hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 08:41:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,687 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
06b8f74644 C#: Avoid combinatorial explosion in structural comparison library 
In cases where the target of a call/access has multiple values (which is a DB
inconsistency), the GVN construction underlying the structural comparision library
may run into a combinatorial explosion. This change excludes such expressions from
the GVN construction.
 2022-03-14 09:07:45 +01:00
ihsinme
62381d0762 Update test.cpp 2022-03-14 09:36:28 +03:00
ihsinme
de92356c88 Update InsecureTemporaryFile.expected 2022-03-14 09:35:03 +03:00
ihsinme
1db759cc4d Update InsecureTemporaryFile.ql 2022-03-14 09:33:08 +03:00
4B5F5F4B
597603a3a6 Create cve-2017-5123.ql 
Add query to detect CVE-2017-5123
 2022-03-14 09:44:30 +08:00
4B5F5F4B
4030561eb7 Delete CVE 2022-03-14 09:43:04 +08:00
4B5F5F4B
880c12bd34 Create CVE 2022-03-14 09:42:40 +08:00
Erik Krogh Kristensen
8f86b067e7 deprecate the unused localTaintStep and stringStep predicates 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
cc231fef4c deprecate some unused predicate in DefUse.qll 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
c0a63beec1 deprecate unused document predicates in DOM.qll 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
5e52a71091 remove test .qll files that weren't imported 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
4fc85a791d deprecate DefiningIdentifier, it was not used in any query 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
9cf0a94e4d use some Sanitizer classes that were unused in the query code 2022-03-13 23:54:53 +01:00
Alex Ford
fc232ce55f Ruby: changenote for rb/weak-cryptographic-algorithm 2022-03-13 21:25:28 +00:00
Alex Ford
94d5f3bb1f Ruby: Add rb/weak-cryptographic-algorithm query 2022-03-13 21:25:28 +00:00
Alex Ford
40b87e6df7 Ruby: tests for rb/weak-cryptographic-algorithm 2022-03-13 21:25:24 +00:00
Alex Ford
446141ada3 Ruby: qhelp for rb/weak-cryptographic-algorithm 2022-03-13 21:25:12 +00:00
Alex Ford
4234cfeeec Ruby: model CipherOperations for OpenSSL 2022-03-13 21:21:52 +00:00
Alex Ford
489391eb4c Ruby: add CryptographicOperation concept 2022-03-13 21:21:52 +00:00
Dave Bartolomeo
afa3399e27 Zero diffs between Java AST and Semantic range analysis 2022-03-13 13:38:21 -04:00
jorgectf
ded9663f2b Finish taint steps 2022-03-13 13:59:03 +01:00
Dave Bartolomeo
8b4d6a26ef Performance improvements for semantic layer construction 2022-03-12 11:28:12 -05:00
p0wn4j
ee67d27b56 Java: Add JDBC connection SSRF sinks 2022-03-12 16:35:32 +04:00
Arthur Baars
f59f36b863 Use RUNNER_TEMP instead of runner.temp 2022-03-11 21:13:41 +01:00
Joe Farebrother
b924de631f Add change note, minor docs improvement 2022-03-11 17:58:52 +00:00
Ahmed Farid
3c9de6f488 Update Zip.qll 2022-03-11 18:50:37 +01:00
Joe Farebrother
594d51e84d Exclude constants 2022-03-11 17:45:42 +00:00
Joe Farebrother
06f2c03828 Add tests 2022-03-11 17:44:52 +00:00
Arthur Baars
7da0889813 Update check-qldoc.yml 2022-03-11 17:45:23 +01:00
Arthur Baars
e1f9eca272 Update check-qldoc.yml 2022-03-11 17:44:55 +01:00
Jonathan Leitschuh
50ff2c2c68 Code cleanup from code review 2022-03-11 11:44:15 -05:00
Robert Marsh
5c04516179 Merge pull request #8390 from redsun82/remove-unique-from-uuid 
C++: Remove uniqueness constraint from uuid
 2022-03-11 11:08:34 -05:00
Alex Ford
808cc9cf35 Merge pull request #8396 from alexrford/ruby/charpred-only-field 
Ruby: resolve `ql/field-only-used-in-charpred` alerts
 2022-03-11 15:48:05 +00:00
Erik Krogh Kristensen
fa37ece593 Merge pull request #8408 from erik-krogh/pathProblem 
QL: make a query checking for `edges` relation in a path-problem query
 2022-03-11 16:27:46 +01:00
Erik Krogh Kristensen
14e0d387e7 add a ql/path-problem-query query 2022-03-11 16:06:27 +01:00
Alex Ford
757aa294aa Update ruby/ql/lib/codeql/ruby/ast/internal/Scope.qll 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-11 14:53:02 +00:00
Tony Torralba
c49d19eb0f Merge pull request #8407 from smowton/smowton/admin/revert-8325 
Java: Revert #8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue
 2022-03-11 14:55:10 +01:00
Arthur Baars
cf4b834536 Address comments 2022-03-11 14:25:34 +01:00
Ahmed Farid
f092cd8d80 Update Zip.qll 2022-03-11 14:15:05 +01:00
Ahmed Farid
eb71cdf7a2 Update ZipSlip.ql 2022-03-11 14:13:28 +01:00
Ahmed Farid
0de1cef26e Update ZipSlip.qll 2022-03-11 14:03:17 +01:00
Chris Smowton
58d4513d84 Change note 2022-03-11 12:51:13 +00:00
Chris Smowton
496cae7742 Revert 8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue 
As pointed out in 8325's thread, this breaks the corner case of char-literal addition and the convention that getStringValue only applies to String-typed constants.
 2022-03-11 12:45:53 +00:00
Chris Smowton
579b57cf67 Range analysis: use ranked phi nodes 
This borrows a technique (and the implementing code) off Modulus analysis.
 2022-03-11 12:32:12 +00:00
Erik Krogh Kristensen
1e365611fc fix all other implicit-this warnings introduced by the acronym patch 2022-03-11 13:22:07 +01:00
github-actions[bot]
7ac7657ffc JS: Bump patch version of ML-powered library and query packs post-release 2022-03-11 12:17:13 +00:00
Erik Krogh Kristensen
2e2970128e fix typo in change-note 2022-03-11 13:16:34 +01:00
Erik Krogh Kristensen
a5a82a0b58 JS: remove accidential copy-pasted change-note 2022-03-11 13:16:34 +01:00
Erik Krogh Kristensen
b63b675169 RB: add explicit-this 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-11 13:16:10 +01:00
github-actions[bot]
2f6886642c JS: Bump minor version of ML-powered library and query packs 2022-03-11 12:13:03 +00:00