hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,697 Branches 161 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Porcupiney Hairs
602f63ad45 [Java] Add QL for detecting Spring View Manipulation Vulnerabilities. 2021-02-26 16:29:18 +05:30
Tom Hvitved
ac67c67ad7 Merge pull request #4998 from hvitved/csharp/shared-base-pre-ssa 
C#: Use shared SSA implementation for `{Pre,Base}Ssa`
 2021-02-26 11:29:07 +01:00
Rasmus Wriedt Larsen
b43533ce8d Python: Ensure old dataflow queries are not used 
There seems to have been some cases where the old ones have been picked up
instead of the new ones. At least I spotted _one_ case where this happened, in
an internal actions run.

I'm not sure how to actual debug this, so just removing all the tags that could
make these queries to become picked up :|
 2021-02-26 11:22:23 +01:00
yoff
7f7320ae4c Update python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-02-26 10:56:48 +01:00
Erik Krogh Kristensen
c59e6fef80 add model for form-data 2021-02-26 10:54:46 +01:00
Erik Krogh Kristensen
00cfc77fc0 Revert "fix file lookup for exclude patterns" 
This reverts commit 74630b0fd8.
 2021-02-26 10:28:20 +01:00
Erik Krogh Kristensen
4ec3289ecc update relation name in .stats file 2021-02-26 10:26:08 +01:00
Erik Krogh Kristensen
bd19d5a93c remove is_abstract_signature.ql 2021-02-26 10:24:40 +01:00
Erik Krogh Kristensen
1cac692b1d Update javascript/ql/src/semmle/javascript/TypeScript.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-26 10:23:01 +01:00
Mathias Vorreiter Pedersen
42d2a673c7 C++: Respond to review comments. 2021-02-26 10:06:05 +01:00
Tamas Vajk
b3d6d0c12b Fix method name resolution issue with nullable suppression 2021-02-26 09:48:37 +01:00
Mathias Vorreiter Pedersen
4e4ffbd790 Update cpp/change-notes/2021-02-24-memset-may-be-deleted.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-02-26 09:48:21 +01:00
Rasmus Lerchedahl Petersen
311149ab4f Python: fix spelling 2021-02-26 09:44:24 +01:00
Mathias Vorreiter Pedersen
72daf2eef9 C++: Make the tests more realistic by actually using the local variable for something. Otherwise it looks like a zero-initialization of a buffer, which the query now tries to exclude. 2021-02-26 09:19:05 +01:00
yoff
a067adbaf3 Update python/ql/test/query-tests/Security/CWE-327-py2/options 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-02-26 08:53:20 +01:00
Tamás Vajk
ce69e3ae66 Merge pull request #5263 from tamasvajk/feature/fix-file-move 
C#: Fix potentially concurrent file moves
 2021-02-26 08:27:42 +01:00
Tamás Vajk
8241a9c2f1 Merge pull request #5264 from tamasvajk/feature/more-known-enums 
C#: Add more well-known enum underlying types
 2021-02-26 08:20:14 +01:00
Marcono1234
53dc2ce9b6 Java: Use .inc.qhelp extension for included help files 2021-02-26 00:43:51 +01:00
Marcono1234
e21cbe82a9 Update Java documentation links to Java 11 
Where possible update Java documentation links to Java 11.
Additionally update some other links to use HTTPS.
 2021-02-26 00:43:51 +01:00
yoff
e3b3825ab0 Merge pull request #5151 from RasmusWL/django-get-redirect-url 
Python: Model get_redirect_url in django
 2021-02-25 23:07:33 +01:00
Robert Marsh
290b1c624e C++: cache the IR stage Operand class 2021-02-25 13:10:39 -08:00
intrigus
141f057f7b Java: Remove duplicate code. 2021-02-25 21:29:26 +01:00
Mathias Vorreiter Pedersen
faadcd913e C++: Exclude memsets that clear a variable that has no other uses. 2021-02-25 21:27:12 +01:00
Sauyon Lee
0684143291 Merge pull request #483 from owen-mc/sync-dataflow-libraries 
Sync dataflow libraries
 2021-02-25 11:40:50 -08:00
Geoffrey White
0c4a5f5e2a Merge pull request #5266 from geoffw0/isis 
JS: Fix 'is, is' and 'is is'.
 2021-02-25 18:55:41 +00:00
Mathias Vorreiter Pedersen
2777ca445e Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-25 19:49:58 +01:00
Dave Bartolomeo
2e02625f22 C++: Summary metrics queries 
This is a first attempt at implementing, for C++, the set of summary queries that we expect all languages to implement to help diagnose extraction failures and build configuration problems. See the spec in [this document](https://docs.google.com/document/d/1V3zpkj0OGh8GEUVwACRx7fiafE5zklujAftZaYUyf9s/edit?usp=sharing). The five queries are:

