hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,697 Branches 161 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
1bf0e01a83 Data flow: Cache clearsContent 2021-04-27 19:05:10 +02:00
Tom Hvitved
4009c01558 Data flow: Cache readStep 2021-04-27 19:05:10 +02:00
Tom Hvitved
96aa182893 Data flow: Cache jumpStep 2021-04-27 19:05:10 +02:00
Tom Hvitved
8bfeae768f Data flow: Cache simpleLocalFlowStep 2021-04-27 19:05:10 +02:00
Tom Hvitved
1a56f0b79c Data flow: Cache getNodeType 2021-04-27 19:05:10 +02:00
Tom Hvitved
044c92016b Data flow: Cache enclosing callable predicates 2021-04-27 19:05:09 +02:00
Tom Hvitved
37377644c9 Merge pull request #5781 from hvitved/java/predictable-seed-df6 
Java: Use separate data-flow copy for `PredictableSeedFlowConfiguration`
 2021-04-27 19:01:55 +02:00
Chris Smowton
3a0b36cdb8 Merge pull request #531 from sauyon/non-alert-queries 
Non-alert queries
 2021-04-27 17:49:49 +01:00
Andrew Eisenberg
c6db90e9b7 Merge pull request #5775 from aeisenberg/aeisenberg/codeql-action-main 
Actions: Use the main branch of the codeql action
 2021-04-27 09:36:33 -07:00
Sauyon Lee
bfe6e7510d Evaluate symlinks for the dummy file 2021-04-27 08:32:21 -07:00
Tamás Vajk
4cc88662e2 Merge pull request #5557 from tamasvajk/feature/java-sinks-csv 
Java: convert sinks to CSV
 2021-04-27 15:58:09 +02:00
Erik Krogh Kristensen
9178f4b1c5 add support for the anser library 2021-04-27 15:57:17 +02:00
Tamas Vajk
51e08d4940 Fix error severity 2021-04-27 15:47:16 +02:00
edvraa
3aec9c1a41 Cookies without HttpOnly 2021-04-27 16:28:32 +03:00
Marcono1234
05ce49adaf Java: Add StmtParent as superclass of SwitchExpr 
Database type `@stmtparent` already includes `@switchexpr`, this commit merely
changes the class SwitchExpr to also accordingly extend StmtParent.
 2021-04-27 15:17:55 +02:00
Tamas Vajk
5b79094f34 Fix naming in HTTPS URL check 2021-04-27 14:59:52 +02:00
Rasmus Wriedt Larsen
523ed8272d Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-04-27 14:42:05 +02:00
yoff
0509a12790 Merge pull request #5770 from tausbn/python-small-api-graph-fix 
Python: Use only `TApiNode` in `API::Impl`
 2021-04-27 14:06:09 +02:00
Geoffrey White
afa89256c5 Merge pull request #5780 from MathiasVP/cleanup-missingGuard-predicates-after-range-analysis-fix 
C++: Cleanup missingGuardAgainstOverflow
 2021-04-27 12:56:10 +01:00
Chris Smowton
64a2320be7 Merge pull request #5757 from smowton/smowton/admin/fix-dead-qhelp-links 
Fix all dead qhelp links
 2021-04-27 12:17:08 +01:00
Tom Hvitved
2e266c7ddd Merge pull request #5756 from hvitved/csharp/string-builder-fluent 
C#: Add missing `StringBuilder` flow summaries
 2021-04-27 11:24:56 +02:00
Tom Hvitved
fb606112fa Merge pull request #5754 from hvitved/csharp/guards/performance 
C#: Improve performance of guards library
 2021-04-27 10:53:01 +02:00
Tamas Vajk
e08b629cb5 Add documentation for URL opening sinks 2021-04-27 10:32:41 +02:00
Sauyon Lee
d09cb7f228 Remove badpkg.go to make tests location-independent 2021-04-27 01:18:22 -07:00
Sauyon Lee
03c3b15caa Improve autoformatting check 2021-04-27 01:18:21 -07:00
Sauyon Lee
27b72b53e5 Add diagnostic queries 2021-04-27 01:18:21 -07:00
Sauyon Lee
9f85846980 Add lines of code summary query 2021-04-27 01:18:20 -07:00
Sauyon Lee
fa5cb652d8 Fix lines of code counting 2021-04-27 01:18:20 -07:00
Sauyon Lee
ed978e439f Add GoFile and move HtmlFile to Files.qll 2021-04-27 01:18:19 -07:00
