hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 17:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,692 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
5abab25c28 Update cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-06-10 16:51:21 +02:00
Rasmus Wriedt Larsen
48b2d2cc5c Python: Make isSequence() and isMapping() tests version specific 
Since unicode/bytes difference, output can't match between Python 2 and Python 3.
 2020-06-10 16:43:56 +02:00
Asger Feldthaus
f23c6030aa JS: Restrict domValueRef to known DOM property names 2020-06-10 15:14:23 +01:00
Asger Feldthaus
bb2b7fb6fb JS: Add test with class stored in global variable 2020-06-10 15:14:23 +01:00
Rasmus Wriedt Larsen
721713b9e1 Python: Minor fixes from code review 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-06-10 16:14:21 +02:00
Taus
5b0d92d72b Merge pull request #3464 from yoff/UnicodeEscape 
Python: Handle more escapes in regexes
 2020-06-10 15:47:09 +02:00
Taus
da6736df37 Merge pull request #3668 from RasmusWL/python-random-modernisations 
Python: Two small modernisations
 2020-06-10 15:45:07 +02:00
Geoffrey White
91b9b78c48 C++: Add a test case for CWE-114 involving pointers and references. 2020-06-10 14:09:46 +01:00
Asger Feldthaus
36c4803694 JS: Add test 2020-06-10 14:08:33 +01:00
Mathias Vorreiter Pedersen
88dabffd2b C++: Add tests that demonstrate flow through custom swap functions 2020-06-10 15:06:57 +02:00
Asger Feldthaus
07e90ff65f JS: Autoformat 2020-06-10 14:03:01 +01:00
semmle-qlci
df79f2adc5 Merge pull request #3655 from asger-semmle/js/string-ops-regexp-test-fix 
Approved by esbena
 2020-06-10 13:35:22 +01:00
Esben Sparre Andreasen
1d396524a3 JS: add initial version of ServerCrash.ql 2020-06-10 14:25:56 +02:00
semmle-qlci
1b8f3c4b84 Merge pull request #3657 from hvitved/dataflow/hidden-nodes 
Approved by aschackmull, jbj
 2020-06-10 13:22:09 +01:00
Erik Krogh Kristensen
c4f61134f1 include the source of cryptographically random number in alert message 2020-06-10 13:32:46 +02:00
semmle-qlci
22d50f009e Merge pull request #3667 from aschackmull/java/compiletimeconstant-cast-eval 
Approved by aibaars
 2020-06-10 12:05:42 +01:00
Bas van Schaik
bf19489501 Update CONTRIBUTING.md 2020-06-10 12:02:24 +01:00
Bas van Schaik
be48daf0d0 Update CONTRIBUTING.md 2020-06-10 11:58:38 +01:00
Erik Krogh Kristensen
7e8fd80327 use steps from InsecureRandomness, and use small-steps 2020-06-10 12:27:50 +02:00
Rasmus Wriedt Larsen
f73876e6ce Python: Modernise ShouldBeContextManager 2020-06-10 11:53:11 +02:00
Rasmus Wriedt Larsen
37cfb5400d Python: Modernise RatioOfDefinitions 2020-06-10 11:51:41 +02:00
Anders Schack-Mulligen
4b3ca13f25 Merge pull request #3491 from luchua-bc/java-insecure-smtp-ssl 
Java: CWE-297 insecure JavaMail SSL configuration
 2020-06-10 11:02:50 +02:00
Robert Brignull
ded5eec76a rename slow-queries.yml to exclude-slow-queries.yml 2020-06-10 09:59:31 +01:00
Anders Schack-Mulligen
c334d72f11 Java: Fix CompileTimeConstantExpr qldoc and add char cast case. 2020-06-10 10:59:10 +02:00
Erik Krogh Kristensen
9029dbacf5 refactor isAdditionalTaintStep to a utility predicate in InsecureRandomness 2020-06-10 10:55:30 +02:00
Max Schaefer
8787f0b4f0 Merge pull request #165 from sauyon/support-actions 
autobuilder: Add support for GITHUB_REPOSITORY environment variable
 2020-06-10 09:45:18 +01:00
Erik Krogh Kristensen
9189f23403 add support for secure-random 2020-06-10 10:39:02 +02:00
Erik Krogh Kristensen
16ec405724 add explanations about modulo by power of 2 2020-06-10 10:38:47 +02:00
Erik Krogh Kristensen
111f6d406c introduce query to detect biased random number generators 2020-06-10 10:00:10 +02:00
Tom Hvitved
70c3ff36f8 C#: Adjust IR imports 2020-06-10 09:54:56 +02:00
Tom Hvitved
d5b8c9728c Update identifal-files.json 2020-06-10 09:40:44 +02:00
Tom Hvitved
3c8735f43f C#: Move IR code into 'experimental' folder 2020-06-10 09:37:30 +02:00
Erik Krogh Kristensen
733e04c1eb Move rest-pattern inside property-pattern step to a taint-step 2020-06-10 09:02:22 +02:00
Erik Krogh Kristensen
2f9124f754 add missing qldoc 2020-06-09 23:32:58 +02:00
luchua-bc
1fd9c7fdec Add all dependent class stubs 2020-06-09 20:12:05 +00:00
Sauyon Lee
4cd3f89128 Merge pull request #168 from max-schaefer/make-autoformat 
Add Make target to autoformat all QL.
 2020-06-09 12:55:57 -07:00
Jonas Jensen
ad401e9f21 C++: Copy and adjust Java's correctness argumnt 
Instead of a vague reference to a code comment for another language, the
`controlsBlock` predicate now has the whole comment in it directly.

