hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 09:11:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
b11c55ff23 Fix mismatched results between semantic and AST range analysis 2022-02-22 18:19:38 -05:00
Jeroen Ketema
423d325204 C++: Simplify cpp/declaration-hides-variable 
The check for `(unnamed local variable)` is no longer needed, because these
variables are now identified as being compiler generated.
 2022-02-22 23:04:48 +01:00
Robert Marsh
a37f746dff C++: fix FP and add paths in InsufficientKeySize 2022-02-22 15:38:50 -05:00
Erik Krogh Kristensen
73f2e89f3e Merge pull request #8165 from erik-krogh/protoWrite 
JS: support more property writes in js/prototype-pollution-utility
 2022-02-22 21:30:22 +01:00
jorgectf
7c108c7892 Polish test 2022-02-22 20:57:20 +01:00
Jorge
0216798cb9 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-02-22 20:55:51 +01:00
Mathias Vorreiter Pedersen
ea35f56212 C++: Add a query for detecting uses of expired stack pointers that escaped through global variables. 2022-02-22 19:12:08 +00:00
Porcupiney Hairs
c81d85f321 Include suggestions from review 2022-02-22 23:07:34 +05:30
Erik Krogh Kristensen
b6b93065ff Merge pull request #8157 from erik-krogh/lodash-clone 
JS: add lodash.{clone, cloneDeep} as a clone step
 2022-02-22 18:12:10 +01:00
Erik Krogh Kristensen
c487bb73a7 Merge pull request #8143 from erik-krogh/pred-ql-style 
QL: add ql-for-ql query for detecting bad predicate qldoc
 2022-02-22 17:49:12 +01:00
Paolo Tranquilli
e15c1f7c45 fix typo in docs/pre-commit-hook-setup.md 2022-02-22 17:47:35 +01:00
Paolo Tranquilli
33cce2b5ac add pre-commit configuration 
This enables use of the `pre-commit` framework to run quick pre-commit
checks. In particular this allows to automatically fix:
* trailing white spaces
* absence or multiple newlines at the end of files
* QL code formatting
* file sync

More could be added in the future: anything that can be checked fast
can be added in the configuration (for example well-formedness of
`qldoc` files).

This is a purely opt-in feature. Instructions for enabling it and
possibly configuring its behaviour are in `pre-commit-hook-setup.md`.
 2022-02-22 17:40:07 +01:00
Jeroen Ketema
aecc17c49b Merge pull request #7928 from jketema/structured-bindings-db-scheme 
C++: Add table that identifies C++ structured bindings
 2022-02-22 17:34:26 +01:00
Stephan Brandauer
6a9186cdef update ATM NosqlInjection and SqlInjection query docs 2022-02-22 16:56:18 +01:00
Chris Smowton
106ee5b8a2 Merge pull request #696 from asgerf/asgerf/dot-separated-access-paths 
Go: Switch to dot-separated access paths in summary specs
 2022-02-22 15:34:27 +00:00
Arthur Baars
69ed121ecb Ruby/Python: regex parser: group sequences of 'normal' characters 2022-02-22 16:15:33 +01:00
Geoffrey White
31d214d5ee Merge pull request #8170 from geoffw0/typos 
C++: Fix Spelling Typos.
