hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Marsh
f94fcf11cd C++: accept dataflow test changes 2022-04-19 13:32:19 -04:00
Felicity Chapman
b10e7300ae Update docs/codeql/ql-language-reference/formulas.rst 2022-04-19 17:29:31 +01:00
Nick Rolfe
c02670aca2 Ruby: make PostUpdateNode public 2022-04-19 17:12:51 +01:00
Felicity Chapman
d663102ffb Update docs/codeql/ql-language-reference/formulas.rst 2022-04-19 16:57:05 +01:00
luchua-bc
f0c4b1955b Change getResource() to be a taint step 2022-04-19 15:55:09 +00:00
Felicity Chapman
6fbe227cbc Try to fix Sphinx warning in formulas.rst 2022-04-19 16:36:42 +01:00
Stephan Brandauer
2fb3147b7b Merge pull request #8430 from kaeluka/js/CVE-2022-24718 
JS: Add taint step for handlebars model
 2022-04-19 15:57:58 +01:00
Michael Nebel
91324d40b5 Merge pull request #8659 from michaelnebel/csharp/capturemodelsmetadata 
C#: Add kind tag to Capture model queries.
 2022-04-19 16:39:03 +02:00
Anders Schack-Mulligen
48fbbf2531 Dataflow: Add change notes. 2022-04-19 15:29:35 +02:00
Anders Schack-Mulligen
b521d64156 Dataflow: Sync. 2022-04-19 15:29:35 +02:00
Anders Schack-Mulligen
4ae59b530b Dataflow: Revert flow-state versions of in-/out-barriers. 2022-04-19 15:29:34 +02:00
Nick Rolfe
08f6fbbe10 Ruby: make comment about backslash escaping clearer 2022-04-19 14:05:17 +01:00
Porcupiney Hairs
85c751cb7f CPP: PAM Authorization Bypass 
This PR is similar to my other PRs for
[Python](https://github.com/github/codeql/pull/8595) and
[Golang](https://github.com/github/codeql-go/pull/709).

This PR aims to detect instances were an initiated PAM Transaction invokes the `pam_authenticate` method but does not invoke a call to the pam_acct_mgmt` method. This is bad as a call to `pam_authenticate` only verifies the users credentials. It does not check if the user account is still is a valid state.

If only a call to `pam_authenticate` is used to verify the user, a user with an expired account password would still be able to login. This can be prevented by calling the `pam_acct_mgmt` function after a `pam_authenticate` function.
 2022-04-19 18:24:19 +05:30
Geoffrey White
3326fd5400 C++: Update test .expected. 2022-04-19 13:43:17 +01:00
Geoffrey White
5698638d1f Apply suggestions from code review (documentation) 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-04-19 13:38:00 +01:00
Erik Krogh Kristensen
8669bbd948 update expected output of rate-limit query after test reorg 2022-04-19 14:27:24 +02:00
Nick Rolfe
76c6a521fd Ruby: add clarifying comment 2022-04-19 13:10:57 +01:00
Anders Schack-Mulligen
82463c9290 Merge pull request #8774 from MathiasVP/nomagic-revPartialPathStep 
Add `nomagic` to `revPartialPathStep`
 2022-04-19 14:02:04 +02:00
Michael Nebel
c79c9dd573 C#: Don't generate models for any higher order callables. 2022-04-19 12:50:51 +02:00
Michael Nebel
8726766465 C#: Remove the API special case for GetHashCode, Equals and IEquatable.Equals as these are now excluded based on their type. 2022-04-19 12:50:51 +02:00
Michael Nebel
f6fd401df1 C#: Add some testcases, where we don't get a summary due to the use of simple types. 2022-04-19 12:50:51 +02:00
