hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 05:43:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,697 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
31247739d7 Python: Remove unnecessary cached annotation from adjacentRefUse 
As discussed in https://github.com/github/codeql/pull/4544#pullrequestreview-516575676
 2020-11-04 15:16:08 +01:00
Rasmus Lerchedahl Petersen
9baa7b73da Merge branch 'main' of github.com:github/codeql into SharedDataflow_PointsToImpliesDataflow 2020-11-04 15:05:59 +01:00
yoff
62cb4ec974 Merge pull request #4605 from RasmusWL/python-fix-django-response-modeling 
Python: fix django response modeling
 2020-11-04 15:00:52 +01:00
Arthur Baars
86aa05e3cb Address comments 2020-11-04 14:49:47 +01:00
Arthur Baars
c3e8d85f0b Tolerate tokens containing invalid UTF-8 2020-11-04 14:46:31 +01:00
Tom Hvitved
131a05563a C#: Disable shared compilation when building with Mono+MSBuild 2020-11-04 14:16:25 +01:00
Porcupiney Hairs
0a028dcb47 Java : Refactor all instances of java.net.URI into TypeUri 2020-11-04 18:23:26 +05:30
Arthur Baars
8056186c3c Hide disconnected tokens 2020-11-04 13:35:24 +01:00
Arthur Baars
96423d2e8e Remove describeQlClass from union types 
The descriptions of the underlying types are more interesting.
 2020-11-04 13:35:24 +01:00
Arthur Baars
053c9f60a4 Store tokens in a separate table 2020-11-04 13:35:24 +01:00
Nick Rolfe
9e49991859 Merge pull request #27 from github/extractor-pack-script 
Add scripts to create extractor pack locally
 2020-11-04 12:20:45 +00:00
Nick Rolfe
b16588f058 Add powershell script to create extractor pack locally 2020-11-04 12:09:52 +00:00
Nick Rolfe
a83ac24652 Add bash script to create extractor pack locally 2020-11-04 11:59:17 +00:00
Rasmus Wriedt Larsen
5cf8285717 Python: Fix default mimetype for django FileResponse 2020-11-04 12:28:51 +01:00
Rasmus Wriedt Larsen
826aedeb85 Python: Remove resolved TODO 2020-11-04 12:17:31 +01:00
Rasmus Wriedt Larsen
353505ec6c Python: Handle content of Django redirects correctly 2020-11-04 12:10:58 +01:00
Taus
180373c41d Merge pull request #4597 from yoff/python-fix-ql-doc 
Python: Fix ql doc
 2020-11-04 11:37:32 +01:00
Rasmus Wriedt Larsen
92dc7dc2f3 Python: Use mimetype instead of content-type in django modeling 
This enables the XSS query to actually find results from django responses.
 2020-11-04 11:34:20 +01:00
Alvaro Muñoz
aa7b87aa33 Update java/change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-11-04 10:58:27 +01:00
Alvaro Muñoz
b284141a16 Merge branch 'new_deser_sink' of https://github.com/pwntester/ql into new_deser_sink 2020-11-04 10:51:07 +01:00
Alvaro Muñoz
436563d914 ChangeNote for new unsafe deserialization sinks 2020-11-04 10:50:50 +01:00
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00
Alvaro Muñoz
6f78b725e6 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-11-04 10:43:37 +01:00
Anders Schack-Mulligen
14c4d8d565 Java: Add change note for #3812. 2020-11-04 10:15:08 +01:00
Anders Schack-Mulligen
26495225e0 Update java/ql/src/experimental/Security/CWE/CWE-927/SensitiveBroadcast.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-11-04 10:05:55 +01:00
luchua-bc
3f0cdb6a1a Update qldoc and comments 2020-11-03 19:40:28 +00:00
Tom Hvitved
c5abf29dfc C#: Update flow-summary test 2020-11-03 20:28:42 +01:00
Dave Bartolomeo
4cc9110dbd Fix test expectation 2020-11-03 13:39:33 -05:00
Arthur Baars
b92d789598 Merge pull request #25 from github/printAST 
Implement basic `printAst` query
 2020-11-03 19:13:44 +01:00
Calum Grant
4259c81061 Merge pull request #4599 from github/calumgrant/catchup-1.26 
Catchup 1.26
 2020-11-03 17:16:05 +00:00
Dave Bartolomeo
f0b9794907 Merge remote-tracking branch 'upstream/main' into work 2020-11-03 11:33:44 -05:00
luchua-bc
fa54c23a83 Handle the edge case that an exception is rethrown in a catch clause 2020-11-03 16:31:12 +00:00
Anders Schack-Mulligen
92494441a7 Merge pull request #4554 from aschackmull/dataflow/reverse-partial 
Dataflow: Add support reverse partial flow exploration.
 2020-11-03 15:34:30 +01:00
Chris Smowton
582f8e444b Merge pull request #393 from smowton/smowton/fix/cfg-assignment-underscores 
CFG: fix lastNode relating to assignments with underscores on the LHS
 2020-11-03 14:32:57 +00:00
Tom Hvitved
438b8dd273 C#: Fix typos 2020-11-03 14:57:07 +01:00
Erik Krogh Kristensen
b02004430c prune results that end with newline, where the input cannot contain newlines 2020-11-03 14:48:39 +01:00
Nick Rolfe
41dcb19cd5 Implement basic printAst query 2020-11-03 13:47:54 +00:00
Erik Krogh Kristensen
120faf9d1a add a code injection sink for JSDOM when "runScripts" is set to "dangerously" 2020-11-03 14:29:00 +01:00
Tom Hvitved
f4d1d73bcd C#: Shared interface/implementation for flow summaries 2020-11-03 13:47:28 +01:00
Arthur Baars
65c1f2c359 Merge pull request #20 from github/aibaars/extract-extra 
Extract 'extra' nodes and their subtrees
 2020-11-03 13:45:33 +01:00
Arthur Baars
d7e9178cda Merge pull request #24 from github/gzip 
Add buffered writing and gzip compression for trap files
 2020-11-03 13:45:19 +01:00
luchua-bc
f8fd2ea821 Add qldoc and autoformat query 2020-11-03 12:23:40 +00:00
Chris Smowton
3b927f3b6b CFG: fix lastNode relating to assignments with underscores on the LHS 
For example, "x, _ := a, b" would produce an incorrect CSV that branched to the next statement after evaluating "b", skipping the assignment to 'x'. We already had test coverage for function returns, so I'm reasonably confident this only affects parallel assigns, not destructuring ones like "x, y := f()".
 2020-11-03 12:00:54 +00:00
Rasmus Lerchedahl Petersen
1023b239e4 Python: Simplify doc 2020-11-03 12:10:00 +01:00
yoff
d6a33a1253 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-11-03 12:04:43 +01:00
yoff
104ff5d217 Merge pull request #4596 from RasmusWL/python-import-customizations 
Python: Import Customizations into python
 2020-11-03 11:49:51 +01:00
Rasmus Lerchedahl Petersen
b71ea40dbd Python: QL doc for Werkzeug 2020-11-03 11:44:48 +01:00
Rasmus Lerchedahl Petersen
1773cc3a38 Python: QL doc for MySQLdb 2020-11-03 11:39:28 +01:00
Rasmus Lerchedahl Petersen
01783acca6 Python: QL doc for RemoteFlowSources 2020-11-03 11:37:34 +01:00
Rasmus Lerchedahl Petersen
f44cbf4b6c Python: QL doc for TypeTracker 2020-11-03 11:32:57 +01:00