hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 04:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,697 Branches 161 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
f9a207dd9f Java: migrate 'arg to arg' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
7e1534a6cd Java: migrate 'arg to return' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
5cdbde2686 Java: migrate 'qualifier to return' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
40126563ef Java: migrate 'qualifier to arg' taint steps to CSV 2021-03-16 12:10:28 +01:00
CodeQL CI
c08230ce1e Merge pull request #5378 from asgerf/js/meta-problem-queries 
Approved by esbena
 2021-03-16 03:58:12 -07:00
Cornelius Riemenschneider
2e8e04f73e C++: Move FailedExtractions.ql to FailedCompilations.ql. 2021-03-16 10:48:04 +00:00
Tamás Vajk
24140195d6 Merge pull request #5242 from tamasvajk/feature/tuple-df 
C#: Add tuple dataflow
 2021-03-16 11:45:11 +01:00
Tamás Vajk
8d6b8359eb Merge pull request #5316 from tamasvajk/feature/roslyn3.9 
C#: Upgrade Roslyn dependencies to 3.9
 2021-03-16 11:44:42 +01:00
Anders Schack-Mulligen
2d8d967060 Dataflow: Address review comment. 2021-03-16 11:07:33 +01:00
Cornelius Riemenschneider
fa3ac30894 C++: Update query to latest spec. 2021-03-16 09:56:38 +00:00
Chris Smowton
6d108c0fa7 Improve docstring for composedValueAndTaintModelStep 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-16 09:00:35 +00:00
Chris Smowton
915a19fb9d Improve naming; eliminate some harmless extra results 
Adding `src != valueSource` should have no effect as the introduced edge would already exist, but could reduce workload downstream.
 2021-03-16 08:57:14 +00:00
sn00py
4318ffee3e Merge branch 'main' into add-transport-roundtrip 2021-03-16 16:52:37 +08:00
Chris Smowton
516122aa74 Add taint-preserving edges where a call also has a value-preserving edge 
For example, for a fluent method that returns `this`, we take a tainting edge from argX to either `this` or the return value to also taint the other.
 2021-03-16 08:45:24 +00:00
CodeQL CI
86b933a0e0 Merge pull request #5354 from yoff/doc-fix-typo-csharp-dataflow 
Approved by hvitved
 2021-03-15 23:52:38 -07:00
Owen Mansel-Chan
8318dcf971 Merge pull request #502 from owen-mc/find-latest-codeql-cli-automatically 
Find latest release of the CLI automatically
 2021-03-16 06:22:50 +00:00
snoopywu
cee30cfde4 fix: autoformat 2021-03-16 01:43:33 +08:00
Jaroslav Lobačevski
8445ec6c17 Update javascript/ql/src/experimental/semmle/javascript/Actions.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-15 19:15:10 +02:00
yoff
14dd708abc Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-15 17:56:50 +01:00
Jaroslav Lobačevski
87ea442a78 qhelp 2021-03-15 18:47:45 +02:00
sn00py
00f12f9210 Update ql/src/semmle/go/frameworks/stdlib/NetHttp.qll 
Co-authored-by: Sauyon Lee <sauyon@github.com>
 2021-03-16 00:41:52 +08:00
Rasmus Lerchedahl Petersen
6fff746b16 Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol 2021-03-15 17:37:28 +01:00
Rasmus Lerchedahl Petersen
9a96230523 Python: Add changenote 2021-03-15 17:35:30 +01:00
Jaroslav Lobačevski
de6ed1dcb9 File rename 2021-03-15 18:34:10 +02:00
Rasmus Lerchedahl Petersen
514a69c47a Python: Support ssl.PROTOCOL_TLS_SERVER 
and `ssl.PROTOCOL_TLS_CLIENT`
 2021-03-15 17:30:01 +01:00
Rasmus Lerchedahl Petersen
87f3ba2684 Python: add tests for ssl.PROTOCOL_TLS_SERVER 
and `ssl.PROTOCOL_TLS_CLIENT`
 2021-03-15 17:24:39 +01:00
Jaroslav Lobačevski
a823baabfb Ranamed to CWE-094 2021-03-15 18:24:08 +02:00
Rasmus Lerchedahl Petersen
