hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 07:23:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,692 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
intrigus
b24c23389c Don't match unexported functions 2020-03-27 15:21:00 +01:00
Peter Stöckli
5e62a6bebe Move CWE-036 directory to experimental 2020-03-27 15:10:15 +01:00
Max Schaefer
cf6e255a6d Merge pull request #74 from sauyon/http-formvalue 
HTTP Library Improvements
 2020-03-27 14:07:30 +00:00
Peter Stöckli
74fc416a35 Merge branch 'master' into cwe-036 2020-03-27 14:54:41 +01:00
Erik Krogh Kristensen
0ebbd80745 autoformat 2020-03-27 14:54:34 +01:00
Philip Ginsbach
73845923aa Update docs/language/ql-handbook/expressions.rst 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-03-27 13:34:20 +00:00
Philip Ginsbach
90b82a0905 unique in aggregate section 2020-03-27 13:09:35 +00:00
Henning Makholm
875a70c0a3 Merge pull request #3129 from ginsbach/master 
Set Literal in QL
 2020-03-27 14:02:55 +01:00
Philip Ginsbach
d979bd958b better wording for the unique aggregate 2020-03-27 13:01:50 +00:00
james
a6cfdfe8e3 docs: small change to codeql training landing page 2020-03-27 13:00:26 +00:00
james
b4b1903642 docs: simplify 'learning codeql' landing page 2020-03-27 13:00:26 +00:00
james
76f344638e docs: 'What's new' -> 'Further reading' 2020-03-27 13:00:26 +00:00
james
deb657acdb docs: tidy up 'codeql for x' pages 
Manually construct tocs including intro text.
Fix a few intros and titles.
 2020-03-27 13:00:00 +00:00
Philip Ginsbach
05be9b82a2 better wording for type compatibilit 2020-03-27 12:56:37 +00:00
Philip Ginsbach
135a288bed Update docs/language/ql-handbook/expressions.rst 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 12:55:42 +00:00
semmle-qlci
fad902fc9b Merge pull request #3095 from erik-krogh/MorePerf 
Approved by asgerf
 2020-03-27 12:51:37 +00:00
intrigus-lgtm
5eaaa4264a Apply suggestions from code review 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-27 13:42:30 +01:00
Mathias Vorreiter Pedersen
5ba5791ec6 C++: Only allow flow through non-conflated chi instructions 2020-03-27 13:37:17 +01:00
Mathias Vorreiter Pedersen
580310f321 Merge branch 'master' into ir-flow-fields 2020-03-27 13:32:26 +01:00
semmle-qlci
9b3400337b Merge pull request #3130 from erik-krogh/PreciseSteps 
Approved by asgerf
 2020-03-27 12:18:28 +00:00
Philip Ginsbach
1b4df6e24c whitespace fix 2020-03-27 11:53:19 +00:00
Philip Ginsbach
8e873f35ac mention set literals in handbook 2020-03-27 11:51:03 +00:00
Philip Ginsbach
f9442211bf unique aggregate in handbook and reference 2020-03-27 11:31:25 +00:00
Sauyon Lee
080d14ea50 Add a test for the Read taint step 2020-03-27 04:22:13 -07:00
Sauyon Lee
4747524fee Address review comments 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-27 04:15:30 -07:00
Sauyon Lee
05761bc2cd Address review comments 2020-03-27 04:03:30 -07:00
Mathias Vorreiter Pedersen
7890a322c8 C++/C#/Java: Sync identical files 2020-03-27 11:51:38 +01:00
Mathias Vorreiter Pedersen
9ab8580ca7 Data flow: No magic in parameterThroughFlowCand 2020-03-27 11:51:10 +01:00
Rasmus Wriedt Larsen
8aadb8bd06 Python: Fix iterable-unpacking tests 2020-03-27 11:42:37 +01:00
semmle-qlci
1975a83cdd Merge pull request #3116 from max-schaefer/js/postgres-type-tracking 
Approved by asgerf
 2020-03-27 09:23:52 +00:00
Erik Krogh Kristensen
58af63d8cc add test case for XSS on url suffix 2020-03-27 10:02:24 +01:00
Erik Krogh Kristensen
d3e1a258fa autoformat 2020-03-27 09:34:56 +01:00
Sauyon Lee
a4f1e2b527 Add a model for Read methods on io.Reader 2020-03-26 18:57:44 -07:00
Erik Krogh Kristensen
be11418c77 autoformat 2020-03-27 00:18:41 +01:00
Robert Marsh
968ddc6274 Merge pull request #3137 from jbj/DefaultTaintTracking-argv 
C++: Never track flow out of an argv argument
 2020-03-26 15:29:52 -07:00
Calum Grant
b94b4b7c91 C#: Fix tests 2020-03-26 20:40:40 +00:00
Calum Grant
8a968dac81 C#: Enable nullability in Semmle.Util 2020-03-26 20:10:21 +00:00
Jonas Jensen
95f116eb48 Merge branch 'DefaultTaintTracking-argv' into dataflow-indirect-args 2020-03-26 20:47:50 +01:00
Jonas Jensen
2801941ca2 C++: Never track flow out of an argv argument 
This change removes some duplicate results that will otherwise appear
due to https://github.com/Semmle/ql/pull/3123 and possibly
https://github.com/Semmle/ql/pull/2704.
 2020-03-26 20:40:16 +01:00
intrigus
be50db1cc7 Move XPath injection query to supported query 
The XPath injection query is moved to the supported queries.
Removed unnecessary code from the go test file
 2020-03-26 20:19:58 +01:00
intrigus
03023e8205 Add XPath model to default imports 2020-03-26 20:19:19 +01:00
intrigus
35a6fdb589 Add XPath framework models 2020-03-26 20:18:16 +01:00
Calum Grant
782f2b5b50 Merge pull request #3073 from hvitved/csharp/null-maybe-fp 
C#: Add test for `cs/dereferenced-value-may-be-null`
 2020-03-26 18:55:54 +00:00
Dave Bartolomeo
7879dde8b8 Merge pull request #3097 from jbj/detect-conflated-memory 
C++: Implement Instruction.isResultConflated
 2020-03-26 14:52:47 -04:00
Rasmus Wriedt Larsen
96d1fc8c0b Python: Fix iterable-unpacking taint CP 
When running ql/python/ql/src/Security/CWE-079/ReflectedXss.ql against the
database for flask.

Iitially there were 10 million result-tuples for iterable_unpacking_descent.

With this change, we're down to roughly 2100,
 2020-03-26 16:42:48 +01:00
Calum Grant
71e0dc087b C#: General code tidy. 2020-03-26 15:35:31 +00:00
Erik Krogh Kristensen
6b507c6933 add urlSuffix support to DomBasedXSS 2020-03-26 15:47:59 +01:00
Erik Krogh Kristensen
a850616927 delete Xss.actual 2020-03-26 15:40:37 +01:00
Erik Krogh Kristensen
e2d2c2341e autoformat and update expected output 2020-03-26 15:38:00 +01:00
Erik Krogh Kristensen
baf50c832c more precise charpreds in taint steps 2020-03-26 15:30:43 +01:00