codeql

mirror of https://github.com/github/codeql.git synced 2026-02-27 12:23:41 +01:00

Author	SHA1	Message	Date
Owen Mansel-Chan	f0fd501a23	No need to cache isUnreachableInCall any more	2021-05-12 08:54:58 +01:00
Owen Mansel-Chan	a86390d850	Sync data-flow libraries As of 2021-05-12	2021-05-12 08:54:11 +01:00
Anders Schack-Mulligen	a247ae4357	Merge pull request #5843 from JLLeitschuh/feat/JLL/improve_kryo_support [Java] Fix Kryo FP & Kryo 5 Support	2021-05-12 09:52:24 +02:00
Anders Schack-Mulligen	74ae2e0857	Merge pull request #5773 from hvitved/dataflow/aggressive-caching Data flow: Cache most language-dependent predicates	2021-05-12 09:41:55 +02:00
haby0	12f47bcf24	Add UnsafeDeserialization	2021-05-12 12:37:16 +08:00
thank_you	3e25b14a68	Update NoSQLInjection.expected	2021-05-11 20:07:09 -04:00
Alex Ford	0016146e11	limit summary queries to files from within the source directory	2021-05-11 21:07:08 +01:00
Tamas Vajk	8e371fd05a	Adjust expected IR test file	2021-05-11 21:54:05 +02:00
Alex Ford	49d9bb798c	revamp the diagnostics tests	2021-05-11 19:53:00 +01:00
Alex Ford	9b115129fe	move diagnostics queries to match other languages more closely	2021-05-11 19:53:00 +01:00
Alex Ford	1381d8d076	tidy up Diagnostics library	2021-05-11 19:28:31 +01:00
Alex Ford	9663b74e12	use severity level 3 to indicate an extraction error for a file	2021-05-11 19:23:05 +01:00
Alex Ford	d1d8cff915	tests for some more diagnostics queries	2021-05-11 19:14:22 +01:00
Alex Ford	de497dd1ba	tests for NumberOfFiles* summary queries	2021-05-11 19:14:22 +01:00
Mathias Vorreiter Pedersen	948f1d8e34	C++: Add testcase with INTMAX_MIN.	2021-05-11 19:43:21 +02:00
Marcono1234	8969da7775	Java: Improve not closing resource query; add tests	2021-05-11 19:32:02 +02:00
Nick Rolfe	004147984b	Simplify CFG classes for StmtSequences	2021-05-11 18:27:11 +01:00
luchua-bc	e7cd6c9972	Optimize the query	2021-05-11 16:56:12 +00:00
Jonathan Leitschuh	5a68ac88ef	Cleanup Jackson logic after code review	2021-05-11 10:48:22 -04:00
Jonathan Leitschuh	bacc3ef5b3	[Java] Jackson add support for 2 step deserialization taint flow	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	e97bad3b33	Support field access data flow for JacksonDeserializedTaintStep	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	83d527ed19	Apply suggestions from code review Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	b871f48c50	[Java] Add release note to Jackson change	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	d0b0b767a2	Apply suggestions from code review Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	d0638db6e7	[Java] Add data flow through Iterator deserializers for Jackson	2021-05-11 10:36:47 -04:00
Jonathan Leitschuh	56b1f15dda	[Java] Add taint tracking through Jackson deserialization	2021-05-11 10:36:47 -04:00
Geoffrey White	d7e560c611	Merge pull request #5767 from ihsinme/ihsinme-patch-268 CPP: Add query for CWE-1126: Declaration of Variable with Unnecessarily Wide Scope	2021-05-11 15:24:25 +01:00
Tony Torralba	8754c85a57	Use InlineExpectationsTest	2021-05-11 16:23:12 +02:00
Tony Torralba	fc03b92e11	Moved from experimental to standard	2021-05-11 15:42:13 +02:00
Tony Torralba	53da3b661a	Refactor to CSV sink model	2021-05-11 15:33:49 +02:00
Alex Ford	8ab95324eb	dedupe some error reporting code	2021-05-11 14:09:10 +01:00
Mathias Vorreiter Pedersen	3e21f479a9	C++: Add change-note.	2021-05-11 14:58:48 +02:00
Tom Hvitved	d66506b0a3	Data flow: Rename `{Argument,Parameter}NodeExt` to `{Arg,Param}Node`	2021-05-11 14:40:10 +02:00
Mathias Vorreiter Pedersen	48e783184c	C++: Fix false positive by recognizing more absolute value functions in Overflow.qll	2021-05-11 14:30:28 +02:00
Jonathan Leitschuh	0d9a85ca6b	Update java/change-notes/2021-05-05-kryo-improvements.md Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-05-11 08:29:50 -04:00
Mathias Vorreiter Pedersen	24d8abd2c2	C++: Add false positive testcase when an absolute value is used in comparison.	2021-05-11 14:27:53 +02:00
CodeQL CI	922b276fac	Merge pull request #5728 from asgerf/js/source-sink-queries Approved by erik-krogh codeql-cli/v2.5.5	2021-05-11 05:04:47 -07:00
Tamas Vajk	717070c7e4	Fix/cleanup passed and default arguments values	2021-05-11 13:11:35 +02:00
yoff	a7f97895ac	Merge pull request #5863 from erik-krogh/printReg JS: add printAst.ql support for regular expressions	2021-05-11 12:45:49 +02:00
yoff	0e5a2c4573	Merge pull request #5442 from jorgectf/jorgectf/python/redos Python: Add Regular Expression Injection query	2021-05-11 12:11:35 +02:00
yoff	549c9eee1a	Merge pull request #5739 from RasmusWL/share-sensitive-data-modeling Python/JS: Share sensitive data modeling	2021-05-11 11:53:59 +02:00
CodeQL CI	a87731115a	Merge pull request #5860 from max-schaefer/js/improve-sql-modelling Approved by asgerf	2021-05-11 02:24:52 -07:00
Erik Krogh Kristensen	99e98419dc	add support for error values in an axios client request	2021-05-11 11:24:21 +02:00
Erik Krogh Kristensen	52991dc4a1	rewrite the axios model to use API graphs	2021-05-11 11:23:51 +02:00
Erik Krogh Kristensen	54f191cfe3	add support for rejected promise values in API graphs	2021-05-11 11:23:03 +02:00
CodeQL CI	beb66fc4db	Merge pull request #5719 from asgerf/js/nestjs Approved by esbena	2021-05-11 02:08:27 -07:00
Anders Schack-Mulligen	744c495ac2	Merge pull request #5824 from JLLeitschuh/feat/JLL/guava_first_non_null [Java] Add support for com.google.common.base.MoreObjects#firstNonNull	2021-05-11 09:42:20 +02:00
AlexDenisov	2905bb8b9a	Merge pull request #5861 from AlexDenisov/alexdenisov/adjust-user-defined-literals-test C++: Adjust user-defined literals test' expectations	2021-05-11 09:31:54 +02:00
Anders Schack-Mulligen	7d6a497136	Merge pull request #5857 from dbartol/container/work Java: Fix QLDoc for `Container.toString()`	2021-05-11 08:37:41 +02:00
Dave Bartolomeo	f85aff869c	Java: Fix PR feedback	2021-05-10 16:37:23 -04:00

... 428 429 430 431 432 ...

47078 Commits