hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 12:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,689 Branches 160 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
205233b42f Add trivial upgrade 2021-12-03 17:04:00 +01:00
Arthur Baars
3e1ebb954f Ruby: update generated dbscheme and library 2021-12-03 17:02:08 +01:00
Arthur Baars
0cec59e043 Ruby: update tree-sitter grammar 2021-12-03 17:01:12 +01:00
Tony Torralba
8ffa195538 Merge branch 'main' into atorralba/android_slice_models 2021-12-03 16:59:33 +01:00
Nick Rolfe
5a2ef8321c Merge pull request #7120 from github/nickrolfe/regexp_g_anchor 
Ruby/Python: parse anchors in regexes as special characters
 2021-12-03 15:24:38 +00:00
Michael Nebel
4128f56aa9 Merge pull request #7289 from michaelnebel/csharp-mad-as-csv 
C#: Convert some of the existing flow summaries to CSV
 2021-12-03 15:09:36 +01:00
haby0
6c6113b85b Partial modification 2021-12-03 18:59:24 +08:00
Arthur Baars
802faf1197 Merge pull request #7296 from intrigus-lgtm/patch-7 
Fix QL Doc typo.
 2021-12-03 11:54:22 +01:00
Michael Nebel
7ad52e1365 C#: Address review comments from hvitved. 2021-12-03 11:12:31 +01:00
Michael Nebel
f00b62df76 C#: Convert System.Uri flow to CSV format. 2021-12-03 11:10:24 +01:00
Michael Nebel
90baef83ee C#: Add flow summaries for another TryParse method in System.Boolean. 2021-12-03 11:10:24 +01:00
Michael Nebel
8eb041c172 C#: Convert System.Boolean flow to CSV format. 2021-12-03 11:10:24 +01:00
Tom Hvitved
520f598d49 Merge pull request #7301 from hvitved/ruby/cfg-disjunct-test 
Ruby: Add CFG test for `||`
 2021-12-03 09:57:40 +01:00
Tom Hvitved
d9704d7b39 Ruby: Adapt to shared CFG changes 2021-12-03 09:37:41 +01:00
Tom Hvitved
42f6dfc197 Sync files 2021-12-03 09:37:41 +01:00
Tom Hvitved
404f4a81a7 C#: Include CFG scope in TElementNode 2021-12-03 09:37:41 +01:00
Tom Hvitved
50dd4e7ee7 Ruby: Add CFG test for || 2021-12-03 09:16:11 +01:00
Arthur Baars
f2800abee4 Merge pull request #7299 from github/nickrolfe/clippy_fixes 
Ruby: extractor: fix warnings from Clippy
 2021-12-02 18:52:22 +01:00
Taus
7f44cebed7 Python: Add missing hidden flow 
The easiest way to implement this was to change the definition of
`module_export` to account for chains of `import *`. We reuse the
machinery from `ImportStar.qll` for this, naturally.
 2021-12-02 17:11:56 +00:00
Taus
4138296ec6 Python: Add test for "hidden" import * flow 
TL;DR: We were missing out on flow in the following situation:

`mod1.py`:
```python
foo = SOURCE
```

`mod2.py`:
```python
from mod1 import *
```

`test.py`:
```python
from mod2 import foo
SINK(foo)
```

This is because there's no node at which a read of `foo` takes place
within `test.py`, and so the added reads make no difference.

