hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 03:01:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
01929d484e Merge pull request #8526 from MathiasVP/internal-diagmetric-queries-ql 
C++: Add internal `ExtractionError` query
 2022-03-22 17:26:38 +00:00
Robert Marsh
12ccf3662a C#: match IR global variable changes 2022-03-22 13:22:37 -04:00
Robert Marsh
6be3db8575 C++: update test expectations for extractor changes 2022-03-22 13:01:56 -04:00
Owen Mansel-Chan
efc0d95535 Merge pull request #8528 from github/smowton/admin/fix-go-doc-links 
Fix broken links
 2022-03-22 16:25:41 +00:00
Taus
f9120167b4 Python: Fix syntax error in with test output 
Depends on an internal PR. The two lines in question were caused by
the insertion of an extra node due to the failure to parse a trailing
comma corrcetly.
 2022-03-22 16:22:03 +00:00
Jonathan Leitschuh
bd87be636a Refactor to conditionCheckArgument deprecate old method 2022-03-22 11:56:43 -04:00
Rasmus Wriedt Larsen
64a5c5d9aa Ruby: Keep getURL predicate for easier deprecation 
Notice that we still don't fully keep our standard deprecation support,
since the new `getAUrlPart` is still abstract, and therefore will cause
compile errors if not implemented.
 2022-03-22 16:48:14 +01:00
Paul1nh0
f2728f5284 delete some unused code 2022-03-22 23:20:30 +08:00
Chris Smowton
b5c05a580d Java: Fix harmless search-replace mistake 2022-03-22 14:42:09 +00:00
yoff
47e062cfb9 Merge pull request #8486 from aibaars/incomplete-hostname-python 
Python: switch to shared implementation of IncompleteHostnameRegExp.ql
 2022-03-22 15:06:14 +01:00
Rasmus Lerchedahl Petersen
53de8287f5 python: rule out test code for CSRF 2022-03-22 14:57:05 +01:00
Erik Krogh Kristensen
8ae04e04d4 Merge pull request #8509 from erik-krogh/fpXss 
JS: filter away reads of .src that end in a URL sink for js/xss-through-dom
 2022-03-22 14:51:17 +01:00
Mathias Vorreiter Pedersen
c35b385383 C++: Fix 'implicit this' warning. 2022-03-22 13:32:46 +00:00
Tom Hvitved
c06508570a Ruby: Cache ConstantReadAccess::getValue 2022-03-22 14:15:07 +01:00
Paul1nh0
afe4a8435f Using globalValueNumber to match same arguments 2022-03-22 21:14:07 +08:00
Rasmus Lerchedahl Petersen
0f2c21c8bd python: require local protection to be absent 
for CSRF to be likely
 2022-03-22 13:42:52 +01:00
Chris Smowton
35af797683 Fix broken links 2022-03-22 12:34:22 +00:00
Mathias Vorreiter Pedersen
93346a574f C++: Add a new 'Location.isBefore' predicate that also considers columns. 2022-03-22 12:16:53 +00:00
Mathias Vorreiter Pedersen
c6c3206031 C++: Add example of 'goto' on the same line as the destination label. 2022-03-22 12:11:29 +00:00
Mathias Vorreiter Pedersen
5cdf0b5ee2 Merge pull request #8507 from geoffw0/sde-perf 
C++: Make getUnderlyingType nomagic
 2022-03-22 11:12:44 +00:00
Paul1nh0
d476493c3e Add double-fetch.ql under CWE-362 directory 2022-03-22 19:08:44 +08:00
Paul1nh0
dd4e82126c remove to another directory 2022-03-22 19:06:53 +08:00
Paul1nh0
2dad2c477b query description added 2022-03-22 19:06:03 +08:00
Geoffrey White
5d5904d6c8 C++: Autoformat. 2022-03-22 10:55:04 +00:00
Mathias Vorreiter Pedersen
5cbd86519b C++: Add internal extraction errors query and modify the 'code-scanning-selectors' to exclude internal queries. 2022-03-22 10:52:02 +00:00
Michael Nebel
b95a332ded C#: Simplify the isCollectionType predicate. 2022-03-22 11:25:14 +01:00
Rasmus Wriedt Larsen
9254b2904e Ruby: Adjust HttpClients test 2022-03-22 11:19:55 +01:00
Rasmus Wriedt Larsen
6bd9d82610 Merge pull request #8061 from RasmusWL/orm 
Python: Add data-flow through Django ORM models
 2022-03-22 11:14:08 +01:00
Rasmus Wriedt Larsen
945b52fc46 Ruby: autoformat 
😳
 2022-03-22 10:59:26 +01:00
Michael Nebel
1d45996001 Merge pull request #8466 from michaelnebel/csharp/refactor-aspartial 
C#: Refactor asPartial to allow re-use.
