hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 01:01:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
f2676968f0 C++: Actally convert 'cpp/overflow-destination' to a path-problem query. 2022-03-09 13:49:52 +00:00
Michael Nebel
fbe8f75903 Merge pull request #8038 from michaelnebel/csharp/gvn-cfecomparison 
C#: Refactor Structural Comparison for Control Flow Elements.
 2022-03-09 13:36:42 +01:00
Tom Hvitved
aa1284aa03 Ruby: Cache two more data flow predicates 2022-03-09 13:17:14 +01:00
Tom Hvitved
1e1b2e284d Ruby: Cleanup flow through self 2022-03-09 13:17:11 +01:00
Mathias Vorreiter Pedersen
8a8fb692a3 C++: Use a 'TaintTracking::Configuration' for 'cpp/uncontrolled-allocation-size'. 2022-03-09 12:09:32 +00:00
Mathias Vorreiter Pedersen
2328898b19 C++: Use a 'TaintTracking::Configuration' for 'cpp/unclear-array-index-validation'. 2022-03-09 12:09:27 +00:00
Mathias Vorreiter Pedersen
d7652f9742 C++: Use a 'TaintTracking::Configuration' for 'cpp/overflow-destination'. 2022-03-09 12:07:25 +00:00
Michael Nebel
d0cb984f9e Merge pull request #6 from hvitved/csharp/gvn-cfecomparison 
C#: Code review suggestions
 2022-03-09 12:11:23 +01:00
Arthur Baars
747c7f6b5e JS/Ruby: share implementation of IncompleteUrlSubstringSanitization query 2022-03-09 12:11:14 +01:00
Erik Krogh Kristensen
fb011c3529 QL: identify when a field not used in all disjuncts in a char-pred 2022-03-09 11:46:16 +01:00
Erik Krogh Kristensen
cebd24156c support that the base is not a method-call in getAChainedMethodCall 2022-03-09 11:12:04 +01:00
Rasmus Wriedt Larsen
0e9da4aadb Python: Resolve name conflict over XML module 
Not the prettiest solution... but it works ¯\_(ツ)_/¯
 2022-03-09 11:02:28 +01:00
Tom Hvitved
c51ddd0d35 C#: Code review suggestions 2022-03-09 10:50:53 +01:00
Tom Hvitved
275902d558 Merge pull request #8373 from hvitved/ruby/regex-multiples-parse-fix 
Ruby: Fix incorrect parsing of ranges
 2022-03-09 10:30:01 +01:00
Tom Hvitved
7f0fa15fbc Address review comment 2022-03-09 09:19:37 +01:00
Tom Hvitved
e4247e4ef6 C#: Add change note 2022-03-09 09:19:37 +01:00
Tom Hvitved
c463dc9d1a C#: Remove legacy odasa support 
The following environment variables are no longer supported:

```
ODASA_BUILD_ERROR_DIR
ODASA_CSHARP_LAYOUT
ODASA_SNAPSHOT
SEMMLE_DIST
SEMMLE_EXTRACTOR_OPTIONS
SEMMLE_PLATFORM_TOOLS
SEMMLE_PRESERVE_SYMLINKS
SOURCE_ARCHIVE
TRAP_FOLDER
```
 2022-03-09 09:19:37 +01:00
Owen Mansel-Chan
807ef2e5ef Merge pull request #700 from smowton/smowton/fix/filepath-clean 
Treat path.Clean and filepath.Clean alike re: tainted path sanitization
 2022-03-09 06:18:26 +00:00
Dave Bartolomeo
ec3e643120 Remove direct dependencies on import java 2022-03-09 00:06:17 -05:00
jorgectf
447636bf1c Attempt to add MyBatis' sinks and taint steps to SQL and OGNL injection queries 2022-03-09 04:21:26 +01:00
jorgectf
e000163614 Properly model AbstractSQL sinks and taint steps 2022-03-09 04:20:34 +01:00
Ahmed Farid
475cca0d7e Update ZipSlip.qll 2022-03-09 00:00:52 +01:00
Ahmed Farid
27b9d6c752 Update ZipSlip.qll 2022-03-08 23:59:03 +01:00
Ahmed Farid
23bd53a325 Update zipslip_good.py 2022-03-08 23:55:17 +01:00
