codeql

mirror of https://github.com/github/codeql.git synced 2026-02-05 09:41:10 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	cc3f9bf2a8	fix performance issue by inlining a simpler version of `getASourceProp`	2022-02-08 00:22:01 +01:00
Erik Krogh Kristensen	aa95dd4ec7	fix typo Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-02-08 00:19:40 +01:00
Harry Maclean	3031b39dc1	Ruby: prevent bad join in ActionController.qll	2022-02-08 12:10:23 +13:00
Marcono1234	d0547cdbfd	Fix and improve Extractor options documentation formatting	2022-02-07 21:05:14 +01:00
Jonathan Leitschuh	c4112e6d4c	Post refactor fixiup	2022-02-07 15:02:13 -05:00
Robert Marsh	56caa5dfd6	C++: fix hasImplicitCopyConstructor for templates Fixes some cases in instantiations of templates with manually written copy constructors or copy assignment operators where hasImplicitCopyConstructor would incorrectly hold	2022-02-07 14:26:28 -05:00
Luke Young	324f8f7eba	codeql query format	2022-02-07 11:24:02 -08:00
Chris Smowton	de38638db6	Combine CWE-200 queries	2022-02-07 14:22:36 -05:00
Rasmus Wriedt Larsen	eb109828c0	Merge pull request #7252 from museljh/feature/cwe-338 Python: CWE-338 insecureRandomness	2022-02-07 19:30:06 +01:00
Robert Marsh	61c315d74b	C++: test for explicit template copy constructor	2022-02-07 12:56:59 -05:00
Nick Rolfe	073d325750	QL for QL: update dbscheme stats	2022-02-07 17:54:35 +00:00
Nick Rolfe	3ee109731a	QL for QL: sync changes from Ruby In particular, update the dbscheme to put location columns in a single table.	2022-02-07 17:44:40 +00:00
Nick Rolfe	9217d0e1b9	Merge pull request #7875 from github/nickrolfe/locations_column Ruby: put AST node locations in a single table	2022-02-07 17:43:33 +00:00
Geoffrey White	6727069893	C++: Autoformat.	2022-02-07 17:33:11 +00:00
Geoffrey White	d1b6871314	C++: Restrict type.	2022-02-07 17:32:52 +00:00
Geoffrey White	005dfdffdb	C++: Speed up cpp/cleartext-transmission ('Encrypted' class).	2022-02-07 17:19:25 +00:00
Chris Smowton	27b9e1c01b	Docs: Note codeql-go needs an install step before use	2022-02-07 16:11:42 +00:00
Erik Krogh Kristensen	b59c7911a3	update locations of expected output	2022-02-07 15:23:26 +01:00
Erik Krogh Kristensen	ca5f91e587	recognize more startswith sanitizers for path-injection queries	2022-02-07 14:19:13 +01:00
Michael Nebel	f21e084628	C#: Fix issue in naming of class in test file.	2022-02-07 14:15:59 +01:00
Michael Nebel	f5fc15e74d	C#: Add some testcases to cover mixed assignment and declarations in tuples.	2022-02-07 14:11:31 +01:00
Michael Nebel	0cf4b3fbcc	C#: Added dataflow testcases for tuple mixed initialization and assignment.	2022-02-07 14:11:31 +01:00
Michael Nebel	bcf732a7cb	C#: Re-factor tuple tests to use the default value flow configuration.	2022-02-07 14:11:31 +01:00
Michael Nebel	f478bf5b9b	Merge pull request #7809 from michaelnebel/csharp/test-pattern-match-flow C#: Add flow test cases for undetected value flow, when making variable bindings in pattern matching.	2022-02-07 14:05:50 +01:00
Nick Rolfe	881776a2ac	Ruby: delete commented-out code	2022-02-07 12:50:06 +00:00
Nick Rolfe	e049f08c24	Ruby: update dbscheme stats	2022-02-07 12:42:34 +00:00
Erik Krogh Kristensen	6f28cb9201	lower the precision of `js/unsafe-code-construction`	2022-02-07 13:35:29 +01:00
Erik Krogh Kristensen	06f9924194	add change note	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	896d2bad0e	update expected output now that JSON.stringify() is seen as a sanitizer	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	d1d4ebb3b5	add values written to the global scope as exports	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	91b03f56ad	move .qll files from `src` to `lib`	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	eb133f59f6	update qhelp to focus on properly documenting potentially unsafe library functions	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	a9f7756788	reuse utility predicate	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	681179dcbb	add comment about parameters named "code"	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	53315e6ab6	ignore sources named "code"	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	59cc099008	add missing qldoc	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	d77c28f6a7	add qhelp for unsafe-code-construction	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	d790f3ccbb	add test for unsafe-code-construction query	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	198a464346	add `js/unsafe-code-construction` query	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	955ad8c458	add JSON.stringify as a code-injection sanitizer	2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen	68a5c1f5b5	add code-injection sink for calls to node	2022-02-07 13:34:18 +01:00
Rasmus Wriedt Larsen	62702d0ca9	Python: Fix setStoreStep to use `SetElementContent`	2022-02-07 13:18:36 +01:00
Nick Rolfe	b3b2bba618	Ruby: make some generated predicates final	2022-02-07 12:17:50 +00:00
Rasmus Wriedt Larsen	b276b2d48c	Python: Clean up taint steps for attributes	2022-02-07 13:12:31 +01:00
Rasmus Wriedt Larsen	59160eeb24	Python: Add test showing taint for attr store In `x.arg = TAINTED_STRING` there is a store step to the attribute `arg` of `x`. In our taint modeling, we allow _any_ store step with the code below. This means that we also say there is a taint-step directly from `TAINTED_STRING` to `x` :\| ```codeql // construction by literal // TODO: Not limiting the content argument here feels like a BIG hack, but we currently get nothing for free :\| DataFlowPrivate::storeStep(nodeFrom, _, nodeTo) ```	2022-02-07 13:12:28 +01:00
Nick Rolfe	b43cc23277	Ruby: add db downgrade script	2022-02-07 12:10:36 +00:00
Nick Rolfe	e8855c3718	Ruby: add db upgrade script	2022-02-07 12:10:36 +00:00
Nick Rolfe	388d361ec3	Ruby: put AST node locations in a single table	2022-02-07 12:10:36 +00:00
Michael Nebel	99f89f1fe2	C#: Update db stats file.	2022-02-07 12:57:10 +01:00
Mathias Vorreiter Pedersen	55e69d421c	Merge pull request #7849 from Yonah125/main C/C++: Useless Test : verification of "Fully converted" Type	2022-02-07 11:46:51 +00:00

... 148 149 150 151 152 ...

42524 Commits