hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,703 Branches 162 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
ef658b292a Fix join order for ListOfConstantsComparisonSanitizerGuard 2021-02-09 19:42:23 +00:00
Arthur Baars
d4ebcbf18f Merge pull request #118 from github/aibaars/dataflow 
More dataflow steps
 2021-02-09 20:36:28 +01:00
Tom Hvitved
1f9b42f9ab Data flow: Sync files 2021-02-09 20:10:23 +01:00
Tom Hvitved
e5970f4c65 Data flow: Take clearsContent() into account in flow exploration 2021-02-09 20:09:24 +01:00
Tom Hvitved
9cfc08319d Use Generated::AstNode in ExprChildMapping 2021-02-09 19:32:41 +01:00
Chris Smowton
1b9abc5310 Merge pull request #470 from sauyon/go116flagadd 
Add -overlay to recognized go build flags
 2021-02-09 18:31:41 +00:00
Arthur Baars
1e64b264ba Fix compilation errors after merge 2021-02-09 18:50:30 +01:00
Arthur Baars
3e0b7c491a Merge remote-tracking branch 'origin/main' into aibaars/dataflow 2021-02-09 18:49:53 +01:00
Sauyon Lee
8c60c614db Add -overlay to recognized go build flags 2021-02-09 17:09:48 +00:00
Owen Mansel-Chan
abf59ec98f Merge pull request #469 from github/owen-mc-code-owners-file 
Create CODEOWNERS
 2021-02-09 17:04:29 +00:00
Owen Mansel-Chan
5cab5b2912 Create CODEOWNERS 
This is so that `@codeql-go` is automatically suggested as a reviewer for PRs
 2021-02-09 17:02:29 +00:00
Tom Hvitved
248f5cd648 Merge pull request #119 from github/hvitved/ast-range 
Rangify `AstNode`
 2021-02-09 16:47:50 +01:00
Tom Hvitved
85c13a1190 Make entries in RemoveWhenFullCoverage explicit 2021-02-09 16:34:25 +01:00
Geoffrey White
d475e55ec0 Update cpp/ql/test/README.md 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-02-09 15:20:03 +00:00
Geoffrey White
cc031118dd Update CONTRIBUTING.md 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-02-09 15:19:30 +00:00
yo-h
e5331a4735 Java: accept changes in expected output 2021-02-09 09:17:35 -05:00
yo-h
e194411cfa Java: fix javac errors in test code 2021-02-09 09:16:57 -05:00
luchua-bc
cb01613aa6 Exclude FP token patterns 2021-02-09 13:53:23 +00:00
Tamas Vajk
9854b95c30 Fix query performance 2021-02-09 14:45:22 +01:00
Alexander Eyers-Taylor
1c43505d30 Merge pull request #5121 from alexet/fix-js-jdoc 
Javascript Extractor: Update <tt> tages to <code>
 2021-02-09 13:07:19 +00:00
Arthur Baars
daa7bd7fd4 Move ReturningStmt::getValue implementation to internal library 2021-02-09 14:01:08 +01:00
Arthur Baars
e398837bdc Rename Statement to Stmt 2021-02-09 13:55:06 +01:00
Arthur Baars
bb89e134c4 Address comments 2021-02-09 13:54:46 +01:00
CodeQL CI
475d216f8e Merge pull request #5087 from erik-krogh/immutable 
Approved by asgerf
 2021-02-09 12:43:19 +00:00
Rasmus Wriedt Larsen
1d25184b32 Python: Add test for type-tracking through decorators 
In general, if there is _some_ decorator on a function, it might not be safe to
track content out of it (since the decorator could do anything), but in this
case, we can see what the decorator does, so we should be able to handle it (but
we don't right now).

By my understanding of how type-tracking works, if we track content through
`my_decorator`, then we would also track content to the result of
`unrelated_func()`, which I wanted to make sure our tests would catch.

