hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 16:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,692 Branches 160 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sharad
2ed572095c CLI docs: Address comments on Bazel example 2021-10-07 10:51:11 -07:00
Andrew Eisenberg
88ac6d7a40 Merge pull request #566 from dbartol/dbartol/refactor 
Refactor Go pack into separate library and query packs
 2021-10-07 09:41:47 -07:00
yoff
933412eb8d Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-07 17:45:07 +02:00
Nick Rolfe
eafe22ef93 Merge remote-tracking branch 'origin/main' into nickrolfe/oj 2021-10-07 16:40:36 +01:00
Dave Bartolomeo
3ea2152a86 Use a for loop 2021-10-07 11:35:42 -04:00
Tony Torralba
91efb61e97 Use synthetic fields to improve taint precision 2021-10-07 17:03:08 +02:00
Tony Torralba
0325c07bd9 Reorganize fluent models 2021-10-07 17:03:07 +02:00
Tony Torralba
ffa77f0a76 Fix QLDoc 2021-10-07 17:03:07 +02:00
Tony Torralba
588dedc265 Add stubs 2021-10-07 17:03:05 +02:00
Tony Torralba
1a04ad98bc Add Android Slice models 2021-10-07 17:01:16 +02:00
Dave Bartolomeo
590b4aac2a Fix PR feedback 2021-10-07 11:00:15 -04:00
Arthur Baars
2a32b59840 Merge pull request #331 from github/aibaars/remove-unsafe 
Remove use of 'unsafe'
 2021-10-07 16:58:59 +02:00
Alex Ford
de01770612 update test output 2021-10-07 15:50:35 +01:00
Dave Bartolomeo
eed0eab02c Merge remote-tracking branch 'upstream/main' into dbartol/refactor 2021-10-07 10:49:45 -04:00
Arthur Baars
439d873564 Remove use of 'unsafe' 2021-10-07 16:38:29 +02:00
Alex Ford
168e67dd6d deduplicate string constantQualifiedName(ConstantWriteAccess) as string ConstantWriteAccess#getQualifiedName 2021-10-07 15:30:36 +01:00
Alex Ford
5b38e06765 Rename ActiveRecordModelClass#methodMayAccessField() as ActiveRecordModelClass#getAPotentialFieldAccessMethod() 2021-10-07 15:30:36 +01:00
Alex Ford
3bdc680434 Drop a comment that is no longer relevant 2021-10-07 15:30:36 +01:00
Alex Ford
8262247ed7 Minor simplification of finderMethodName predicate 2021-10-07 15:30:36 +01:00
Alex Ford
eb8c48d10f Remove some unused predicates 2021-10-07 15:30:36 +01:00
Alex Ford
c9edbd98d5 Update ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2021-10-07 15:30:36 +01:00
Alex Ford
e4fe1d5c13 check for superclass method definitions in ActiveRecordModelClass#methodMayAccessField 2021-10-07 15:30:36 +01:00
Alex Ford
fb5cfcc9b0 OrmTracking goes through or expressions 2021-10-07 15:30:36 +01:00
Alex Ford
be018cc97f update ActionController tests 2021-10-07 15:30:36 +01:00
Alex Ford
955080234b partial support for rails layouts 2021-10-07 15:30:36 +01:00
Alex Ford
8e1b48e607 StoredXSS.qhelp 2021-10-07 15:30:36 +01:00
Alex Ford
182a926eeb rename some example files 2021-10-07 15:30:36 +01:00
Alex Ford
1929a95e89 format 2021-10-07 15:30:36 +01:00
Alex Ford
6065e29aba Fix performance issues related to a x-product between ActiveRecordModelInstantiation and MethodCall 2021-10-07 15:30:36 +01:00
Alex Ford
43a49689d7 reorganize ActiveRecord field access heuristics 2021-10-07 15:30:36 +01:00
Alex Ford
8f81eaa79c format 2021-10-07 15:30:36 +01:00
Alex Ford
b2434950d3 abstract away some ActiveRecord specific parts of XSS.qll 2021-10-07 15:30:36 +01:00
Alex Ford
6a32c0cde0 update XSS tests 2021-10-07 15:30:36 +01:00
Alex Ford
6dc3ce335b make rb/stored-xss track ActiveRecord db accesses 2021-10-07 15:30:36 +01:00
Alex Ford
f6dd6bb00c expand ActiveRecord modelling to cover how to access fields 2021-10-07 15:30:36 +01:00
Alex Ford
eb5f26ce06 duplicate DataFlow implementation 2021-10-07 15:30:36 +01:00
Alex Ford
a2084f813e rb/stored-xss structure and initial implementation (FileSystemReadAccess sources) 2021-10-07 15:30:36 +01:00
Chris Smowton
9a80ab31c4 Merge pull request #6567 from luchua-bc/java/sensitive_android_file_leak 
Java: CWE-200 - Query to detect exposure of sensitive information from android file intent
 2021-10-07 15:19:39 +01:00
Chris Smowton
39640efc9b Remove no-longer-needed TaintPreservingCallables and update test expectations 2021-10-07 14:33:39 +01:00
Anders Schack-Mulligen
2b88a2aa0c Dataflow: Fix qldoc: s/accesspath/access path/. 2021-10-07 14:46:24 +02:00
Anders Schack-Mulligen
f885751107 Java: Add change note. 2021-10-07 14:42:19 +02:00
Tom Hvitved
764a987b09 C#: Speedup GVN string concats by pulling ranges into separate predicates 2021-10-07 13:51:05 +02:00
haby0
538bf7c321 Update python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-07 19:44:25 +08:00
Anders Schack-Mulligen
fc69acee46 Java: Add test. 2021-10-07 13:28:02 +02:00
Nick Rolfe
253064144b Tweak alert wording. 
This reflects the fact that the query finds results where validation is
only disabled under certain conditions.
 2021-10-07 12:06:53 +01:00
Tom Hvitved
1c08592637 Merge pull request #329 from github/hvitved/dataflow/synth-return 
Data flow: Add a synthetic return node
 2021-10-07 13:06:39 +02:00
Chris Smowton
b7448d55ed Introduce TaintInheritingContent instead of using parts of DataFlowPrivate 2021-10-07 11:20:19 +01:00
Henry Mercer
4b069d41f6 Merge pull request #6818 from github/henrymercer/js/add-classify-files-to-library-pack 
JS: Move `ClassifyFiles.qll` to library pack
 2021-10-07 11:18:20 +01:00
Tom Hvitved
c540615223 HardcodedCredentials: Add test for default parameter values 2021-10-07 11:57:57 +02:00
CodeQL CI
a0dd3d9e75 Merge pull request #6815 from asgerf/js/adjust-security-severity-scores 
Approved by erik-krogh, esbena
 2021-10-07 02:36:19 -07:00