hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-18 07:53:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,693 Branches 160 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
ab2bc38789 C#: Use shared logic in NodeGraph.ql test 2021-08-25 11:35:12 +02:00
Tom Hvitved
d405284d36 C#: Make CFG library shared 2021-08-25 11:35:11 +02:00
Asger Feldthaus
87843a3794 JS: Autoformatttt 2021-08-25 10:37:37 +02:00
Tom Hvitved
01f7fdfea5 C#: Update call-context data-flow tests 2021-08-25 10:34:53 +02:00
Erik Krogh Kristensen
c664d7cfb3 add a getMaybePromisifiedCall method in API graphs, and use it to model child_process 2021-08-25 10:27:09 +02:00
Rasmus Wriedt Larsen
605bd19306 Python: Add CWE-328 to py/weak-sensitive-data-hashing 
Reading over the description at https://cwe.mitre.org/data/definitions/328.html:

> The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques.

For the data that does not require computationally expensive hashing, that will be the exactly problems that this query finds 👍 (that is, MD5, SHA1)
 2021-08-25 10:19:22 +02:00
Jonas Jensen
abdf993e47 Merge pull request #6537 from andersfugmann/implicit_downcast_involving_references 
Implicit downcast involving references
 2021-08-25 09:45:32 +02:00
Anders Peter Fugmann
67a267d971 Update cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-25 08:58:44 +02:00
Andrew Eisenberg
e23df94748 Packaging: Fix identical files script 2021-08-24 16:12:43 -07:00
Andrew Eisenberg
8f73c6968a Merge pull request #6542 from github/aeisenberg/pack/move-external 
Java: Move the ExternalArtifact.qll module to the library pack
 2021-08-24 16:07:26 -07:00
yo-h
2b4635c4e0 Merge pull request #6539 from smowton/smowton/admin/downgrade-sql-unescaped 
Downgrade precision of java/concatenated-sql-query
 2021-08-24 17:22:01 -04:00
Andrew Eisenberg
3660c64328 Packaging: Rafactor Python core libraries 
Extract the external facing `qll` files into the codeql/python-all
query pack.
 2021-08-24 13:23:45 -07:00
Andrew Eisenberg
7f3066cd64 Java: Move the ExternalArtifact.qll module to the library pack 2021-08-24 13:01:02 -07:00
Chris Smowton
2689c13bde Merge pull request #6485 from Marcono1234/marcono1234/field-initializer-fix 
Java: Fix Field.getInitializer() matching non-initializer assignments
 2021-08-24 20:52:02 +01:00
Alex Ford
abc283ee8a remove ErbFile refs 2021-08-24 17:22:35 +01:00
Alex Ford
e403fc77d3 tests 2021-08-24 17:21:22 +01:00
Alex Ford
d628716c42 extend ActionController tests 2021-08-24 17:21:22 +01:00
Alex Ford
41ff10c908 extend modelling of ActionController, and start modelling ActionView 2021-08-24 17:21:22 +01:00
Geoffrey White
8f38ab0116 Merge pull request #6540 from jbj/ctime-weaken-claims 
C++:Lower potentially-dangerous-function precision
 2021-08-24 17:01:23 +01:00
Jonas Jensen
19ee64d9ad C++:Lower potentially-dangerous-function precision 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
 2021-08-24 17:14:42 +02:00
yoff
2f5ed03798 Merge pull request #6323 from RasmusWL/sec-test-layout 
Python: Restructure security tests to contain query name
 2021-08-24 16:50:08 +02:00
Rasmus Lerchedahl Petersen
e865a290de Python: straight port of query 
The old query uses `pointsTo` to limit the sinks
to methods on lists and dictionaries.
That constraint is omitted here which could hurt performance.
