hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 01:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
74167923bc Python: Fix filename example 
I got my eyes on this one since it was using a deprecated method, BUT it was
also doing the thing, since File.getName() is the same as
File.getAbsolutePath(), and that doesn't match the description :\
 2020-05-25 13:17:32 +02:00
Rasmus Wriedt Larsen
6ce1b9f7fa Python: Fix use of StrConst.strValue() 2020-05-25 13:12:56 +02:00
Anders Schack-Mulligen
0d75c6a5f1 Merge pull request #3506 from ggolawski/spring-actuators-fix 
Fixes FPs in SpringBootActuators query
 2020-05-25 13:09:56 +02:00
semmle-qlci
ac1a338390 Merge pull request #3407 from RasmusWL/python-add-BoundMethodValue-v2 
Approved by tausbn
 2020-05-25 12:00:45 +01:00
Rasmus Wriedt Larsen
32c8dd0491 Python: Fix (upcoming) deprecation compiler-warnings 
In a near-future release overriding a deprecated predicate without making as
deprecated would give a compiler warning.

Not fixing the XML one. [I can see that this shouldn't be reported
anymore](https://github.com/github/codeql/pull/3520#issuecomment-631552943), and
it's not safe to remove since it was only marked as deprecated in
e6425bb4cf.
 2020-05-25 11:05:30 +02:00
Taus
a2308771a3 Merge pull request #3489 from yoff/DeprecateObject 
Python: Modernise `py/missing-equals`.
 2020-05-25 10:56:16 +02:00
Rasmus Wriedt Larsen
49d7e12acd Python: Remove unnecessary restriction from getNamedArgumentForCall 
As agreed in https://github.com/github/codeql/pull/3407
 2020-05-25 10:17:37 +02:00
Rasmus Wriedt Larsen
4fc3cae646 Python: Add test for how arguments to *args and **kwargs are handled 2020-05-25 10:16:10 +02:00
Rasmus Wriedt Larsen
87ee6ae101 Python: Add a bit of docs to CallableObjectInternal 
As requested :)
 2020-05-25 09:53:28 +02:00
Rasmus Wriedt Larsen
9e0d57c610 Python: Fix grammar in QLDoc 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-25 09:47:01 +02:00
Rasmus Lerchedahl Petersen
3e712be431 Python: Modernise 2020-05-25 09:00:34 +02:00
Rasmus Lerchedahl Petersen
712513916c Python: Address review 2020-05-25 07:44:00 +02:00
Max Schaefer
573fdaa424 JavaScript: Track require through local data flow. 2020-05-24 20:00:10 +01:00
luchua-bc
6d1ba3f899 Java: CWE-273 Unsafe certificate trust 2020-05-24 16:43:15 +00:00
Robert Marsh
1fa1bd5e36 C#: fix compilation error in IR 2020-05-22 16:08:11 -07:00
Robert Marsh
b4a947ddf1 C++: add getIRVariable for this temp variables 2020-05-22 15:43:34 -07:00
Robert Marsh
8a53dc882d C++: treat this as a parameter in IR 2020-05-22 15:35:34 -07:00
Dave Bartolomeo
df834ac031 C++: Fix duplicate result types 
In a couple of cases, we use `glval<unknown>` as the result type of an instruction because we can't come up with anything better. Two examples are the result of `VariableAddress[#ellipsis]`, and the address of the temp variable that holds the lvalue result of the conditional operator in `(a ? b : c) = y`. In both cases, we call `getTypeForGLValue(any(UnknownType t))`, but that would have multiple results because `result.hasType(any(UnknownType t), true)` also holds for `CppFunctionGLValueType`. I tightened the result type to ensure we get the right one.
 2020-05-22 16:20:33 -04:00
Shati Patel
e990f1b53d Merge pull request #3546 from aschackmull/java/tutorial-bug-fix 
Java: Fix bug in tutorial.
 2020-05-22 17:23:58 +01:00
Alvaro Muñoz
0b20785cce add support for java.io.StringWriter 2020-05-22 18:13:28 +02:00
semmle-qlci
b9ecf1a304 Merge pull request #3447 from erik-krogh/LibCmdInjection 
Approved by asgerf, mchammer01
 2020-05-22 17:10:57 +01:00
Sauyon Lee
aef7524f35 Add a go-gen-dbscheme for generating dbschemes 2020-05-22 08:04:40 -07:00
Anders Schack-Mulligen
6228e7670b Java: Fix bug in tutorial. 2020-05-22 14:44:24 +02:00
Max Schaefer
4206408826 Merge pull request #153 from max-schaefer/cleanup-107 
More cleanup
 2020-05-22 13:18:46 +01:00
Esben Sparre Andreasen
e172d55ecb Update javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.js 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-22 13:33:34 +02:00
Max Schaefer
223d0dbf0b Fix missing </p> in qhelp. 2020-05-22 11:18:27 +01:00
Max Schaefer
bccf750e2e Sort go.qll alphabetically. 2020-05-22 11:12:31 +01:00
Max Schaefer
1d479d9a73 Add change note. 2020-05-22 11:11:58 +01:00
Max Schaefer
3c8fa02356 Regularise a few comments. 2020-05-22 11:11:58 +01:00
Max Schaefer
adc3ce8274 Extend documentation for package and use it in two more places. 
The predicate now works with an empty package path.

