hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-22 09:53:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,692 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
f1dad0d6e0 Update DisablingCertificateValidation.qhelp 2020-06-22 11:24:33 +02:00
Esben Sparre Andreasen
3e898487e8 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-22 11:23:40 +02:00
Rasmus Lerchedahl Petersen
cc8367bff2 Python: update readme with lessons learned 2020-06-22 11:22:32 +02:00
Anders Schack-Mulligen
71665a02fa Merge pull request #3737 from Marcono1234/patch-1 
Simplify NoAssignInBooleanExprs.ql
 2020-06-22 10:46:00 +02:00
Erik Krogh Kristensen
8d1b080d78 limit size of getStringValue 2020-06-22 10:29:53 +02:00
Max Schaefer
1f68a32cdc Add change note. 2020-06-22 09:22:47 +01:00
Max Schaefer
759e3d5632 Further refine potential call targets for interface calls. 
The call target must belong to the method set of a type that implements the interface type of the method call receiver, if any.

For example, assume `h` has type `hash.Hash`, then `h.Write(...)` should only be resolved to implementations of `Write` in types implementing `hash.Hash`, not arbitrary other `Writer`s.
 2020-06-22 09:22:47 +01:00
Max Schaefer
1c58028ae3 Expose receiver type in isInterfaceCallReceiver. 2020-06-22 09:22:47 +01:00
Max Schaefer
0e5e116217 Add a few more utility predicates to DataFlow::Node. 2020-06-22 09:22:47 +01:00
Tom Hvitved
72e6c9c2b1 Data flow: Use accessPathLimit() in partial flow as well 2020-06-22 10:08:51 +02:00
Rasmus Lerchedahl Petersen
47819bbcda Python: obtain remaining expected flows 
- implement encosing callable for more nodes
 - implement extra flow for ESSA global variables
 2020-06-22 07:36:09 +02:00
Porcupiney Hairs
a519132407 add support for libxml2 2020-06-22 02:01:07 +05:30
Max Schaefer
18db1fe79f Merge pull request #184 from max-schaefer/lookup-fields-in-cyclic-struct 
Fix field lookup in cyclic structs
 2020-06-21 09:23:57 +01:00
toufik-airane
7166d5422e add test file for CWE-347 
Add a test file for CWE-347.
The HS256 algorithm is safe, but the none algorithm is unsafe.
 2020-06-20 17:10:35 +02:00
toufik-airane
8a2a33459a Merge branch 'master' of github.com:toufik-airane/codeql 2020-06-20 16:56:27 +02:00
toufik-airane
b0aaca0e1c JWT Missing Secret Or Public Key Verification 
Add an experimental CodeQL query.
 2020-06-20 16:54:41 +02:00
Max Schaefer
47c4c55923 Merge pull request #185 from github/max-schaefer-patch-2 
Set up Code Scanning
 2020-06-20 10:41:25 +01:00
Taus Brock-Nannestad
5d5f1b487b Merge branch 'master' into python-fix-deprecated-terms 2020-06-19 21:59:17 +02:00
Asger F
eca5e2df8a Merge pull request #3702 from esbena/js/memory-exhaustion 
JS: add query js/memory-exhaustion
 2020-06-19 20:35:57 +01:00
Jonas Jensen
ac89559b20 Merge pull request #3744 from github/p0-patch-1 
Fix typo in cpp-security-extended.qls
 2020-06-19 21:19:20 +02:00
Pavel Avgustinov
00f1e57d0c Update cpp-security-extended.qls 2020-06-19 20:16:24 +01:00
Jonas Jensen
81d8dc15cd Merge pull request #3693 from geoffw0/stringtest 
C++: Add tests of char* -> std::string -> char* conversions.
 2020-06-19 21:12:33 +02:00
Taus Brock-Nannestad
410f4781b3 Python: Fix one last reference. 
This one got lost in the big renaming somehow.
