hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 13:53:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,698 Branches 161 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
87b738d48c Merge pull request #5002 from MathiasVP/fix-PrivateCleartextWrite-format 
C++: Fix path-problem format in cpp/private-cleartext-write
 2021-01-22 14:28:03 +01:00
Mathias Vorreiter Pedersen
b4f9b1590d C++: Restore lost result on git/git. We lost the result in a00bd7ae02 because the added check for type T to type T* conversion didn't handle const qualifiers. 2021-01-22 14:20:18 +01:00
Esben Sparre Andreasen
3f3962f7a9 Update javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-B.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-22 14:03:21 +01:00
Mathias Vorreiter Pedersen
682b246441 C++: Fix path-problem format. 2021-01-22 13:40:44 +01:00
Esben Sparre Andreasen
718f6eb3fd JS: update and prettify examples 2021-01-22 13:17:38 +01:00
Tom Hvitved
7e374c416a Categorize variable accesses into reads and (implicit or explicit) writes 2021-01-22 13:17:26 +01:00
Nick Rolfe
3939008fd5 Small tweaks based on PR feedback 2021-01-22 12:17:17 +00:00
Nick Rolfe
ccd8a2aae6 Merge remote-tracking branch 'origin/main' into call_ast 2021-01-22 11:48:32 +00:00
Asger Feldthaus
b36593a76b JS: Fix broken link tag 2021-01-22 10:11:16 +00:00
Asger Feldthaus
0ffa720d3b JS: Capitalize other enum constants 2021-01-22 09:48:11 +00:00
Asger Feldthaus
c257f6617f JS: Capitalize enum members in ScopeKind and TopLevelKind 2021-01-22 09:33:25 +00:00
Mathias Vorreiter Pedersen
7bc461aeb2 Merge pull request #4990 from geoffw0/cpp401b 
C++: Further improvements to experimental query cpp/memory-leak-on-failed-call-to-realloc
 2021-01-22 09:51:10 +01:00
CodeQL CI
0e059cea56 Merge pull request #5000 from erik-krogh/redosOnlyNonMin 
Approved by esbena
 2021-01-21 15:29:03 -08:00
Erik Krogh Kristensen
11f35a5193 Update javascript/ql/src/semmle/javascript/security/performance/ReDoSUtil.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-21 23:11:50 +01:00
Artem Smotrakov
73c8338e52 Use <code> tag in JexlInjection.qhelp 2021-01-21 22:49:36 +01:00
Artem Smotrakov
ee6d28b562 Use LocalUserInput when looking for JEXL injections 2021-01-21 22:46:18 +01:00
Erik Krogh Kristensen
62746bbbac skip analyzing regular expressions in minified files for ReDoS 2021-01-21 22:31:42 +01:00
CodeQL CI
d0b70d15f0 Merge pull request #4996 from esbena/js/nodejs-client-request-event-emitter 
Approved by erik-krogh
 2021-01-21 12:37:00 -08:00
Artem Smotrakov
8166e269ec Added examples of a sandbox for JEXL expressions 2021-01-21 20:53:15 +01:00
Esben Sparre Andreasen
cb25f2ab20 JS: add docstring with source examples 2021-01-21 20:46:34 +01:00
CodeQL CI
b83c949109 Merge pull request #4986 from erik-krogh/logInf 
Approved by esbena
 2021-01-21 06:02:50 -08:00
Asger Feldthaus
c29014f122 JS: Autoformat 2021-01-21 13:55:21 +00:00
ihsinme
9c53e39394 Update CompilerRemovalOfCodeToClearBuffers.ql 2021-01-21 16:52:00 +03:00
Esben Sparre Andreasen
1c100bbbc2 JS: recognize event emitters in nodejs client requests 2021-01-21 14:14:00 +01:00
Tom Hvitved
08c655e4e3 Merge pull request #99 from github/hvitved/cfg/to-string 
CFG: Use manual `toString()`s for `AstCfgNode` when available
 2021-01-21 14:10:16 +01:00
Rasmus Wriedt Larsen
7a76a5134e Python: Add redirect modeling for Tornado 
After making https://github.com/github/codeql/pull/4995, I realized how easy
this would be :D

Will need to do some manual merge-conflict handling, but it should be all good
:)
 2021-01-21 14:04:11 +01:00
Rasmus Wriedt Larsen
2f86937e5a Python: Remove unused param in test code 2021-01-21 13:44:56 +01:00
Rasmus Wriedt Larsen
48083d657a Python: Apply code-review suggestion 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-21 13:40:58 +01:00
Rasmus Wriedt Larsen
ee2d18afd8 Merge pull request #4665 from yoff/python-dataflow-modernize-tests 
Python: Add new-style tests
 2021-01-21 13:35:39 +01:00
Rasmus Wriedt Larsen
b55817a5b2 Python: Model HTTP responses in tornado 
This is quite a simpel model, but ends up matching what we were able to do with
points-to.

