hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,690 Branches 160 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
51f4f57617 C#: Use cs/ prefix in all query IDs 2021-11-03 10:25:21 +01:00
Anders Schack-Mulligen
e6145f04d2 Merge pull request #6966 from atorralba/atorralba/android-explicit-intent-sanitizer 
Android: Add ExplicitIntentSanitizer and allowIntentExtrasImplicitRead
 2021-11-03 10:20:09 +01:00
Erik Krogh Kristensen
ab4780c505 Merge pull request #7032 from erik-krogh/cwe497 
JS: add CWE-497 to js/stack-trace-exposure
 2021-11-03 08:55:49 +01:00
Ethan P
b9eb278380 Add new file to index 2021-11-02 21:55:25 -07:00
Ethan P
98eb848e22 add link to new article 2021-11-02 21:35:39 -07:00
Ethan P
06cacfdd83 Create extractor-options.rst 2021-11-02 21:21:31 -07:00
Pierre
cf5b317eb1 Add updated framework support for JS/Java 
Release: https://github.com/github/releases/issues/1724
 2021-11-02 22:02:05 +01:00
Mathias Vorreiter Pedersen
4a2894a707 Merge pull request #7025 from MathiasVP/nomagic-parameterCand 
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma
 2021-11-02 20:40:44 +00:00
Arthur Baars
eb645ba963 Merge remote-tracking branch 'origin/rc/3.3' into 'main' 2021-11-02 21:10:41 +01:00
Tom Hvitved
8b287a7846 Ruby: Truncate concatenated strings in getValueText 2021-11-02 18:19:49 +01:00
Chris Smowton
a10407823a Merge pull request #600 from owen-mc/incorrect-integer-conversion 
Improve "Incorrect integer conversion" query
 2021-11-02 17:00:29 +00:00
Owen Mansel-Chan
8ea1f87d2b Add change note 2021-11-02 15:09:43 +00:00
Owen Mansel-Chan
7c1b7b8810 Fix strictnessOffset in isBoundFor 2021-11-02 15:09:39 +00:00
Owen Mansel-Chan
7de6e17d86 Recognise math.MaxInt and math.MaxUint 
Treat them as if we were on a 32-bit architecture.
 2021-11-02 15:09:06 +00:00
Owen Mansel-Chan
a104a50940 Move max int value call into UpperBoundCheckGuard 2021-11-02 15:09:06 +00:00
Owen Mansel-Chan
5027d3fa44 Avoid using getIntValue() 
Because it does not have a result if the value is
too large to fit in a 32-bit signed integer type
 2021-11-02 15:09:05 +00:00
Owen Mansel-Chan
2cc0c80188 Add extra tests 2021-11-02 15:09:05 +00:00
Owen Mansel-Chan
be22373f3e Move Incorrect Integer Conversion tests to InlineFlowTest 2021-11-02 15:09:00 +00:00
Erik Krogh Kristensen
9d99ce12c4 add CWE-497 to js/stack-trace-exposure 2021-11-02 15:43:55 +01:00
Rasmus Wriedt Larsen
8cd9fdebf9 Python: Model flask_admin 2021-11-02 15:43:13 +01:00
Rasmus Wriedt Larsen
ab88d945e2 Python: Add flask_admin tests 2021-11-02 15:41:57 +01:00
Rasmus Wriedt Larsen
c2632cff3d Python: Add RequestHandler meta query 2021-11-02 15:41:57 +01:00
Rasmus Lerchedahl Petersen
768932d7b3 Python: Add tainttracking step that was removed 
when the correpsonding datadlow step was removed.
 2021-11-02 15:01:47 +01:00
Rasmus Lerchedahl Petersen
07d5086b07 Python: support user defined taint source 2021-11-02 15:00:23 +01:00
Dave Bartolomeo
d828ab7fd2 Merge pull request #6955 from github/codeql-ruby-3.3 
RC 3.3: merge codeql-ruby repository into github/codeql
 2021-11-02 09:57:49 -04:00
Erik Krogh Kristensen
5975e19f53 sync identical files 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
2a8807efe4 add change note 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
076a3dca1f add qhelp 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
d9a214767b add support for node-rsa 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
49ea53f32b move ExpressJwt that was inside the Hasha module 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
2c013214f7 add Diffie-Hellman from the crypto library 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
1df8ec2cae add insufficient key size model for node-forge 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
62039b866c add cryptographic key model to the crypto-js library 2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen
028799deb6 implement a simple InsufficientKeySize query 2021-11-02 14:45:30 +01:00
Erik Krogh Kristensen
7a9315f146 use set literal 2021-11-02 14:45:14 +01:00
yoff
97625d7c2c Merge pull request #7023 from RasmusWL/toml 
Python: Add modeling of `toml`
 2021-11-02 14:42:06 +01:00
Rasmus Wriedt Larsen
cb6bcada4c Merge branch 'main' into django-rest-framework 2021-11-02 14:33:16 +01:00
ihsinme
62b3c3c9a0 Update IncorrectChangingWorkingDirectory.ql 2021-11-02 16:16:17 +03:00
yoff
0240631510 Merge pull request #6782 from RasmusWL/fastapi 
Python: Model FastAPI
 2021-11-02 14:16:12 +01:00
ihsinme
738354b8e7 Update cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-11-02 16:13:34 +03:00
Asger Feldthaus
971f032b5f JS: Autoformat 2021-11-02 14:12:05 +01:00
Asger Feldthaus
46bd3e58a3 JS: Switch to instanceof base type 2021-11-02 14:12:05 +01:00
Asger Feldthaus
5f4c1dd19b JS: Support regexp-based path traversal check 2021-11-02 14:12:05 +01:00
Asger Feldthaus
83edcf515b JS: Add test for regexp-based sanitizer 2021-11-02 14:12:04 +01:00
Mathias Vorreiter Pedersen
3e6ac74d73 C++: Add 'InheritanceConversionInstruction' to the list of instructions that set 'certain = false' in 'explicitWrite'. 2021-11-02 13:02:46 +00:00
Mathias Vorreiter Pedersen
56cabb8f46 C++: Add comments to some of the disjuncts in 'addressFlow'. 2021-11-02 12:52:11 +00:00
Owen Mansel-Chan
109e3660f8 Split Incorrect Integer Conversion into query and lib files 
This is in preparation for changing the tests to use inline
expectations
 2021-11-02 12:43:54 +00:00
Owen Mansel-Chan
7d333d7dbe Add InlineFlowTest as simple inline expectation test 2021-11-02 12:43:54 +00:00
Rasmus Wriedt Larsen
c52e453342 Python: Minor rewrite 2021-11-02 13:37:50 +01:00
Erik Krogh Kristensen
54fba2d6a1 Merge pull request #6781 from erik-krogh/ldap 
JS: Move LDAP injection out of experimental
 2021-11-02 13:35:32 +01:00