hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,697 Branches 161 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marcono1234
905648e452 Add ConditionalExpr.getBranchExpr(boolean) 2021-02-12 04:50:41 +01:00
haby0
6901cd4899 Merge branch 'main' of https://github.com/haby0/codeql into main 2021-02-12 11:18:33 +08:00
haby0
22e741c7a3 *)add XQExpression.executeCommand(0) sink 2021-02-12 11:17:42 +08:00
haby0
dbb3d458f5 *)add XQExpression.executeCommand(0) sink 2021-02-12 10:47:41 +08:00
Marcono1234
e89891fa1f Address review comments 2021-02-12 01:30:47 +01:00
Artem Smotrakov
042c0b005e Covered sandboxes for JEXL 2 
- Updated SandboxedJexlFlowConfig to cover JEXL 2
- Added SandboxedJexl2 test
 2021-02-11 22:57:26 +01:00
Raul Garcia (MSFT)
710ca21d19 Addressing comments we missed earlier 2021-02-11 11:52:58 -08:00
Artem Smotrakov
7543df60da Callable.call() should not be a sink in JexlInjection.ql 2021-02-11 20:37:23 +01:00
luchua-bc
6bfe2f2ba6 Add more sinks 2021-02-11 17:53:42 +00:00
Tom Hvitved
1aaebeea76 Merge pull request #125 from github/hvitved/cfg-to-string 
CFG: Reintroduce `toString()`s
 2021-02-11 18:46:26 +01:00
Arthur Baars
43b238f729 AST: rescue clauses 2021-02-11 18:40:29 +01:00
Tom Hvitved
c4ee79ed27 CFG: Reintroduce toString()s 2021-02-11 18:37:18 +01:00
Nick Rolfe
307db73c9c Merge pull request #124 from github/aibaars/ast-stmt-expr 
AST: make Expr extend Stmt and change ExprSequence to StmtSequence
 2021-02-11 17:00:21 +00:00
Geoffrey White
354f21f2c3 C++: BSL support. 2021-02-11 16:57:20 +00:00
Erik Krogh Kristensen
004147a22f add change note 2021-02-11 17:54:53 +01:00
Arthur Baars
f9e9dc2304 Address comment 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-02-11 17:53:28 +01:00
Erik Krogh Kristensen
6f405635ef add ClientRequest model for apollo-client 2021-02-11 17:49:44 +01:00
Mathias Vorreiter Pedersen
91627cbd88 C++: Add models for BSD-style send and recv functions. 2021-02-11 17:21:32 +01:00
Arthur Baars
c4e2c87d82 AST: some statement tests 2021-02-11 17:20:11 +01:00
Arthur Baars
d42b6b651e AST: rename ExprSequence to StmtSequence 2021-02-11 17:20:10 +01:00
Arthur Baars
fd6aeba9f5 AST: make Expr extend Stmt 2021-02-11 17:20:10 +01:00
Arthur Baars
f02d4a977d AST: some statement tests 2021-02-11 17:20:10 +01:00
Arthur Baars
d02d359c51 Merge pull request #122 from github/constants_scopes 
Rework handling of scope resolution nodes, and add `ConstantAccess` class
 2021-02-11 17:19:47 +01:00
Geoffrey White
21b2999722 C++: Update StdSet.qll. 2021-02-11 16:01:55 +00:00
Geoffrey White
33b5802ff6 C++: Update StdPair.qll (just for consistency). 2021-02-11 16:01:44 +00:00
Arthur Baars
ada652b6f0 Merge branch 'main' into constants_scopes 2021-02-11 17:00:50 +01:00
Nick Rolfe
885137dca2 Simplify representation of calls that use scope resolution operator. 
Now, `Foo::bar` is a call where the receiver expr is `Foo`.
 2021-02-11 15:29:42 +00:00
Erik Krogh Kristensen
fd46b7a7bc fix type in change-note 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-11 16:17:26 +01:00
Erik Krogh Kristensen
69d8aa143c add taint step for the snarkdown libary 2021-02-11 16:16:46 +01:00
Taus Brock-Nannestad
4c66071f5f Python: Revert "Python: Support moduleImport("dotted.name") in API graphs" 
This reverts commit 2c4a477a4e.

It's probably best _not_ to do this, as any `getMember` cycle in the
API graph will lead to nontermination.
 2021-02-11 16:08:28 +01:00
Taus Brock-Nannestad
ea30598a08 Python: Split dotted names more efficiently 2021-02-11 16:07:39 +01:00
Owen Mansel-Chan
1dc474650a Model zap 2021-02-11 14:35:36 +00:00
Arthur Baars
f8ce7276a3 Merge pull request #123 from github/aibaars/ast-ensure 
AST: ensure and else blocks
 2021-02-11 15:17:30 +01:00
Arthur Baars
a908f2fe86 Merge pull request #121 from github/aibaars/dataflow-2 
Dataflow: identify ReturnNodes
 2021-02-11 15:10:27 +01:00
Jonathan Leitschuh
35e2ceba13 Update java/ql/src/semmle/code/xml/MavenPom.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-02-11 08:59:02 -05:00
Erik Krogh Kristensen
d14586de56 add two non ReDoS regular expressions to the ReDoS test suite 
Adds the regular expression from #5145
 2021-02-11 14:41:45 +01:00
Arthur Baars
426bf30822 AST: ensure and else blocks 2021-02-11 14:27:23 +01:00
Arthur Baars
4f3412fff9 Address comments 2021-02-11 13:46:34 +01:00
Nick Rolfe
23998e5f99 Accept CFG test changes 
Some generated ScopeResolution nodes are no longer represented in the
user-facing AST. These should go away when we port the CFG to the
user-facing AST.
 2021-02-11 12:38:13 +00:00
Erik Krogh Kristensen
f12c38425f add change-note 2021-02-11 13:36:53 +01:00
Chris Smowton
b9a1d9a17e Merge pull request #474 from sauyon/update-codeql 
Update actions codeql to 2.4.3
 2021-02-11 12:34:51 +00:00
Erik Krogh Kristensen
3ee0029cd8 Update javascript/change-notes/2021-02-08-xml-parser-taint.md 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-11 13:33:42 +01:00
CodeQL CI
02578cfff2 Merge pull request #5112 from erik-krogh/forms 
Approved by asgerf
 2021-02-11 04:32:14 -08:00
Nick Rolfe
6ff0ebb94a Add ConstantAccess class 2021-02-11 12:29:25 +00:00
Chris Smowton
2d08173631 Merge pull request #442 from monkey-junkie/main 
[CWE-369] Query for divide by zero detection
 2021-02-11 12:11:45 +00:00
Chris Smowton
b84aef6b83 Prevent getACalleeSource() from sharing magic with other users of getASuccessor* 
This avoids recursion through the magic side-condition as each discovery of a ListOfConstantsComparisonSanitizerGuard expands the set of things whose getASuccessor* is wanted, which in turn enlarges the set of transitive successors and causes getACalleeSource() to be pointlessly recomputed (pointlessly because all exprNode(getCalleeExpr())s were already computed)
 2021-02-11 10:29:30 +00:00
Erik Krogh Kristensen
044f80215e add change note 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
010d580f8e add model for multiparty 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
61b4ffec3d add remote flow from the Formidable library 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
a03f4ed3cd add remote flow source for busboy 2021-02-11 09:34:02 +01:00