hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-05 09:41:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,691 Branches 159 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
6169ac6122 Merge pull request #7776 from RasmusWL/django-filefield-uploadto 
Python: Support Django FileField.upload_to
 2022-05-05 14:25:08 +02:00
Erik Krogh Kristensen
58db9226dc add missing word in qhelp 2022-05-05 14:24:45 +02:00
Erik Krogh Kristensen
2292dc5a45 Merge pull request #12 from RasmusWL/move-tests-back 
Move tests back into `frameworks/` folder
 2022-05-05 14:23:05 +02:00
Rasmus Wriedt Larsen
dfe99b0b51 Python: Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-05 14:14:44 +02:00
Tom Hvitved
d9d5372f28 Data flow: Sync files 2022-05-05 13:36:26 +02:00
Tom Hvitved
de6e2c95e7 Data flow: Speedup subpaths predicate (take 2) 2022-05-05 13:36:08 +02:00
Michael Nebel
3c347cab98 C#: Update test output to reflect that the query is now a path-problem query. 2022-05-05 13:13:25 +02:00
Rasmus Wriedt Larsen
0a589bed4e Python: Add inline test of MaD sinks 
This enables us to keep the framework modeling tests under `/frameworks`
folder

I had hoped to use `mad-sink[<kind>]` syntax, but that was not allowed
:(

Maybe it oculd be allowed in the future, but for now I'll stick with the
more ugly solution of `mad-sink__<kind>`
 2022-05-05 13:11:43 +02:00
Michael Nebel
2dc35c123a Java/Ruby: Sync files. 2022-05-05 13:08:55 +02:00
Michael Nebel
a8556f4d50 C#: Make sure that test output prints whether the summary is generated or not. 2022-05-05 13:07:22 +02:00
Erik Krogh Kristensen
2d7c7ff372 apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-05-05 13:03:35 +02:00
Asger F
c4d597d60f JS: Enumerate type-tracking steps through global access paths 2022-05-05 12:59:10 +02:00
ihsinme
75244effc5 Update DangerousUseOfExceptionBlocks.ql 2022-05-05 13:27:17 +03:00
Erik Krogh Kristensen
0c0e280637 update the qhelp to mention that the GITHUB_TOKEN only sometimes has write-access 2022-05-05 12:12:29 +02:00
Paolo Tranquilli
c87fb4df53 Swift: remove now unused ql.Property.params 2022-05-05 12:01:13 +02:00
Mathias Vorreiter Pedersen
6f9752ead1 Merge pull request #9019 from geoffw0/xxe4 
C++: More XXE Tests
 2022-05-05 10:59:40 +01:00
Michael Nebel
e416a0629a C#: Add isAutoGenerated predicate to SummarizedCallable. 2022-05-05 11:54:04 +02:00
Paolo Tranquilli
9798d8ba26 Swift: add ?* modifier to schema specification 
This indicates a list of optional entries. This is different than
simply repeatind entries because of the indexing.
 2022-05-05 11:50:12 +02:00
yoff
0c7184952b Merge pull request #9023 from RasmusWL/positional-docs 
Python: Clarify `getArg` is about positional arguments
 2022-05-05 11:28:17 +02:00
Erik Krogh Kristensen
c0152a46bc rename getAReferencedExpression to getASimpleReferenceExpression and add examples of what it can parse 2022-05-05 11:02:47 +02:00
Arthur Baars
25d9ffd18c Merge pull request #9033 from github/aibaars/atm-label 
JS: exclude ATM folder from labeler
 2022-05-05 10:53:39 +02:00
Michael Nebel
13f142f143 C#: Convert xml injection query to a path problem. 2022-05-05 10:43:23 +02:00
Erik Krogh Kristensen
dc1dc2a33a parse the uses field in the getters instead of the charpred 2022-05-05 10:40:08 +02:00
Erik Krogh Kristensen
9ea0f71581 convert TODO to a note in Actions::Uses 2022-05-05 10:28:00 +02:00
Erik Krogh Kristensen
1f00ba812a move YAMLMappingLikeNode to the standard library 2022-05-05 10:22:52 +02:00
Rasmus Wriedt Larsen
6ae5ef9f3b Revert "move most of asyncpg test into SqlInjection after moving MaD sql-injection sink" 
This reverts commit 4b9c9b0c8d.
 2022-05-05 10:20:41 +02:00
Jonas Jensen
d747c6eaa9 Merge pull request #8930 from jbj/lower-case-variables-spec 
QL language reference: variables must be lowerId
 2022-05-05 10:02:16 +02:00
Paolo Tranquilli
c2d3aac349 Swift: fix no functools.cache in python 3.8 2022-05-05 09:48:07 +02:00
Michael Nebel
21eb5a1db5 Merge pull request #8894 from michaelnebel/csharp/upgrade-dotnet 
C#: Upgrade dotnet to 6.0.202.
 2022-05-05 09:42:23 +02:00
Erik Krogh Kristensen
bf6663ab12 run the autoformatter 2022-05-05 09:16:27 +02:00
Tom Hvitved
66a9759329 Merge pull request #8870 from hvitved/dataflow/expect-content 
Data flow: Introduce `expectsContent`
 2022-05-05 09:01:40 +02:00
luchua-bc
937ab417b1 Query to detect hardcoded JWT secret keys 2022-05-04 23:09:48 +00:00
Daniel Santos
33e85f8db8 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-04 11:43:56 -05:00
Paolo Tranquilli
d5d1eb717d Swift: add structured C++ generated classes 
This adds `cppgen`, creating structured C++ classes mirroring QL classes
out of `schema.yml`.