 2022-02-22 15:09:50 +00:00
Mathias Vorreiter Pedersen
894992d403 Merge pull request #8169 from MathiasVP/fix-spelling-in-post-dominance-frontier 
C++/C#: Fix spelling of 'postDominanceFrontier'
 2022-02-22 14:54:39 +00:00
Geoffrey White
4908eaf5ec C++: Typos. 2022-02-22 14:33:11 +00:00
Ian Lynagh
691473bd6e Java: Add a changenote 2022-02-22 14:07:31 +00:00
Mathias Vorreiter Pedersen
b6740ed4a1 C++/C#: Fix spelling of 'postDominanceFrontier'. 2022-02-22 13:48:13 +00:00
Asger Feldthaus
5390faeb8a Ruby: add query for measuring call graph 2022-02-22 14:42:05 +01:00
Asger Feldthaus
c7c97d5bbb Ruby: add queries for measuring taint sources and sinks 2022-02-22 14:29:47 +01:00
Esben Sparre Andreasen
2c527f7b35 model hapi handler returns as reflected-xss sinks 2022-02-22 14:12:01 +01:00
Owen Mansel-Chan
980c27423a Merge pull request #681 from owen-mc/new-query/wrapped-error-always-nil 
Add query "Wrapped error always nil"
 2022-02-22 12:42:16 +00:00
Erik Krogh Kristensen
517e17d422 support more property writes in js/prototype-pollution-utility, and generalize ObjectDefinePropertyAsPropWrite 2022-02-22 13:23:34 +01:00
Pierre
5ee96121fc Merge pull request #8162 from github/turbo-no-glibc-no 
Docs: Add note about muslc incompatibility
 2022-02-22 13:06:28 +01:00
Henry Mercer
4f7604f0dd Merge pull request #8151 from github/henrymercer/separate-atm-model-pack 2022-02-22 11:47:35 +00:00
Pierre
1d81f90260 Update docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-02-22 12:47:31 +01:00
Erik Krogh Kristensen
08c703f605 exclude private predicates 2022-02-22 12:34:16 +01:00
Owen Mansel-Chan
0cd5e520aa Update expected alert message 2022-02-22 11:14:19 +00:00
Stephan Brandauer
2278e7f6e6 CWE 830 polish error messages 2022-02-22 11:41:54 +01:00
Stephan Brandauer
82330391c3 CWE-830 add support for setting attributes via setAttribute method 2022-02-22 11:41:54 +01:00
Stephan Brandauer
d80cd1aeb5 CWE 830 test where both branches in a ternary are unsafe 2022-02-22 11:41:53 +01:00
Stephan Brandauer
2934aa1a3a rewrite docs, improve error messages, etc 2022-02-22 11:41:53 +01:00
Stephan Brandauer
d2335b65d5 stylistic improvements after review 2022-02-22 11:41:53 +01:00
Stephan Brandauer
9aec4437e2 polish qhelp for CWE-830 and add test file 2022-02-22 11:41:53 +01:00
Stephan Brandauer
44d86569ac remove illegal chars from comments 2022-02-22 11:41:53 +01:00
Stephan Brandauer
fd77e27ed9 replace taint tracking by type tracking and merge remaining queries for CWE-830 2022-02-22 11:41:53 +01:00
Stephan Brandauer
8cafa6d562 improve error message in CWE-830 2022-02-22 11:41:53 +01:00
Stephan Brandauer
780fa97869 always require integrity checking for certain CDNs 2022-02-22 11:41:53 +01:00
Stephan Brandauer
83764df4f5 rename tests for CW-830 to clarify responsibilities 2022-02-22 11:41:52 +01:00
Stephan Brandauer
8d397fea09 JS: query to find dynamic creations of DOM elements that use untrusted sources 2022-02-22 11:41:52 +01:00
Stephan Brandauer
b35c70994f permit http urls to 127.0.0.1 and others 2022-02-22 11:41:52 +01:00
Stephan Brandauer
dd2b779a3c add CWE 830 link to references 2022-02-22 11:41:52 +01:00
Stephan Brandauer
b170422c22 add changenotes for functionality from untrusted source query 2022-02-22 11:41:52 +01:00
Stephan Brandauer
6722c17bb0 JS: Functionality from untrusted sources query (CWE-830) 2022-02-22 11:41:52 +01:00
Erik Krogh Kristensen
8ff2992b56 have each case on a separate line 2022-02-22 11:40:26 +01:00
Erik Krogh Kristensen
addb27c80e deduplicate "%" 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-02-22 11:34:59 +01:00
Pierre
8b7f899883 Update getting-started-with-the-codeql-cli.rst 2022-02-22 11:34:49 +01:00