hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,714 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Slavomir
282f7af6d9 Improve comments, naming, docs 2020-07-16 12:52:41 +03:00
Slavomir
8cc8b8ef47 Add CWE-352: CSRF because of constant oauth2 state value 2020-07-16 12:38:08 +03:00
Geoffrey White
2e5af67626 Merge pull request #3952 from MathiasVP/output-parameter-index-for-UserDefinedFormattingFunction 
C++: Add getOutputParameterIndex override to UserDefinedFormattingFunction class.
 2020-07-15 18:11:09 +01:00
Nick Rolfe
c7b668193b Merge pull request #3929 from igfoo/static_assert 
C++: Give static assertions an enclosing element
 2020-07-15 18:03:26 +01:00
Slavomir
437f4b7eab Fix go autoformat 2020-07-15 19:12:33 +03:00
Slavomir
9cd86f9be8 Generated Go files: add what they were generated with 2020-07-15 19:05:12 +03:00
Slavomir
f7a03c0862 Update main.go 2020-07-15 19:05:12 +03:00
Slavomir
19348d2773 Simplify tests 2020-07-15 19:05:12 +03:00
Slavomir
1591ed3440 Implement code review feedback 2020-07-15 19:05:12 +03:00
Slavomir
5b63228690 Add StdlibTaintFlow.expected 2020-07-15 19:05:12 +03:00
Slavomir
19287fb5ff Add taint-tracking for archive/tar and archive/zip 2020-07-15 19:05:12 +03:00
Mathias Vorreiter Pedersen
289a908eb8 C++: Update qldoc in reponse to PR comments 2020-07-15 16:24:47 +02:00
Mathias Vorreiter Pedersen
c4b97a3a62 C++: Accept more test changes 2020-07-15 16:19:51 +02:00
Geoffrey White
c4940aaa86 Merge branch 'master' into copymove 2020-07-15 15:01:01 +01:00
Rasmus Wriedt Larsen
abcc76baec Python: CG trace: use lxml to pretty-print xml 2020-07-15 14:48:58 +02:00
Mathias Vorreiter Pedersen
edc33b6516 C++: Add getOutputParameterIndex override to UserDefinedFormattingFunction and accept test changes 2020-07-15 14:46:08 +02:00
Mathias Vorreiter Pedersen
d711c22cd2 C++: Add testcase demonstrating lost query results 2020-07-15 14:42:45 +02:00
Rasmus Wriedt Larsen
7ac4ea9bf1 Python: CG trace: use standardized etree import 
makes it easy to switch out XML library.
 2020-07-15 14:41:39 +02:00
Rasmus Wriedt Larsen
ba4207fc90 Python: CG trace: sort output before writing/printing 
Allows comparing output of one run with another
 2020-07-15 14:37:41 +02:00
Rasmus Wriedt Larsen
e6873956ca Python: CG trace: add canonic_filename helper 2020-07-15 14:25:42 +02:00
Raul Garcia (MSFT)
3e0481b889 Queries to help on the detection based on misuse of DataSet and DataTable serialization that could lead to security problems. 
