hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 02:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,693 Branches 161 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
da021feb8b Python: Move py/incomplete-hostname-regexp tests to own folder 2021-07-19 16:48:21 +02:00
Rasmus Wriedt Larsen
7939a1372e Python: Move Jinja2WithoutEscaping tests to own folder 2021-07-19 16:44:41 +02:00
Geoffrey White
c85edb6c03 C++: Use [, ] in the query. 2021-07-19 15:24:25 +01:00
Geoffrey White
7684796d63 C++: Fix handling of the 'stat' pointer argument. 2021-07-19 15:13:19 +01:00
Mathias Vorreiter Pedersen
7bc18abbb0 Merge pull request #6150 from geoffw0/toctou 
C++: Tests for cpp/toctou-race-condition
 2021-07-19 15:51:35 +02:00
Tony Torralba
70081b6a1e Refactor MvelInjection.qll 2021-07-19 15:36:35 +02:00
Artem Smotrakov
47e4cf4180 Make UnsafeDeserializationSink public 2021-07-19 15:34:33 +02:00
Geoffrey White
0c029898bb C++: Autoformat. 2021-07-19 13:58:25 +01:00
Geoffrey White
49bbfefb4d C++: Fix uses of 'rename' in tests. 2021-07-19 13:57:16 +01:00
Tony Torralba
45a72ff6eb Fix InsecureBasicAuth test expectations 2021-07-19 13:56:31 +02:00
Tony Torralba
46faf68d64 Decouple MvelInjection.qll to reuse the taint tracking configuration 2021-07-19 13:50:03 +02:00
Tony Torralba
5ca8b380e9 Merge branch 'main' into atorralba/promote-mvel-injection 2021-07-19 13:45:10 +02:00
Nick Rolfe
8d21f95ffc Merge pull request #235 from github/comment_fix 
Move comment so it's not treated as part of the precision metadata
 2021-07-19 12:39:13 +01:00
Nick Rolfe
ce35d74447 Move comment so it's not treated as part of the precision metadata 2021-07-19 12:29:16 +01:00
shati-patel
69dab49073 Docs: Running query on multiple DBs in CodeQL for VS Code 2021-07-19 12:24:05 +01:00
Artem Smotrakov
035f7ac669 Refactored libs for unsafe deserialization 2021-07-19 13:19:36 +02:00
Tony Torralba
1c91e74269 Rename sink models class 2021-07-19 13:05:37 +02:00
Tony Torralba
441e8afe81 Decouple GrovyInjection.qll to reuse the taint tracking configuration 2021-07-19 12:53:37 +02:00
Anders Schack-Mulligen
db76b12f3f Merge pull request #6313 from aschackmull/java/fix-csv-dispatch 
Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable.
 2021-07-19 12:49:31 +02:00
Tony Torralba
b08f417a1e Merge branch 'main' into atorralba/promote-groovy-injection 2021-07-19 12:44:03 +02:00
Chris Smowton
e39753c72a Merge pull request #552 from github/deferinloop-kind 
Add @kind to deferinloop.ql
 2021-07-19 11:17:26 +01:00
Artem Smotrakov
e02530749b Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-19 11:52:12 +02:00
Anders Schack-Mulligen
0b89f96055 Merge pull request #6318 from Marcono1234/patch-1 
Java: Fix documentation mistake for `ProtoPom`
 2021-07-19 11:25:06 +02:00
Anders Schack-Mulligen
d1f21a854a Merge pull request #6042 from joefarebrother/spring-http 
[Java] Model spring `http` package
 2021-07-19 11:24:41 +02:00
Taus
12f7921c92 Merge pull request #6304 from RasmusWL/more-snippets 
Python: Add more snippets
 2021-07-19 11:23:24 +02:00
Anders Schack-Mulligen
