hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 14:46:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,699 Branches 161 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
4a4f4b01a1 Add support for java.util.concurrent.ThreadLocalRandom 2021-03-08 10:59:53 +00:00
Mathias Vorreiter Pedersen
84554af7f5 Merge pull request #5356 from yoff/tests-amend-qldoc 
InlineExpectationTest: clarify the need for an empty `.expected` file
 2021-03-08 11:53:55 +01:00
Rasmus Lerchedahl Petersen
2bccb67be4 Python, doc: Make first batch of examples runnable 
python queries.
 2021-03-08 10:57:02 +01:00
Mathias Vorreiter Pedersen
bb53780ba9 C++: Add flow through unary instructions and pointer/indirection conflation for parameters. These rules are copy/pasted from DefaultTaintTracking. The conflation rules will hopefully be removed as part of #5089. 2021-03-08 09:42:47 +01:00
Rasmus Lerchedahl Petersen
cc9a938054 InlineExpectationTest: clarify the nedd for an 
empty `.expected` file
 2021-03-08 09:18:47 +01:00
Rasmus Lerchedahl Petersen
4a9023b989 Python: add comment with ref 2021-03-08 08:17:23 +01:00
Rasmus Lerchedahl Petersen
7142ddcb25 Python: add taint step for __traceback__ 2021-03-08 08:13:07 +01:00
Rasmus Lerchedahl Petersen
b36e0d0be7 Python: target SSA variable rather than Cfg node 
also add "INTERNAL: Do not use."
also give test functions different names
 2021-03-08 08:04:42 +01:00
Rasmus Lerchedahl Petersen
296297915c Python: add test for __traceback__ 2021-03-07 17:50:28 +01:00
ihsinme
2b1b94835e Update LateCheckOfFunctionArgument.ql 2021-03-07 16:10:32 +03:00
Rasmus Lerchedahl Petersen
aaaf90902f Python: File for dataflow section 
Initilally a copy of the one from C#
 2021-03-07 14:02:55 +01:00
Rasmus Lerchedahl Petersen
24e406d21a Documentation: Fix typo 
in dataflow documentation for C#
 2021-03-07 09:48:20 +01:00
luchua-bc
0ef3eee4ed Revamp the source and the sink of the query 2021-03-06 22:41:54 +00:00
Artem Smotrakov
891b975899 Use correct file names in SpringExporterUnsafeDeserialization.qhelp 2021-03-06 22:07:43 +01:00
Artem Smotrakov
bda223771b Added another example for SpringExporterUnsafeDeserialization.ql 2021-03-06 22:05:00 +01:00
Artem Smotrakov
82cb4a8d68 Renamed SpringHttpInvokerUnsafeDeserialization.ql 2021-03-06 21:48:35 +01:00
Artem Smotrakov
dcabce679a Cover beans from XML configs in SpringHttpInvokerUnsafeDeserialization.ql 2021-03-06 21:40:35 +01:00
p0wn4j
6841f5f7c4 Java: Add NashornScriptEngine detection in ScriptEngine query 
Java: Add NashornScriptEngine detection in ScriptEngine query

