hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 00:43:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,693 Branches 160 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ihsinme
4202759bcc Update test.cpp 2021-07-21 09:48:36 +03:00
ihsinme
2d1924ac0e Update test.cpp 2021-07-21 08:32:18 +03:00
ihsinme
cf689b83a9 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-07-21 08:29:42 +03:00
Ethan P
0eb2f903a3 add procedural information for publishing and using CodeQL packs 2021-07-20 23:21:36 -04:00
Ethan P
e586765cbe add new articles to ToC 2021-07-20 22:33:06 -04:00
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Ethan P
96de32bd2a Add conceptual information "Creating and working with CodeQL packs" 2021-07-20 14:01:30 -04:00
Geoffrey White
473198a6ef C++: Accept any check followed by a 'sensitive' use such as 'chmod'. 2021-07-20 18:11:05 +01:00
Aditya Sharad
46fbb2a3cc Merge pull request #6334 from github/security-severity-docs 
Update CodeQL docs for security-severity levels
 2021-07-20 09:58:19 -07:00
Geoffrey White
c6d8abc9b1 C++: Add a couple more testcases. 2021-07-20 17:52:59 +01:00
Mathias Vorreiter Pedersen
a006a7fb24 Revert "Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis" 
This reverts commit e3e7b00986, reversing
changes made to 8ccdd4fb9f.
 2021-07-20 18:06:49 +02:00
Tony Torralba
4622d8590b Fix change note 2021-07-20 17:50:58 +02:00
Tony Torralba
26999c7ac4 Decouple UnsafeAndroidAccess.qll to reuse the taint tracking configuration 2021-07-20 17:46:35 +02:00
Tony Torralba
99e66cffa2 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-07-20 17:30:56 +02:00
Tony Torralba
ed0db7c7b4 Fix release note 2021-07-20 17:24:24 +02:00
Tony Torralba
7a898a04f3 Fix release note 2021-07-20 17:23:47 +02:00
Tony Torralba
3259ead946 Decouple OgnlInjection.qll to reuse the taint tracking configuration 2021-07-20 17:21:10 +02:00
Tony Torralba
b6904a7992 Merge branch 'main' into atorralba/promote-ognl-injection 2021-07-20 17:17:17 +02:00
Tony Torralba
22c9baa462 Refactor JWT.qll 2021-07-20 17:14:34 +02:00
Tony Torralba
430d9f1834 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-07-20 16:20:35 +02:00
Tony Torralba
8f1ecf529f QLDoc 2021-07-20 15:53:38 +02:00
Tony Torralba
42b6b26c10 Decouple JndiInjection.qll to reuse the taint tracking configuration 2021-07-20 15:38:34 +02:00
Anders Schack-Mulligen
77d53676ba Java: Remove deprecated ParExpr. 2021-07-20 15:27:31 +02:00
Taus
6591a86aad Python: Add test cases 
I debated whether to add a
`MISSING: use=moduleImport("builtins").getMember("print").getReturn()`
annotation to the last line.

Ultimately, I decided to add it, as we likely _do_ want this information
to propagate into inner functions (even if the value of `var2` may
change before `func4` is called).
 2021-07-20 13:26:35 +00:00
Taus
e53b86fbbc Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-07-20 15:19:45 +02:00
Geoffrey White
5d1c7841a6 C++: Change note. 2021-07-20 14:14:01 +01:00
Tony Torralba
b8ea833a61 Merge branch 'main' into atorralba/promote-jndi-injection 2021-07-20 15:01:26 +02:00
Taus
bbcbcefedc Python: Add false negative test case. 2021-07-20 12:54:06 +00:00
Tony Torralba
68df8028d2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-20 14:47:16 +02:00
Taus
233ae5a54b Python: Fix FP in py/unused-local-variable 
This is only a temporary fix, as indicated by the TODO comment.

The real underlying issue is the fact that `isUnused` is defined in
terms of the underlying SSA variables (as these are only created
for variables that are actually used), and the fact that annotated
assignments are always considered to redefine their targets, which may
not actually be the case.

Thus, the correct fix would be to change the extractor to _disregard_
mere type annotations for the purposes of figuring out whether an
SSA variable should be created or not.

However, in the short term the present fix is likely sufficient.
 2021-07-20 12:13:44 +00:00
Taus
8b3fa789da Python: Add AnnAssign DefinitionNode 
This was a source of false positives for the
`py/uninitialized-local-variable` query, as exemplified by the test
case.
 2021-07-20 11:57:26 +00:00
Taus
f91e826781 Python: Add test case 2021-07-20 11:57:12 +00:00
Arthur Baars
3790611ca1 Merge pull request #233 from github/tausbn/bump-typetrackingnode-changes 
Bump `codeql` submodule
 2021-07-20 13:24:30 +02:00
Arthur Baars
890adf97d6 Merge pull request #6333 from github/rc/3.2 
Merge rc/3.2 to main
 2021-07-20 12:19:20 +02:00
Geoffrey White
ae944b268a C++: Restrict the 'check' to stat / access only as these are by far the more reliable results. 2021-07-20 11:18:00 +01:00
James Fletcher
a365d4fb34 update docs for security-severity 2021-07-20 11:00:13 +01:00
Rasmus Wriedt Larsen
5a489a386a Merge pull request #6329 from havron/qhelp-typo 
Fix qhelp typo in RequestWithoutValidation
 2021-07-20 10:18:35 +02:00
Artem Smotrakov
158a75e5a1 Import UnsafeDeserializationQuery in unsafeDeserialization.ql 2021-07-20 10:14:50 +02:00
Tony Torralba
0f199601f8 Refactor GroovyInjection.qll 2021-07-20 09:44:37 +02:00
Anders Schack-Mulligen
47528b3379 Merge pull request #6332 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-20 09:27:59 +02:00
github-actions[bot]
bed08a6f4f Add changed framework coverage reports 2021-07-20 00:06:37 +00:00
Ethan P
1cf5386824 Create publishing-and-using-codeql-packs.rst 2021-07-19 18:42:01 -04:00
Ethan P
a5cbc560e3 Add conceptual info for creating and working with CodeQL packs 2021-07-19 18:41:44 -04:00
Porcuiney Hairs
c6c925d67a Python : Improve Xpath Injection Query 2021-07-20 03:31:30 +05:30
Aditya Sharad
48778ce9a4 Merge pull request #6160 from timoles/patch-1 
Add information for generating qhelp files locally
 2021-07-19 14:14:22 -07:00
Ethan P
26a36592ce Add intros and Overview headers 2021-07-19 16:29:18 -04:00
Ethan P
511e01aa1b shorten title for full-cwe 2021-07-19 16:23:57 -04:00
Sam Havron
733e5b45bf Fix qhelp typo in RequestWithoutValidation 2021-07-19 16:01:06 -04:00
Timo Müller
b24c096a76 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-07-19 21:12:59 +02:00
Aditya Sharad
20fa8e49c8 Merge pull request #6326 from adityasharad/codeowners/codeql-tools 
Codeowners: Add reviewer teams for CodeQL tools and associated docs
 2021-07-19 11:15:58 -07:00