hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 15:33:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,692 Branches 160 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jorgectf
356b07112a Cover MimeType.amp as a vulnerable mimetype 2021-10-30 21:19:22 +02:00
jorgectf
3264e7be99 Merge branch 'jty/python/emailInjection' of https://github.com/jty-team/codeql into jty/python/emailInjection 2021-10-30 21:11:30 +02:00
thank_you
d9e4df7f97 Remove unnecessary comment 2021-10-30 14:00:58 -04:00
thank_you
3a4e3d5146 Remove comments from Python example tests 
Besides removing comments, I also reduced the complexity of some of the Python code examples.
 2021-10-30 14:00:51 -04:00
ihsinme
3161d112d1 Update IncorrectChangingWorkingDirectory.ql 2021-10-30 13:47:22 +03:00
Mathias Vorreiter Pedersen
d34e731f1d C++: Add a small QLDoc novel above the IPA type for 'TIRDataFlowNode'. 2021-10-30 11:29:07 +01:00
Mathias Vorreiter Pedersen
d624259eab C++: Add QLDoc to 'flowOutOfAddressStep'. 2021-10-30 10:46:39 +01:00
Mathias Vorreiter Pedersen
a75f195df3 C++: Several readability fixes: 
1. Added lots of QLDoc explanation about the role of StoreNodeOperand.
  2. Renamed '{StoreNode,ReadNode}.getAPredecessor' to 'getInner' and
     '{StoreNode,ReadNode}.getASuccessor' to 'getOuter'.
  3. Be more explicit about which type of 'StoreNode' is used in various
     places.
 2021-10-30 10:24:06 +01:00
Mathias Vorreiter Pedersen
f334201fce Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-10-30 10:04:17 +01:00
Mathias Vorreiter Pedersen
cb4f10c609 C++: Move the union field check to the IPA branch of 'TFieldContent'. 2021-10-30 10:04:17 +01:00
Kevin Gleason
49f4e3742f Fixed broken/moved/redirected links. 2021-10-29 17:17:17 -04:00
Jonathan Leitschuh
c2a2a3a676 Java: Model java.util.Optional lambda methods 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-29 13:23:47 -04:00
Arthur Baars
9604cd5595 Revert "Don't use local actions" 
This reverts commit b128c7ca00.
 2021-10-29 18:22:45 +02:00
Arthur Baars
a0903c377d Use pull_request + workflow_run instead of pull_request_target 2021-10-29 18:18:06 +02:00
Tony Torralba
3ea1af3819 Refactor into separate libraries 2021-10-29 17:36:02 +02:00
Marcono1234
b284e727a9 Java: Add change note for StringLiteral.getRepresentedString() deprecation 2021-10-29 15:21:55 +02:00
Mathias Vorreiter Pedersen
8a569da370 C++: Fix comments. 2021-10-29 14:05:34 +01:00
Marcono1234
fe5115169f Java: Describe CharacterLiteral.getValue() behavior for surrogates 2021-10-29 14:56:07 +02:00
Marcono1234
e1516b4e9d Java: Describe StringLiteral.getValue() behavior for unpaired surrogates 2021-10-29 14:53:13 +02:00
Marcono1234
bfb9577d15 Java: Deprecate StringLiteral.getRepresentedString() 2021-10-29 14:50:15 +02:00
pupiles
adea73da23 Merge branch 'main' into feature/cwe-090 2021-10-29 20:46:50 +08:00
pupiles
cd230bf9d7 feat:add ldap sink &&change code style 2021-10-29 20:44:03 +08:00
Erik Krogh Kristensen
f676fc00d3 revert a change in an identical file 2021-10-29 14:42:38 +02:00
Erik Krogh Kristensen
0897b004eb revert removal of redundant inline casts in some python files 2021-10-29 14:40:27 +02:00
Erik Krogh Kristensen
d36c66cfca remove redundant inline casts in arguments where the type is inferred by the call target 2021-10-29 14:37:56 +02:00
Marcono1234
4f59886a65 Java: Simplify CompileTimeConstantExpr.getIntValue() 
The changed code previously also only covered IntegerLiteral:
- Restricted to Literal
- Integral type
- != "long"
- != "char"

So the only class left which matches all of these is IntegerLiteral.
