hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 08:41:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,687 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
532fc080a1 Ruby: Fix inconsistencies in checking for sensitive names in CleartextSources 2022-03-10 17:38:52 +00:00
Alex Ford
8be1be388e Ruby: update CleartextStorage test output for source locations 2022-03-10 17:38:52 +00:00
Alex Ford
fda2b56e20 Ruby: move rb/clear-text-storage-sensitive-data location from sink to source 2022-03-10 17:38:52 +00:00
Alex Ford
4618000567 Ruby: move an import into CleartextStorage.ql 2022-03-10 17:38:52 +00:00
Alex Ford
853fbe8911 Ruby: Fix CleartextStorageCustomizations to use PersistentWriteAccess 2022-03-10 17:38:52 +00:00
Alex Ford
a1a7c31661 Ruby: drop an outdated TODO 2022-03-10 17:38:52 +00:00
Alex Ford
9fe7d6e143 Ruby: fix typo 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-03-10 17:38:52 +00:00
Alex Ford
0e2709f809 Ruby: changenote for rb/clear-text-storage-sensitive-data 2022-03-10 17:38:52 +00:00
Alex Ford
ef29a372a4 Ruby: Cleartext storage tests 2022-03-10 17:38:52 +00:00
Alex Ford
0070e30377 Ruby: Add rb/clear-text-storage-sensitive-data query 2022-03-10 17:38:52 +00:00
Alex Ford
7084718b07 Ruby: factor out common parts of CleartextLoggingCustomizations into CleartextSources 2022-03-10 17:38:52 +00:00
Alex Ford
19c7f7be46 Merge pull request #8271 from github/alexrford/ruby/orm-write-access 
Ruby: Add `OrmWriteAccess` concept to model writes to a DB using an ORM
 2022-03-10 17:35:02 +00:00
Jonathan Leitschuh
ecb8911756 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-03-10 11:48:16 -05:00
ihsinme
a094e6f63b Update test.cpp 2022-03-10 17:56:34 +03:00
ihsinme
fa3ce61369 Update test.cpp 2022-03-10 17:54:03 +03:00
Tom Hvitved
d4808a7b4a Merge pull request #8389 from hvitved/ruby/regex-unique-get-value 
Ruby: Avoid multiple `RegExpEscape::getValue` results
 2022-03-10 15:53:28 +01:00
Joe Farebrother
4bf6c10896 Split configs into Query.qll library 2022-03-10 13:23:40 +00:00
Erik Krogh Kristensen
41778328c2 Update javascript/ql/lib/semmle/javascript/dataflow/Sources.qll 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-03-10 14:16:28 +01:00
Taus
4ee4bba4d1 Merge branch 'main' into ZipSlip 2022-03-10 13:30:51 +01:00
Mathias Vorreiter Pedersen
bff10e8ea1 C++: Add change note. 2022-03-10 10:59:04 +00:00
Mathias Vorreiter Pedersen
0d3e47bcae C++: Pick the offset expression as the sink in 'cpp/unclear-array-index-validation' (and not the array expression). 2022-03-10 10:57:51 +00:00
Mathias Vorreiter Pedersen
5de2e24e9a Merge pull request #8358 from geoffw0/cwe497c 
C++: Upgrade cpp/system-data-exposure to high precision
 2022-03-10 10:49:19 +00:00
Erik Krogh Kristensen
c2743177af JS: delete the TrackedNodes.qll, it had no public interface left 2022-03-10 11:34:17 +01:00
Mathias Vorreiter Pedersen
693eca2179 C++: Give 'cpp/unclear-array-index-validation' precision low. 2022-03-10 10:17:08 +00:00
Chris Smowton
3113b27606 Fix style 2022-03-10 10:03:14 +00:00
Tom Hvitved
208851cb91 Merge pull request #7084 from hvitved/ruby/self-flow 
Ruby: Cleanup flow through `self`
 2022-03-10 10:50:24 +01:00
Tom Hvitved
5b974582e3 Merge pull request #8322 from hvitved/csharp/remove-odasa-legacy 
C#: Remove legacy `odasa` support
 2022-03-10 10:34:33 +01:00
Paolo Tranquilli
34829e92b1 C++: Remove uniqueness constraint from uuid 
Different class definitions can have the same uuid. This happens for
example when using `#import <msxml6.dll>` there will be several C++
classes generated in `msxml6.tlh` which will share uuids with
`extern "C"` struct declarations in the system header `msxml.h`.