https://go.microsoft.com/fwlink/?linkid=2132227
 2020-07-14 17:54:54 -07:00
Robert Marsh
7dd2677746 Merge pull request #3950 from MathiasVP/simple-range-analysis-unsigned-multiplication-tests 
C++: Add test cases for range analysis for unsigned multiplication
 2020-07-14 14:18:06 -07:00
Raul Garcia (MSFT)
896cdf9b12 Merge branch 'master' of https://github.com/github/codeql 2020-07-14 11:16:51 -07:00
Mathias Vorreiter Pedersen
174b30461a C++: Fix syntax error in testfile 2020-07-14 19:47:21 +02:00
Calum Grant
dcff87fb2e Merge pull request #3366 from hvitved/csharp/dataflow/arrays 
C#: Precise data-flow for collections
 2020-07-14 17:12:29 +01:00
Mathias Vorreiter Pedersen
834ad92453 C++: Add test cases for unsigned multiplication and fix missing return value in existing tests 2020-07-14 16:57:47 +02:00
Geoffrey White
37158f46ed C++: Remove deprecated class from test. 2020-07-14 15:36:48 +01:00
semmle-qlci
0bee0687cb Merge pull request #3911 from RasmusWL/python-call-graph-tracing 
Approved by tausbn
 2020-07-14 15:33:45 +01:00
Geoffrey White
3f6d8490e0 C++: Autoformat. 2020-07-14 15:09:12 +01:00
Ian Lynagh
616bad7b5c C++: Add an upgrade script 2020-07-14 13:53:46 +01:00
Ian Lynagh
c254de464a C++: Update stats following static_asserts change 2020-07-14 13:53:01 +01:00
Rasmus Wriedt Larsen
f1601d643a Python: autoformat 2020-07-14 14:12:56 +02:00
Rasmus Wriedt Larsen
1d9c3b3bcd Python: call-graph tracing: callable => callee 
to use consistent naming
 2020-07-14 14:12:02 +02:00
semmle-qlci
f8c03dcae6 Merge pull request #3924 from RasmusWL/python-metrics-queries-for-dist-compare 
Approved by tausbn
 2020-07-14 13:03:02 +01:00
Rasmus Wriedt Larsen
ee42d0839e Python: Rename target => callee 
To use a standardised naming :)
 2020-07-14 11:26:05 +02:00
Rasmus Wriedt Larsen
d913d33289 Python: Autoformat 2020-07-14 11:21:55 +02:00
Taus
ee13e87f3b Merge pull request #3947 from RasmusWL/python-fix-tests 
Python: Make experimental/library-tests/CallGraph pass for Python 2
 2020-07-13 22:10:34 +02:00
Arthur Baars
67b6018079 Merge pull request #3729 from luchua-bc/java-hardcoded-aws-credentials 
Java: Hardcoded AWS credentials
 2020-07-13 18:04:42 +02:00
Chris Smowton
830f83f21a Merge pull request #257 from smowton/smowton/fix/go-mod-comment-group-indices 
Extractor: assign unique indices to comment-groups in go.mod files
 2020-07-13 15:40:14 +01:00
Rasmus Wriedt Larsen
dc7d92ba2f Python: Autoformat experimental/library-tests/CallGraph/ 2020-07-13 16:20:02 +02:00
Geoffrey White
646efe2a20 C++: Deprecate ConversionConstructor. 2020-07-13 15:04:39 +01:00
Arthur Baars
c585b2e483 Java: stack trace exposure: address false positives 2020-07-13 15:26:55 +02:00
Geoffrey White
61178c5330 Merge branch 'master' into copymove 2020-07-13 14:11:12 +01:00
Rasmus Wriedt Larsen
83bd14b687 Python: Make experimental/library-tests/CallGraph pass for Python 2 
The import doesn't actually work the intended way, so running
```
$ python python/ql/test/experimental/library-tests/CallGraph/test.py
```

will procude no output. but our extractor will extract the things we need, so
for a quick fix this will need to suffice.
 2020-07-13 14:52:28 +02:00
luchua-bc
12803f1f53 Merge Hardcoded AWS Credentials check into the mail source folder 2020-07-13 12:22:34 +00:00
Chris Smowton
3ab948f81c Extractor: assign unique indices to comment-groups in go.mod files 
The schema requires that (parent, index) is a key.
 2020-07-13 11:28:28 +01:00
Arthur Baars
b1e604b490 Java: treat Stack.push as data flow instead of taint flow 2020-07-13 11:36:34 +02:00
Arthur Baars
a484aff76d Java: improve comments 2020-07-13 11:09:05 +02:00
Geoffrey White
6519629472 Merge pull request #3942 from MathiasVP/remove-abstract-preprocessor 
C++: Remove abstract classes from Preprocessor.qll
 2020-07-13 10:00:50 +01:00
Rasmus Wriedt Larsen
3127bb27d0 Python: Remove strange empty line 2020-07-13 10:55:43 +02:00