 2022-03-22 10:54:54 +01:00
Rasmus Wriedt Larsen
68de6a4e3c Ruby: Add change-note 2022-03-22 10:53:55 +01:00
Rasmus Wriedt Larsen
9c2fc1b415 Ruby: client request: getUrl => getAUrlPart 
This is a port of the same change in Python from
f8fc583af3

The description of that commit was:

> I think `getUrl` is a bit too misleading, since from the name, I would
> only ever expect ONE result for one request being made.
>
> `getAUrlPart` captures that there could be multiple results, and that
> they might not constitute a whole URl.
>
> Which is the same naming I used when I tried to model this a long time ago
> a80860cdc6/python/ql/lib/semmle/python/web/Http.qll (L102-L111)
 2022-03-22 10:53:55 +01:00
Rasmus Wriedt Larsen
311cbb4e13 Merge branch 'main' into shared-concepts-scaffolding 2022-03-22 10:36:33 +01:00
Rasmus Wriedt Larsen
414764ccee Concepts: Minor rewrite in qldoc 
As suggested by @hmac
 2022-03-22 10:33:58 +01:00
Rasmus Wriedt Larsen
e50a9421a6 JS: Update dataflow import in ConceptsImports.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-03-22 10:32:20 +01:00
Erik Krogh Kristensen
099d91ba6f update qldoc 2022-03-22 10:27:21 +01:00
Tom Hvitved
99ddfb489f Ruby: Rework getConstantValue implementation 2022-03-22 10:07:44 +01:00
Erik Krogh Kristensen
ea065b7d8a Merge pull request #8521 from erik-krogh/getRubyMoreInSync 
Ruby: sync ExponentialBackTracking.qll
 2022-03-22 09:59:20 +01:00
Erik Krogh Kristensen
90a6717932 sync ExponentialBackTracking.qll for ruby 2022-03-22 09:27:04 +01:00
Tamás Vajk
36c7e10195 Merge pull request #8519 from github/revert-8294-tamasvajk/fix/mad-adjustments 
Revert "Fix MaD workflows to be more resilient to missing files"
 2022-03-22 09:19:14 +01:00
Tamás Vajk
87e1641772 Revert "Fix MaD workflows to be more resilient to missing files" 2022-03-22 09:08:56 +01:00
Tamás Vajk
80fb021e32 Merge pull request #8294 from github/tamasvajk/fix/mad-adjustments 
Fix MaD workflows to be more resilient to missing files
 2022-03-22 09:02:37 +01:00
Rasmus Lerchedahl Petersen
f5b53083ae python: require authentication middleware 
for CSRF to be relevant
 2022-03-22 08:44:19 +01:00
Harry Maclean
99b5c580a5 Ruby: Fix captured reads in lambdas 
These were previously identified as method calls. The fix is to
recognise lambdas as a scope which can inherit variables from its
parent.
 2022-03-22 15:35:43 +13:00
Harry Maclean
c891e62a0e Ruby: Add some tests for method calls in lambdas 
This reveals a bug where we identify reads of captured variables in
lambdas as method calls. This is fixed in a followup commit.
 2022-03-22 15:33:22 +13:00
Harry Maclean
3e8bc8b0f2 Merge pull request #8224 from github/hmac/http-to-file-access 
Ruby: Add rb/http-to-file-access query
 2022-03-22 13:46:36 +13:00
Jeroen Ketema
2d9b630fa8 C++: Fix ExecTainted.ql formatting 2022-03-21 23:28:58 +01:00
Harry Maclean
b1ae548f4c Ruby: Fix doc comment formatting 2022-03-22 11:10:09 +13:00
Harry Maclean
c2d4bc50c9 Add missing file doc comment 2022-03-22 11:10:09 +13:00
Harry Maclean
91a7e9405c Share HttpToFileAccessQuery between JS and Ruby 
There's so little in this query that it may not be worth sharing, but
it's an interesting exercise in figuring out how we do it nicely.
 2022-03-22 11:10:08 +13:00