hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-20 18:04:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,683 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
a826dbbdee fix capitalization in stack-trace-exposure 2022-10-11 13:59:10 +02:00
Tom Hvitved
7171fd1bb2 Update python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll 
Co-authored-by: Taus <tausbn@github.com>
 2022-10-11 13:58:51 +02:00
Tom Hvitved
f1c44f72b5 Python: Sync on TypeTracker.qll changes 2022-10-11 13:58:50 +02:00
Tom Hvitved
2e8f46ddd9 Type tracking: Split up levelStep into levelStepNoCall and levelStepCall 
To reduce non-linear recursion during call graph construction.
 2022-10-11 13:58:46 +02:00
Mathias Vorreiter Pedersen
95e798565b C++: Expand on the comment about missing types in the database. Also rename 'getType0' to 'getTypeImpl' to avoid confusion. 2022-10-11 12:57:51 +01:00
Erik Krogh Kristensen
0883b1782d Merge pull request #10730 from erik-krogh/ql-last-msg 
QL: fix some more style-guide violations in the alert-messages
 2022-10-11 13:43:21 +02:00
erik-krogh
7500a31814 fix that js/file-system-race could have FPs related to loops 2022-10-11 13:41:51 +02:00
erik-krogh
0220f0aa5c use type-tracking instead 2022-10-11 13:37:01 +02:00
Asger F
02656b16c3 Merge pull request #10685 from asgerf/rb/splat-and-local-field-step 
Ruby: summarize unary splat operators and add local field step
 2022-10-11 13:28:58 +02:00
erik-krogh
b64a1b7c42 add a missing qldoc 2022-10-11 13:26:04 +02:00
erik-krogh
cadb948d57 add change-note 2022-10-11 13:26:03 +02:00
erik-krogh
d427e55507 add qhelp 2022-10-11 13:26:03 +02:00
erik-krogh
557dd10896 add a rb/unsafe-shell-command-construction query 2022-10-11 13:26:01 +02:00
Ian Lynagh
b31a721929 Kotlin: Remove some noisy diagnostics 2022-10-11 12:20:42 +01:00
erik-krogh
0d5da42ddd add a getName() utility to DataFlow::ParameterNode 2022-10-11 13:05:22 +02:00
erik-krogh
75422dfa72 add library for reasoning about gems and .gemspec files 2022-10-11 13:05:19 +02:00
erik-krogh
99b90789e5 add .shellescape as a sanitizer for rb/command-injection 2022-10-11 13:05:19 +02:00
erik-krogh
b16b3c0394 move cwe-078 tests into subfolders 2022-10-11 13:05:19 +02:00
Tamas Vajk
43f9331052 Kotlin: adjust extracted property reference base class 2022-10-11 12:52:26 +02:00
Tamas Vajk
92b425b1c2 Kotlin: Add test to show imperfections in property reference extraction 2022-10-11 12:51:06 +02:00
Alvaro Muñoz
2ab34c85b2 Deprecate previous version 2022-10-11 12:46:01 +02:00
Alvaro Muñoz
15f641893e Deprecate previous version 2022-10-11 12:44:46 +02:00
Alvaro Muñoz
d5520d93c8 Deprecate previous version 2022-10-11 12:43:20 +02:00
Alvaro Muñoz
30958f7cde Deprecate previous version 2022-10-11 12:42:40 +02:00
Alvaro Muñoz
2a1b2db4c3 Deprecate previous version 2022-10-11 12:40:32 +02:00
Erik Krogh Kristensen
01bc5f7226 Merge pull request #10731 from erik-krogh/rb-last-msg 
Ruby: fix some more style-guide violations in the alert-messages
 2022-10-11 12:16:52 +02:00
Mathias Vorreiter Pedersen
5cfc3fe8df C++: Use 'DataFlowType' instead of 'Type' for the 'getType' predicate in 'PostUpdateNode'. 2022-10-11 11:00:25 +01:00
Tom Hvitved
878654e0ff Merge pull request #10763 from hvitved/ruby/move-summarized-callable-from-model 
Ruby: Move `SummarizedCallableFromModel` into `ModelsAsData.qll`
 2022-10-11 11:47:38 +02:00
Tom Hvitved
2b75562037 Ruby: Use DataFlow::Configuration in RegExpConfiguration.qll 2022-10-11 11:39:45 +02:00
erik-krogh
42e1735f2a update expected output 2022-10-11 11:37:26 +02:00
Alvaro Muñoz
5c412b9363 Use Pascal convention 2022-10-11 11:24:07 +02:00
erik-krogh
8779da8c0b reintroduce Psych 2022-10-11 11:14:52 +02:00
Alvaro Muñoz
ad80642b18 Consider other XSS unsafe content-types when reasoning about XSS vulnerabilities 2022-10-11 11:13:17 +02:00
Erik Krogh Kristensen
7d282c3d75 fix casing in alert-message 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-11 11:12:59 +02:00
Tom Hvitved
d6df69d481 Merge pull request #10754 from hvitved/dataflow/non-hidden-succ-fast-tc 
Data flow: Improve `fastTC` bound in `PathNodeImpl::getANonHiddenSuccessor`
 2022-10-11 11:12:58 +02:00
Tom Hvitved
53abdb3fb5 Ruby: Move SummarizedCallableFromModel into ModelsAsData.qll 2022-10-11 11:06:35 +02:00
erik-krogh
4da0508dae Merge branch 'main' into py-last-msg 2022-10-11 10:49:19 +02:00
erik-krogh
cdf9d65e44 bump typos 2022-10-11 10:44:34 +02:00
erik-krogh
f4e928eec4 Merge branch 'main' into ql-last-msg 2022-10-11 10:44:20 +02:00
erik-krogh
9a9d2a6fe1 Merge branch 'main' into rb-last-msg 2022-10-11 10:43:39 +02:00
Josh Soref
704aba8c1c spelling: necessitates 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:17 -04:00
Josh Soref
22141e378e spelling: necessary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:17 -04:00
Josh Soref
4e220330a7 spelling: interface 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:17 -04:00
Josh Soref
8f7e76f0cb spelling: initialization 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 03:59:08 -04:00
erik-krogh
9fe18e5d73 changes based on review 2022-10-11 09:30:18 +02:00
erik-krogh
186205bd4b add a test for explicit shell invocations using Kernel.open 2022-10-11 09:23:29 +02:00
erik-krogh
de3b15ebe9 add a query flagging uses of Kernel.open that are not with a constant string 2022-10-11 09:23:29 +02:00
erik-krogh
708f6b51f3 move cwe-078 tests into subfolders 2022-10-11 09:23:29 +02:00
Asger F
b6e07c0cd5 Ruby: block API graph nodes from tracking through self-argument passing 2022-10-11 09:03:52 +02:00
Asger F
125761755a Ruby: do not generate API graph edges from Attribute contents 
Models should use Method[x] edges, not attribute edges
 2022-10-11 09:03:52 +02:00