Dave Bartolomeo
09a5fded1c Clean up SemanticCFG 2022-03-08 17:36:13 -05:00
Dave Bartolomeo
04fae43734 Minimize language-specific code for sign analysis 2022-03-08 17:13:06 -05:00
Tom Hvitved
f5fbf50d7d Ruby: Fix incorrect parsing of ranges 2022-03-08 19:53:17 +01:00
Tom Hvitved
89c3d0535a Ruby: Add regex test that outputs all RegExpTerms 2022-03-08 19:53:17 +01:00
Tom Hvitved
073302f196 Ruby: Add another regex consistency test 2022-03-08 19:53:17 +01:00
Tom Hvitved
a70ed71c01 Merge pull request #8370 from hvitved/ruby/regex-group-name-off-by-one 
Ruby: Fix off-by-one error in `getGroupName`
 2022-03-08 19:52:32 +01:00
jorgectf
3f43e6ef54 Fix FlaskMail's getTo 2022-03-08 18:45:53 +01:00
jorgectf
bbba1a21c4 Explicitly call this in SendGridMail 2022-03-08 18:40:20 +01:00
jorgectf
930fbf777c Move getFlaskMailArgument inside FlaskMail and refactor 2022-03-08 18:38:32 +01:00
jorgectf
6b04344655 Refactor sendgridContent and sendgridWrite 
Move the predicates inside `SendGridMail`.
See https://github.com/github/codeql/pull/7127#discussion_r821574462
 2022-03-08 18:26:20 +01:00
jorgectf
6722671541 Refactor sendgridApiClient and sendgridApiSendCall 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-08 18:24:38 +01:00
Chris Smowton
e8084233b8 Treat path.Clean and filepath.Clean alike re: tainted path sanitization 2022-03-08 16:42:59 +00:00
Geoffrey White
9ebdb2ac1d C++: QLDoc. 2022-03-08 16:12:58 +00:00
Tom Hvitved
5f48cc06bb Ruby: Fix off-by-one error in getGroupName 2022-03-08 15:59:47 +01:00
Tom Hvitved
6dd126b6e3 Ruby: Add regex group tests 2022-03-08 15:59:28 +01:00
Mathias Vorreiter Pedersen
d8bad778ed C++: Fix QLDoc 2022-03-08 14:38:39 +00:00
Tom Hvitved
86121164c5 Merge pull request #8364 from hvitved/ruby/fix-regex-parse 
Ruby: Fix regex parsing of `/[|]/`
 2022-03-08 15:26:29 +01:00
Taus
063a8bbc43 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-08 15:20:35 +01:00
Michael Nebel
ec75bbc748 Merge pull request #8203 from michaelnebel/csharp/extractor-option-buildless 
C#: Refactoring - Move some of the standalone extractor code to the Standalone project.
 2022-03-08 14:32:59 +01:00
Mathias Vorreiter Pedersen
69417e150a C++: Address review comments. 2022-03-08 13:15:02 +00:00
Mathias Vorreiter Pedersen
1bf430529b Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-08 13:07:17 +00:00
Mathias Vorreiter Pedersen
edf629f5aa Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-08 13:07:09 +00:00
Mathias Vorreiter Pedersen
bfa0714577 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-08 13:06:53 +00:00
Mathias Vorreiter Pedersen
9e7b0925c6 Merge pull request #8366 from jketema/code-duplication-deprecated 
C++: Mark everything in CodeDuplication.qll as deprecated
 2022-03-08 12:47:50 +00:00
Jeroen Ketema
3877598c12 C++: Remove cpp/duplicated-lines-in-files which was deprecated over a year ago 2022-03-08 12:58:19 +01:00
Mathias Vorreiter Pedersen
7106fe35aa C++: Accept test changes. This is just a change in the names of the path nodes. These names are actually better as they don't refer to the name of IR instructions. 2022-03-08 11:40:56 +00:00