hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,697 Branches 161 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
5bb4a1a45a Python: Use explicit argument specification instead of getAnArg 
I've seen quite a few places where `getAnArg` leads to wrong behavior, and I
generally just don't like it.
 2021-02-24 10:19:34 +01:00
Taus Brock-Nannestad
e77c1059a3 Python: Use source nodes and prevent bad join order 2021-02-24 10:18:54 +01:00
Taus Brock-Nannestad
cac6c4acc9 Python: Add deprecation notice to mode_from_mode_object 2021-02-24 10:18:21 +01:00
Rasmus Wriedt Larsen
0b9a65d234 Python: Accept RequestWithoutValidation expected output change 
I have no clue why this changed, but since it's only the `..` part, I guess
we'll live with it
 2021-02-24 10:13:25 +01:00
Rasmus Wriedt Larsen
cef37d19ce Python: Split CWE-295 tests 
Mostly just because it's nice. But now we can avoid having the same `options`
files for the tests.
 2021-02-24 10:12:45 +01:00
Rasmus Wriedt Larsen
0ffc801f9b Python: Remove options for InsecureTemporaryFile tests 2021-02-24 09:57:51 +01:00
Erik Krogh Kristensen
5091bb652f bump extractor version 2021-02-24 09:39:09 +01:00
Erik Krogh Kristensen
971ce83f8e add change note 2021-02-24 09:34:54 +01:00
Erik Krogh Kristensen
bcb3d5aec2 add tests for nested type unions through aliases 2021-02-24 09:34:54 +01:00
Erik Krogh Kristensen
85ed402b1a add test for union types 2021-02-24 09:34:53 +01:00
Erik Krogh Kristensen
5ae3c5952c support abstract signatures 2021-02-24 09:34:53 +01:00
Erik Krogh Kristensen
f385c55f2c add support for rest types elements in the middle of a tuple 2021-02-24 09:34:53 +01:00
Erik Krogh Kristensen
74630b0fd8 fix file lookup for exclude patterns 2021-02-24 09:34:53 +01:00
Erik Krogh Kristensen
8cf28c6186 update TypeScript to 4.2 2021-02-24 09:34:47 +01:00
yoff
c3d2001e85 Merge pull request #5251 from tausbn/python-port-missing-host-key-validation-query 
Python: Port missing host key validation query
 2021-02-24 08:43:52 +01:00
yo-h
1d654febfd Merge pull request #5195 from aschackmull/java/cwe-548-test 
Java: Add empty file to test.
 2021-02-23 21:12:40 -05:00
Taus Brock-Nannestad
2942a11a69 Python: Import API graphs privately 2021-02-23 22:45:39 +01:00
Taus Brock-Nannestad
f241dbabab Python: Clean up query a bit 2021-02-23 22:33:18 +01:00
Taus Brock-Nannestad
002d0fe565 Python: Port missing host key query 2021-02-23 22:26:03 +01:00
Taus Brock-Nannestad
e812eb777d Python: Port URL sanitisation queries to API graphs 
Really, this boils down to "Port `re` library model to use API graphs
instead of points-to", which is what this PR actually does.

Instead of using points-to to track flags, we use a type tracker. To
handle multiple flags at the same time, we add additional flow from

`x` to `x | y` and `y | x`

and, as an added bonus, the above with `+` instead of `|`, neatly
fixing https://github.com/github/codeql/issues/4707

I had to modify the `Qualified.ql` test slightly, as it now had a
result stemming from the standard library (in `warnings.py`) that
points-to previously ignored.

