hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 22:03:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,699 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
004ff38e22 Python: Add separate RequestHandler concept 
Since I really want to use our existing infrastructure to model that we can
recognize something as a request handler without it having a route, we need this
as a separate concept. All tests have been adjusted.

The early modeling was based on flask, where all request-handling is based on
handling requests from a specific route. But with the standard library handling
and handlers without routes, the naming had to change.
 2020-12-21 17:31:58 +01:00
Mathias Vorreiter Pedersen
f4f96fe257 C++: Use isSource in queries. These were the only queries that restrict the source after dataflow terminates. 2020-12-21 16:35:35 +01:00
Mathias Vorreiter Pedersen
0e84c638b6 C++: Add isSource to AdjustedConfiguration 2020-12-21 16:34:22 +01:00
Rasmus Wriedt Larsen
a9bbe1d087 Python: Test Django un-routed class-based route handler 2020-12-21 16:01:23 +01:00
Erik Krogh Kristensen
876ba7ef2d add typeof sanitizer to js/shell-command-constructed-from-input 2020-12-21 14:16:55 +01:00
Tom Hvitved
0c78fb2933 Merge pull request #4855 from madneal/fix-for-csharp-docs 
Fix for csharp docs
 2020-12-21 14:11:36 +01:00
Erik Krogh Kristensen
4ef569fbbe recognize more exported functions in js/shell-command-constructed-from-input 2020-12-21 13:50:22 +01:00
Shati Patel
0a0137bb5e Merge pull request #4859 from github/shati-patel-patch-1 
Fix typo in docs title
 2020-12-21 12:07:32 +00:00
Erik Krogh Kristensen
e3ec67d5e3 avoid materializing isFeasibleTuple 2020-12-21 12:53:41 +01:00
Jonas Jensen
4308381057 Merge pull request #4846 from MathiasVP/default-taint-tracking-operand-instruction-interleaving 
C++: Instruction -> Operand interleaving for DefaultTaintTracking
 2020-12-21 12:44:06 +01:00
Shati Patel
66b85f1e5e Fix typo 2020-12-21 11:29:02 +00:00
Arthur Baars
c35283cefb Merge pull request #77 from github/aibaars/global-variables 
Add global variables
 2020-12-21 12:15:31 +01:00
Arthur Baars
f0ddeaa9f2 Merge pull request #81 from github/aibaars/revert-dup-code 
Update ruby.dbscheme.stats
 2020-12-21 12:15:10 +01:00
Neal Caffery
ee0257836f removed, as it fixed by #4848 2020-12-21 19:05:37 +08:00
Erik Krogh Kristensen
cbad705029 general performance improvements in the ReDoS utility library 2020-12-21 11:49:21 +01:00
Arthur Baars
ad1782b620 Address comments 2020-12-21 11:01:46 +01:00
Arthur Baars
8469bd3688 Uncomment getAPrimaryQlClass() 2020-12-21 11:01:46 +01:00
Arthur Baars
dc0de9132e Add GlobalVariable 2020-12-21 11:01:46 +01:00
Arthur Baars
1ada9feda7 Make VariableAccess "abstract" 2020-12-21 11:01:46 +01:00
Arthur Baars
ebacec41d5 Update ruby.dbscheme.stats 2020-12-21 10:58:25 +01:00
Nick Rolfe
b1b2815c26 Merge pull request #80 from github/aibaars/revert-dup-code 
Updates after CodeQL upgrade to 2.4.1
 2020-12-21 09:57:59 +00:00
Arthur Baars
d4874641a3 Revert "Add duplicate code tables to dbscheme" 
This reverts commit 4c699fcb32.