- Total number of source files (including .c/.cpp and header files)
- Total number of lines of text across all text files
- Total number of lines of code across all text files
- Number of lines of text in each source file
- Number of lines of code in each source file

I've added some simple unit tests that cover all five of these.
 2021-02-25 12:53:39 -05:00
Mathias Vorreiter Pedersen
9e7c9d0ea0 C++: Respond to review comments. Relax the escaping requirements on the local variable being used in memset. 2021-02-25 18:22:48 +01:00
Marcono1234
fa189ded9d Java: Add Class and Interface.isPackageProtected() 2021-02-25 18:21:18 +01:00
Sauyon Lee
be14df042d Explicitly set GO111MODULE to auto 2021-02-25 08:22:06 -08:00
CodeQL CI
1bd12e6fdf Merge pull request #5199 from asgerf/js/vue-router 
Approved by erik-krogh
 2021-02-25 07:32:57 -08:00
Tamás Vajk
505d04b13e Merge pull request #5102 from luchua-bc/java/main-method-in-servlet 
Java: CWE-489 Query to detect main() method in servlets
 2021-02-25 16:05:06 +01:00
Mathias Vorreiter Pedersen
3f26b2940d Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-02-25 15:48:48 +01:00
Arthur Baars
39181ec871 AST: printAST: show all primary classes and method names 2021-02-25 15:25:49 +01:00
Arthur Baars
e2b2a450ac AST: add printAST test case 2021-02-25 15:25:49 +01:00
Arthur Baars
75883b94cd QLTest: ignore *.testproj folders 2021-02-25 15:25:42 +01:00
Arthur Baars
7ab147a7b8 Merge pull request #144 from github/aibaars/missing 
AST: add missing getAPrimaryQlClass predicate
 2021-02-25 15:18:29 +01:00
Geoffrey White
0e071b7b79 JS: Fix 'is, is' and 'is is'. 2021-02-25 14:16:25 +00:00
Arthur Baars
a6bb34c86d AST: add missing getAPrimaryQlClass predicate 2021-02-25 14:59:39 +01:00
Tamas Vajk
3e651f14fd C#: Add more well-known enum underlying types 2021-02-25 14:57:23 +01:00
Rasmus Wriedt Larsen
81b29316e1 Merge pull request #4737 from yoff/python-dataflow-add-cast-nodes 
Python: Force read- and store steps to add nodes.
 2021-02-25 14:28:54 +01:00
Tamás Vajk
9ae22cbebd Merge pull request #5189 from tamasvajk/feature/refactor-3 
C#: Split 'Context' class between CIL and source extraction
 2021-02-25 14:28:25 +01:00
Arthur Baars
fa7adee245 Merge pull request #142 from github/aibaars/clean-up 
Remove as many references to TreeSitter::Generated
 2021-02-25 14:28:09 +01:00
Bas van Schaik
5ecd2317b0 Merge pull request #5212 from github/sj-patch-1 
Include @xcorail (GHSL) in code reviews for `experimental` queries
 2021-02-25 12:58:12 +00:00
Arthur Baars
9800e3f930 Add some TODO comments 2021-02-25 13:43:36 +01:00
Taus
d326d40d71 Merge pull request #5252 from RasmusWL/test-cleanup 
Python: Minor cleanup of test setup
 2021-02-25 13:33:10 +01:00
Mathias Vorreiter Pedersen
d33209388d C++: Fix test annotations. Also exclude static locals from the query and add a testcase for this. 2021-02-25 13:25:11 +01:00
Taus
01d581ecf3 Merge pull request #5250 from tausbn/python-port-re-security-queries 
Python: Port URL sanitisation queries to API graphs
 2021-02-25 13:13:55 +01:00
Arthur Baars
f3d1c804be Update test data 2021-02-25 12:57:18 +01:00
Arthur Baars
7c0ea7b3bc CFG: add AstNode for @in 2021-02-25 12:57:18 +01:00