hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 18:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,691 Branches 160 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
c9467d7e94 C#: Add new tables to the dbscheme line span pragma. 2022-01-18 09:32:14 +01:00
Anders Schack-Mulligen
c41ec1f8ec Merge pull request #7619 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-18 09:17:40 +01:00
github-actions[bot]
b8959f7bdb Add changed framework coverage reports 2022-01-18 00:10:52 +00:00
Alex Ford
c1a51d94a2 Ruby: add test for protect_from_forgery without exception strategy 2022-01-17 17:44:52 +00:00
Erik Krogh Kristensen
d63f4bfd94 Merge pull request #7615 from erik-krogh/super-charpred 
QL: support this.method() calls in the charpred that references non-extending supertypes
 2022-01-17 18:32:10 +01:00
Felicity Chapman
e0110bd25e FIx typo in new note 2022-01-17 17:20:00 +00:00
Henry Mercer
ffa4135cbe JS: Update alert messages for ML-powered queries 2022-01-17 17:19:49 +00:00
Erik Krogh Kristensen
a4cfb80b81 QL: update comment 2022-01-17 17:19:15 +00:00
Felicity Chapman
e7dde79d50 Add note and link to main CodeQL CLI docs 2022-01-17 17:14:58 +00:00
Erik Krogh Kristensen
85c273a413 QL: support this.method() calls in the charpred that references non-extending supertypes 2022-01-17 17:42:35 +01:00
Henry Mercer
e9128466d4 JS: Add query help for ML-powered queries 
Query help is identical to the original query, except for a new
paragraph prepended to the overview explaining that the queries are
experimental.

We add Markdown query help since only Markdown query help is embedded in
SARIF via `--sarif-add-query-help`.
 2022-01-17 16:34:50 +00:00
Henry Mercer
568d37e9b9 JS: Update definition of ATM query suite 
It's simpler to just run all the queries in the pack instead of
specifying the IDs.
 2022-01-17 16:34:50 +00:00
Geoffrey White
d475101286 C++: Fix some code duplication. 2022-01-17 16:26:22 +00:00
Owen Mansel-Chan
065043b311 Merge pull request #7588 from owen-mc/add-specific-needs-reference-predicates 
Dataflow: Add language-specific NeedsReference predicates
 2022-01-17 15:51:34 +00:00
Asger Feldthaus
79f799066a JS: Update test output 2022-01-17 16:27:57 +01:00
Michael Nebel
b927aad6ed C#: Address review comments related to record structs. 2022-01-17 16:16:18 +01:00
Michael Nebel
6c1bb4a3a9 C#: Add test case for record class and record structs. 2022-01-17 16:16:18 +01:00
Michael Nebel
746fd603d8 C#: Add flow summary test for record struct constructors. 2022-01-17 16:16:18 +01:00
Michael Nebel
9770f09839 C#: Deprecate Record and introduce RecordClass instead. Also make flow summary support for record struct constructors. 2022-01-17 16:16:18 +01:00
Michael Nebel
55cb2aa160 C#: Use modifier to decide, if a type is a record like type and implement support for record struct types. 2022-01-17 16:16:18 +01:00
Michael Nebel
dc76775d07 C#: Consider 'record' a type modifier in the extractor (it can be applied to both class and struct). 2022-01-17 16:16:18 +01:00
Michael Nebel
c17bd29640 C#: Rename C# code file and update test. 2022-01-17 16:16:18 +01:00
Tony Torralba
e967b8a9be Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem 
Java: Create new query Cleartext storage of sensitive information in Android filesystem
 2022-01-17 14:02:38 +01:00
Tony Torralba
227929508f Merge pull request #6923 from atorralba/atorralba/android-fragment-injection 
Java: CWE-470  - Queries to detect Fragment Injection in Android applications
 2022-01-17 14:02:15 +01:00
Tom Hvitved
3c837c322b Merge pull request #7514 from github/post-release-prep/codeql-cli-2.7.5 
Post-release preparation for codeql-cli-2.7.5
 2022-01-17 12:40:33 +01:00
Tom Hvitved
429a9658e1 Merge pull request #657 from github/post-release-prep/codeql-cli-2.7.5 
Post-release preparation for codeql-cli-2.7.5
 2022-01-17 12:40:24 +01:00
Tony Torralba
7beab7cb59 Apply code review suggestions 2022-01-17 12:02:27 +01:00
Mathias Vorreiter Pedersen
78642aaae2 Merge pull request #7593 from MathiasVP/fix-join-order-in-get-conversion-type 
C++: Fix join order in 'getConversionType4'
 2022-01-17 11:01:08 +00:00
Chris Smowton
16aa53a928 Add security tag to java/random-used-once 
Raised in https://github.com/github/codeql/issues/7601, this is one of the only .ql files that has a security-severity score but not the tag "security", including many other queries that live outside the `Security/` subdirectory.