 2021-10-29 14:30:51 +02:00
Marcono1234
9730021641 Java: Add CharacterLiteral.getCodePointValue() 2021-10-29 14:30:50 +02:00
Anders Schack-Mulligen
35b6cbe549 Java: Fix compilation error. 2021-10-29 14:26:36 +02:00
Anders Schack-Mulligen
e51a10a816 Java: Fix tests. 2021-10-29 14:25:43 +02:00
Asger Feldthaus
d52b2bd863 JS: Fix FP in ˚MixedStaticInstanceThisAccess 2021-10-29 14:16:54 +02:00
Asger Feldthaus
afa6424d67 JS: Add test with FP 2021-10-29 14:16:54 +02:00
yoff
1c78c792ff Merge pull request #6991 from RasmusWL/flask-blueprints 
Python: Support `flask.blueprints.Blueprint`
 2021-10-29 14:06:43 +02:00
Rasmus Wriedt Larsen
7e7c363e43 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-29 13:59:36 +02:00
Rasmus Wriedt Larsen
85f00fda19 Merge pull request #6776 from yoff/python/model-asyncpg 
Python: Model `asyncpg`
 2021-10-29 13:54:44 +02:00
Anders Schack-Mulligen
abf508eeeb Java: Add FieldValueNode to break up cartesian step relation. 2021-10-29 13:45:56 +02:00
Chris Smowton
5cdeb40d6b Merge pull request #594 from owen-mc/insufficient-key-size-barrier-guard 
Add barrier guard for comparison in Insufficient Key Size query
 2021-10-29 12:32:29 +01:00
Nick Rolfe
fed0a06353 Ruby: add change note for rb/regexp-injection 2021-10-29 11:28:34 +01:00
Anders Schack-Mulligen
3a1836c9f6 Merge pull request #7000 from aschackmull/dataflow/interface-refactor 
Dataflow: Refactor public references to DataFlowCallable
 2021-10-29 12:21:13 +02:00
Max Schaefer
bc91f664ac JavaScript: Teach API graphs to handle some forms of property copying. 
In particular, copied promises are now handled better.
 2021-10-29 11:19:54 +01:00
Chris Smowton
004beab750 Add a good variant of test case foo10 2021-10-29 11:07:30 +01:00
Edoardo Pirovano
513e0bbea9 Merge pull request #6965 from edoardopirovano/fix-lgtm-version 
Fix LGTM version number in language reference
 2021-10-29 10:50:53 +01:00
Anders Schack-Mulligen
bfacd23573 Dataflow: Adjust documentation. 2021-10-29 11:20:19 +02:00
Anders Schack-Mulligen
5951ae79b9 Dataflow: Add language specific predicates. 2021-10-29 11:11:35 +02:00
Anders Schack-Mulligen
00df6798b1 Dataflow: Sync 2021-10-29 11:00:23 +02:00
Anders Schack-Mulligen
2b4e3a7d9b Dataflow: Refactor the getEnclosingCallable and ParameterNode interface. 2021-10-29 10:59:36 +02:00
Erik Krogh Kristensen
6fffdf6101 Merge pull request #6855 from erik-krogh/secCookie 
JS: Move cookie queries out of experimental.
 2021-10-29 10:23:48 +02:00
Tony Torralba
7f15177498 Move from experimental 2021-10-29 10:19:05 +02:00
Mathias Vorreiter Pedersen
e94b2b6113 Merge pull request #6915 from geoffw0/nullterm2 
C++: Fix the two null termination queries and re-enable them.
 2021-10-29 08:20:08 +01:00
ihsinme
635a668670 Update IncorrectChangingWorkingDirectory.ql 2021-10-29 10:08:41 +03:00
ihsinme
c8a4a8b965 Update InsecureTemporaryFile.ql 2021-10-29 09:44:43 +03:00