Java: Add NashornScriptEngine detection in ScriptEngine query

Java: Add NashornScriptEngine detection in ScriptEngine query
 2021-03-06 16:19:07 +04:00
Jaroslav Lobačevski
673e64909a github actions queries 2021-03-06 10:27:11 +02:00
luchua-bc
31eaa80f5b Revamp the source 2021-03-06 00:56:15 +00:00
Dave Bartolomeo
863497c695 C++: Update naming of queries and paths to use "summary" instead of "metrics" 2021-03-05 14:36:26 -05:00
Chris Smowton
2752505e84 Merge pull request #495 from owen-mc/fix-evanphxjsonpatch-test 
Model Apply methods correctly
 2021-03-05 18:03:28 +00:00
Shati Patel
c53ce00944 Merge pull request #5342 from shati-patel/docs-delete-unused-script 
Docs: Remove unused script and workflow
lgtm/v1.27.0 codeql-cli/v2.4.6 v1.27.0 		2021-03-05 18:02:50 +00:00
Rasmus Wriedt Larsen
99c1b2039c Pyhton: Extract vulnerable hostnames into own predicate 
Which makes the code a bit cleaner (and made testing out back-tracking easier).
 2021-03-05 17:14:32 +01:00
Rasmus Wriedt Larsen
4804a0a9f8 Python: Minor refactor addressArg 2021-03-05 17:12:45 +01:00
Rasmus Wriedt Larsen
024a586a7d Python: Remove tags for old query copy 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:55 +01:00
Rasmus Wriedt Larsen
66c9cfad85 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:37 +01:00
Rasmus Wriedt Larsen
83539928e6 Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:20 +01:00
Shati Patel
85205a21de Docs: Remove query help script 2021-03-05 16:02:53 +00:00
Owen Mansel-Chan
0a48fef0e7 Model Apply methods correctly 
They were accidentally modeled as functions
 2021-03-05 15:55:44 +00:00
Tom Hvitved
63686b5c4e C#: Use is [not] null throughout in the extractor 2021-03-05 16:28:12 +01:00
Tamás Vajk
23d994a4b4 Merge pull request #5197 from tamasvajk/feature/refactor-4 
C#: Enable nullability in Extraction.CSharp
 2021-03-05 16:24:19 +01:00
Anders Schack-Mulligen
cf4f55d9ab Merge pull request #5223 from smowton/smowton/feature/backward-dataflow-for-modelled-fluent-methods 
Java: Add backward dataflow edges through modelled function invocations
 2021-03-05 15:11:43 +01:00
Tom Hvitved
6e5af1a9f8 Data flow: Sync files 2021-03-05 14:56:40 +01:00
Tom Hvitved
d496503d5d Data flow: Restrict the size of getApNil() 2021-03-05 14:54:54 +01:00
Tom Hvitved
492add1f7a Data flow: Force join-order for Node::getEnclosingCallable() 2021-03-05 14:54:54 +01:00
Chris Smowton
012058a866 Apply review suggestions: use ArgumentNode.argumentOf, and change more uses of ValuePreservingCallable -> ValuePreservingMethod 2021-03-05 13:34:13 +00:00
Chris Smowton
eed357dc93 ValuePreservingCallable -> ValuePreservingMethod 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:28:35 +00:00
Chris Smowton
a37b98ca27 Value-preserving methods: handle generics in DataFlowUtil.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:15:06 +00:00
Chris Smowton
ca86925a45 Update java/ql/src/semmle/code/java/dataflow/FlowSteps.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 13:02:19 +00:00
Chris Smowton
45f3365d06 Apply suggestions from code review 
Note value-preserving functions can't be constructors

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-05 12:52:38 +00:00
Jonas Jensen
32f1da7455 Merge pull request #5327 from MathiasVP/less-field-to-obj-flow 
C++: Remove more field-to-object flow
 2021-03-05 13:16:21 +01:00
Tamas Vajk
c6b47647e1 Move the nullable disable warning region to the Type instead of the base CachedSymbol entity 2021-03-05 13:14:07 +01:00
Chris Smowton
e3cf5c235e Add support for Commons-Lang's RandomUtils 
This is realised by somewhat generalising our interfaces for modelling RNGs. We also add tests for randomness-related queries that didn't have any, and addtest cases checking the Apache random-number generators are interchangeable with the stdlib ones.
 2021-03-05 12:09:33 +00:00
Jonas Jensen
767d3141ad Merge pull request #5336 from MathiasVP/fix-join-order-in-memset-may-be-deleted 
C++: Fix performance in cpp/memset-may-be-deleted.
 2021-03-05 13:08:10 +01:00
Tamas Vajk
df9d54c994 Fix code review findings 2021-03-05 13:00:04 +01:00
Chris Smowton
990bdc20b0 Move value-preserving callable class into FlowSteps 2021-03-05 11:55:53 +00:00
Joe Farebrother
3f3640fcbd Model ByteArrayDataOutput 2021-03-05 11:19:55 +00:00
Joe Farebrother
470a2ca336 Add CopyTo 2021-03-05 11:19:55 +00:00
Joe Farebrother
61dcf3a275 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-03-05 11:19:55 +00:00