hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 12:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,697 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cornelius Riemenschneider
3afe934a05 C++: Model bsl functions in Swap.qll. 2021-02-15 15:40:17 +00:00
Cornelius Riemenschneider
28d5ef919c Merge pull request #5158 from geoffw0/modelsbsl3 
C++: StdString BSL support
 2021-02-15 16:32:30 +01:00
Jonathan Leitschuh
73fba3a3c0 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-02-15 10:01:03 -05:00
Tamas Vajk
f878453f14 Fix performance issue with RecordCloneCallable 2021-02-15 15:49:06 +01:00
Chris Smowton
95008d1ccb Update change-notes/2021-02-09-html-templates.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-02-15 14:39:24 +00:00
luchua-bc
a03e6faf37 Optimize the query and update qldoc 2021-02-15 14:10:17 +00:00
Chris Smowton
6f5f1c4829 Add missing change notes 2021-02-15 14:07:10 +00:00
Anders Schack-Mulligen
8f5fe14e52 Merge pull request #5170 from pwntester/ArrayUtils_changeNote 
add change note for new ArrayUtils support
 2021-02-15 15:00:15 +01:00
Arthur Baars
90f59de589 Merge pull request #130 from github/aibaars/ast-5 
AST: add ElementReference as call
 2021-02-15 14:59:34 +01:00
Arthur Baars
ad6c916f01 Merge pull request #129 from github/aibaars/ast-4 
AST: rescue modifier
 2021-02-15 14:59:22 +01:00
Arthur Baars
c6c39ad04d Merge pull request #128 from github/aibaars/ast-3 
AST: undef and alias
 2021-02-15 14:59:12 +01:00
Alvaro Muñoz
3d3f4ba797 add change note 2021-02-15 14:53:16 +01:00
Owen Mansel-Chan
46cc9e9fa4 Add change note 2021-02-15 13:51:01 +00:00
Alvaro Muñoz
923e1c5e9b add change note for new ArrayUtils support 2021-02-15 14:41:18 +01:00
Rasmus Wriedt Larsen
1961ec6e8d Merge pull request #5159 from tausbn/python-unknown-argument-in-format-string-fp 
Python: Add FP test for unknown argument in string format
 2021-02-15 14:39:10 +01:00
Rasmus Wriedt Larsen
69e081e897 Python: Apply code-review suggestion 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-02-15 14:38:20 +01:00
Taus
2ca12aa612 Update python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-02-15 14:21:12 +01:00
Arthur Baars
5b8c74eb5b AST: add SingletonMethod::getObject 2021-02-15 13:53:50 +01:00
Taus Brock-Nannestad
27c479a8ba Python: Limit RequestInputAccess to immediate uses 
This fixes some spurious results that occurred when we considered
_any_ use of `request.something` to be a source, even ones we had
tracked into other functions. To prevent this, using
`getAnImmediateUse` better captures the fact that we want the source
to be just the actual attribute access.
 2021-02-15 13:51:29 +01:00
Arthur Baars
e3f54411d8 AST: add ElementReference 2021-02-15 13:51:16 +01:00
Anders Schack-Mulligen
b9a479dd31 Merge pull request #5134 from pwntester/ArrayUtils 
Add support for Apache Commons Lang ArrayUtils
 2021-02-15 13:50:01 +01:00
Mathias Vorreiter Pedersen
1c91d3dbe0 Merge pull request #5168 from MathiasVP/model-bsd-sockets-part-2 
C++: Model vector versions of BSD-style reads and writes.