Michael Nebel
f9e5c6b77d C#: Don't use simple types in summaries test cases as these will be excluded in generation purely based on the type. 2022-04-19 12:50:51 +02:00
Michael Nebel
f533636ad7 C#: Remove taint when it flows via a primitive/simple type (as is the case for java). 2022-04-19 12:50:51 +02:00
Nick Rolfe
76587c4144 Ruby: fix capitalisation of String in qhelp 2022-04-19 11:42:31 +01:00
Nick Rolfe
468c718da0 Ruby: simplify predicate 2022-04-19 11:32:26 +01:00
Nick Rolfe
ac805f0cdc Ruby: simplify predicate by using DataFlow::CallNode 2022-04-19 11:27:33 +01:00
Nick Rolfe
ca4dc0583d Ruby: fix comment typos 2022-04-19 11:15:34 +01:00
Geoffrey White
6e184f2438 C++: Rename variables 'a' and 'b'. 2022-04-19 10:57:42 +01:00
Nick Rolfe
14de91ce94 Ruby: make StringSubstitutionCal extend DataFlow::CallNode 2022-04-19 10:52:14 +01:00
Mathias Vorreiter Pedersen
a7c0113bc7 Merge pull request #8741 from geoffw0/autogen 
C++: Fix issue with extremely long comments in AutogeneratedFile.qll
 2022-04-19 10:45:16 +01:00
Geoffrey White
da38c9041c C++: Improvements from PR comments. 2022-04-19 10:25:00 +01:00
Geoffrey White
50c7e47dd9 C++: Improve QLDoc. 2022-04-19 10:15:12 +01:00
Erik Krogh Kristensen
6799232009 fix typo in qldoc 2022-04-19 11:09:27 +02:00
Geoffrey White
da454128ed Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-04-19 10:08:07 +01:00
Geoffrey White
0aa1945f30 C++: Comments. 2022-04-19 10:04:15 +01:00
Mathias Vorreiter Pedersen
91b413d59f Dataflow: Sync identical files. 2022-04-19 09:57:21 +01:00
Erik Krogh Kristensen
4b6d8e6865 add missing qldoc 2022-04-19 10:56:58 +02:00
Mathias Vorreiter Pedersen
d5722ffa61 C++: Add 'nomagic' to 'revPartialPathStep'. 2022-04-19 09:56:41 +01:00
Erik Krogh Kristensen
8e5a7bcd76 add change-note 2022-04-19 10:53:48 +02:00
Erik Krogh Kristensen
e0b5197d3c a slight refactor 2022-04-18 22:21:41 +02:00
Erik Krogh Kristensen
7f592a6c64 merge Clipboard.qll and DragAndDrop.qll, and support InputEvent 2022-04-18 22:17:31 +02:00
Robert Marsh
cae08c505f Merge branch 'main' into rdmarsh2/ir-global-vars 2022-04-18 15:25:03 -04:00
Robert Marsh
b5c8413f5c Merge branch 'main' into rdmarsh2/ir-global-vars 2022-04-18 15:19:25 -04:00
Chuan-kai Lin
b433f08cef Merge pull request #8770 from cklin/csharp-downgrades-remove-version 
C#: remove version from downgrades pack
 2022-04-18 09:41:21 -07:00
Chuan-kai Lin
8e850ee564 C#: remove version from downgrades pack 2022-04-18 08:46:05 -07:00
Chad Bentz
990b7a29e8 Docs - Supported Queries - Fixing broken link 
update link target
 2022-04-18 10:30:24 -04:00
Marcono1234
6a48ba955c Clarify that min, max and rank may have multiple results 2022-04-16 19:12:25 +02:00
Marcono1234
8fdfe5426f Clarify min, max and rank documentation regarding expression type 2022-04-16 18:53:07 +02:00
jorgectf
9e1b98e5a4 Detach MyBatisAbstractSqlMethodsStep from MyBatisAbstractSql 2022-04-15 13:08:04 +02:00
Jean Helie
f1f00ccac5 ML: add .gitkeep to resources dir in which ML models are to be found 2022-04-15 12:19:06 +02:00