 2021-08-24 16:35:11 +02:00
Rasmus Lerchedahl Petersen
e3765ced78 Python: Add tests for modification of defaults 2021-08-24 16:35:11 +02:00
Dave Bartolomeo
d82580647e Add reference to codeql/go-examples pack from test pack 2021-08-24 10:31:03 -04:00
Dave Bartolomeo
bcaf218cd4 Update readme with workflow changes 2021-08-24 10:31:03 -04:00
Dave Bartolomeo
bc9764fcde Invoke bash explicitly for Windows 2021-08-24 10:31:03 -04:00
Dave Bartolomeo
a069fa6fda Make install script executable 2021-08-24 10:31:03 -04:00
Dave Bartolomeo
7c70745e52 Build target to run codeql pack install 2021-08-24 10:31:02 -04:00
Dave Bartolomeo
3165b8dec1 Script to run codeql pack install 2021-08-24 10:31:02 -04:00
Dave Bartolomeo
12bb6728d1 Fix dependencies for Go test pack 2021-08-24 10:31:02 -04:00
Dave Bartolomeo
26fd45746c Move Go QL library files into separate pack 2021-08-24 10:31:02 -04:00
Dave Bartolomeo
1726a8b65f Initial makefile changes for pack refactoring 2021-08-24 10:31:01 -04:00
Dave Bartolomeo
6d829cfdf3 Modernize Go pack definitions 2021-08-24 10:31:01 -04:00
Dave Bartolomeo
b6c250cbff Ignore .codeql directories 2021-08-24 10:31:01 -04:00
Nick Rolfe
5e783e4798 Implement getPrimaryQlClasses 2021-08-24 14:49:56 +01:00
Chris Smowton
a6f3d464ae Merge pull request #568 from igfoo/igfoo/getPrimaryQlClasses 
Add getPrimaryQlClasses()
 2021-08-24 14:13:50 +01:00
Chris Smowton
5a2dfda09e Add test for field initializers 2021-08-24 14:04:45 +01:00
Marcono1234
c8d98ae649 Java: Fix Field.getInitializer() matching non-initializer assignments 2021-08-24 14:04:44 +01:00
Asger Feldthaus
8a564cc64b JS: Fix qldoc 2021-08-24 14:31:00 +02:00
Asger F
8f8a46848d Update javascript/ql/src/semmle/javascript/frameworks/Templating.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-08-24 14:16:41 +02:00
CodeQL CI
c66a34be9c Merge pull request #6533 from erik-krogh/cwdPath 
Approved by asgerf
 2021-08-24 13:10:38 +01:00
Ian Lynagh
6a86f1a91b Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-24 13:03:24 +01:00
CodeQL CI
c0e8680c81 Merge pull request #6534 from erik-krogh/fallbackEntry 
Approved by asgerf
 2021-08-24 11:38:25 +01:00
Erik Krogh Kristensen
99d7e8b953 add change note 2021-08-24 12:35:20 +02:00
Chris Smowton
7f73efe3e1 Downgrade precision of java/concatenated-sql-query 2021-08-24 10:46:01 +01:00
Rasmus Wriedt Larsen
ca341bde08 Merge pull request #5612 from jty-team/jty/python/nosqlInjection 
Python: CWE-943 - Add NoSQL injection query
 2021-08-24 11:29:25 +02:00
Anders Fugmann
6b66f5dbb4 C++: Add change note for implicit downcasting involving references 2021-08-24 10:26:25 +02:00
Anders Fugmann
6d4b7c828c C++: Remove superfluous 'and any()' 2021-08-24 09:37:39 +02:00
Ian Lynagh
43355feaeb Merge pull request #6536 from github/igfoo/getPrimaryQlClasses 
All languages: Add getPrimaryQlClasses()
 2021-08-23 19:49:37 +01:00
Geoffrey White
bc9994774a Merge pull request #6515 from MathiasVP/clarify-initialization-vs-assignment-in-docs 
C++: Clarify difference between 'Initializer' and 'Assignment'.
 2021-08-23 18:00:36 +01:00