hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,690 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
3b3502060b Merge remote-tracking branch 'upstream/master' into dbartol/NoEscape 2020-01-27 13:29:18 -07:00
Robert Marsh
79a72a3496 Merge pull request #2680 from geoffw0/modelstrndup 
CPP: Model strndup.
 2020-01-27 15:19:52 -05:00
Sauyon Lee
edecb4e128 Merge pull request #227 from max/redundant-expr-bug 
Fix hash-consing of literals
 2020-01-27 11:35:40 -08:00
Dave Bartolomeo
40952f85a9 C++: Accept test diffs 2020-01-27 10:31:18 -07:00
Robert Marsh
4d743d2bce Merge pull request #2692 from jbj/pure-string-read 
C++: Model that string functions read their buffer
 2020-01-27 11:40:03 -05:00
Anders Schack-Mulligen
3745388069 Merge pull request #2602 from chrisgavin/suspicious-date-format 
Java: Add a query for suspicious date format patterns.
 2020-01-27 16:29:48 +01:00
Rasmus Wriedt Larsen
d67577e66c Python: Modernise import related queries 
Except for Metrics/Dependencies/ExternalDependenciesSourceLinks.ql, since it is
rather tricky :D
 2020-01-27 16:01:25 +01:00
Rasmus Wriedt Larsen
647b9cdcb0 Python: Autoformat query 2020-01-27 16:01:24 +01:00
Rasmus Wriedt Larsen
081d66eaa3 Python: Recognize taint for extended iterable unpacking 2020-01-27 15:28:53 +01:00
Rasmus Wriedt Larsen
1b670354b2 Python: Add tests for extended iterable unpacking 2020-01-27 15:24:55 +01:00
Geoffrey White
4778914154 CPP: Repair flow. 2020-01-27 14:08:03 +00:00
Geoffrey White
d9f6895602 CPP: 'sometimes copying' is considered data flow. 2020-01-27 14:07:39 +00:00
Rasmus Wriedt Larsen
781024d679 Python: Recognize taint for iterable unpacking 2020-01-27 14:43:07 +01:00
Rasmus Wriedt Larsen
a3f1f4cb87 Python: Add iterable unpacking tests 2020-01-27 14:43:07 +01:00
Rasmus Wriedt Larsen
fa48fb04f5 Python: Recognize nested tuple/list assignment 
Now we recognize `[(x,y)] = [(1,2)]` -- in itself not a widely used idiom, but
more of a warmup excersize for me
 2020-01-27 14:42:54 +01:00
Rasmus Wriedt Larsen
9763ec71fe Python: Add tests for nested assignment 2020-01-27 14:39:34 +01:00
Jonas Jensen
0e3ed2dfa6 C++: Remove test for unrelated issue 
The issue for that test is being tested and fixed on PR #2686. Adding a
test here will cause a semantic merge conflict.
 2020-01-27 14:25:28 +01:00
Rasmus Wriedt Larsen
9502756874 Python: Autoformat dataflow files 2020-01-27 13:07:01 +01:00
Max Schaefer
3c1a68ee8f Fix hash-consing of literals. 
We shouldn't rely on the literal value given in the `literals` table, but use the exact value (where available) instead.
 2020-01-27 12:05:48 +00:00
Asger Feldthaus
3d567eb889 JS: Close an unterminated code block 2020-01-27 12:03:58 +00:00
Chris Gavin
484333b192 Java: Update help and description of java/suspicious-date-format. 2020-01-27 11:57:59 +00:00
Chris Gavin
0e8d435ca1 Java: Add a test for java/suspicious-date-format. 2020-01-27 11:57:59 +00:00
Chris Gavin
708890add3 Java: Add a change note for java/suspicious-date-format. 2020-01-27 11:57:56 +00:00
Chris Gavin
88146295f9 Java: Add a query for suspicious date format patterns. 2020-01-27 11:57:18 +00:00
Anders Schack-Mulligen
efe8981129 Java: Add change note for java/spring-disabled-csrf-protection. 2020-01-27 11:33:31 +01:00
Anders Schack-Mulligen
816a8d1f9e Merge pull request #2586 from ggolawski/spring_disable_csrf 
Add check for disabled CSRF protection in Spring
 2020-01-27 11:32:39 +01:00
Geoffrey White
2c7e2c4506 CPP: Not in std namespace. 2020-01-27 10:20:56 +00:00
Rasmus Wriedt Larsen
1ce77ff600 Merge pull request #2507 from tausbn/python-fix-infinite-tuple-tostring 
Python: Fix divergence in tuple `toString`.
