hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-22 07:26:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,712 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ubuntu
cd1d50b637 Update expected output 2020-08-26 23:50:15 +02:00
Alessio Della Libera
dcf51c75e9 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 23:33:52 +02:00
Porcupiney Hairs
3f6eef8437 Java: add websocket reads as remote flow source. 
Currently, JAX-WS reads are considered as untrusted. However, `java.net.http.WebSocket` reads are not marked as such.

This PR adds support for the same.
 2020-08-27 02:45:59 +05:30
Rasmus Wriedt Larsen
bd21fc5601 Python: Autoformat 2020-08-26 20:37:48 +02:00
Rasmus Wriedt Larsen
c24e3452f5 Python: Add more expected collection taint steps 2020-08-26 20:28:33 +02:00
Rasmus Wriedt Larsen
423139bc22 Python: Add additional taint steps for iterable-unpacking 2020-08-26 20:21:15 +02:00
Esben Sparre Andreasen
d27442e846 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-26 20:18:54 +02:00
Rasmus Wriedt Larsen
afb160fbbb Python: Add additional taint steps for for-iteration 2020-08-26 20:18:31 +02:00
Rasmus Wriedt Larsen
e2a89aa296 Python: Add additional taint steps for copy 
deepcopy was already handled somehow, don't really know how :D
 2020-08-26 19:39:38 +02:00
Rasmus Wriedt Larsen
b974dadca1 Python: Add additional taint steps for containers 2020-08-26 19:39:37 +02:00
Rasmus Wriedt Larsen
b6049765a8 Python: Add a few more collection taint tests 2020-08-26 19:39:36 +02:00
Rasmus Wriedt Larsen
32f9d30136 Python: Add syntactic taint steps for json methods 2020-08-26 19:39:36 +02:00
Rasmus Wriedt Larsen
41e24ae93f Python: Add non-syntactical test for taint of json methods 2020-08-26 19:39:35 +02:00
Rasmus Wriedt Larsen
5f9aa4c3b9 Python: Restructure defaultAdditionalTaintStep tests 
This makes it easier to add a new test-case, and makes it easier to work with
the existing files. It does have a downside on making it a bit more annoying
looking at TestTaint.expected, and possible longer runtime, but I think it's
still worth it.
 2020-08-26 19:39:33 +02:00
Rasmus Wriedt Larsen
a1ada62596 Python: Remodel taint tests for shared lib 
I took the bits from ql/test/library-tests/taint/ that seemed easy to port. I
left out namedtuple for now, but it is part of internal tracking ticket, so
won't be forgotten.
 2020-08-26 19:39:32 +02:00
Mathias Vorreiter Pedersen
1221165792 Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-08-26 19:13:54 +02:00
Dave Bartolomeo
01a61469d3 Merge pull request #4137 from tausbn/python-cpp-make-inline-test-libs-language-agnostic 
CPP: Make inline expectation test library language agnostic.
 2020-08-26 13:00:19 -04:00
Mathias Vorreiter Pedersen
d900a70738 C++: Accept test changes in query tests 2020-08-26 18:10:21 +02:00
Rasmus Lerchedahl Petersen
dcabd37974 Python: Update test expectations 2020-08-26 17:58:35 +02:00
Rasmus Lerchedahl Petersen
bf6211f639 Merge branch 'main' of github.com:github/codeql into SharedDataflow_ParsimoniousFlowNodes 2020-08-26 17:50:17 +02:00
Rasmus Lerchedahl Petersen
6c173047e6 Merge branch 'MagicMethods' of github.com:yoff/codeql into MagicMethods 2020-08-26 17:43:27 +02:00
Rasmus Lerchedahl Petersen
47e35c530d Merge branch 'main' of github.com:github/codeql into MagicMethods 2020-08-26 17:42:44 +02:00
Taus Brock-Nannestad
0f221ccfa2 Merge branch 'main' into python-cpp-make-inline-test-libs-language-agnostic 2020-08-26 17:23:25 +02:00
Mathias Vorreiter Pedersen
dd8984dfc5 C++: Keep ExplicitFieldStoreQualifierNode private 2020-08-26 16:14:58 +02:00
Taus Brock-Nannestad
e193e12b3f Python: Add support for inline test expectations library 2020-08-26 16:10:04 +02:00
Taus
b1946c60dd Merge pull request #4127 from RasmusWL/python-tainttracking-fstring 
Python: Handle f-strings in (current) taint tracking
 2020-08-26 16:06:01 +02:00
Taus Brock-Nannestad
a824d75e4f C++: Add documentation for the LineComment class 2020-08-26 16:02:26 +02:00
Tamas Vajk
18c65e9f73 Fix typo in change notes 2020-08-26 15:57:41 +02:00
Mathias Vorreiter Pedersen
e4807c0181 C++: Accept test changes 2020-08-26 15:51:09 +02:00
Mathias Vorreiter Pedersen
9d9c78c9f6 C++: Use the information provided by the IR alias analysis to detect dataflow read and store steps. 2020-08-26 15:51:03 +02:00
Mathias Vorreiter Pedersen
2a8ee90828 C++: Demonstrate lack of flow when taking the address of a field and loading it afterwards 2020-08-26 15:50:57 +02:00
Esben Sparre Andreasen
89305865d0 JS: make sanitization a "common" technique rather than "important" 2020-08-26 15:41:54 +02:00
Tamas Vajk
3f54e5d310 Add change note 2020-08-26 15:12:11 +02:00
Chris Smowton
b13b54f7d7 Don't try to use -mod=... when go.mod doesn't exist 
Also don't pass a blank argument to `go` when using an old version.
 2020-08-26 13:56:36 +01:00
Jonas Jensen
f60abd8cf9 Merge pull request #4125 from geoffw0/oparray2 
C++: Model operator[]
 2020-08-26 13:44:02 +02:00
Nick Rolfe
00316dca8b Merge pull request #4120 from github/igfoo/global_vars 
C++: Give fewer types to global variables
 2020-08-26 12:29:41 +01:00
Taus Brock-Nannestad
f8ba4c1579 CPP: Make inline expectation test library language agnostic. 
In preparation for adding this to Python, I have split out the
definition of the comment class in a separate file (which will be
specific to each language).
 2020-08-26 13:06:24 +02:00
Chris Smowton
9ad2d6c119 Factor default and custom install paths 
These now follow the same route:

* Run a default or custom build script
* If needed, check if vendor/ is usable
* If it isn't, or if their build failed, install dependencies using go get etc

This commit shouldn't cause any behavioural change.
 2020-08-26 12:02:54 +01:00
Chris Smowton
859b427881 Check if the vendor/ directory is usable, even after a successful build 2020-08-26 11:53:50 +01:00
Tamás Vajk
9ef827641f C#: Add .editorconfig file (#4129) 2020-08-26 12:41:00 +02:00
Sauyon Lee
8f6b25e0ac autobuilder: Use -mod=mod for vendor directories wihtout modules.txt 2020-08-26 11:25:30 +01:00
Sauyon Lee
70d425d317 autobuilder: move vendor check before dependency installation check 
This means dependency installation is still attempted when a vendor
directory is inconsistent.
 2020-08-26 11:25:30 +01:00
Sauyon Lee
852ae9397b autobuilder: Test for vendor inconsistency 2020-08-26 11:25:30 +01:00
Sauyon Lee
28c69743a4 Add workaround for go 1.14 explicit vendoring requirement 
This only applies for module files for which no Go version has
been specified; Go will assume these should be parsed with the
latest Go version, which will cause them to fail if the vendor
directory has been generated with an old version of Go, as
the vendor/modules.txt will not meet the new requirements for
consistency.
 2020-08-26 11:25:30 +01:00
Max Schaefer
34d5e970ff Merge pull request #311 from owen-mc/add-missing-change-notes 
Add missing change notes
 2020-08-26 11:21:00 +01:00
Owen Mansel-Chan
7fd5e7e978 Add change note for https://github.com/github/codeql-go/pull/277 2020-08-26 10:54:18 +01:00
Tamas Vajk
8a4754f8d7 C#: Add missing QlDoc for frameworks 2020-08-26 11:48:02 +02:00
Tamas Vajk
4be15af06a C#: Add missing QlDoc for various predicates 2020-08-26 11:34:20 +02:00
Tamas Vajk
ce68e458e0 C#: Add QlDoc for predicates in Helpers 2020-08-26 11:21:44 +02:00
Tamas Vajk
048428a6fa C#: Add missinq QlDoc for Serialization classes, remove unused DangerousCallable 2020-08-26 11:21:44 +02:00