It might be possible to implement this as a type tracker on
`LocalSourceNode`s, but with the added steps for the above operations,
this was not obvious to me, and so I opted for the simpler
"`smallstep`" variant.
 2021-02-23 22:02:35 +01:00
Rasmus Wriedt Larsen
358ade67e5 Merge pull request #5248 from tausbn/python-port-insecure-temporary-file 
Python: Port `py/insecure-temporary-file`
 2021-02-23 21:37:59 +01:00
Tamás Vajk
91928fa098 Merge pull request #5220 from tamasvajk/feature/limit-codescanning-csharp 
Limit C# codeql analysis to the csharp folder
 2021-02-23 21:05:38 +01:00
Tamás Vajk
e6532cbd75 Merge pull request #4695 from tamasvajk/feature/csharp9-with-expr 
C#: Extract 'with' expressions
 2021-02-23 21:04:51 +01:00
Geoffrey White
431a004127 C++: QLDoc. 2021-02-23 19:10:03 +00:00
Taus Brock-Nannestad
b8ce5e969e Python: Port py/insecure-temporary-file 2021-02-23 20:02:22 +01:00
yoff
9eed17f647 Merge pull request #5152 from RasmusWL/improve-pyyaml-support 
Python: Improve pyyaml support
 2021-02-23 19:58:04 +01:00
Rasmus Lerchedahl Petersen
6abbb5040c Python: add change note 2021-02-23 19:54:09 +01:00
Rasmus Lerchedahl Petersen
b28544da9c Python: Port insecure default protocol 
- use API graphs
- update .qlhelp-file
- limit to versions below 3.4
- move tests to its own directory to only test on old version
 2021-02-23 19:41:36 +01:00
Owen Mansel-Chan
e1402b3881 Merge pull request #486 from owen-mc/add-missing-licences-for-stubbed-libraries 
Add license files for stubbed dependencies
 2021-02-23 18:32:42 +00:00
Owen Mansel-Chan
6c0fe2ed45 Merge branch 'main' into add-missing-licences-for-stubbed-libraries 2021-02-23 17:14:28 +00:00
Owen Mansel-Chan
b7323bf9b6 Merge pull request #487 from sauyon/add-shati 
Add shati-patel to CODEOWNERS
 2021-02-23 17:11:28 +00:00
Sauyon Lee
f3969372a4 Add shati-patel to CODEOWNERS 2021-02-23 09:00:10 -08:00
Owen Mansel-Chan
4728b7a866 Add license files for stubbed dependencies 2021-02-23 16:29:17 +00:00
Joe Farebrother
e13c779f0f Add additional unit tests 2021-02-23 16:17:13 +00:00
Sauyon Lee
a4b701d2c5 Merge pull request #480 from sauyon/go116 
Add preliminary support for go 1.16
 2021-02-23 08:16:12 -08:00
Nick Rolfe
37253fd1f1 Update stats for dbscheme change to interpolation_child 2021-02-23 16:08:24 +00:00
Nick Rolfe
6c84f2c3dc Add test case for multiple statements in interpolation 2021-02-23 15:52:11 +00:00
Nick Rolfe
672148e5b4 Add support for multiple statements in interpolations 2021-02-23 15:36:14 +00:00
CodeQL CI
c5ae8d2c53 Merge pull request #5210 from erik-krogh/barrierPerf 
Approved by asgerf
 2021-02-23 07:29:27 -08:00
luchua-bc
56e3b301e9 Resolve ambiguous method access 2021-02-23 15:18:07 +00:00
Rasmus Wriedt Larsen
a09f8c4b4a Python: Port bind-to-all-interfaces to type-tracking 2021-02-23 16:01:24 +01:00
Rasmus Wriedt Larsen
4026d54095 Python: Expand bind-to-all-interfaces tests slightly 2021-02-23 15:53:47 +01:00
luchua-bc
45f9125bfa Update test program 2021-02-23 14:41:44 +00:00
luchua-bc
9eb8ec7da5 Create a separate file for EJB check 2021-02-23 14:38:15 +00:00
Joe Farebrother
ee651da23f Remove TODO comment 2021-02-23 14:27:11 +00:00
Joe Farebrother
459c0afc55 Add change note 2021-02-23 14:26:12 +00:00
Joe Farebrother
a3b8d4ab2d Switch to inline test expectations; fix failing test outputs 2021-02-23 14:26:12 +00:00
Joe Farebrother
7b5961769a Add unit tests for version 5.x 2021-02-23 14:26:12 +00:00
Joe Farebrother
cf58a90d74 Add unit tests for utility methods 2021-02-23 14:26:12 +00:00
Joe Farebrother
e5d624d1e8 Add open redirect sinks 2021-02-23 14:26:12 +00:00