c32a75a1b3 Merge pull request #6183 from smowton/smowton/feature/javax-json-models 
Add models of the jakarta/javax.json package
 2021-07-19 11:19:21 +02:00
Anders Schack-Mulligen
6de31f8b59 Merge pull request #6317 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-19 10:45:22 +02:00
Rasmus Wriedt Larsen
c9087b2e1b Python: Minor fixup to snippet 
Spotted by @tausbn 🎉
 2021-07-19 10:19:23 +02:00
github-actions[bot]
9b7616bea4 Add changed framework coverage reports 2021-07-19 00:07:04 +00:00
thank_you
9e01338500 Query only vulnerable methods 2021-07-18 17:13:10 -04:00
Marcono1234
87d6b9ca5a Java: Fix documentation mistake for ProtoPom 2021-07-18 02:49:43 +02:00
Tom Hvitved
1c68d3f4cd Merge pull request #6309 from hvitved/csharp/dead-store-of-local-perf 
C#: Improve performance of `DeadStoreOfLocal.ql`
 2021-07-17 10:56:35 +02:00
Tom Hvitved
25706e0812 Merge pull request #6303 from hvitved/csharp/get-qual-name-nomagic 
C#: Two `pragma` performance fixes
 2021-07-17 07:53:35 +02:00
Artem Smotrakov
cfe74b527a Use inline-expectation tests for StaticInitializationVector.ql 2021-07-17 01:04:52 +02:00
Robert Marsh
e0ff1d949b Merge pull request #6315 from MathiasVP/fix-off-by-one-in-rem-expr-range-analysis 
C++: Fix off–by-one in range analysis for `RemExpr`.
 2021-07-16 15:22:03 -07:00
ihsinme
4083da3218 Update cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-07-16 23:18:58 +03:00
Artem Smotrakov
218731ca0a Added a query for static initialization vectors in encryption 
- Added StaticInitializationVector.ql
- Added StaticInitializationVector.qhelp
- Added tests
 2021-07-16 19:06:44 +02:00
Artem Smotrakov
c367c7e33b Merge branch 'unsafe-jackson-deserialization' of github.com:artem-smotrakov/ql into unsafe-jackson-deserialization 2021-07-16 18:26:38 +02:00
Artem Smotrakov
3856527d14 Refactored tests for unsafe deserialization 2021-07-16 18:26:06 +02:00
Artem Smotrakov
6d7cb48054 Refactored the query for unsafe deserialization 2021-07-16 18:25:41 +02:00
Chris Smowton
b03513bcd2 Merge pull request #542 from gagliardetto/cors-misconfig 
Add query to detect CORS misconfiguration
 2021-07-16 16:12:15 +01:00
Calum Grant
8d71d09b94 Merge pull request #234 from github/calumgrant/security-severities 
Add security-severity metadata
 2021-07-16 15:40:03 +01:00
Mathias Vorreiter Pedersen
39d9395bc3 C++: Fix off-by-one in range analysis for 'RemExpr'. 2021-07-16 16:35:19 +02:00
Mathias Vorreiter Pedersen
81aa115838 C++: Fix range analysis bug for 'RemExpr'. 2021-07-16 16:28:08 +02:00
Mathias Vorreiter Pedersen
dc2eea59a3 C++: Add buggy testcase with 'RemExpr'. 2021-07-16 16:27:09 +02:00
Chris Smowton
87afdae1c7 use hasFlowTo where possible 2021-07-16 14:38:05 +01:00
Sam Partington
e227a4315f Add @kind to deferinloop.ql 
Required to use this query with the CodeQL CLI
 2021-07-16 14:25:58 +01:00
Calum Grant
46a03795c2 Add security-severity metadata 2021-07-16 14:05:54 +01:00
Anders Schack-Mulligen
effca4495f Java: Fix a bug in call-context-sensitve dispatch to SummarizedCallable. 2021-07-16 14:31:29 +02:00
Taus
4f3f93f267 Python: Autoformat 2021-07-16 12:22:24 +00:00