hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 06:26:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,715 Branches 162 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
88c740bbbc Merge pull request #353 from gagliardetto/remove-duplicate-models 
Remove duplicate models (the end)
 2020-09-24 13:31:18 +01:00
Anders Schack-Mulligen
d4d4c0f3f9 Merge pull request #4325 from aibaars/hibernate-changenote 
Java: change note for Hiberate ORM improvements
 2020-09-24 12:58:45 +02:00
Slavomir
4f7edb85da Fix package count 2020-09-24 12:41:14 +02:00
Slavomir
1f5da54ac9 Update change-notes/2020-09-23-stdlib.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-09-24 12:40:39 +02:00
Arthur Baars
575c56c426 Merge pull request #354 from github/aibaars/lgtm-go-lines-of-comment 
LGTM: add Metrics/FLinesOfComment.ql to go-lgtm-full.qls
 2020-09-24 12:22:07 +02:00
Arthur Baars
240f3ed7dc LGTM: add Metrics/FLinesOfComment.ql to go-lgtm-full.qls 2020-09-24 11:04:15 +02:00
Max Schaefer
907ae20a16 Merge pull request #350 from smowton/smowton/feature/bad-regex-escape-query 
Add query spotting probably-bad escapes in regular expressions.
 2020-09-24 09:49:16 +01:00
Erik Krogh Kristensen
6163e6cf5f adjust test case for XML entity expansion 2020-09-24 09:53:06 +02:00
Mathias Vorreiter Pedersen
780a07e89c Merge pull request #4332 from jbj/ExtendedRangeAnalysis-stub 
C++: ExtendedRangeAnalysis stub implementation
 2020-09-24 09:01:06 +02:00
Tom Hvitved
7970fef3e4 Merge pull request #4315 from hvitved/merge-rc-1.25 
Merge rc/1.25 into main
 2020-09-24 08:27:01 +02:00
Robert Marsh
89332ca303 C++: autoformat 2020-09-23 15:29:51 -07:00
Robert Marsh
774dcc7c52 C++: New model class for iterator op* and op[] 2020-09-23 15:29:37 -07:00
Jonathan Leitschuh
17603c8091 Update java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-23 13:59:49 -04:00
Geoffrey White
71a605b7d9 C++: Add tests for std::pair. 2020-09-23 18:43:28 +01:00
Slavomir
8e007623ca Improve change note 2020-09-23 18:03:11 +02:00
Slavomir
ef20f75cbe Add change note 2020-09-23 17:52:52 +02:00
Slavomir
8b397c1eff Remove this. from the generated method and interface models 2020-09-23 17:28:44 +02:00
Tamas Vajk
48bf6d55aa C#: Add implicit cast from array to pointer 2020-09-23 17:21:38 +02:00
Slavomir
539127b1d1 Remove models for methods for which there already is a models for the interface they implement. 2020-09-23 17:16:01 +02:00
Mathias Vorreiter Pedersen
f794eaa670 C++: Manual recursion in skipCopyValueInstructions instead of transitive closure 2020-09-23 16:26:40 +02:00
Chris Smowton
59138048bb Add query spotting probably-bad escapes in regular expressions. 
Inspired by js/useless-regexp-character-escape, but much much simpler because the Go source code parser forbids unrecognised escapes and its regex engine refuses to compile \\x where x is not a character class or other special token (e.g. start-of-word).
 2020-09-23 15:07:22 +01:00
Erik Krogh Kristensen
83f0514475 add req.files as a RequestInputAccess in the Express model 2020-09-23 15:50:59 +02:00
Jonas Jensen
b7d0939f4a C++: ExtendedRangeAnalysis stub implementation 
Just to demonstrate how things fit together, I've created
`SubtractSelf.qll` that adds a (hopefully sound) version of the test
extension that was already used in `extensibility.ql`.