I think this modeling excercise really shows that we need a bit of a different
way to model HTTP responses... but I'm not going to try to fix that in this PR.
 2021-01-21 13:26:31 +01:00
Rasmus Wriedt Larsen
ac77a8b8a8 Python: Add proper HTTP response tests for Tornado 2021-01-21 13:22:31 +01:00
Asger Feldthaus
2f58683f2d JS: Remove PipeCallExpr 2021-01-21 12:12:17 +00:00
Asger Feldthaus
1d1149f4cd JS: Test and QLDoc for RxJS model 2021-01-21 12:08:22 +00:00
Rasmus Lerchedahl Petersen
e786be06ae Python: Fix broken references 2021-01-21 12:40:35 +01:00
Asger Feldthaus
144d04f3ce JS: Add test exposing source location of attribute after line break 2021-01-21 11:25:39 +00:00
haby0
a56dd60baa *)add CWE-652 XQueryInjection detection 2021-01-21 19:18:10 +08:00
Asger Feldthaus
7c6704a63f JS: Shift line numbers in test case 2021-01-21 11:09:36 +00:00
Owen Mansel-Chan
7dfe5d9f07 Merge pull request #457 from owen-mc/cleanup-avoid-code-duplication 
Reuse existing class instead of repeating it
 2021-01-21 10:56:14 +00:00
Owen Mansel-Chan
7f00ab1f08 Merge pull request #456 from owen-mc/add-guarding-function-test 
Add tests for guarding functions proxied by a variable
 2021-01-21 10:55:54 +00:00
Asger F
34280f90b0 Update QLDoc for getATemplateArgument 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-21 10:51:46 +00:00
Erik Krogh Kristensen
a9a901d1e2 add change note 2021-01-21 11:08:39 +01:00
Erik Krogh Kristensen
dafec3ceaa rename to AnalyzedCompoundNumericAssignExpr 2021-01-21 11:06:46 +01:00
Rasmus Lerchedahl Petersen
88db8f562d Python: Elaborate comments for steps 2021-01-21 10:55:59 +01:00
Tom Hvitved
bc41c26354 Merge pull request #4959 from hvitved/csharp/ssa/split 
C#: Split up SSA implementation
 2021-01-21 10:52:49 +01:00
Rasmus Lerchedahl Petersen
bc1b50788a Python: Small refactor 2021-01-21 10:44:58 +01:00
Rasmus Lerchedahl Petersen
19918e2e57 Python: Have Node-postfix consistently 2021-01-21 10:43:15 +01:00
CodeQL CI
30015ee995 Merge pull request #4942 from esbena/js/reintroduce-resource-exhaustion 
Approved by erik-krogh
 2021-01-21 01:21:33 -08:00
CodeQL CI
9cfbe6feb7 Merge pull request #4980 from erik-krogh/defaultExport 
Approved by esbena
 2021-01-21 00:55:15 -08:00
Esben Sparre Andreasen
b90dd89746 JS: move js/resource-exhaustion to experimental 2021-01-21 09:09:01 +01:00
Esben Sparre Andreasen
5a6e692807 add js/server-crash to the security suite 2021-01-21 08:43:13 +01:00