hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
44216b29a9 JS: Autoformat 2022-04-20 11:14:42 +02:00
Asger Feldthaus
4c66f50352 JS: More tests 2022-04-20 11:14:42 +02:00
Asger Feldthaus
fec2837c1e JS: Ensure accessors do not appear to be calls 2022-04-20 11:14:42 +02:00
Asger Feldthaus
ddb682b181 JS: Show all accessor calls in CG test 2022-04-20 11:14:41 +02:00
Asger Feldthaus
37a76f4441 JS: PropWrite is not a SourceNode 2022-04-20 11:14:41 +02:00
Asger Feldthaus
c9db6201ef JS: Add call-graph test for accessor calls 2022-04-20 11:14:41 +02:00
Asger Feldthaus
7d5c80433d JS: Handle accessor-calls to static accessors 2022-04-20 11:14:41 +02:00
Asger Feldthaus
37b3a6e5c0 JS: Add ClassNode.getStaticMember 2022-04-20 11:14:41 +02:00
Anders Schack-Mulligen
cb898ae03f Merge pull request #8701 from aschackmull/doc/any-none 
Doc: Add any() and none() to the language reference.
 2022-04-20 10:49:42 +02:00
yoff
0c7130602a Merge pull request #8731 from RasmusWL/delete-old-readme 
Python: Delete old dataflow readme
 2022-04-20 10:36:12 +02:00
yoff
a66153d73e Merge pull request #8733 from RasmusWL/split-dataflow-private 
Python: Split `DataFlowPrivate`
 2022-04-20 10:21:05 +02:00
Erik Krogh Kristensen
10130eef6d Merge pull request #8678 from erik-krogh/fileSource 
JS: Add files as a source for `js/xss-through-dom`
 2022-04-20 09:18:38 +02:00
Harry Maclean
942388e8bc Pipe to jq --arg instead of gh api --jq 2022-04-20 11:41:38 +12:00
Harry Maclean
eba303dea7 Fix typo 2022-04-20 11:21:06 +12:00
luchua-bc
b76873fc8d Add more test cases 2022-04-19 22:22:15 +00:00
Robert Marsh
f94fcf11cd C++: accept dataflow test changes 2022-04-19 13:32:19 -04:00
Felicity Chapman
b10e7300ae Update docs/codeql/ql-language-reference/formulas.rst 2022-04-19 17:29:31 +01:00
Nick Rolfe
c02670aca2 Ruby: make PostUpdateNode public 2022-04-19 17:12:51 +01:00
Felicity Chapman
d663102ffb Update docs/codeql/ql-language-reference/formulas.rst 2022-04-19 16:57:05 +01:00
luchua-bc
f0c4b1955b Change getResource() to be a taint step 2022-04-19 15:55:09 +00:00
Felicity Chapman
6fbe227cbc Try to fix Sphinx warning in formulas.rst 2022-04-19 16:36:42 +01:00
Stephan Brandauer
2fb3147b7b Merge pull request #8430 from kaeluka/js/CVE-2022-24718 
JS: Add taint step for handlebars model
 2022-04-19 15:57:58 +01:00
Michael Nebel
91324d40b5 Merge pull request #8659 from michaelnebel/csharp/capturemodelsmetadata 
C#: Add kind tag to Capture model queries.
 2022-04-19 16:39:03 +02:00
Anders Schack-Mulligen
48fbbf2531 Dataflow: Add change notes. 2022-04-19 15:29:35 +02:00
Anders Schack-Mulligen
b521d64156 Dataflow: Sync. 2022-04-19 15:29:35 +02:00
Anders Schack-Mulligen
4ae59b530b Dataflow: Revert flow-state versions of in-/out-barriers. 2022-04-19 15:29:34 +02:00
Nick Rolfe
08f6fbbe10 Ruby: make comment about backslash escaping clearer 2022-04-19 14:05:17 +01:00
Porcupiney Hairs
85c751cb7f CPP: PAM Authorization Bypass 
This PR is similar to my other PRs for
[Python](https://github.com/github/codeql/pull/8595) and
[Golang](https://github.com/github/codeql-go/pull/709).

This PR aims to detect instances were an initiated PAM Transaction invokes the `pam_authenticate` method but does not invoke a call to the pam_acct_mgmt` method. This is bad as a call to `pam_authenticate` only verifies the users credentials. It does not check if the user account is still is a valid state.

If only a call to `pam_authenticate` is used to verify the user, a user with an expired account password would still be able to login. This can be prevented by calling the `pam_acct_mgmt` function after a `pam_authenticate` function.
 2022-04-19 18:24:19 +05:30
Geoffrey White
3326fd5400 C++: Update test .expected. 2022-04-19 13:43:17 +01:00
Geoffrey White
5698638d1f Apply suggestions from code review (documentation) 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-04-19 13:38:00 +01:00
Erik Krogh Kristensen
8669bbd948 update expected output of rate-limit query after test reorg 2022-04-19 14:27:24 +02:00
Nick Rolfe
76c6a521fd Ruby: add clarifying comment 2022-04-19 13:10:57 +01:00
Anders Schack-Mulligen
82463c9290 Merge pull request #8774 from MathiasVP/nomagic-revPartialPathStep 
Add `nomagic` to `revPartialPathStep`
 2022-04-19 14:02:04 +02:00
Michael Nebel
c79c9dd573 C#: Don't generate models for any higher order callables. 2022-04-19 12:50:51 +02:00
Michael Nebel
8726766465 C#: Remove the API special case for GetHashCode, Equals and IEquatable.Equals as these are now excluded based on their type. 2022-04-19 12:50:51 +02:00
Michael Nebel
f6fd401df1 C#: Add some testcases, where we don't get a summary due to the use of simple types. 2022-04-19 12:50:51 +02:00
Michael Nebel
f9e5c6b77d C#: Don't use simple types in summaries test cases as these will be excluded in generation purely based on the type. 2022-04-19 12:50:51 +02:00
Michael Nebel
f533636ad7 C#: Remove taint when it flows via a primitive/simple type (as is the case for java). 2022-04-19 12:50:51 +02:00
Nick Rolfe
76587c4144 Ruby: fix capitalisation of String in qhelp 2022-04-19 11:42:31 +01:00
Nick Rolfe
468c718da0 Ruby: simplify predicate 2022-04-19 11:32:26 +01:00
Nick Rolfe
ac805f0cdc Ruby: simplify predicate by using DataFlow::CallNode 2022-04-19 11:27:33 +01:00
Nick Rolfe
ca4dc0583d Ruby: fix comment typos 2022-04-19 11:15:34 +01:00
Geoffrey White
6e184f2438 C++: Rename variables 'a' and 'b'. 2022-04-19 10:57:42 +01:00
Nick Rolfe
14de91ce94 Ruby: make StringSubstitutionCal extend DataFlow::CallNode 2022-04-19 10:52:14 +01:00
Mathias Vorreiter Pedersen
a7c0113bc7 Merge pull request #8741 from geoffw0/autogen 
C++: Fix issue with extremely long comments in AutogeneratedFile.qll
 2022-04-19 10:45:16 +01:00
Geoffrey White
da38c9041c C++: Improvements from PR comments. 2022-04-19 10:25:00 +01:00
Geoffrey White
50c7e47dd9 C++: Improve QLDoc. 2022-04-19 10:15:12 +01:00
Erik Krogh Kristensen
6799232009 fix typo in qldoc 2022-04-19 11:09:27 +02:00
Geoffrey White
da454128ed Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-04-19 10:08:07 +01:00
Geoffrey White
0aa1945f30 C++: Comments. 2022-04-19 10:04:15 +01:00