The way this is implemented is perhaps slightly non-obvious: the `($|/)\\Q" + path + "\\E"` part of the regular expression either matches the end of the string (and `path` must then be empty), or a slash followed by `path` (which may or may not be empty).

We do allow non-canonical import paths ending in `/`, which the compiler rejects. We could disallow that by putting a `(?!$)` assertion after the `/`, but that seems overkill.
 2020-05-22 11:11:58 +01:00
Max Schaefer
31c636fa55 Standardise on capitalisation WebSocket. 2020-05-22 11:11:58 +01:00
Max Schaefer
1d910a9622 Merge pull request #148 from owen-mc/syntax-examples-for-ast-classes 
Add syntax examples to  qldoc comments for AST classes
 2020-05-22 10:48:18 +01:00
Asger Feldthaus
823ed3bbdf JS: Wrap node --version call in retry loop 2020-05-22 10:40:16 +01:00
Asger Feldthaus
6f0356b229 Revert "JS: Remove timeout for node --version check" 
This reverts commit ec7c9489dc.
 2020-05-22 10:40:07 +01:00
James Fletcher
9259dca40d Merge pull request #3540 from github/jf205-patch-2 
Link README.md to CodeQL for Go repo
 2020-05-22 10:29:55 +01:00
Owen Mansel-Chan
df8bfab6d6 Address review comments 2020-05-22 10:06:23 +01:00
Max Schaefer
e7ad4f9308 Merge pull request #152 from github/jf205-patch-1 
Link README.md to the CodeQL repo
 2020-05-22 09:44:03 +01:00
Owen Mansel-Chan
2c8e4a2b34 Add syntax examples to qldoc comments for AST classes 2020-05-22 09:28:50 +01:00
Shati Patel
cf13992552 Merge pull request #3544 from shati-patel/code-typo 
CodeQL docs: Fix error in code snippet [cherry-pick]
 2020-05-22 08:42:41 +01:00
syang-ng
ca8c3dabda fix an error in the code snippet of the documentation about global-data-flow-java 2020-05-22 08:00:52 +01:00
Shati Patel
8c1e4d49ca Merge pull request #3537 from syang-ng/master 
fix an error in the code snippet of the documentation about global-data-flow-java
 2020-05-21 19:43:51 +01:00
James Fletcher
e596c988f1 Update README.md 2020-05-21 16:43:04 +01:00
James Fletcher
49d4c76f2f Update README.md 2020-05-21 16:37:44 +01:00
Asger Feldthaus
75be3b7ecb JS: Add test case for missed captured flow 2020-05-21 16:14:13 +01:00
Shati Patel
c021dcd1e8 Ql language: Clarify use of query modules 2020-05-21 15:30:40 +01:00
syang-ng
184209d1eb fix an error in the code snippet of the documentation about global-data-flow-java 2020-05-21 22:00:15 +08:00
Geoffrey White
0f4723aee4 Merge pull request #3520 from dbartol/github/codeql-c-analysis-team/79 
C++: Mark deprecated overrides as deprecated
 2020-05-21 14:55:39 +01:00
Erik Krogh Kristensen
b79b25ef87 correct cwe-78 to cwe-078 2020-05-21 12:38:44 +00:00
Erik Krogh Kristensen
b297837969 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-05-21 14:32:02 +02:00
Esben Sparre Andreasen
b31f83a5af JS: fixup expected output 2020-05-21 13:47:16 +02:00