hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 18:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,691 Branches 160 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
7fd2fff1ba Merge pull request #666 from owen-mc/tainted-path-add-more-tests 
Add tests for tainted path query checking the sanitizers and sanitizer guards work
 2022-01-19 13:00:57 +00:00
Henry Mercer
061b9badfe Merge pull request #7649 from github/henrymercer/bump-atm-query-pack-v0.0.5 
JS: Bump ML-powered query packs to v0.0.5
 2022-01-19 13:00:41 +00:00
Geoffrey White
acfd593eb4 C++: Change note. 2022-01-19 13:00:36 +00:00
Geoffrey White
330b4c3704 C++: Generalize hasSocketInput a little to include fgets and friends. 2022-01-19 13:00:35 +00:00
Geoffrey White
9c2d961ae5 C++: Fix another expression of stdin / stdout we see in practice. 2022-01-19 13:00:34 +00:00
Michael Nebel
d7cd1cf0b9 C#: Address review comments. 2022-01-19 13:50:02 +01:00
Tom Hvitved
4f90b45dd7 C#: Address review comments 2022-01-19 13:46:22 +01:00
Tom Hvitved
c8509cc382 C#: Introduce extractor mode to identify DBs created with codeql test run 2022-01-19 13:46:22 +01:00
Geoffrey White
d77ba020f9 C++: Support more routines as proof-of-encryption in cpp/cleartext-transmission. 2022-01-19 12:40:32 +00:00
Rasmus Lerchedahl Petersen
b17f844f35 python: New generated files 2022-01-19 13:36:32 +01:00
Geoffrey White
974a8b1a9a C++: Add a test case. 2022-01-19 12:33:21 +00:00
Henry Mercer
d467725ccd JS: Bump ML-powered query packs to v0.0.5 2022-01-19 12:08:33 +00:00
Michael Nebel
3df30545d3 Merge pull request #7628 from michaelnebel/csharp/issue-7609 
C#: Fix false positive alert for shadowing on record types.
 2022-01-19 12:24:57 +01:00
Tom Hvitved
71ddd00a6c C#: Workaround Roslyn bug in INamedTypeSymbol.TupleElements 2022-01-19 11:33:03 +01:00
Michael Nebel
edafdc8fde C#: Added change note. 2022-01-19 11:04:53 +01:00
Michael Nebel
194da454b1 C#: Add record deconstruct method as an exception from the bad practice rule. 2022-01-19 11:04:53 +01:00
Michael Nebel
2eea6ca5fd C#: Example record type with autogenerated Deconstruct method. 2022-01-19 11:04:53 +01:00
Mathias Vorreiter Pedersen
bdfde88e99 Merge pull request #7630 from JarLob/patch-2 
C++: Reduce FPs in IncorrectPrivilegeAssignment.ql
 2022-01-19 09:49:43 +00:00
Owen Mansel-Chan
85319b2dbf Add tests for tainted path sanitizers and sanitizer guards 2022-01-19 09:49:15 +00:00
Erik Krogh Kristensen
ef2eacebce add a js/empty-password-in-configuration-file query 2022-01-19 10:48:45 +01:00
Michael Nebel
55f787bcae Merge pull request #7605 from michaelnebel/csharp/record-struct 
C#: Support for record structs
 2022-01-19 10:39:52 +01:00
Harry Maclean
994fcf54b5 Merge pull request #7126 from jeffgran/jg/graphql-ruby 
Ruby: Add support for GraphQL
 2022-01-19 22:19:30 +13:00
Erik Krogh Kristensen
b7a0b8765e add js/http-dependency query 2022-01-19 10:05:39 +01:00
Harry Maclean
08d48b9375 Add top-level doc comment to GraphQL.qll 2022-01-19 21:42:46 +13:00
Tony Torralba
b2c7175ac5 Merge pull request #7641 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-19 09:34:01 +01:00
Tom Hvitved
f02aeafef1 Ruby: Move regex/non-regex split into TAstNode to convey disjointness 2022-01-19 09:22:01 +01:00
github-actions[bot]
f7240be136 Add changed framework coverage reports 2022-01-19 00:09:52 +00:00
Jaroslav Lobačevski
a1b0315d90 Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 2022-01-19 00:52:10 +01:00
Andrew Eisenberg
01b5881de6 Docs: Remove reference to checking out main branch 
We are no longer including information about how to check out
github/codeql, so this paragraph doesn't fit any more.
