hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
e416a0629a C#: Add isAutoGenerated predicate to SummarizedCallable. 2022-05-05 11:54:04 +02:00
Paolo Tranquilli
9798d8ba26 Swift: add ?* modifier to schema specification 
This indicates a list of optional entries. This is different than
simply repeatind entries because of the indexing.
 2022-05-05 11:50:12 +02:00
yoff
0c7184952b Merge pull request #9023 from RasmusWL/positional-docs 
Python: Clarify `getArg` is about positional arguments
 2022-05-05 11:28:17 +02:00
Erik Krogh Kristensen
c0152a46bc rename getAReferencedExpression to getASimpleReferenceExpression and add examples of what it can parse 2022-05-05 11:02:47 +02:00
Arthur Baars
25d9ffd18c Merge pull request #9033 from github/aibaars/atm-label 
JS: exclude ATM folder from labeler
 2022-05-05 10:53:39 +02:00
Michael Nebel
13f142f143 C#: Convert xml injection query to a path problem. 2022-05-05 10:43:23 +02:00
Erik Krogh Kristensen
dc1dc2a33a parse the uses field in the getters instead of the charpred 2022-05-05 10:40:08 +02:00
Erik Krogh Kristensen
9ea0f71581 convert TODO to a note in Actions::Uses 2022-05-05 10:28:00 +02:00
Erik Krogh Kristensen
1f00ba812a move YAMLMappingLikeNode to the standard library 2022-05-05 10:22:52 +02:00
Rasmus Wriedt Larsen
6ae5ef9f3b Revert "move most of asyncpg test into SqlInjection after moving MaD sql-injection sink" 
This reverts commit 4b9c9b0c8d.
 2022-05-05 10:20:41 +02:00
Jonas Jensen
d747c6eaa9 Merge pull request #8930 from jbj/lower-case-variables-spec 
QL language reference: variables must be lowerId
 2022-05-05 10:02:16 +02:00
Paolo Tranquilli
c2d3aac349 Swift: fix no functools.cache in python 3.8 2022-05-05 09:48:07 +02:00
Michael Nebel
21eb5a1db5 Merge pull request #8894 from michaelnebel/csharp/upgrade-dotnet 
C#: Upgrade dotnet to 6.0.202.
 2022-05-05 09:42:23 +02:00
Erik Krogh Kristensen
bf6663ab12 run the autoformatter 2022-05-05 09:16:27 +02:00
Tom Hvitved
66a9759329 Merge pull request #8870 from hvitved/dataflow/expect-content 
Data flow: Introduce `expectsContent`
 2022-05-05 09:01:40 +02:00
luchua-bc
937ab417b1 Query to detect hardcoded JWT secret keys 2022-05-04 23:09:48 +00:00
Daniel Santos
33e85f8db8 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-04 11:43:56 -05:00
Paolo Tranquilli
d5d1eb717d Swift: add structured C++ generated classes 
This adds `cppgen`, creating structured C++ classes mirroring QL classes
out of `schema.yml`.

An example of generated code at the time of this commit can be found
[in this gist][1].

[1]: https://gist.github.com/redsun82/57304ddb487a8aa40eaa0caa695048fa

Closes https://github.com/github/codeql-c-team/issues/863
 2022-05-04 18:20:25 +02:00
Paolo Tranquilli
10c5c8e71f Swift: add trapgen unit tests 
Closes: https://github.com/github/codeql-c-team/issues/981
 2022-05-04 18:20:06 +02:00
Joe Farebrother
64227c9109 Fix codescanning alerts 2022-05-04 15:58:30 +01:00
Joe Farebrother
c7d30087d1 Fix issue with named backrefs; add needed import 2022-05-04 15:41:42 +01:00
Joe Farebrother
2d82dfba38 Reorder backreference predicates 2022-05-04 15:41:41 +01:00
Joe Farebrother
9078e13f1c Apply reveiw suggestions 
- make java imports private
- qdoc fixes
- reorder predicates
- simplifications
 2022-05-04 15:41:41 +01:00
Joe Farebrother
b854a2185e Fix use of sinkModel 2022-05-04 15:41:41 +01:00
Joe Farebrother
b08f22c24d Remove unnecassary import 2022-05-04 15:41:41 +01:00
Joe Farebrother
66ab2bca75 Update PrintAst test output 2022-05-04 15:41:41 +01:00
Joe Farebrother
eec57d4f25 Simplify dataflow logic by using only one configuration, and expessing more sinks with models-as-data 2022-05-04 15:41:41 +01:00
Joe Farebrother
2a80540157 Sync shared files 2022-05-04 15:41:40 +01:00
Joe Farebrother
5e3ba130dc Add a test for deeply nested sequences 2022-05-04 15:41:40 +01:00
Joe Farebrother
4ed2e8d1fd Update tests to account for only regexes with quantifiers being considered 2022-05-04 15:41:40 +01:00
Joe Farebrother
e5ca924240 Allow quantifiers invoving {}; add comments 2022-05-04 15:41:40 +01:00
Chris Smowton
bc17d4b91f Break the recursion between seqChild, RegExpTerm and TRegExpSequence 2022-05-04 15:41:40 +01:00
Chris Smowton
0d13864bc8 Restrict polynomial ReDoS' strings-parsed-as-regexes search to those that could possibly be interesting 
In practice for polynomial ReDoS this means those regexes containing at least one potentially-infinite quantifier (* or +).
 2022-05-04 15:41:39 +01:00
Joe Farebrother
0f606d987d Remove redundant super call. 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-05-04 15:41:39 +01:00
Joe Farebrother
522a8aff6f Fix filename case 2022-05-04 15:41:39 +01:00
Joe Farebrother
3d65a9cafc Update shared files 2022-05-04 15:41:39 +01:00
Joe Farebrother
375ded4ede Move check to exlude test cases so that it also covers exponential redos 2022-05-04 15:41:39 +01:00
Joe Farebrother
1605d36ddf Refine polynomial redos sources to exclude length limited methods 2022-05-04 15:41:39 +01:00
Joe Farebrother
04edc10f1e Exclude regexes from test code 2022-05-04 15:41:38 +01:00
Joe Farebrother
6794268a3c Split PolynomialRedos definition into a library to avoid duplication in the tests 2022-05-04 15:41:38 +01:00
Joe Farebrother
c1290d9e2b Sync shared redos library files. 2022-05-04 15:41:38 +01:00
Joe Farebrother
5555985ad6 Distingush between whether or not a regex is matched against a full string 
Also some fixes and additional tests
 2022-05-04 15:41:38 +01:00
Joe Farebrother
0a5268aeb4 Sync shared library changes across languages. 2022-05-04 15:41:38 +01:00
Joe Farebrother
bb562643c6 Support possessive quantifiers, which cannot backtrack. 
They are approximated by limiting them to up to one repetition (effectively making *+ like ? and ++ like a no-op).
 2022-05-04 15:41:37 +01:00
Joe Farebrother
49374b877a Fix parsing of alternations in character classes 2022-05-04 15:41:37 +01:00
Joe Farebrother
5ba6bafbef Use occursInRegex more ccnsistently throughout 2022-05-04 15:41:37 +01:00
Chris Smowton
f5809a7440 ReDoS performance fixes 2022-05-04 15:41:37 +01:00
Joe Farebrother
2d963176bf Fix change note 2022-05-04 15:41:37 +01:00
Joe Farebrother
9bd3916800 Add change note 2022-05-04 15:41:37 +01:00
Joe Farebrother
3ce0c2c23b Add more regex use functions in String 2022-05-04 15:41:36 +01:00