hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-14 19:46:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,708 Branches 162 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
luchua-bc
19ff00bad4 Enhance the additional step flow and update qldoc 2021-01-07 13:15:30 +00:00
Erik Krogh Kristensen
7eab08511b add source code examples to blocksCharInAccess 2021-01-07 13:58:26 +01:00
Erik Krogh Kristensen
8b03ab0c01 update docstring for getAShellChar 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-07 13:58:26 +01:00
Erik Krogh Kristensen
2aa59a3f8b support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input 2021-01-07 13:58:25 +01:00
Mathias Vorreiter Pedersen
13a67c906e Merge pull request #4810 from geoffw0/multtoalloc 
C++: Query for multiplications used in allocations.
 2021-01-07 13:48:58 +01:00
luchua-bc
b54e5b1c49 Revamp the library module 2021-01-07 12:44:59 +00:00
ihsinme
2d6dafc6be Update MemoryLeakOnFailedCallToRealloc.ql 2021-01-07 15:44:50 +03:00
ihsinme
f378c14659 Update MemoryLeakOnFailedCallToRealloc.expected 2021-01-07 15:43:58 +03:00
ihsinme
592cd284e8 Update test.c 2021-01-07 15:41:31 +03:00
CodeQL CI
7db5a999e9 Merge pull request #4919 from erik-krogh/revertSum 
Approved by esbena
 2021-01-07 03:55:14 -08:00
Chris Smowton
83cee4a334 Add 'git' as a possible command-interpreter, unless arguments are sanitized using "--" 
This is because some git flags can specify arbitrary commands to execute, but its positional arguments cannot, and "--" like in many commands instructs git to consume no further flags.
 2021-01-07 11:54:41 +00:00
Tamás Vajk
6cbff13778 Merge pull request #4905 from tamasvajk/fix/attribute-argument-extraction 
C#: Fix attribute argument extraction
 2021-01-07 12:28:43 +01:00
Nick Rolfe
83a28786a0 Use 4 threads for extraction and TRAP import in stats job 2021-01-07 11:17:07 +00:00
Nick Rolfe
1d3f06aca1 Simplify propagation of errors 2021-01-07 11:11:15 +00:00
Nick Rolfe
92c78e2b2d Simplify num_codeql_threads function slightly 2021-01-07 11:10:43 +00:00
Erik Krogh Kristensen
7e21081b70 add comment about regexp detected by js/polynomial-redos 2021-01-07 12:06:12 +01:00
Alexander Eyers-Taylor
4100973d17 Merge pull request #4914 from alexet/fix-spec-bugs 
QL Language specification. Fix multiple spec bugs.
 2021-01-07 10:56:53 +00:00
Nick Rolfe
bb2bdc01b5 Have the extract function create the TS parser object 2021-01-07 10:56:23 +00:00
Mathias Vorreiter Pedersen
7b003678a9 Merge branch 'main' into mathiasvp/reverse-read-take-3 2021-01-07 11:56:18 +01:00
Tamas Vajk
e00db46d60 Minor code quality improvements 2021-01-07 09:19:13 +01:00
Tom Hvitved
2c09f9a8f2 Merge pull request #4903 from hvitved/csharp/ssa-fast-tc 
C#: Port SSA performance improvements from Java
 2021-01-07 09:17:21 +01:00
Erik Krogh Kristensen
bfd8d1b1e9 Merge branch 'main' into revertSum 2021-01-06 23:04:08 +01:00
ihsinme
abdeaabd77 Update MemoryLeakOnFailedCallToRealloc.ql 2021-01-06 22:46:03 +03:00
ihsinme
2b8227e04d Update cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-01-06 22:23:46 +03:00
ihsinme
f7eb328f76 Update cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-01-06 22:18:14 +03:00
ihsinme
d7f31ca1a0 Update cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-01-06 22:17:26 +03:00
CodeQL CI
9d4cd0aa85 Merge pull request #4862 from erik-krogh/shellSanitizer 
Approved by esbena
 2021-01-06 11:16:12 -08:00
Geoffrey White
b5bcbd303e C++: Cleaner solution. 2021-01-06 18:22:31 +00:00
Nick Rolfe
bf4eac5113 Parallelize extraction 
Use the Rayon library to do parallel iteration over the file list. The
number of threads used respects the CODEQL_THREADS environment variable.
 2021-01-06 18:22:27 +00:00
Geoffrey White
f69ceb3dbb Merge pull request #4904 from MathiasVP/conflated-dataflow-testcases 
C++: Add dataflow testcases that need flow through conflated memory
 2021-01-06 17:48:18 +00:00
Francis Alexander
435502e070 missing new lines 2021-01-06 23:05:09 +05:30
luchua-bc
ce2db21f15 Query to detect hash without salt 2021-01-06 17:30:04 +00:00
Francis Alexander
1f5a466e46 Playframework test cases & review fixes 2021-01-06 22:57:14 +05:30
luchua-bc
f13b8814f5 Update class/method names in the module 2021-01-06 16:49:35 +00:00
luchua-bc
5690bf49f4 Optimize the query 2021-01-06 16:21:26 +00:00
Alexander Eyers-Taylor
2686335531 Merge pull request #1 from shati-patel/fix-spec-bugs-edits 
Editorial review for QL language updates
 2021-01-06 14:48:26 +00:00
Erik Krogh Kristensen
f1cee70e82 add class-field flowstep to js/shell-command-constructed-from-input 2021-01-06 14:37:00 +01:00
Tamas Vajk
04074c425b C#: Fix named attribute argument extraction 2021-01-06 14:27:36 +01:00
Tamas Vajk
44372f4db7 C#: Fix attribute argument extraction when default argument value is present 2021-01-06 14:27:36 +01:00
Tamas Vajk
6d95ad3282 C#: Add file instead of generated location for extraction errors when possible 2021-01-06 14:27:31 +01:00
luchua-bc
3d26e5b8a4 Update qldoc 2021-01-06 12:41:00 +00:00
Shati Patel
bc6b1e8ed7 Fix typos and small formatting bugs 2021-01-06 12:11:16 +00:00
Geoffrey White
81205f37c5 C++: Fix test annotation. 2021-01-06 11:45:17 +00:00
Tom Hvitved
74622cf6f3 C#: Fix join-order following stats update 2021-01-06 12:16:19 +01:00
Shati Patel
203d74f255 Remove links to QLDoc spec 2021-01-06 11:04:58 +00:00
Shati Patel
b230868893 Merge pull request #4874 from shati-patel/docs-highlighting 
Docs: Tweak syntax highlighting
 2021-01-06 10:51:01 +00:00
Jonas Jensen
2483b09e44 Merge pull request #4913 from MathiasVP/pre-hook-autoformat-check 
Add pre-commit hook to scripts folder and document it
 2021-01-06 11:26:39 +01:00
Erik Krogh Kristensen
28cffa1e07 add comment in isFork about /(a*)*/ regular expressions 2021-01-06 10:44:13 +01:00
Erik Krogh Kristensen
c58f67b189 reintroduce performance improvement - but sound this time 2021-01-06 10:44:13 +01:00
Erik Krogh Kristensen
4392f0270c autoformat 2021-01-06 10:37:36 +01:00