 2022-01-18 15:48:33 -08:00
Owen Mansel-Chan
84f9b74f50 t Improve documentation of Function.getACall 2022-01-18 23:44:34 +00:00
Owen Mansel-Chan
3c02403701 Do not use getACall() when we only want direct calls 
In both of these locations we do not want calls through interface methods.
 2022-01-18 23:36:14 +00:00
Andrew Eisenberg
0cd6556964 Docs: Update analyzing databases docs 
Add more information about running packs. Include the `--download` flag.
 2022-01-18 15:03:08 -08:00
Andrew Eisenberg
7fcf567eda Docs: Simplify getting started docs 
It is no longer necessary to check out a version of `github/codeql` as
a sibling directory to the distribution. Instead, users can download
the required packs as needed. using the `pack download` command or
the `--download` option for `codeql database analyze`.
 2022-01-18 15:03:08 -08:00
Harry Maclean
4f7f92490a Distinguish regex components from strings 
Create a set of classes for components of regex literals,
separate from those of string literals. This allows us to special-case
components of free-spacing regexes (ones with the /x flag) to not have a
`getValueText()`.

This in turn is useful because our regex parser can't handle free-spacing
regexes, so excluding them ensures that we don't generate erroneous
ReDoS alerts.
 2022-01-19 11:23:40 +13:00
Jaroslav Lobačevski
3fa2516898 Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 2022-01-18 21:47:55 +01:00
Jaroslav Lobačevski
d1c89562b8 Apply suggestions from code review 2022-01-18 21:45:13 +01:00
Chris Smowton
84097468cc Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch 
Java: CWE-552 Query to detect unsafe request dispatcher usage
 2022-01-18 18:19:20 +00:00
Owen Mansel-Chan
1aebf4ccac Merge pull request #664 from owen-mc/add-change-note-function-getacall 
Add change note for change to `Function.getACall`
 2022-01-18 18:12:29 +00:00
Henry Mercer
63672ca394 Merge pull request #7616 from github/henrymercer/js-atm-add-query-help 
JS: Add query help for ML-powered queries
 2022-01-18 18:11:53 +00:00
Chris Smowton
1e32514600 Avoid using this for a non-extending supertype, and remove needless casts 2022-01-18 17:20:40 +00:00
Benjamin Muskalla
9e91b805d6 Sort Lang3 models 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
e6800c877c Merge Lang3 rows 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
736e68820c Split out Lang3 models 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
67b60dcf78 Sort Lang2 rows 2022-01-18 18:10:36 +01:00
Benjamin Muskalla
82bda6d573 Merge Lang2 summary models 2022-01-18 18:10:36 +01:00
Benjamin Muskalla
8eb6743586 Split out Lang2 rows 2022-01-18 18:10:33 +01:00
Chris Smowton
d744cf9053 Clean up guard logic: 
* Always sanitize after the second guard, not the first
* Only check basic-block dominance in one place
* One BarrierGuard extension per final guard
 2022-01-18 17:10:06 +00:00
Chris Smowton
748008ad51 Remove dangling reference to UnsafeRequestPath.java 2022-01-18 17:08:38 +00:00
luchua-bc
a3d65a8ed0 Update recommendation in qldoc and make examples more comprehendible 2022-01-18 17:01:26 +00:00
Owen Mansel-Chan
84116e1681 Update ql/lib/change-notes/2022-01-18-function-get-a-call.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-18 16:51:07 +00:00