hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 10:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
85ecacd858 make helper predicates private 2021-04-21 10:50:00 +01:00
Alex Ford
9d117d10b8 drop MetricFile class 2021-04-21 10:45:42 +01:00
Alex Ford
c6b6a83501 extend FLines* tests 2021-04-21 10:42:53 +01:00
Rasmus Wriedt Larsen
08e86fdfe5 JS: Make CredentialsFunctionName use nameIndicatesSensitiveData 
Someone from JS team needs to verify that this is actually OK.
 2021-04-21 11:38:52 +02:00
Rasmus Wriedt Larsen
e977d6eb75 JS: Rewrite to use notSensitiveRegexp 2021-04-21 11:36:39 +02:00
Rasmus Wriedt Larsen
b9a1a1fd5c JS: Rewrite to use nameIndicatesSensitiveData 
I added this predicate mostly because it was nice with an easy shortcut for it,
but also since I spotted the `CredentialsFunctionName` not checking agaisnt the
regexps in `notSensitive`, which looked suspicious. So the main goal of adding
`nameIndicatesSensitiveData` is that you don't accidentially forget to ensure
that the name doesn't match against `notSensitve`.
 2021-04-21 11:36:38 +02:00
Rasmus Wriedt Larsen
b6f8e5057b JS: Rewrite to use SensitiveDataClassification::password (and like) 2021-04-21 11:36:17 +02:00
Alex Ford
a1c91e28da move FLines* tests to a common directory 2021-04-21 10:34:58 +01:00
Rasmus Wriedt Larsen
94fec5f8b7 JS: Rewrite to use SensitiveDataClassification 2021-04-21 11:34:02 +02:00
Rasmus Wriedt Larsen
0d08718f08 JS: Adapt SensitiveActions to use shared lib 
Although there are warnings for the new deprecated classes/predicates, the test
in javascript/ql/test/library-tests/SensitiveActions/ passes 👍
 2021-04-21 11:34:01 +02:00
Rasmus Wriedt Larsen
775ed41592 Python: Update SensitiveDataHeuristics with newer JS version 
which also prompted me to rewrite the QLDoc for `nameIndicatesSensitiveData`
 2021-04-21 11:34:01 +02:00
Rasmus Wriedt Larsen
16b62486e9 Python: Extract SensitiveDataHeuristics to be shared with JS 
Initially I had called `nameIndicatesSensitiveData` for `maybeSensitiveName`,
which made the relationship with `maybeSensitive` and `notSensitive` quite
strange -- and therefore I added the more informative `maybeSensitiveRegexp` and
`notSensitiveRegexp`.

Although I'm no longer using `maybeSensitiveName`, and I no longer have a strong
argument for making this name change, I still like it. If someone thinks this is
a terrible idea, I'm happy to change it though 👍
 2021-04-21 11:31:28 +02:00
Alex Ford
fcd46025fe update metadata for FLines* queries 2021-04-21 10:28:20 +01:00
Arthur Baars
abb37e212a Merge pull request #165 from github/aibaars/methods 
Implement method lookup
 2021-04-21 11:24:20 +02:00
Arthur Baars
549e5ab9d6 Revert "Rename Method -> MethodDeclaration" 
This reverts commit d361ef37af.
