codeql

mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	d18fbb7f07	Python: Add working tests of AES and RC4	2021-04-22 14:51:14 +02:00
Rasmus Wriedt Larsen	cf64701bcb	Python: Move weak-crypto-algorithm tests to own folder	2021-04-22 14:51:13 +02:00
Tamas Vajk	ed42c878b0	Adjust 'fromSource' to hold only on '.cs' files	2021-04-22 14:17:16 +02:00
Tamas Vajk	b36d35bf1e	Revert "C#: Adjust 'fromSource' to hold only on files passed to the compiler as a source file" This reverts commit `1dab1590ea`.	2021-04-22 14:16:10 +02:00
haby0	407dcea751	add String type startsWith	2021-04-22 19:20:54 +08:00
haby0	1712d01b74	Merge branch 'UseOfLessTrustedSource' of https://github.com/haby0/codeql into UseOfLessTrustedSource	2021-04-22 19:02:23 +08:00
haby0	9b4442be8b	Fix some errors	2021-04-22 19:01:55 +08:00
haby0	aaef4ef22b	Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll Co-authored-by: Chris Smowton <smowton@github.com>	2021-04-22 18:52:55 +08:00
Tamás Vajk	cb28bc80b7	Merge branch 'main' into feature/java-sinks-csv	2021-04-22 11:41:18 +02:00
Tamas Vajk	7134eb9079	Improve documentation of csv sink models	2021-04-22 11:37:41 +02:00
Mathias Vorreiter Pedersen	2b8afe55e8	Merge pull request #5747 from rdmarsh2/rdmarsh2/cpp/deprecate-return-stack-allocated-object C++: deprecate cpp/return-stack-allocated-object	2021-04-22 11:37:07 +02:00
edvraa	c9c9758e01	Make similarly named files in tests and qhelp in sync	2021-04-22 12:23:46 +03:00
Tamas Vajk	1caa5c4780	Adjust hostname verifier sink identifier name	2021-04-22 11:22:18 +02:00
Tamas Vajk	6c78a247f2	Revert erroneous refactoring in header splitting sink base class	2021-04-22 11:20:39 +02:00
Tamas Vajk	9b1c54e81b	Add argument indices to HTTP header splitting sinks	2021-04-22 11:17:25 +02:00
Tamas Vajk	180904e9f6	Revert "Java: Convert Google HTTP client API parseAs sink to CSV format" This reverts commit `3e53484bb3`.	2021-04-22 11:14:51 +02:00
Owen Mansel-Chan	fea9f5f431	Merge pull request #5746 from owen-mc/java/refactor-exec-tainted Make ExecTainted easier to extend	2021-04-22 10:14:28 +01:00
Tamas Vajk	a8a920c8f0	Add change note	2021-04-22 11:01:12 +02:00
Owen Mansel-Chan	8a01799fb8	Make imports private Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-04-22 09:46:49 +01:00
Rasmus Lerchedahl Petersen	b724e51cab	Python: Improvements from review suggestions	2021-04-22 10:40:42 +02:00
Owen Mansel-Chan	4b8d4f5bbd	Update docs	2021-04-22 09:30:50 +01:00
Owen Mansel-Chan	e448dcb725	Avoid bad join order We want to avoid joining on `i` first.	2021-04-22 09:30:49 +01:00
Owen Mansel-Chan	9f1704560b	Include constructors in abstract class	2021-04-22 09:30:48 +01:00
Tamas Vajk	1dab1590ea	C#: Adjust 'fromSource' to hold only on files passed to the compiler as a source file	2021-04-22 10:21:28 +02:00
Tamas Vajk	1a708affbf	Include compilation errors in diagnostic check	2021-04-22 10:08:33 +02:00
Asger Feldthaus	d2646ea4ad	JS: More consistent section capitalization	2021-04-22 09:06:44 +01:00
Asger Feldthaus	0dceabe704	JS: Reference specific section of cheat sheet	2021-04-22 09:06:09 +01:00
Tamas Vajk	64354bbfaa	Fix test results after rebase	2021-04-22 09:23:59 +02:00
Tamas Vajk	ff9327a035	Add diagnostic query to get correctly extracted files	2021-04-22 09:21:46 +02:00
Tamas Vajk	b05e211e21	Fix failing test	2021-04-22 09:21:45 +02:00
Tamas Vajk	353d43a039	Log model errors even in standalone extraction	2021-04-22 09:13:06 +02:00
Tamas Vajk	5149ffdd16	C#: Add extraction error diagnostic query	2021-04-22 09:13:06 +02:00
edvraa	ade238307f	Add a test	2021-04-22 10:02:06 +03:00
Tamás Vajk	9c936867fa	Exclude code from XML files Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>	2021-04-22 09:00:31 +02:00
Tamás Vajk	a7cc9f98ef	Merge pull request #5745 from tamasvajk/feature/fix-arg-default C#: Fix special case of default argument value extraction	2021-04-22 08:58:13 +02:00
edvraa	86444bfa09	Use set literal expression	2021-04-22 09:48:46 +03:00
edvraa	9774b24c4e	Use TypeString	2021-04-22 09:44:07 +03:00
Sauyon Lee	b808c187cf	Add test with curly braces in filename	2021-04-21 21:14:41 -07:00
Sauyon Lee	f15b65d07e	Extract dummy files for errors with no location	2021-04-21 21:14:40 -07:00
Sauyon Lee	488f7f5b9b	Use pre-transformed path for extractor fileinfo	2021-04-21 21:14:40 -07:00
Chris Smowton	90c4b5d63f	Switch to using HTML entities for escaping	2021-04-21 21:14:39 -07:00
Chris Smowton	06c958e61f	Extractor: tolerate curly braces in struct field tags, directory names These previously produced malformed TRAP. I have checked the other uses of GlobalID and don't see any others that should require escaping.	2021-04-21 21:14:39 -07:00
haby0	454324781d	delete IfStmt	2021-04-22 11:59:33 +08:00
Robert Marsh	cac1bef6ea	C++: deprecate cpp/return-stack-allocated-object	2021-04-21 15:17:31 -07:00
Asger Feldthaus	fe8deeaf6b	JS: Autoformat	2021-04-21 23:13:57 +01:00
Dave Bartolomeo	383210096c	C++: Isolate models from AST dataflow's reference/object conflation `DataFlowFunction` models treat references a pointers - an explicit level of indirection. The AST dataflow library generally treats references as if they were the referred-to object. This commit removes a workaround in the dataflow model for unary `operator*` on smart pointers, and makes the AST dataflow library adjust the results of querying the model so that a returned reference only gets flow that was modeled as going to the dereference of the return value. This fixes some missing flow in IR dataflow, and recovers some (presumably) missing reverse taint flow in AST taint tracking as well.	2021-04-21 18:09:44 -04:00
Asger Feldthaus	e98bfe921e	JS: QLDoc	2021-04-21 22:14:50 +01:00
Asger Feldthaus	bb7934b381	JS: Change note	2021-04-21 21:20:12 +01:00
Asger Feldthaus	c113cfd8b7	JS: Autoformat	2021-04-21 21:13:07 +01:00
edvraa	57689df5aa	Remove DataFlow::Node	2021-04-21 19:29:30 +03:00

... 328 329 330 331 332 ...

41418 Commits