +01:00
Chris Smowton
38048399d3 Merge pull request #671 from owen-mc/misc-clean-ups 
Correct module name in file comment
 2022-01-20 14:00:46 +00:00
Alex Ford
9613ff743b Merge pull request #7611 from github/ruby/protect_from_forgery-without-exception 
Ruby: flag up `protect_from_forgery` calls without an exception strategy
 2022-01-20 13:45:30 +00:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Tony Torralba
29e87b3abd Merge pull request #6975 from atorralba/atorralba/android-intent-uri-permission-manipulation 
Java: CWE-266 - Query to detect Intent URI Permission Manipulation in Android applications
 2022-01-20 14:27:02 +01:00
Geoffrey White
b230681bc8 Merge pull request #7650 from geoffw0/clrtxt3 
C++: Improve cpp/cleartext-transmission
 2022-01-20 13:21:54 +00:00
Rasmus Wriedt Larsen
f53dce3a83 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-01-20 14:20:15 +01:00
Anders Schack-Mulligen
43da5aabbe Java: Add dataflow node encapsulating instance accesses. 2022-01-20 14:12:33 +01:00
Erik Krogh Kristensen
7167e856fe move electron sink to the customizations file 2022-01-20 14:07:23 +01:00
Owen Mansel-Chan
44641de91b Represent ReturnValue[n] correctly in test output 2022-01-20 13:06:35 +00:00
Owen Mansel-Chan
691bb97fdc Move ReturnValue[]-specific code to non-shared file 2022-01-20 13:06:35 +00:00
Erik Krogh Kristensen
548fb47603 JS: move ExternalArtifact.qll into lib/ folder to fix ql/db-type-outside-core 2022-01-20 14:00:57 +01:00
Erik Krogh Kristensen
9b69de8588 QL: add query detecting use of db-types outside the lib folder 2022-01-20 14:00:55 +01:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00
github-actions[bot]
c52caa6322 Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:04 +00:00
Tony Torralba
62f847a82e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-20 13:44:10 +01:00
Tony Torralba
3957ebe880 Fix bitwiseLocalTaintStep 2022-01-20 13:34:32 +01:00
Owen Mansel-Chan
54855113c4 Correct module name in file comment 2022-01-20 12:30:52 +00:00
Chris Smowton
de07035c27 Merge pull request #670 from github/smowton/admin/remove-committed-binary 
Delete accidentally committed binary file
 2022-01-20 12:28:01 +00:00
Tony Torralba
265f8a3b19 Make bitwise taintsteps specific for this query 2022-01-20 13:23:56 +01:00
Tony Torralba
4e9849e19d Refactor IntentFlagsOrDataCheckedGuard to avoid footgun 2022-01-20 13:23:55 +01:00