 2021-02-15 13:39:08 +01:00
Cornelius Riemenschneider
c9af97b742 C++: Model bsl functions in Pure.qll. 2021-02-15 12:31:16 +00:00
CodeQL CI
b5143dbdb4 Merge pull request #5117 from erik-krogh/parseForm 
Approved by asgerf
 2021-02-15 04:30:59 -08:00
Cornelius Riemenschneider
79e3bf80c3 C++: Simplify code. 2021-02-15 12:13:25 +00:00
Cornelius Riemenschneider
da38377e36 C++: Simplify code. 2021-02-15 12:12:29 +00:00
Arthur Baars
d69a1731f9 Fix QL doc 2021-02-15 12:53:13 +01:00
Arthur Baars
ddea74265d AST: rescue modifier 2021-02-15 12:50:00 +01:00
Owen Mansel-Chan
a2c0b6ade6 Merge pull request #464 from owen-mc/list-constants-sanitizers 
List of constants sanitizer guards (switch statement in function only)
 2021-02-15 11:39:40 +00:00
Cornelius Riemenschneider
2a3d20d9a9 C++: Refactor Memset.qll and include bsl model. 2021-02-15 12:36:18 +01:00
Erik Krogh Kristensen
74ce7369f8 Update javascript/change-notes/2021-02-09-form-parsers.md 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-15 12:35:16 +01:00
Owen Mansel-Chan
6d29a35ac9 Factor the duplicate code in LogCall 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-15 11:20:19 +00:00
Cornelius Riemenschneider
a9071a62a0 C++: Refactor Memcpy.qll and include bsl model. 2021-02-15 12:15:17 +01:00
Mathias Vorreiter Pedersen
0f9b044814 C++: Model vector versions of BSD-style reads and writes. 2021-02-15 12:04:51 +01:00
Erik Krogh Kristensen
e5db0ef16b remove the RequestExpr requirement from FormParsers.qll, and use API graphs. 2021-02-15 11:58:26 +01:00
Cornelius Riemenschneider
f79b3144e3 C++: Refactor IdentityFunction.qll. 2021-02-15 11:31:31 +01:00
CodeQL CI
9b8d94d76e Merge pull request #5148 from erik-krogh/apollo 
Approved by esbena
 2021-02-15 02:23:52 -08:00
Alvaro Muñoz
00a0b12dad update expected results 2021-02-15 11:23:40 +01:00
Owen Mansel-Chan
68c54d43e6 Move code to TaintTrackingUtil.qll 2021-02-15 10:18:00 +00:00
Alvaro Muñoz
812884341b Merge branch 'ArrayUtils' of github.com:pwntester/codeql-1 into ArrayUtils 2021-02-15 10:59:49 +01:00
Alvaro Muñoz
504d119749 adjust max parameter number 2021-02-15 10:58:17 +01:00
Rasmus Wriedt Larsen
745148474a Python: Model get_redirect_url in django 2021-02-15 10:55:52 +01:00
Rasmus Wriedt Larsen
6934d5e642 Python: Add django test of RedirectView subclass 2021-02-15 10:55:51 +01:00
Rasmus Wriedt Larsen
79855157b3 Python: Move django response test to django v2/v3 
That's really the django version I care about :P
 2021-02-15 10:55:50 +01:00
Arthur Baars
9cb58be5cf AST: avoid multivalued results for MethodName::getValueText 2021-02-15 10:39:21 +01:00
Alvaro Muñoz
c7072aef16 update A.java test 2021-02-15 10:34:20 +01:00
Jonas Jensen
f0ce524c0d Merge pull request #5147 from MathiasVP/model-bsd-sockets-part-1 
C++: Add models for BSD-style send and recv functions
 2021-02-15 10:34:11 +01:00
Owen Mansel-Chan
ef94cde0b3 Simplify Logrus model 
Make methods which add data to entries sinks in their own right, rather
than trying to track the data flow of the entry to a later logging call.

This may cause some false positives, but only in the situation that
tainted data is added to an entry and that entry is never logged. It will
save us from false negatives when tainted data is added to an entry
which flows across a function boundary to a logging call.
 2021-02-15 09:18:34 +00:00
Tamas Vajk
2de7fbe062 Fix build after rebase 2021-02-15 10:18:12 +01:00
Tamas Vajk
6cc858b9ef Move AstLineCounter to top level class 2021-02-15 10:17:08 +01:00