hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,697 Branches 161 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
4d5ec87de9 Use InlineTest 2021-05-03 13:27:24 +02:00
Tony Torralba
4bfd34b1fe Moved from experimental 2021-05-03 13:15:24 +02:00
Arthur Baars
6adff6f195 Merge pull request #171 from github/self_nodes 
Create synthetic `self` nodes for calls without explicit receivers
 2021-05-03 12:59:11 +02:00
edvraa
cef845ac47 Support string expressions 2021-05-03 13:46:56 +03:00
Tony Torralba
38e052482c More csv sinks and sources 2021-05-03 12:44:53 +02:00
edvraa
ea38f0d3bd a new test for simple flow 2021-05-03 12:19:05 +03:00
edvraa
000826af11 typo 2021-05-03 12:18:43 +03:00
Tom Hvitved
182b2d0457 C#: Improve CFG for constructors when there are multiple implementations 2021-05-03 10:46:36 +02:00
Tom Hvitved
633f228dc2 C#: Add CFG tests for partial classes 2021-05-03 10:23:29 +02:00
Tom Hvitved
bb1cb73675 Merge pull request #5795 from hvitved/csharp/implicit-constructor-inits 
C#: Extract implicit constructor initializer calls
 2021-05-03 10:21:04 +02:00
Tom Hvitved
b77b3da8d6 C#: Add change note 2021-05-03 09:40:13 +02:00
Jonas Jensen
c05ef1225c Merge pull request #5803 from MathiasVP/no-magic-in-getUnspecifiedType 
C++: Add nomagic to getUnspecifiedType
 2021-05-03 09:03:58 +02:00
edvraa
65183cde80 Move to experimental 2021-05-03 09:59:52 +03:00
edvraa
bd99114cd6 Comments added 2021-05-03 09:55:04 +03:00
luchua-bc
4709e8139d JPython code injection 2021-05-03 01:43:56 +00:00
edvraa
a24c1c8114 fix comment 2021-05-03 00:36:38 +03:00
edvraa
fa94fedfc3 simple dataflow for sensitive name 2021-05-03 00:36:26 +03:00
edvraa
97bc7e38d2 check for sensitive property name 2021-05-03 00:31:29 +03:00
edvraa
7ab91bb185 Inline getOptionsArgument 2021-05-03 00:09:15 +03:00
ihsinme
bb97507ebc Update test.c 2021-05-02 22:59:56 +03:00
ihsinme
21f43252e6 Update DeclarationOfVariableWithUnnecessarilyWideScope.expected 2021-05-02 22:59:04 +03:00
ihsinme
0935c5a0f2 Update DeclarationOfVariableWithUnnecessarilyWideScope.ql 2021-05-02 22:58:30 +03:00
ihsinme
8c3980d80b Update cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.c 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-05-02 22:54:43 +03:00
Chris Smowton
774717d2b8 Merge pull request #522 from gagliardetto/fix-clevergo 
Improve CleverGo models
 2021-04-30 17:11:56 +01:00
Tony Torralba
53e04d0d96 Refactor to CSV sink model 2021-04-30 17:53:43 +02:00
Mario Campos
ae857db657 Add React Native to JavaScript frameworks 
According to @asgerf, React Native is already supported 🎉
 2021-04-30 10:47:08 -05:00
Slavomir
ea2909a362 HTTP::HeaderWrite: Don't override string getHeaderValue() with none() 2021-04-30 15:39:09 +01:00
Slavomir
110a3983c1 Regenerate codeql: Refactor HTTP::HeaderWrite 2021-04-30 15:39:09 +01:00
Slavomir
5578afa189 Regenerate using latest codemill generator. 2021-04-30 15:39:09 +01:00
Chris Smowton
0beaa7fdc9 Model content-type setters as HeaderWrites. 2021-04-30 15:39:09 +01:00
Chris Smowton
9ea8b34e47 HTTP ResponseBody: support HeaderWrites with hard-coded header values. 2021-04-30 15:39:09 +01:00
Chris Smowton
3fd2c7d4bb Note response writers for existing HeaderWrite and HttpRedirect instances 2021-04-30 15:39:09 +01:00
Slavomir
36396df271 HttpResponseBody: Move .getAPredecessor*() to the test query. 2021-04-30 15:39:09 +01:00
Slavomir
989bfa2b1d Improve naming and comments. 2021-04-30 15:39:09 +01:00
Slavomir
78b403f42e Stub alternative HTTP::ResponseBody model implementation 2021-04-30 15:39:09 +01:00
Slavomir
ff848a502a ResponseBody: Use .getAPredecessor*().getStringValue() instead of just .getStringValue() 2021-04-30 15:39:09 +01:00
Timo Mueller
c22eeacbfc Fixed accidential double init of variable 2021-04-30 16:28:56 +02:00
Timo Mueller
61d053f6b3 Fixed missing metadata description 2021-04-30 16:28:17 +02:00
Timo Mueller
15a3068f8a Added query for insecure environment configuration RMI JMX (CVE-2016-8735) 2021-04-30 16:23:17 +02:00
Chris Smowton
b2c0259197 Merge pull request #5631 from haby0/UseOfLessTrustedSource 
[Java] CWE-348: Using a client-supplied IP address in a security check
 2021-04-30 15:20:53 +01:00
Nick Rolfe
5dc910d0db Move track predicate to LocalSourceNode 2021-04-30 15:05:12 +01:00
Nick Rolfe
37c8d8a252 Rename getCallable to getTarget 2021-04-30 14:41:50 +01:00
Nick Rolfe
fdccd5da7e Add AstNode::isSynthesized() 2021-04-30 11:58:54 +01:00
haby0
fdcc517b9f UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck" 2021-04-30 17:43:34 +08:00
haby0
f41301f8f5 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:55:17 +08:00
haby0
0691cac5ab Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:54:41 +08:00
haby0
8142810455 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:54:28 +08:00
Tom Hvitved
ecd40e5cae Merge pull request #5808 from intrigus-lgtm/fix-lambda-typos 
Fix typo.
 2021-04-30 09:08:28 +02:00
haby0
711a74c9c9 Eliminate false positives\ 2021-04-30 10:31:40 +08:00
intrigus
08731fc6cf Fix typo. 2021-04-29 20:26:34 +02:00