 2021-04-21 10:50:47 +02:00
Arthur Baars
1245674df8 Add missing @id properties 2021-04-21 10:50:47 +02:00
Tamas Vajk
2a6f979ce6 C# Add line of code metric query 2021-04-21 10:42:06 +02:00
Anders Schack-Mulligen
9362ae0687 Merge pull request #5422 from tamasvajk/feature/sink-migration-ldap 
Java: Migrate LDAP injection sinks to CSV format
 2021-04-21 10:05:28 +02:00
Rasmus Wriedt Larsen
63a2657aef Merge branch 'main' into inline-taint-tests 2021-04-21 10:02:55 +02:00
Tom Hvitved
7080b256fb Merge pull request #5715 from hvitved/csharp/ssa/perf-tweaks 
C#: A few minor SSA performance tweaks
 2021-04-21 09:59:12 +02:00
Tom Hvitved
def62e8c22 Merge pull request #5718 from hvitved/csharp/hardcoded-cred-remove-cp 
C#: Remove CP from `HardcodedCredentials::getCredentialSink`
 2021-04-21 09:58:56 +02:00
Tom Hvitved
1ed11b297b Merge pull request #5725 from hvitved/csharp/dataflow/performance 
C#: Various data-flow performance tweaks
 2021-04-21 09:46:15 +02:00
haby0
84f00c21df update IfConditionSink. 2021-04-21 15:38:41 +08:00
Sauyon Lee
7efbcec50d Add change note 2021-04-20 23:27:03 -07:00
Sauyon Lee
50bb6187b8 Revert ReflectedXss.go to example 2021-04-20 23:27:03 -07:00
Dave Bartolomeo
1d0cb0407d Merge from main 2021-04-20 23:37:04 -04:00
Dave Bartolomeo
b9da6ce04a C++: Prepare for merge of smart pointer models 2021-04-20 23:12:05 -04:00
Dave Bartolomeo
a447b049fc C++: Impoved alias analysis of smart pointers 2021-04-20 19:42:06 -04:00
Dave Bartolomeo
63fe4fb317 C++: More general model for pointer flow 2021-04-20 19:41:15 -04:00
Dave Bartolomeo
078d2522d2 C++: Add missing shared_ptr<T> members 2021-04-20 19:40:36 -04:00
Dave Bartolomeo
45968efd28 C++: Add shared test headers to emulate standard library types 2021-04-20 18:21:50 -04:00
intrigus
231b07795c Java: Ignore results in test directories. 2021-04-20 23:25:13 +02:00
Sauyon Lee
d1daca541e Add types for more tuple extractions 
Specifically, extractions where the RHS is a map element read or a channel receive
will now have types.
 2021-04-20 14:23:31 -07:00
Sauyon Lee
ba2da6d9a9 Add test exercising channel data flow 2021-04-20 14:23:31 -07:00
Chris Smowton
0cef5fb5d0 Add test case for map extraction 2021-04-20 14:23:29 -07:00
intrigus
fcaf5e7657 Java: Plural type name -> singular type name. 2021-04-20 23:09:44 +02:00
intrigus
3acec94773 Java: Fix typos. 2021-04-20 23:04:06 +02:00
intrigus
149c4491ce Java: Simplify qldoc. 2021-04-20 23:03:10 +02:00
intrigus
9e4fa90f6e Java: Refer to Java types in qldoc instead of ql types. 2021-04-20 23:02:18 +02:00
intrigus
26502881d7 Java: Consistently use this in charpred. 2021-04-20 22:56:58 +02:00
yoff
0c4181178d Update python/ql/src/semmle/python/frameworks/Stdlib.qll 
Co-authored-by: Taus <tausbn@github.com>
 2021-04-20 22:15:09 +02:00
yoff
ef0ea247c4 Merge pull request #5679 from tausbn/python-fix-bad-points-to-joins 
Python: Fix bad points-to joins
 2021-04-20 21:19:32 +02:00
Asger Feldthaus
02707f0777 JS: informational -> info 2021-04-20 19:51:16 +01:00
Dave Bartolomeo
5085e462b0 C++: Allow alias propagation to/from side effects (part 1) 2021-04-20 14:09:41 -04:00
Dave Bartolomeo
01a95316c2 C++: Add Instruction::getAParameterSideEffect(). 2021-04-20 14:03:48 -04:00
Rasmus Lerchedahl Petersen
6408ee2eaf Python: Fix bad join 2021-04-20 20:03:06 +02:00
Tom Hvitved
3eba5b0aac Merge pull request #5676 from hvitved/csharp/dispatch/get-a-viable-overrider-perf 
C#: Speedup `DispatchMethodOrAccessorCall::getAViableOverrider()`
 2021-04-20 19:57:59 +02:00
Erik Krogh Kristensen
357e1c0802 Update javascript/ql/src/semmle/javascript/frameworks/Markdown.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-04-20 19:57:47 +02:00
yo-h
00137f2905 Merge pull request #5721 from github/yo-h/java-diagnostic-queries 
Java: add extractor `diagnostic` queries
 2021-04-20 13:36:49 -04:00
Shati Patel
98a0959784 Docs: New "directional binding" pragmas 2021-04-20 18:12:35 +01:00