 2020-12-21 10:45:59 +01:00
Arthur Baars
bf232f0582 Update formatting for CodeQL 2.4.1 2020-12-21 10:45:59 +01:00
Tom Hvitved
591f90f98e C#: Add change note 2020-12-21 10:26:49 +01:00
Arthur Baars
ff8ea6d44f Merge pull request #79 from github/test_checks 
Add all the TRAP check flags in qltest workflow
 2020-12-21 10:20:47 +01:00
Tom Hvitved
b5a1e039a4 C#: Merge queries FormatInvalid.ql, FormatMissingArgument.ql, and FormatUnusedArgument.ql 2020-12-21 10:13:56 +01:00
Tom Hvitved
8d6c69bf74 C#: Move Expr::hasValue() to DotNet::Expr 2020-12-21 09:46:45 +01:00
Mathias Vorreiter Pedersen
06366fa320 Merge pull request #4856 from jbj/gvn-wrapper-test 
C++: Test the AST wrapper for IR GVN
 2020-12-21 09:31:10 +01:00
Tom Hvitved
16aee6e71e Merge pull request #4842 from hvitved/csharp/format-method-no-insertion-param 
C#: Recognize format methods without insertion parameters
 2020-12-21 09:25:18 +01:00
Jonas Jensen
3236cbd83e C++: Test the AST wrapper for IR GVN 
Out of our 3 GVN libraries, the one we actually use in production didn't
have tests -- except indirectly through `diff_ir_expr.ql`.
 2020-12-21 08:21:02 +01:00
neal1991
b9d24b8255 fix for issue #4849 2020-12-21 08:54:15 +08:00
neal1991
eac83df40b fix for issue #4848 2020-12-21 08:52:42 +08:00
luchua-bc
4ec78d04f8 Insecure LDAP authentication 2020-12-21 00:15:15 +00:00
Erik Krogh Kristensen
3a43421193 add missing qhelp 2020-12-19 00:02:42 +01:00
yo-h
402ed04189 Merge pull request #4844 from johnlugton/servicestack 
Add provisional support for ServiceStack framework to feature branch
 2020-12-18 16:24:27 -05:00
Nick Rolfe
5a54026bcc Add all the TRAP check flags in qltest workflow 2020-12-18 17:25:28 +00:00
John Lugton
059d6b0e0f Fix warning in ServiceStack.qll 2020-12-18 08:34:06 -08:00
John Lugton
563dc62c33 Improve qldoc for ServiceStack.qll 2020-12-18 08:23:27 -08:00
Erik Krogh Kristensen
05569187b4 improve performance of suffix checking 2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen
6369374224 implement new algorithm for detecting superlinear backtracking in regular expressions 2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen
7ce91e9146 introduce cannonical representatives of RegExpTerms to decrease the number of InputSymbols in the NFA 2020-12-18 17:21:11 +01:00
Erik Krogh Kristensen
34dda6d38b refactor to share predicates between regular expression queries 2020-12-18 16:15:56 +01:00
Rasmus Wriedt Larsen
49f902d28b Merge pull request #4757 from yoff/python-dataflow-synthetic-callables 
Python: Enclosing callable for synthetic arguments
 2020-12-18 16:06:26 +01:00
yoff
a08eb99778 Merge pull request #4779 from RasmusWL/django-class-based-handlers 
Python: Add modeling of django class based view handlers
 2020-12-18 15:58:51 +01:00
Anders Schack-Mulligen
5106d5df53 Merge pull request #4833 from luchua-bc/java-broken-crypto-algorithms 
Java: Add missing broken crypto algorithms
 2020-12-18 15:12:29 +01:00
Rasmus Wriedt Larsen
3e6296c7b8 Python: Fix grammar in QLDoc 2020-12-18 14:54:14 +01:00
Rasmus Wriedt Larsen
ed11e8f916 Python: Simplify predicate implementation 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-12-18 14:52:20 +01:00
Mathias Vorreiter Pedersen
b5102043b1 Fix comments. 2020-12-18 14:19:02 +01:00
Chris Smowton
de4cdda839 Merge pull request #4841 from smowton/smowton/admin/mergeback-126-2020-12-16 
Mergeback rc/1.26
 2020-12-18 12:59:06 +00:00
Mathias Vorreiter Pedersen
f5e4725642 C++: Propagate flow from instruction's to non-exact operands for arrays and unions, and accept test changes. 2020-12-18 13:54:34 +01:00