Sauyon Lee
2a80a60468 Add GeneratedFile concept 2021-04-27 01:18:19 -07:00
Sauyon Lee
3393588353 Move concepts imports to Concepts.qll 2021-04-27 01:18:18 -07:00
Tom Hvitved
017beb6786 Java: Use separate data-flow copy for PredictableSeedFlowConfiguration 2021-04-27 10:07:33 +02:00
Sauyon Lee
7a790340ed Merge pull request #526 from sauyon/fix-bad-error-locs 
Extract dummy files for errors without locations
 2021-04-27 01:07:22 -07:00
CodeQL CI
79ed94b22c Merge pull request #5779 from erik-krogh/updateJSAndTSVersionDoc 
Approved by esbena
 2021-04-27 00:51:58 -07:00
Mathias Vorreiter Pedersen
04a785b9fb C++: Accept test changes. 2021-04-27 09:43:27 +02:00
Mathias Vorreiter Pedersen
a41e9055c5 C++: Delete the fix that was introduced in bb447d7174. This is no longer needed after #5678. 2021-04-27 09:43:02 +02:00
Mathias Vorreiter Pedersen
05d693e3bb C++: Also include the assignment versions in exprThatCanOverflow. 2021-04-27 09:41:13 +02:00
Rasmus Wriedt Larsen
37db21d269 Merge pull request #5284 from yoff/python-port-insecure-protocol 
Python: port py/insecure-protocol
 2021-04-27 09:30:18 +02:00
ihsinme
0c3e2b9ab7 Update test.c 2021-04-27 10:11:32 +03:00
Erik Krogh Kristensen
0b322a3143 update JS/TS versions to reflect supported versions 2021-04-27 08:53:15 +02:00
haby0
5be9fbbc5a Remove LogOperationSink and PrintSink 2021-04-27 14:12:33 +08:00
ihsinme
c31a761750 Add files via upload 2021-04-26 23:05:08 +03:00
ihsinme
b7de370918 Add files via upload 2021-04-26 23:04:08 +03:00
thank_you
62f3e8d64a Add sanitizer for ObjectId 
ObjectId is a sanitizer used to sanitize strings into valid MongoDB ids. During research we've found that this method is used.

ObjectId returns a string representing an id. If at any time ObjectId can't parse it's input (like when a tainted dict in passed in), then ObjectId will throw an error preventing the query from running.
 2021-04-26 15:35:42 -04:00
Andrew Eisenberg
0e53ad33f6 Actions: Add permissions block to code scanning workflow 2021-04-26 10:53:29 -07:00
Geoffrey White
0e7eeb3051 Merge pull request #5678 from MathiasVP/sound-expr-might-overflow-predicate 
C++: Make exprMightOverflowPositively sound for unanalyzable expressions
 2021-04-26 17:38:23 +01:00
Andrew Eisenberg
3670c729c0 Actions: Use the main branch of the codeql action 
This commit switches to the bleeding edge, main branch of the
codeql action. This helps us test the action before merging all
of the new changes into main, which occurs roughly once a week.

If there are commits that introduce bugs in codeql-action, then
we will be more likely to catch it before releasing to the world
if we are using it in this extension.
 2021-04-26 08:43:28 -07:00
Taus
3889c8afec Python: Use only TApiNode in API::Impl 
This ensures that changes to `API::Node` does not invalidate the cached
`module Impl`. At present, I don't expect this to have any effect (as
the `Node` class is also fairly static, though not explicitly cached),
but I can imagine us making some of the `Node` methods have
user-extensible behaviour, in which case we definitely do not want this
to result in reevaluation of `API::Impl`.
 2021-04-26 13:10:15 +00:00
Shati Patel
a09c12acfe Merge pull request #5537 from alexet/ambig-super 
Docs: Update the language specification for changes to super.
 2021-04-26 13:34:50 +01:00
Hayk Andriasyan
7455b1b4f0 Update JSchOSInjectionSanitized.java 2021-04-26 15:17:57 +04:00