hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 20:21:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,690 Branches 160 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
6060f2e3e3 remove unused alias edge 2021-11-22 09:03:40 +01:00
Erik Krogh Kristensen
c369b28a2a optimizations in global data flow 2021-11-22 09:03:40 +01:00
Erik Krogh Kristensen
f39872e649 cache more predicates 2021-11-22 09:03:36 +01:00
Erik Krogh Kristensen
089d030bc2 make ApiLabel into a IPA type, and cache the public API of ApiGraphs 2021-11-22 09:03:33 +01:00
Tony Torralba
d4a20f1222 Autoformat 2021-11-19 18:04:51 +01:00
Tony Torralba
c886d10388 Add Log Injection query 2021-11-19 17:55:34 +01:00
Erik Krogh Kristensen
9f08acab7e Merge pull request #7170 from erik-krogh/qldocStyle 
Ruby: use A/An/The to start qlDoc for classes
 2021-11-19 17:34:35 +01:00
Nick Rolfe
df6ba43cca Python: treat \A, \Z, \b, \B as special chars, not escapes 2021-11-19 15:49:53 +00:00
Anders Schack-Mulligen
344f7bca5b Merge pull request #7187 from aschackmull/java/dont-clear-in-summary-store 
Java: Don't clear content in store steps in summaries.
 2021-11-19 16:12:37 +01:00
Harry Maclean
06000781e9 Ruby: Document PairCfgNode::getKey/getValue 2021-11-19 14:54:06 +00:00
Nick Rolfe
f63c768d9f Ruby: parse \G, \b, and \B anchors as special characters, not escapes 2021-11-19 14:20:51 +00:00
Anders Schack-Mulligen
fc43220864 Java: bugfix 2021-11-19 15:01:29 +01:00
ihsinme
6d27585b92 Update FindIncorrectlyUsedExceptions.ql 2021-11-19 16:59:00 +03:00
Anders Schack-Mulligen
2b1f34ed9b Java: Don't clear content in store steps in summaries. 2021-11-19 14:22:28 +01:00
ihsinme
418adb824c Update FindIncorrectlyUsedExceptions.ql 2021-11-19 16:04:04 +03:00
Henry Mercer
8ba864e897 JS: Rename the available ML models external predicate 2021-11-19 12:56:03 +00:00
Tom Hvitved
47fd64fc44 Merge pull request #7130 from hvitved/cfg/dead-end-consistency 
Shared CFG: Add "dead end" consistency query
 2021-11-19 13:49:53 +01:00
Tom Hvitved
2b2ff7717e Merge pull request #7179 from hvitved/ruby/shared-ssa-consistency 
Ruby: Move SSA consistency queries into shared SSA library
 2021-11-19 13:49:25 +01:00
Erik Krogh Kristensen
e25f03fb56 Merge pull request #137 from github/erik-krogh/even-more-consistency 
even more consistency
 2021-11-19 13:39:36 +01:00
Erik Krogh Kristensen
172684ce6e QL: Merge pull request #137 from github/erik-krogh/even-more-consistency 
even more consistency
 2021-11-19 13:39:36 +01:00
Erik Krogh Kristensen
75586b0cf6 Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-11-19 13:23:01 +01:00
Erik Krogh Kristensen
a86f2c3ed1 Add codeql sources (1f3f7e9ccc) 2021-11-19 13:15:06 +01:00
Erik Krogh Kristensen
70f6493d7a QL: Add codeql sources (1f3f7e9ccc) 2021-11-19 13:15:06 +01:00
Tom Hvitved
a393bff6cb C#: Fix bad magic Element::getLocation in context of SelfAssignment.ql 2021-11-19 12:44:07 +01:00
Harry Maclean
90a9688310 Ruby: update CFG fixture 2021-11-19 11:31:14 +00:00
Benjamin Muskalla
cd39d15b40 Simplify diagnostic query 2021-11-19 12:28:24 +01:00
Harry Maclean
8fc7e4be43 Ruby: Increase precision of SSRF query 2021-11-19 11:28:09 +00:00
Harry Maclean
c297a68acf Model more of the RestClient API 
We now handle this form:

    RestClient::Request.execute(url: "http://example.com")
 2021-11-19 11:28:09 +00:00
Harry Maclean
e2ef780c55 Add base_uri note to HTTParty modelling 2021-11-19 11:28:09 +00:00
Harry Maclean
38ff584307 Model more Faraday behaviour 
You can instantiate a Faraday connection by passing a URL as an keyword
argument:

    conn = Faraday.new(url: "http://example.com")
 2021-11-19 11:28:09 +00:00
Harry Maclean
f933d24031 Fix comment 2021-11-19 11:28:09 +00:00
Harry Maclean
70efadac77 Add change note for Ruby SSRF query 2021-11-19 11:28:09 +00:00
Harry Maclean
e87a4531d8 Remove redundant imports 2021-11-19 11:28:08 +00:00
Harry Maclean
ac20eafecc Add qhelp for Ruby SSRF 2021-11-19 11:28:08 +00:00
Harry Maclean
2bba31eb02 Update metadata of Ruby SSRF query 2021-11-19 11:28:08 +00:00
Harry Maclean
dc464879a2 Add a query for server-side request forgery 2021-11-19 11:28:08 +00:00
Harry Maclean
cd33e4d394 Make string interpolation sanitizer reusable 2021-11-19 11:28:08 +00:00
Harry Maclean
b6ce37b241 Add getURL to HTTP::Client::Request 
This member predicate gets dataflow nodes which contribute to the URL of
the request.

Also consolidate the identical tests for each HTTP client.
 2021-11-19 11:28:08 +00:00
Harry Maclean
8fd8c9b04d Fix CallExprCfgNode.getKeywordArgument 
This predicate now produces results.
 2021-11-19 11:28:08 +00:00
Harry Maclean
0caea17118 Add a test for CallCfgNodes 
This test shows that `CallCfgNode.getKeywordArgument(string keyword)`
doesn't return any results.
 2021-11-19 11:28:07 +00:00
Tom Hvitved
34feafd4fa C#: Do not pass in TSourceVariable IPA type into shared SSA library 2021-11-19 11:53:25 +01:00
Anders Schack-Mulligen
1f3f7e9ccc Merge pull request #7169 from erik-krogh/useMatches 
use matches instead of regexpMatch/prefix/suffix
 2021-11-19 11:42:47 +01:00
Tom Hvitved
4068cc9c3a Shared SSA: Sync files 2021-11-19 11:31:28 +01:00
Tom Hvitved
bc80c9b013 Ruby: Move SSA consistency queries into shared SSA library 2021-11-19 11:31:28 +01:00
ihsinme
21ab8b0f63 Update IncorrectPrivilegeAssignment.ql 2021-11-19 13:06:08 +03:00
Benjamin Muskalla
fb9b16325d Add diagnostic query for framework coverage 2021-11-19 10:30:59 +01:00
Tom Hvitved
fd0e318eb1 C#: Document inconsistency in one test 2021-11-19 09:43:51 +01:00
Tom Hvitved
923ca134e8 Shared CFG: Add "dead end" consistency query 2021-11-19 09:14:38 +01:00
ihsinme
fd73f4094f Update FindIncorrectlyUsedExceptions.ql 2021-11-19 10:54:02 +03:00
ihsinme
6168b15bbc Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-11-19 08:56:21 +03:00