Besides this the only other files with this security-severity-but-no-security-tag combination are:

```
java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql
```

Given their location I'm assuming these queries are disabled by default and likely shouldn't changed?
 2022-01-17 10:35:34 +00:00
Tony Torralba
a23b8a4a43 Update java/ql/src/Security/CWE/CWE-470/FragmentInjection.inc.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-17 11:20:39 +01:00
Tony Torralba
ba3a4fb717 Rename filesystemStore predicate after d9e6e5aa04 2022-01-17 11:13:41 +01:00
Tony Torralba
500deac12d Change query description 2022-01-17 11:11:05 +01:00
Tony Torralba
d9e6e5aa04 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-17 11:11:05 +01:00
Tony Torralba
22aad17d0e Apply review suggestions 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-17 11:11:04 +01:00
Tony Torralba
9bbba3c96f Adjust UnsupportedExternalAPIs test 2022-01-17 11:11:04 +01:00
Tony Torralba
1e4840e071 Fix predicate name 2022-01-17 11:11:03 +01:00
Tony Torralba
79ddbd6fe4 Fix QLDoc and the qhelp example 2022-01-17 11:11:03 +01:00
Tony Torralba
c1ac09a063 Added query for Cleartext Storage in Android Filesystem 2022-01-17 11:11:00 +01:00
Paolo Tranquilli
6a53b7b233 Merge pull request #7543 from github/rdmarsh2/cpp/hex-format-range-analysis 
C++: Use range analysis for maximum lengths of `%x` formats
 2022-01-17 08:32:34 +01:00
Alex Ford
d09f48ecb4 Ruby: flag up protect_from_forgery calls without an exception strategy 2022-01-16 20:56:13 +00:00
Artem Smotrakov
825fe1797a Fixed another false-positive in CWE-297/IgnoredHostnameVerification.ql 2022-01-16 18:55:49 +00:00
Artem Smotrakov
6dad0e21d9 Ignore wrapped HostnameVerifier.vefify() calls 2022-01-16 18:29:30 +00:00
Artem Smotrakov
dcf251bb93 Fixed typos in IgnoredHostnameVerification.qhelp 2022-01-16 18:27:49 +00:00
Fosstars
2b33265d0f Added a query for ignored hostname verification 
- Added IgnoredHostnameVerification.ql
- Added a qhelp file with examples
- Added tests
 2022-01-16 18:27:49 +00:00
Artem Smotrakov
f78002bc02 Fixed a false-positive in CWE-297/IgnoredHostnameVerification.ql 2022-01-16 18:25:18 +00:00
Fosstars
e11cb943a6 Added a query for ignored hostname verification 
- Added IgnoredHostnameVerification.ql
- Added a qhelp file with examples
- Added tests
 2022-01-16 18:25:18 +00:00
luchua-bc
4797fce48a Update use cases and qldoc 2022-01-16 01:15:29 +00:00
luchua-bc
978ef1570a Update method names 2022-01-16 01:11:25 +00:00
jorgectf
9ab6d21757 Add forward type tracking test 2022-01-14 22:56:51 +01:00
Andrew Eisenberg
a83af5e14c Merge pull request #661 from github/aeisenberg/changenote-upgrades-removal 
Changenotes: Add changenotes for upgrades refactoring
 2022-01-14 12:12:57 -08:00