 2020-09-23 15:50:07 +02:00
Chris Smowton
a094ddb988 Merge pull request #349 from gagliardetto/stdlib-339-340-342-346-347 
Merge #339 #340 #342 #346 #347
 2020-09-23 14:38:04 +01:00
Arthur Baars
5894263671 Java: improve change note 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-09-23 15:37:55 +02:00
Max Schaefer
dc7b447895 JavaScript: Make alert locations for command injection more precise. 2020-09-23 14:07:36 +01:00
Max Schaefer
439aadf0b6 JavaScript: Do even more type tracking in command injection. 2020-09-23 14:07:36 +01:00
Max Schaefer
ef18b39124 JavaScript: Fix use of type backtracker in IndirectCommandArgument.qll. 2020-09-23 14:07:36 +01:00
Max Schaefer
825fc2228b JavaScript: Add two new command-injection tests. 2020-09-23 14:07:36 +01:00
Rasmus Wriedt Larsen
66815c9d3d Python: Suppress unused variable warnings in DataFlowPrivate 2020-09-23 14:33:10 +02:00
Tamás Vajk
9b14a70eef Merge pull request #4316 from tamasvajk/feature/local-functions 
C#: Change TrapStackBehaviour of local functions
 2020-09-23 14:12:07 +02:00
Tamas Vajk
2868d5bf34 C#: Add pointer cast test cases 2020-09-23 12:20:51 +02:00
Rasmus Wriedt Larsen
6aec2ec673 Python: Fix os.popen modeling 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-09-23 11:18:32 +02:00
Rasmus Wriedt Larsen
624cdd339a Python: Fix grammar 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-09-23 11:18:12 +02:00
Chris Smowton
1a3589ac06 Merge pull request #352 from smowton/smowton/feature/http-newrequest 
Add model for net/http.NewRequest
 2020-09-23 09:56:17 +01:00
Max Schaefer
6130720e00 Merge pull request #348 from max-schaefer/functioninput_entrynode 
Ensure `FunctionInput`s corresponding to results have an entry node
 2020-09-23 09:15:18 +01:00
Chris Smowton
c1fbbfb05a Add model for net/http.NewRequest noting that if the URL is tainted then the response should be considered tainted also. 2020-09-23 08:46:36 +01:00
Tom Hvitved
d652b95b21 Merge pull request #4011 from hvitved/csharp/asp-extraction-pre-finalize 
C#: Move ASP extraction from auto builder to `pre-finalize.{sh,cmd}`
 2020-09-23 09:11:11 +02:00
Tamás Vajk
03e20eed05 Merge pull request #4314 from tamasvajk/feature/switch-case-expr 
C#: Fix switch case expression types
 2020-09-23 08:57:32 +02:00
Rasmus Lerchedahl Petersen
ef4461ce54 Python: Address review comments 2020-09-22 23:48:28 +02:00
Tamás Vajk
5ab5e75b85 Merge pull request #4255 from fatenhealy/IncreaseInsufficientKeySizeValue 
Increase insufficient key size value from 1024 to 2048
 2020-09-22 23:06:12 +02:00
yoff
aece0ff652 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-09-22 22:33:46 +02:00
Jonathan Leitschuh
645d7c8831 Fix documentation in apache/Lang.qll 2020-09-22 15:04:06 -04:00
Erik Krogh Kristensen
ec2b3f0b6c better join-order fix in HTTP 2020-09-22 21:02:26 +02:00
Jonathan Leitschuh
8578bc5cf0 Update java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-22 15:02:00 -04:00
Robert Marsh
e28a45b8e6 Merge branch 'main' into rdmarsh2/cpp/output-iterators-1 
Resolve test output conflicts from IR model improvements
 2020-09-22 11:17:38 -07:00
Jonathan Leitschuh
24fe3d0663 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-09-22 13:11:11 -04:00
Arthur Baars
252f8aa89d Java: add Spring::MultipartRequest as taint source 2020-09-22 19:01:10 +02:00
Arthur Baars
b382711f14 Java: change note for Hiberate ORM improvements 2020-09-22 18:55:07 +02:00
Slavomir
364b6810ce Sort stdlib imports 2020-09-22 18:50:12 +02:00