hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,697 Branches 161 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
be50e8f30c Moved from experimental to standard 2021-05-05 11:59:49 +02:00
Tony Torralba
458b89bf5f Added Android stubs 2021-05-05 11:57:01 +02:00
Erik Krogh Kristensen
fc3f5adbbb more source code examples in PackageExports.qll 2021-05-05 11:48:41 +02:00
Erik Krogh Kristensen
28eef264e5 recognize the define(..) call in PackageExports.qll 2021-05-05 11:23:25 +02:00
Jonas Jensen
390ee3a6b8 Merge pull request #5829 from MathiasVP/reorder-get-instruction-opcode 
C++: Reorder getInstructionOpcode
 2021-05-05 11:13:15 +02:00
Erik Krogh Kristensen
3ca670146e remove outdated comment 2021-05-05 11:10:45 +02:00
Rasmus Wriedt Larsen
3ceb8bbcc6 Python: Add cryptography test for EC 
Apparently, passing in the class (without instantiating it) is allowed
 2021-05-05 10:52:57 +02:00
Rasmus Wriedt Larsen
dc4a0c1d38 Python/JS: Fix typo 2021-05-05 10:13:54 +02:00
Mathias Vorreiter Pedersen
066cdb55d7 C++: Add qldoc explaining column order. 2021-05-05 09:30:12 +02:00
Mathias Vorreiter Pedersen
f03c99ab03 Merge pull request #5835 from hmakholm/hmakholm/pr/blowup-fix 
CPP: fix semi-unused variables in WrongInDetectingAndHandlingMemoryAllocationErrors.q
 2021-05-05 08:15:37 +02:00
Henning Makholm
4964ce347b CPP: fix semi-unused variables in WrongInDetectingAndHandlingMemoryAllocationErrors.ql 
The fact that `aex` and `it` was each used in just one disjunct of the
exists() body caused the optimizer to generate perfectly horrible
code, including a pointless cartesian product between them that caused
the evaluation to blow up.

Fix it such that each variable is logically scoped. That makes the
compiler much happier.
 2021-05-05 02:31:11 +02:00
thank_you
c4a67e522c Rewrite query to take into account MongoClient and subscript expressions 
A couple of notes with these changes:

- Added TypeTracker pattern to handle subscript expressions. We've found that pymongo supports subscripts expressions when calling databases and collections. To resolve this, we implemented the TypeTracker pattern to catch those subscripts since CodeQL Python API modeling doesn't support subscript expressions.

- After some research, we've discovered that MongoEngine and Flask-MongoEngine utilize MongoClient under-the-hood. This requires us to rewrite the query so that instead of querying these libraries with specific queries, we are instead going to query for usages of MongoClient since all of the libraries we are targeting utilizes MongoClient under-the-hood.
 2021-05-04 19:29:31 -04:00
thank_you
56dc4d886e Add comment on BsonObjectIdCall 2021-05-04 19:11:59 -04:00
CodeQL CI
95f26aadd3 Merge pull request #5681 from yoff/python-support-pathlib 
Approved by tausbn
 2021-05-04 09:20:24 -07:00
Robert Marsh
5ee74d269a Merge pull request #5822 from MathiasVP/more-cwe-tags-in-code-scanning 
C++: Add more CWE tags to queries in the Code Scanning suite
 2021-05-04 09:01:00 -07:00
Nick Rolfe
d2d5f31599 Escape keys for files and folders 2021-05-04 16:52:35 +01:00
Timo Müller
a65481d24b Apply suggestions from code review more precise help text 2021-05-04 17:30:49 +02:00
Timo Müller
65642df1a0 Apply suggestions from code review for help text 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 17:28:34 +02:00
Timo Mueller
152f4862ec Reworked the references a bit 2021-05-04 16:10:15 +02:00
Timo Mueller
81363a8843 Some better (and more styleguide compliant) descriptions within the query. 2021-05-04 15:57:47 +02:00
Timo Mueller
f7437422c1 InstanceOf check instead of comparing classnames 2021-05-04 15:51:40 +02:00
Timo Mueller
fd52135f29 Removed unnecessary check for type 2021-05-04 15:45:30 +02:00
Timo Mueller
787a4ede85 Fixed file reference in test cases 2021-05-04 15:33:53 +02:00
Timo Mueller
374ed851a0 Fixed file reference in test cases 2021-05-04 15:12:50 +02:00
Mathias Vorreiter Pedersen
d5793418f9 C++: Remove parent CWE tags. 2021-05-04 14:39:23 +02:00
Timo Müller
c476b6c088 Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 14:00:01 +02:00
Timo Müller
030e2bdd9b Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:59:52 +02:00
Timo Müller
ab308b5e9e Fix accordance to style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:59:43 +02:00
Timo Müller
485a3a139a Fixed content to confirm with the style guide 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:58:38 +02:00
Timo Müller
45443baf84 Fixed Typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:58:00 +02:00
Timo Müller
1fd2be3879 Added more clear reference 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:57:19 +02:00
Timo Müller
7026d82a72 Fixed typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:53:14 +02:00
Timo Müller
f28e994121 Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp 
More descriptive (and PC) description.

Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-04 13:52:47 +02:00
Nick Rolfe
647c108c0b Merge remote-tracking branch 'origin/main' into type_tracking 2021-05-04 12:38:16 +01:00
Arthur Baars
1a94fb47b6 Merge pull request #172 from github/update-testoutput 
Update expected test output
 2021-05-04 13:37:37 +02:00
CodeQL CI
b160badbf6 Merge pull request #5768 from erik-krogh/cacheMore 
Approved by esbena
 2021-05-04 04:16:15 -07:00
Tony Torralba
6e94dc5b85 Autoformatting 2021-05-04 13:15:20 +02:00
Felicity Chapman
616a57d6d4 Update article with code scanning example 2021-05-04 12:11:18 +01:00
Tamás Vajk
05c045070e Merge pull request #5810 from tamasvajk/feature/culture 
C#: Use invariant culture in the extractor
 2021-05-04 13:09:38 +02:00
Mathias Vorreiter Pedersen
568724bffd C#: Fix getInstructionOpcode to make sure IRConstruction.qll compiles for C#. 2021-05-04 13:00:40 +02:00
Arthur Baars
27538cb11d Update expected test output 2021-05-04 12:43:43 +02:00
Marcono1234
ab90fe18fd Docs: Use GitHub links for guides, improve formatting 2021-05-04 12:35:23 +02:00
Nick Rolfe
53deede8ab Remove unnecessary local flow inside type-tracking store step 2021-05-04 11:32:57 +01:00
Nick Rolfe
35ee62c689 Use splitting-aware nodes for type-tracking store/load steps 2021-05-04 11:31:03 +01:00
Mathias Vorreiter Pedersen
ded377bcd2 C++: Reorder getInstructionOpcode to produce better RA. 2021-05-04 12:13:34 +02:00
Tony Torralba
f79d2e06f9 Fix failing checks 2021-05-04 11:29:09 +02:00
Tamas Vajk
c547907784 C#: Use invariant culture in the extractor 2021-05-04 11:17:33 +02:00
Anders Schack-Mulligen
5bcf810a7c Merge pull request #5821 from JarLob/patch-1 
Update UncaughtServletException.qhelp
 2021-05-04 10:39:02 +02:00
Anders Schack-Mulligen
9ee9186a1a Merge pull request #5825 from github/yo-h/java-diagnostic-queries 
Java: split extractor diagnostics query into two
 2021-05-04 10:12:32 +02:00
Erik Krogh Kristensen
aaf754ebf5 recognize more library input 2021-05-04 10:06:14 +02:00