hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 22:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,699 Branches 161 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marcono1234
d5d0439471 Java: Fix wrong algorithm name matching 
The regex character class `[5|7]` matches `5`, `7` and `|`.
 2021-03-03 15:44:23 +01:00
Marcono1234
b9c0193022 Sync .qhelp file renaming to other languages 2021-03-03 15:38:08 +01:00
luchua-bc
502cf38fcc Use concise API 2021-03-03 14:07:43 +00:00
Tamas Vajk
ed5d31a385 C#: Upgrade Roslyn dependencies to 3.9 2021-03-03 14:57:56 +01:00
luchua-bc
1b1c3f953b Remove localflow from the source 2021-03-03 13:54:26 +00:00
Tamas Vajk
a5a4329669 C#: Add tests for covariant return types 2021-03-03 14:52:10 +01:00
luchua-bc
b366ffa69e Revamp source of the query 2021-03-03 13:38:18 +00:00
Tamas Vajk
bd2b3e72f8 C#: Use covariant return for context overrides 2021-03-03 14:35:07 +01:00
Tamas Vajk
cfd8a87496 C#: Fix nullability warnings after .net 5 upgrade 2021-03-03 14:25:59 +01:00
Rasmus Wriedt Larsen
c3175ae7b1 Python/JS: Sync CryptoAlgorithms.qll 2021-03-03 14:18:33 +01:00
Tamas Vajk
828e1f81ae Share core analysis logic between standalone and normal analysis 2021-03-03 14:18:19 +01:00
Tamas Vajk
15e26e1a91 C#: Reduce disabled nullability regions by splitting 'Extractor' and 'Analyser' 2021-03-03 14:18:19 +01:00
Tamas Vajk
2697677239 Merge Extractor.Standalone and OutputPath 2021-03-03 14:18:19 +01:00
Tamas Vajk
10ab17a7e0 C#: Enable nullability in csharp extraction project v1 2021-03-03 14:18:19 +01:00
Rasmus Wriedt Larsen
dd75ea31df Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-03 14:17:22 +01:00
Anders Schack-Mulligen
3400c121d6 Merge pull request #5202 from joefarebrother/apache-http 
Java: Add modelling for Apache HTTP Components
 2021-03-03 13:41:41 +01:00
Anders Schack-Mulligen
220383b9fb Merge pull request #5313 from joefarebrother/guava-change-note 
Java: Add change note for Guava
 2021-03-03 13:03:54 +01:00
Anders Schack-Mulligen
663c72ab1d Update java/change-notes/2021-03-23-guava-collections-and-preconditions.md 2021-03-03 12:53:16 +01:00
Tamás Vajk
73ad417757 Merge pull request #5132 from tamasvajk/feature/dotnet502 
C#: Upgrade projects to .net 5
 2021-03-03 12:47:08 +01:00
CodeQL CI
8e2af077a7 Merge pull request #5237 from erik-krogh/moreInf 
Approved by asgerf
 2021-03-03 03:09:07 -08:00
Joe Farebrother
a77cf12596 Add change note for Guava 2021-03-03 10:56:12 +00:00
Artem Smotrakov
7cc7ec962e Updated recommendations for avoiding JEXL injections 2021-03-03 11:40:59 +01:00
Erik Krogh Kristensen
b9450c901a remove development comment 2021-03-03 11:18:09 +01:00
Mathias Vorreiter Pedersen
721ba5e2c5 Merge pull request #4825 from rdmarsh2/rdmarsh2/cpp/operand-reuse 
C++: share `TOperand` across IR stages
 2021-03-03 08:55:44 +01:00
Aditya Sharad
348f8c16d1 Actions: Add workflow to request docs review 
When a PR is labelled with 'ready-for-docs-review',
this workflow comments on the PR to notify the GitHub CodeQL docs team.
Runs on `pull_request_target` events so it can write comments to the PR.
Since this runs in the context of the base repo, it must not check out the PR
or use untrusted data from the event payload.
 2021-03-02 18:05:02 -08:00
yoff
078fbccc9a Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-02 22:32:45 +01:00
yoff
4196dc2291 Update python/change-notes/2021-02-25-port-stactrace-exposure-query.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-02 22:23:29 +01:00
Robert Marsh
312ead44c5 Merge pull request #5309 from github/aeisenberg/from-source-docs 
Documentation: Update C/C++ Element::fromSource() docs
 2021-03-02 12:51:41 -08:00
Artem Smotrakov
617ba65ef5 Improved docs for SpringHttpInvokerUnsafeDeserialization.ql 2021-03-02 21:36:14 +01:00
Artem Smotrakov
c243f2f042 Improved JexlInjection.qhelp 2021-03-02 21:25:26 +01:00
Artem Smotrakov
6b66323ac3 Simplified JexlInjectionLib.qll and removed LocalUserInput 2021-03-02 21:22:46 +01:00
Robert Marsh
dbd8432884 C++: autoformat 2021-03-02 12:11:12 -08:00
Andrew Eisenberg
9982112b61 Documentation: Update C/C++ Element::fromSource() docs 
The previous documentation was not correct. This
documentation is adapted from File::fromSource().
 2021-03-02 08:57:17 -08:00
Aditya Sharad
648910e974 Merge pull request #5285 from adityasharad/actions/docs-review 
Actions: Add workflow to request docs review
 2021-03-02 08:52:32 -08:00
Joe Farebrother
81ff76814f Remove incorrect expectaton 2021-03-02 16:35:34 +00:00
Francis Alexander
173c4b7f2f More Play stubs improvements 2021-03-02 20:39:25 +05:30
Mathias Vorreiter Pedersen
eb4f1e1ba0 C++: Restore some of the lost test results by doing operand -> instruction taint steps in IR TaintTracking. 2021-03-02 15:45:40 +01:00
Erik Krogh Kristensen
95a1edcabc refactor FunctionStyleClass to get a better join-order 2021-03-02 15:22:38 +01:00
Anders Schack-Mulligen
0eb2c06e20 Merge pull request #3945 from porcupineyhairs/structsDevMode 
Java: Add query to detect Apache Struts enabled Devmode
 2021-03-02 15:22:20 +01:00
Erik Krogh Kristensen
4d33407f6c optimize getACalleeValue 2021-03-02 15:21:36 +01:00
Tamas Vajk
714e1dc686 Add change note 2021-03-02 15:08:07 +01:00
Asger F
919ee38049 Update javascript/ql/src/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-02 14:02:35 +00:00
Asger F
6c884f86d2 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-02 14:01:59 +00:00
Asger Feldthaus
6e0322dc60 JS: Add DeepResourceExhaustion test 2021-03-02 13:56:43 +00:00
Asger Feldthaus
88e5348da9 JS: Move RemotePropertyInjection test into subfolder 2021-03-02 13:56:39 +00:00
Asger Feldthaus
5d27cd934d JS: Move Source def into customizations lib 2021-03-02 13:52:33 +00:00
Asger Feldthaus
d916118ea4 JS: Move ExceptionXss source into Xss.qll 2021-03-02 13:16:10 +00:00
Erik Krogh Kristensen
47f4faa4e2 use local dataflow instead of type-inference for mayHaveBooleanValue 2021-03-02 14:06:38 +01:00
Erik Krogh Kristensen
ae56285331 use callgraph instead of type-inference for array taint-steps 2021-03-02 14:06:09 +01:00
Erik Krogh Kristensen
b20ce8bfca use callgraph instead of TypeInference in Testing.qll 2021-03-02 14:04:23 +01:00