An example of generated code at the time of this commit can be found
[in this gist][1].

[1]: https://gist.github.com/redsun82/57304ddb487a8aa40eaa0caa695048fa

Closes https://github.com/github/codeql-c-team/issues/863
 2022-05-04 18:20:25 +02:00
Paolo Tranquilli
10c5c8e71f Swift: add trapgen unit tests 
Closes: https://github.com/github/codeql-c-team/issues/981
 2022-05-04 18:20:06 +02:00
Joe Farebrother
64227c9109 Fix codescanning alerts 2022-05-04 15:58:30 +01:00
Joe Farebrother
c7d30087d1 Fix issue with named backrefs; add needed import 2022-05-04 15:41:42 +01:00
Joe Farebrother
2d82dfba38 Reorder backreference predicates 2022-05-04 15:41:41 +01:00
Joe Farebrother
9078e13f1c Apply reveiw suggestions 
- make java imports private
- qdoc fixes
- reorder predicates
- simplifications
 2022-05-04 15:41:41 +01:00
Joe Farebrother
b854a2185e Fix use of sinkModel 2022-05-04 15:41:41 +01:00
Joe Farebrother
b08f22c24d Remove unnecassary import 2022-05-04 15:41:41 +01:00
Joe Farebrother
66ab2bca75 Update PrintAst test output 2022-05-04 15:41:41 +01:00
Joe Farebrother
eec57d4f25 Simplify dataflow logic by using only one configuration, and expessing more sinks with models-as-data 2022-05-04 15:41:41 +01:00
Joe Farebrother
2a80540157 Sync shared files 2022-05-04 15:41:40 +01:00
Joe Farebrother
5e3ba130dc Add a test for deeply nested sequences 2022-05-04 15:41:40 +01:00
Joe Farebrother
4ed2e8d1fd Update tests to account for only regexes with quantifiers being considered 2022-05-04 15:41:40 +01:00
Joe Farebrother
e5ca924240 Allow quantifiers invoving {}; add comments 2022-05-04 15:41:40 +01:00
Chris Smowton
bc17d4b91f Break the recursion between seqChild, RegExpTerm and TRegExpSequence 2022-05-04 15:41:40 +01:00
Chris Smowton
0d13864bc8 Restrict polynomial ReDoS' strings-parsed-as-regexes search to those that could possibly be interesting 
In practice for polynomial ReDoS this means those regexes containing at least one potentially-infinite quantifier (* or +).
 2022-05-04 15:41:39 +01:00
Joe Farebrother
0f606d987d Remove redundant super call. 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-05-04 15:41:39 +01:00