I found out the core of the problem seems to come from our lack of being able to
track to the inner scope, and added an explicit test for that.
 2021-02-09 13:43:10 +01:00
Rasmus Wriedt Larsen
eb7e30d472 Python: Add test of django view handler with decorator 
Which we currently don't handle :(

Also added a bit more explanatory comments
 2021-02-09 13:25:12 +01:00
Geoffrey White
d1910a3f5c Update CONTRIBUTING.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-02-09 12:12:24 +00:00
alexet
8dd5a7e7c7 Javascript Extractor: Update <tt> tages to <code> 2021-02-09 12:10:09 +00:00
Remco Vermeulen
3818971b79 Add redirect sinks 
Both the familiy of `Accepted` and `Created` method set the location
header based on provided input. If this is untrusted input this can
result in an URL redirect attack.
 2021-02-09 13:09:02 +01:00
Chris Smowton
9a919cc6c8 Merge pull request #466 from smowton/smowton/fix/remove-html-template-models 
Remove models for html/template execution
 2021-02-09 11:55:13 +00:00
Tom Hvitved
32daf28b34 Rangify AstNode 2021-02-09 12:17:21 +01:00
Alexander Eyers-Taylor
bed10ad562 Merge pull request #5113 from github/alexet/fix-var-decls-spec 
Update the language specification to allow empty var_decls
 2021-02-09 11:08:23 +00:00
Rasmus Lerchedahl Petersen
e3002aa1bf Python: model for sys.exc_info 
made _easy_ by API graphs :D
 2021-02-09 11:39:44 +01:00
Rasmus Lerchedahl Petersen
0ea2f457a1 Python: type trackers for exceptions 2021-02-09 11:39:44 +01:00
Rasmus Lerchedahl Petersen
232d9b006a Python: Implement traceback module 
Just functions, not the classes for now
 2021-02-09 11:39:44 +01:00
Rasmus Lerchedahl Petersen
6a45f6e7e0 Python: Port StackTraceExposure query 
using empty concept implementation
 2021-02-09 11:12:44 +01:00
Rasmus Lerchedahl Petersen
77ae91c47d Python: Add concept ExceptionSource 2021-02-09 11:12:44 +01:00
CaptainFreak
503b339a1f remove hbs specific checks 2021-02-09 07:35:35 +05:30
Raul Garcia (MSFT)
f114ef1f06 Adding unit tests 2021-02-08 16:57:49 -08:00
Geoffrey White
8bf9fc6111 Consistent capitalisation. 2021-02-08 20:29:46 +00:00
Geoffrey White
07b263bb2f Typo. 2021-02-08 20:27:28 +00:00
Geoffrey White
bd255617d8 Three copies of a link is too much. 2021-02-08 20:25:35 +00:00
Geoffrey White
e1ca762bbc Fix layout. 2021-02-08 20:24:15 +00:00
Geoffrey White
65ea1a4631 Add hints / links about tests and documentation to CONTRIBUTING.md. 2021-02-08 20:04:10 +00:00
Geoffrey White
690b525192 Add a link to the C/C++ CodeQL Tests README.md from the Supported CodeQL queries and libraries doc. 2021-02-08 20:04:10 +00:00
Geoffrey White
74178a5e86 Call out the copied code issue for qhelp files again (more generally) in the Supported CodeQL queries and libraries doc. 2021-02-08 20:04:09 +00:00
Geoffrey White
cb16c64540 Call out the issue of copied code for C/C++ example code in the C/C++ CodeQL Tests README.md (where we talk about it for tests). 2021-02-08 19:58:36 +00:00
Chris Smowton
02d21cfce8 Remove models for html/template execution 
These escape HTML and JavaScript anyhow; because they don't write to their return value they don't quite fit the form of EscapeFunction, so to be expedient I've simply removed their models entirely. Presumably the case where someone HTML-templates something and then uses it for a purpose where HTML sanitisation is insufficient is very rare anyhow.
 2021-02-08 19:55:04 +00:00
Alexander Eyers-Taylor
7583904046 Update the language specification to allow empty var_decls 
This is a degenerate form that is accepted in the compiler even if they don't make much sense. 

Fixes #5060
 2021-02-08 18:54:13 +00:00
Taus Brock-Nannestad
c59b5c98cb Python: Replace use of AttrNode with getMember 2021-02-08 19:14:11 +01:00