731f4559b4 Python: update test expectations 2021-03-15 17:23:58 +01:00
Jaroslav Lobačevski
16ca2314e4 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-15 18:14:20 +02:00
Rasmus Lerchedahl Petersen
4094b18407 Python: Clean up tests 2021-03-15 16:28:08 +01:00
Anders Schack-Mulligen
45c9428668 Merge pull request #5337 from smowton/smowton/feature/commons-lang-random-sources 
Java: Add support for Commons-Lang's RandomUtils
 2021-03-15 16:21:01 +01:00
Anders Schack-Mulligen
d1f30d9164 Java: Autoformat. 2021-03-15 15:28:04 +01:00
Anders Schack-Mulligen
662e17ff85 Java: Bugfix dispatch to lambda in call context. 2021-03-15 15:09:03 +01:00
CodeQL CI
9268050eb8 Merge pull request #5369 from erik-krogh/tempObjInj 
Approved by asgerf
 2021-03-15 05:23:55 -07:00
CodeQL CI
a9c292e265 Merge pull request #5391 from erik-krogh/additionalXss 
Approved by asgerf
 2021-03-15 04:50:54 -07:00
Erik Krogh Kristensen
b039267b76 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-15 12:39:56 +01:00
Cornelius Riemenschneider
f75b969ffc C++: Only include sum of LoC in the new non-alert summary queries for now. 2021-03-15 11:32:10 +00:00
Arthur Baars
c672169621 Merge pull request #155 from github/aibaars/order-ast-test 
AST: order edges by target node
 2021-03-15 10:43:34 +01:00
Arthur Baars
d54db292f7 Move semmle.order property to printAst.qll 2021-03-15 10:33:10 +01:00
Owen Mansel-Chan
52a535463d Find latest release of the CLI automatically 
Also download OS-specific zip files while we're at it.

There are two files in `codeql-win64.zip` called `codeql/codeql` and
`codeql/codeql.exe`. Because of the order they were put into the zip,
they come out in the order `codeql/codeql.exe` followed by
`codeql/codeql`, and something on Windows thinks that the second file
has the same name as the first. It's because it's trying to emulate
linux and running `codeql/codeql` could run either one of them. We need
to make sure we definitely have the `.exe` file, so we explicitly
extract it again afterwards. This workaround is already used in some
other places. The order that the zip file is made in has now been fixed
so this shouldn't be a problem for future releases, so this workaround
can be removed in future.
 2021-03-15 09:25:51 +00:00
Mathias Vorreiter Pedersen
0ffb80e3b1 Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-15 09:42:32 +01:00
Anders Schack-Mulligen
e37ba75599 Merge pull request #5401 from Marcono1234/patch-2 
Add missing quote in documentation
 2021-03-15 09:17:29 +01:00
Rasmus Lerchedahl Petersen
41c9394b4b Python: update qhelp and example 2021-03-14 09:22:47 +01:00
Rasmus Lerchedahl Petersen
0d8f8d2cc5 Python, doc: subsection on local sources 
also remove references to `parameterNode` which is not available yet.
 2021-03-13 08:15:42 +01:00
Marcono1234
a457f5cc4a Add missing quote in documentation 2021-03-13 05:01:56 +01:00
snoopywu
e1219480d8 Add Transport.RoundTrip() 2021-03-13 03:17:58 +08:00
yoff
a760ed8c55 Merge pull request #5388 from tausbn/python-api-graph-builtins 
Python: Support built-ins in API graphs
 2021-03-12 17:45:59 +01:00
Tamas Vajk
27048191c8 C#: Add dataflow test for tuple-positional pattern 2021-03-12 17:14:24 +01:00
Arthur Baars
3e5ff1d042 AST: order edges by target node 
When printing a tree CodeQL iterates over the nodes and
for each node prints the successor edges as children. If the
the successor edges are ordered by target node then the children
printe in the right order in the expected output.
 2021-03-12 16:52:34 +01:00
Erik Krogh Kristensen
1dcfc3840d add test 2021-03-12 16:25:33 +01:00