I've adjusted the wording so it should be reasonably correct for C/C++.
As with the other comments in this file, I don't distinguish between the
condition and its block. I think that makes the explanation clearer
without losing any detail we care about.

To make the code fit the wording of the comment, I changed the
`hasBranchEdge/2` predicate into `getBranchSuccessor/1`.
 2020-06-09 20:53:56 +02:00
Sauyon Lee
ba0f922a28 autobuilder: Add support for GITHUB_REPOSITORY environment variable 
This is for use within GitHub actions
 2020-06-09 11:52:23 -07:00
Erik Krogh Kristensen
eb00da5b31 improve readability 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-09 20:02:46 +02:00
Asger Feldthaus
a923a404ab JS: Explicitly handle export declarations in PackageExports 2020-06-09 18:28:15 +01:00
Asger Feldthaus
806c9a372e JS: Resolve package.json main module differently 2020-06-09 18:28:15 +01:00
Max Schaefer
1342d8688e Autoformat. 2020-06-09 17:38:18 +01:00
Max Schaefer
b4b78ff923 Use newer version of CodeQL. 2020-06-09 17:36:38 +01:00
Max Schaefer
6b5657b5fb Add PR check to ensure everything is autoformatted. 2020-06-09 17:31:29 +01:00
Max Schaefer
04af08ca0d Add Make target to autoformat all QL. 
Use

```sh
make autoformat
```

to format all `.ql` and `.qll` files under `ql/src`.

Use

```sh
make AUTOFORMAT=--check-only autoformat
```

to check that all `.ql` and `.qll` files under `ql/src` are correctly formatted and fail if they are not.
 2020-06-09 17:27:53 +01:00
Erik Krogh Kristensen
b8a9ac39f4 add lValueFlowStep for rest-pattern nested inside a property-pattern (and removed old incorrect approach) 2020-06-09 18:16:00 +02:00
Erik Krogh Kristensen
b6e0e6645f Merge pull request #3645 from erik-krogh/infExposure 
JS: add query to detect accidential leak of private files
 2020-06-09 17:38:31 +02:00
Erik Krogh Kristensen
a7f6f045d2 add taint-steps for copying properties of an object 2020-06-09 17:16:13 +02:00
Erik Krogh Kristensen
7050d9d7bb remove dead FlowLabel 2020-06-09 17:15:55 +02:00
Erik Krogh Kristensen
2af8739bb6 simplify web.DefinePlugin sink 2020-06-09 17:15:35 +02:00