 2020-06-19 20:15:01 +02:00
semmle-qlci
1548eca994 Merge pull request #3689 from erik-krogh/https-fix 
Approved by mchammer01
 2020-06-19 17:00:11 +01:00
Tom Hvitved
573d55a160 Merge pull request #3740 from github/codeql-analysis-yml 
Enable code scanning
 2020-06-19 17:57:52 +02:00
Sauyon Lee
8742f09343 Merge pull request #186 from max-schaefer/fix-test-compile-errors 
Fix compiler errors in tests.
 2020-06-19 08:28:34 -07:00
Taus Brock-Nannestad
48e3e9c0b4 Python: Do all the renames. 2020-06-19 17:02:47 +02:00
james
f02b54fcd2 docs: add more detailed qldoc style guide 2020-06-19 15:59:22 +01:00
Taus Brock-Nannestad
06d6913a20 Python: Change "sanity" to "consistency". 2020-06-19 16:55:59 +02:00
Taus Brock-Nannestad
01fb1e3786 Python: Get rid of deprecated terms in code and .qhelp. 2020-06-19 16:51:09 +02:00
Taus
2081d0cecc Merge pull request #3575 from RasmusWL/python-add-qldoc-FunctionValue.getQualifiedName 
Python: Add QLDoc for FunctionValue.getQualifiedName
 2020-06-19 16:32:23 +02:00
Chris Smowton
6c230980a3 Merge pull request #187 from max-schaefer/fill-in-qldoc 
Add qldoc for three public predicates in `PrintAst.qll`.
 2020-06-19 15:30:24 +01:00
Tom Hvitved
56670f3a5f Disable analysis for JS and Python 2020-06-19 16:25:23 +02:00
Jonas Jensen
09d7ed092b Merge pull request #3612 from dbartol/github/codeql-c-analysis-team/69_union 
C++: Share `TInstruction` across IR stages
 2020-06-19 16:03:11 +02:00
Geoffrey White
c18e0aa21a C++: Add a TODO comment. 2020-06-19 14:30:56 +01:00
Max Schaefer
0f4297ff5c Add qldoc for three public predicates in PrintAst.qll. 
It's bland, but we try to maintain a 100% documentation coverage for our public library elements.
 2020-06-19 14:25:57 +01:00
Max Schaefer
314bda2a7f Fix compiler errors in tests. 2020-06-19 14:21:10 +01:00
Max Schaefer
df02ad404e Set up Code Scanning 2020-06-19 14:02:31 +01:00
Erik Krogh Kristensen
0f5ef2c02a Merge branch 'js-team-sprint' into https-fix 2020-06-19 14:57:44 +02:00
semmle-qlci
e13353f26a Merge pull request #3732 from erik-krogh/priv-file-polish 
Approved by mchammer01
 2020-06-19 13:56:57 +01:00
Tom Hvitved
4b47483263 Add codeql-config.yml 2020-06-19 12:28:52 +00:00
Erik Krogh Kristensen
e46bd709c4 add change note 2020-06-19 14:15:50 +02:00
Erik Krogh Kristensen
0ee3f4977c add test of webpack-dev-server and monorepo import 2020-06-19 14:15:46 +02:00
Erik Krogh Kristensen
c860151e8d recognize instances of express from webpack-dev-server 2020-06-19 14:15:25 +02:00
Erik Krogh Kristensen
11cc97d286 add basic support for importing from neighbouring packages 2020-06-19 14:15:10 +02:00
Erik Krogh Kristensen
a17d152ca4 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-19 13:19:10 +02:00
semmle-qlci
bfb2e9d6ea Merge pull request #3724 from erik-krogh/bad-random-polish 
Approved by mchammer01
 2020-06-19 12:18:25 +01:00
Tom Hvitved
ffe3f500d7 Restrict languages in codeql-analysis.yml 2020-06-19 13:01:28 +02:00
Max Schaefer
79b0ea8d77 Merge pull request #183 from smowton/smowton/cleanup/field-parent 
Clean up @field and @fieldparent usage
 2020-06-19 11:30:52 +01:00
Chris Smowton
3c8153ca1e Clean up @field and @fieldparent usage 
* Centralise use of raw types and database predicates in FieldParent and FieldBase classes
* Deduplicate type predicates common to all fields
* Deduplicate predicates common to function parameters and results
 2020-06-19 11:00:42 +01:00