Unfortunately, this means the previous test was a bit too simplistic,
since it only looks for module variable reads and writes. Because of
this, we change the test to be a more traditional "all flow" style
(though restricted to `CfgNode`s).
 2021-12-02 17:05:54 +00:00
Nick Rolfe
991d659cb2 Ruby: use unwrap_or_else to construct object only when needed 2021-12-02 16:30:45 +00:00
Nick Rolfe
976faf97d1 Ruby: remove redundant closure 2021-12-02 16:29:59 +00:00
Sauyon Lee
4c67ef2b0b Add FlowSummaryImpl to sync-dataflow-nodes target 2021-12-02 10:31:01 -05:00
Sauyon Lee
459f4d18a8 Fix sync-dataflow-libraries 2021-12-02 10:31:01 -05:00
Michael Nebel
19c34be1ea Merge pull request #7297 from michaelnebel/csharp-accessor-flow 
C#: Make it possible to define flow for property backing methods.
 2021-12-02 16:24:19 +01:00
Michael Nebel
102b5e05e1 Merge pull request #7290 from michaelnebel/csharp-modify-flow-summaries-test 
C#: Modify printing of flow summaries in test.
 2021-12-02 16:22:47 +01:00
Geoffrey White
2b349b3024 Merge pull request #7295 from geoffw0/cwe260 
C++: Add CWE tags to some queries.
 2021-12-02 14:41:34 +00:00
intrigus
2c4ccb79a1 Fix QL Doc typos. 2021-12-02 15:30:29 +01:00
Geoffrey White
3043ac850c C++: Update security-severity tags. 2021-12-02 14:04:49 +00:00
Michael Nebel
f6c36b469a C#: Include test case for override of property. 2021-12-02 15:04:01 +01:00
Michael Nebel
f190d60912 C#: Make it possible to describe flow for properties using their backing methods. 2021-12-02 15:02:22 +01:00
Geoffrey White
eccba57536 C++: Add CWE-327 tag to cpp/boost/use-of-deprecated-hardcoded-security-protocol. 2021-12-02 12:32:14 +00:00
Geoffrey White
7aa6c62050 C++: Add CWE-326 tag to cpp/boost/tls-settings-misconfiguration. 2021-12-02 12:29:42 +00:00
Nick Rolfe
05415768c9 Merge remote-tracking branch 'origin/main' into nickrolfe/regexp_g_anchor 2021-12-02 12:07:13 +00:00
yoff
f10f053c36 Merge pull request #7228 from RasmusWL/fastapi-improvements 
Python: FastAPI improvements
 2021-12-02 12:58:53 +01:00
Geoffrey White
913d8361ba C++: Add CWE-260 tag to cpp/cleartext-storage-file. 2021-12-02 11:54:51 +00:00
yoff
4609b2060a Merge pull request #7217 from RasmusWL/more-path-injection-fps 
Python: Add `x in <var>` test for StringConstCompare
 2021-12-02 12:35:33 +01:00
Michael Nebel
8f3be9fbfd C#: Update flow summaries test according to new printing format. 2021-12-02 11:28:06 +01:00
Michael Nebel
edf7724579 C#: Remove trailing whitespace after comma, when priting callable in CSV format. 2021-12-02 11:24:42 +01:00
Michael Nebel
37644d30d2 Merge pull request #7281 from michaelnebel/csharp-flowsummaries-filtered 
C#: Filtered flow summaries
 2021-12-02 11:23:36 +01:00
Erik Krogh Kristensen
6327fced6f remove paths without unmatched returns from polynomial-redos 2021-12-02 10:03:28 +01:00
Michael Nebel
ad281c0365 C#: Sync FlowSummaryImpl files. 2021-12-02 09:03:00 +01:00
Michael Nebel
a8f673ffa4 C#: Add a test that only prints 'base' flow summaries. 2021-12-02 09:03:00 +01:00
Michael Nebel
e08c734c40 C#: Refactoring to allow override of the flow summaries reported by a test. 2021-12-02 08:54:59 +01:00
Michael Nebel
55c17f453f Merge pull request #7280 from michaelnebel/csharp-newtonsoft-flowsummary 
C#: Include the NewtonSoft.JSon stubs in the flow summaries test.
 2021-12-02 08:47:58 +01:00
luchua-bc
8bcffc2886 Query to detect unsafe request dispatcher usage 2021-12-02 04:00:29 +00:00
github-actions[bot]
87b968f337 Post-release preparation 2.7.3 2021-12-02 00:46:55 +00:00
Andrew Eisenberg
b714988d7c Post release 2.7.3 2021-12-01 14:34:07 -08:00
Andrew Eisenberg
e9864c5506 Add version policies 
This controls how the qlpacks' versions will change
after a release.
 2021-12-01 09:37:11 -08:00
Dave Bartolomeo
b2ca04ce1b Temporarily vendor codeql/suite-helpers 2021-12-01 11:40:10 -05:00