Notice that as far as the standard cpp QL library and queries go, we
expose `getUuid()` on `UserType` and we never try to invert it, so we
only rely on uniqueness of the `id` column in the `usertype_uuid` table,
not the `uuid` column.

Closes github/codeql-c-team#893
 2022-03-10 10:33:37 +01:00
Tom Hvitved
76663f80f0 Ruby: Avoid multiple RegExpEscape::getValue results 2022-03-10 10:32:24 +01:00
Tom Hvitved
0d71f0ab40 Ruby: Add regex unicode test 2022-03-10 10:30:17 +01:00
Erik Krogh Kristensen
fa766126e5 CPP: remove import of deleted deprecation 2022-03-10 10:25:03 +01:00
Erik Krogh Kristensen
a96223c9c1 PY: remove leftover comments 2022-03-10 10:25:03 +01:00
Erik Krogh Kristensen
e6b0552114 JS: delete leftover comment 2022-03-10 10:25:02 +01:00
Erik Krogh Kristensen
53d557c037 CPP: delete file that that had been deprecated for over a year 2022-03-10 10:24:57 +01:00
Tom Hvitved
37f5db5baa Ruby: Reduce captureFlow(In|Out) 
When there is flow in/out of a block through a captured variable, we can restrict
the calls that give rise to the flow to the method calls to which the blocks
belong.
 2022-03-10 10:21:51 +01:00
Geoffrey White
9e3156dd1c Merge branch 'main' into cwe497c 2022-03-10 09:05:58 +00:00
Erik Krogh Kristensen
b9b65005d6 C#: delete leftover comment 2022-03-10 10:02:36 +01:00
ihsinme
4b451cfee6 Update ImproperCheckReturnValueScanf.expected 2022-03-10 10:13:04 +03:00
ihsinme
5e23615be7 Update test.cpp 2022-03-10 10:12:29 +03:00
Alex Ford
edf8a3f810 Ruby: update test output 2022-03-10 00:17:29 +00:00
Alex Ford
ace60df619 Ruby: add missing qldoc 2022-03-10 00:00:02 +00:00
jorgectf
c155ac6e7a Add HtmlEscaping sanitizer 2022-03-10 00:47:04 +01:00
Dave Bartolomeo
00ae5de780 Make semantic modulus analysismatch Java results 2022-03-09 18:06:43 -05:00
Alex Ford
8abee165a5 Ruby: test cases for PersistentWriteAccess in rails model class 2022-03-09 22:35:40 +00:00
Alex Ford
a040b67434 Ruby: drop some redundant extends classes 2022-03-09 19:13:58 +00:00
Alex Ford
d85424d0e0 Ruby: Drop ActiveRecord::Persistence.ModifyAndSaveCall 2022-03-09 19:10:53 +00:00
Alex Ford
19c413d5fb Ruby: Drop setsKeyValuePair/2 predicate from ActiveRecord::Persistence.ModifyAndSaveCall 2022-03-09 19:09:18 +00:00
Alex Ford
ee433637f8 Ruby: replace OrmWriteAccess with PersistentWriteAccess concept 2022-03-09 18:59:16 +00:00
Erik Krogh Kristensen
34c7bcadde CPP: delete LocalScopeVariableReachability.qll 2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
9c4fcf4c6d fix typo in change-note 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-03-09 18:28:13 +01:00