hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 22:03:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,699 Branches 161 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
2752b4ba64 JS: Shift line numbers in test 2021-01-18 10:54:39 +00:00
Asger Feldthaus
ff1d0cc4c7 JS: Recognize DomSanitizer from @angular/core 2021-01-18 10:54:27 +00:00
Owen Mansel-Chan
903ff33b0d Add class for default taint sanitizer guards 
This allows us to specify taint sanitizer guards that apply in
all configurations.
 2021-01-18 10:51:59 +00:00
Owen Mansel-Chan
83c26a3594 Improve predicate name 
Renamed `defaultTaintSanitizer` to `isDefaultTaintSanitizer`.
 2021-01-18 10:50:26 +00:00
Rasmus Lerchedahl Petersen
66426bf0cc Python: Add tests for iterable unpacking 
in for-iterations and comprehensions.
 2021-01-18 09:36:13 +01:00
Tamas Vajk
8400a3862b Add DB upgrade folder 2021-01-18 09:19:27 +01:00
Tamas Vajk
ce58514453 Change release note date 2021-01-18 09:19:27 +01:00
Tamas Vajk
c0b31cbfe7 Add new stats file 2021-01-18 09:19:27 +01:00
Tamas Vajk
f235a28295 C# Add relational patterns extraction 2021-01-18 09:19:27 +01:00
Rasmus Lerchedahl Petersen
175e43d6f2 Python: Slight refactor 2021-01-18 09:12:05 +01:00
luchua-bc
048167d39a Revamp the query to reduce FPs introduced by wrapper calls 2021-01-18 04:23:30 +00:00
Your Name
3251fb5c07 updated 2021-01-18 02:37:53 +03:00
Artem Smotrakov
7d2d27394b Java: Added a source and a taint step for JexlInjectionConfig 
- Added TaintedSpringRequestBody source
- Added returningTaintedDataFromBean() taint step
- Added tests
 2021-01-17 22:28:42 +01:00
Artem Smotrakov
99401f6e84 Java: Query for detecting JEXL injections 2021-01-17 14:19:26 +01:00
Rasmus Lerchedahl Petersen
5f189a7e43 Python: Address reviews 2021-01-15 20:18:37 +01:00
Mathias Vorreiter Pedersen
dcbae8b22b Fix code tag. 2021-01-15 19:47:09 +01:00
yoff
1edad03622 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-01-15 18:50:04 +01:00
Erik Krogh Kristensen
401e516654 update expected output, and update PackageExports test 2021-01-15 17:40:47 +01:00
intrigus
a4cbd7037b Java: Add tests for different versions. 
Adds a test for version 6.24, because that version is not vulnerable.
The other test is for versions < 6.24, because these versions are
vulnerable.
 2021-01-15 17:20:57 +01:00
luchua-bc
3af8773dd6 Add more cases 2021-01-15 16:20:31 +00:00
Owen Mansel-Chan
fbe0474d0c Merge pull request #453 from owen-mc/update-architectures 
Update Architectures.qll
 2021-01-15 16:01:52 +00:00
Erik Krogh Kristensen
26783b6ab0 make getTopmostPackageJSON public again, and update PackageExports test 2021-01-15 16:05:49 +01:00
Tom Hvitved
9a9a57716c C#: Improved extraction of type nullability 2021-01-15 16:01:14 +01:00
Asger Feldthaus
5fa3b17956 JS: Tolerate Angular-specific HTML attribute names 2021-01-15 14:51:10 +00:00
Asger Feldthaus
f33630aab6 JS: Reformat HTMLExtractor 2021-01-15 14:51:10 +00:00
Owen Mansel-Chan
6219a28b13 Update Architectures.qll 2021-01-15 14:01:01 +00:00
yoff
48910d0597 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-01-15 14:02:27 +01:00
Erik Krogh Kristensen
1506ac09e5 limit the number of characters produced by getAThreewayIntersect 2021-01-15 13:54:16 +01:00
Erik Krogh Kristensen
0117a0fac1 specialize the getAValueExportedBy predicate to only topmost package.jsons 2021-01-15 13:54:16 +01:00
Erik Krogh Kristensen
0c9d46a7f9 changes based on review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-15 13:54:05 +01:00
luchua-bc
32c54628f8 Drop fieldName from the function for runtime evaluation 2021-01-15 12:33:00 +00:00
Anders Schack-Mulligen
545451e602 Merge pull request #4960 from github/yo-h/java15-change-note 
Java: update documentation on supported language versions
codeql-cli/v2.4.3 codeql-cli/v2.4.2 		2021-01-15 10:19:46 +01:00
Tamás Vajk
81ce29c6c8 Merge pull request #4656 from tamasvajk/feature/csharp9-not-pattern 
C#: Extract unary patterns
 2021-01-15 09:44:53 +01:00
Owen Mansel-Chan
2f9c1a6049 Merge pull request #452 from owen-mc/package-path 
Use `package()` for package paths not in the standard library
 2021-01-15 07:25:06 +00:00
luchua-bc
e5a703e49c Revamp the query 2021-01-15 04:05:11 +00:00
yo-h
27fd16ae87 Java: update documentation on supported language versions 2021-01-14 20:29:16 -05:00
Owen Mansel-Chan
5e2c066e8b Use package() for package paths not in the standard library 
This has the advantage that it deals with versioning. For example,
`package("a.io", "b")` matches "a.io/v2/b"
as well as "a.io/b".

At the same time I have created `packagePath()` predicates where they
seemed useful and tried to standardise them a bit.
 2021-01-14 17:11:23 +00:00
Owen Mansel-Chan
62052a8772 Merge pull request #449 from owen-mc/model-couchbase-gocb 
Model Couchbase Go library
 2021-01-14 17:00:05 +00:00
Tom Hvitved
d7ca065192 Merge pull request #4923 from hvitved/csharp/ssa/refactor 
C#: SSA refactorings
 2021-01-14 17:28:14 +01:00
Geoffrey White
15089c4117 Merge branch 'main' into modelclasses 2021-01-14 15:57:02 +00:00
Owen Mansel-Chan
a6b5e8b1db Remove distinct between package paths for v1 and v2 2021-01-14 15:48:21 +00:00
Geoffrey White
7012bc05a2 C++: Simplification. 2021-01-14 15:21:26 +00:00
Geoffrey White
54bd36def2 C++: Correct QLDoc comments. 2021-01-14 15:20:29 +00:00
Geoffrey White
13d0efe96d C++: Change to more natural expressions without use of weird predicates or 'any'. The classes for string objects now match instantiations directly rather than the template. 2021-01-14 15:02:51 +00:00
Tom Hvitved
6cf684f615 C#: Fix QL doc 2021-01-14 15:59:22 +01:00
ihsinme
805352945e Update CompilerRemovalOfCodeToClearBuffers.ql 2021-01-14 17:27:58 +03:00
ihsinme
10ab1d9b54 Update CompilerRemovalOfCodeToClearBuffers.ql 2021-01-14 17:24:49 +03:00
ihsinme
cd0d2a5692 Update cpp/ql/src/experimental/Security/CWE/CWE-14/CompilerRemovalOfCodeToClearBuffers.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-01-14 17:21:19 +03:00
ihsinme
7f5e5fcb99 Update cpp/ql/src/experimental/Security/CWE/CWE-14/CompilerRemovalOfCodeToClearBuffers.qhelp 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-01-14 17:19:57 +03:00
ihsinme
3e715ff52d Update cpp/ql/src/experimental/Security/CWE/CWE-14/CompilerRemovalOfCodeToClearBuffers.qhelp 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-01-14 17:19:23 +03:00