 2020-01-27 11:14:44 +01:00
semmle-qlci
8a6de11268 Merge pull request #2689 from erik-krogh/LastEventEmitters 
Approved by esbena
 2020-01-27 08:55:33 +00:00
semmle-qlci
7d9956e3f3 Merge pull request #2675 from erik-krogh/WebSocket 
Approved by esbena
 2020-01-27 08:40:37 +00:00
Dave Bartolomeo
6988241b09 Merge from master 2020-01-26 16:38:48 -07:00
Dave Bartolomeo
708e83546f C++: Remove acceidentally added tests 2020-01-26 16:20:27 -07:00
Sauyon Lee
496ad5d051 Merge pull request #226 from max/fix-classify-files-regex 
Fix regex in ClassifyFiles.
 2020-01-24 21:01:01 -08:00
Robert Marsh
959ce3b355 C++: add diff tests for DefaultTaintTracking 2020-01-24 13:46:11 -08:00
Jonas Jensen
fb6ad5274f C++: Accept test changes 2020-01-24 22:28:20 +01:00
Robert Marsh
0180672dc0 Merge pull request #2687 from jbj/DefaultTaintTracking-asExpr 
C++: Use asExpr, not getConvertedResultExpression
 2020-01-24 15:42:58 -05:00
Sauyon Lee
6e4880bc53 Merge pull request #220 from max/example-queries 
Add example queries
 2020-01-24 09:42:31 -08:00
Max Schaefer
d293388172 Add failing test case for RedundantExpr. 2020-01-24 16:20:08 +00:00
Taus Brock-Nannestad
3cebffe820 Python: Fix divergence in tuple toString. 
Our definition of `toString` for the internal tuple objects we create during the
points-to analysis may have been a _tad_ too ambitious. In particular, it can
easily lead to non-termination, e.g. using the following piece of code:

```python
x = ()
while True:
    x = (x, x)
```

This commit cuts off the infinite recursion by replacing _nested_ tuples with
the string "...". In particular this means even non-recursive tuples will be cut
off at that point, so that the following tuples

```python
(1, "2")
((3, 4), [5, 6])
(1, 2, 3, 4, 5)
```

Get the following string representations.

```
"(int 1, '2', )"
"(..., List, )"
"(int 1, int 2, int 3, 2 more...)"
```
 2020-01-24 17:08:56 +01:00
Mathias Vorreiter Pedersen
d26cf12c3a Merge pull request #2688 from geoffw0/move-taint-test 
C++: Add the security taint test (previously internal).
 2020-01-24 15:58:20 +01:00
Jonas Jensen
b290c7b47a C++: Model that string functions read their buffer 2020-01-24 15:53:38 +01:00
semmle-qlci
b3eada829a Merge pull request #2690 from erik-krogh/MoreEvents2 
Approved by asgerf
 2020-01-24 14:47:04 +00:00
Taus
5a2dfd40af Merge pull request #2639 from RasmusWL/python-improve-dict-taint 
Python: Improve tests for tainted collections
 2020-01-24 15:06:01 +01:00
Max Schaefer
77b86150d6 Fix regex in ClassifyFiles. 
`Comment.getText()` does not include the delimiter.
 2020-01-24 14:05:13 +00:00
Erik Krogh Kristensen
8492f6031f reuse existing type-tracking for classes 2020-01-24 13:36:32 +01:00
Anders Schack-Mulligen
98d527c44c Merge pull request #2685 from esbena/java/sharpen-maven-non-ssl 
java: sharpen java/maven/non-https-url to allow localhost URLs
 2020-01-24 13:19:26 +01:00
Erik Krogh Kristensen
0b55aed626 use the EventEmitter registration methods instead of just "on" 2020-01-24 13:06:00 +01:00
Erik Krogh Kristensen
148ec9aad0 fix typos 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-01-24 12:36:03 +01:00
Geoffrey White
af903fc30c C++: Add the security taint test (previously internal). 2020-01-24 11:28:51 +00:00
Jonas Jensen
ee0648bb57 Merge pull request #2684 from geoffw0/rearrange-tests 
CPP: Test cleanup
 2020-01-24 11:57:58 +01:00