codeql

mirror of https://github.com/github/codeql.git synced 2026-03-26 09:18:16 +01:00

Author	SHA1	Message	Date
Artem Smotrakov	32ff5ad496	Java: Added CompiledExpression sink for MVEL injections	2020-06-05 17:13:24 +03:00
Artem Smotrakov	c6c4c2c99b	Java: Add a query for MVEL injections - Added experimental/Security/CWE/CWE-094/MvelInjection.ql - Added experimental/Security/CWE/CWE-094/MvelInjectionLib.qll - Added a qhelp file with an example of vulnerable code - Added tests and stubs for mvel2-2.4.7	2020-06-05 17:13:24 +03:00
yoff	e5480e471a	Merge pull request #3591 from RasmusWL/python-taintkind-fixup Python: Fix some problems in TaintKind useage	2020-06-05 16:03:18 +02:00
Anders Schack-Mulligen	e4e51b5027	Merge pull request #3291 from artem-smotrakov/spel-injection Java: Add a query for SpEL injections	2020-06-05 15:51:38 +02:00
Mathias Vorreiter Pedersen	7642680ab9	C++: Also remove TInitializeThisValueNumber from the AST wrapper	2020-06-05 15:26:09 +02:00
Mathias Vorreiter Pedersen	1a33a3b7e1	Merge branch 'master' into remove-initialize-this-from-value-numbering	2020-06-05 15:03:54 +02:00
Mathias Vorreiter Pedersen	d49c0f7b67	C++: Sync identical files	2020-06-05 15:01:18 +02:00
Mathias Vorreiter Pedersen	15fa7be09a	C++: Remove TInitializeThisValueNumber case from IR value numbering	2020-06-05 15:01:11 +02:00
semmle-qlci	ff6936caa7	Merge pull request #3625 from erik-krogh/CVE714 Approved by asgerf	2020-06-05 12:21:10 +01:00
semmle-qlci	69a1e11c06	Merge pull request #3609 from erik-krogh/CredFN Approved by asgerf, esbena	2020-06-05 10:49:01 +01:00
Erik Krogh Kristensen	82cf53897f	TypeOfCheck -> TypeOfUndefinedSanitizer Co-authored-by: Asger F <asgerf@github.com>	2020-06-05 11:35:39 +02:00
Erik Krogh Kristensen	f70453c544	autoformat	2020-06-05 10:10:57 +02:00
Erik Krogh Kristensen	05d7be8e23	autoformat	2020-06-05 09:59:45 +02:00
Erik Krogh Kristensen	96ca4cf7eb	add missing quote	2020-06-04 19:45:24 +00:00
Erik Krogh Kristensen	815671f5d0	add sanitizer guard for typeof undefined	2020-06-04 21:32:26 +02:00
Henning Makholm	269fa3a140	comments from alexet Put 'the query directory of the current file` back in the description.	2020-06-04 20:41:54 +02:00
Jonas Jensen	ad2d1d531b	Merge pull request #3616 from dbartol/dbartol/sync-missing Allow missing files in `sync-files --latest`	2020-06-04 16:52:44 +02:00
Rasmus Wriedt Larsen	1ff369f62d	Python: Update test results for fabric.api.execute	2020-06-04 16:30:03 +02:00
Erik Krogh Kristensen	58f4f7129e	change-note	2020-06-04 16:25:26 +02:00
Erik Krogh Kristensen	5ce2987cb2	adjust comments to reflect that tainted-path have no array-steps	2020-06-04 16:15:37 +02:00
Erik Krogh Kristensen	ed4e1bbbdf	don't have a MembershipTestBarrierGuard in Configuration.qll	2020-06-04 16:13:49 +02:00
Erik Krogh Kristensen	b7a3c4a3d6	autoformat	2020-06-04 16:07:28 +02:00
semmle-qlci	22a651cb5c	Merge pull request #3621 from max-schaefer/js/qltest-experimental Approved by asgerf, erik-krogh	2020-06-04 14:19:17 +01:00
Dave Bartolomeo	0666a2e587	Remove usage of f-string	2020-06-04 08:48:14 -04:00
Esben Sparre Andreasen	f618d430e7	JS: simplify HTTP::ContainerCollection, and improve expressivity(!)	2020-06-04 14:34:52 +02:00
Esben Sparre Andreasen	44ebf84f4c	JS: more express tests	2020-06-04 14:33:03 +02:00
Dave Bartolomeo	e2afad91dd	Merge pull request #3620 from MathiasVP/fix-missing-case-in-getkind C++: Fix missing case in ValueNumber::getKind	2020-06-04 07:27:30 -04:00
Max Schaefer	9549b01e3c	JavaScript: Turn on experimental language features for two tests. All other tests already pass with experimental features turned on, so once this is merged we can do so by default.	2020-06-04 11:27:31 +01:00
Mathias Vorreiter Pedersen	7328429ef1	C++: Sync identical files	2020-06-04 11:31:32 +02:00
Mathias Vorreiter Pedersen	36cfe3624b	C++: Add TConstantValueNumber case to ValueNumber::getKind	2020-06-04 11:31:02 +02:00
Erik Krogh Kristensen	e47770281a	update change-note Co-authored-by: Asger F <asgerf@github.com>	2020-06-04 11:14:25 +02:00
semmle-qlci	c806e229aa	Merge pull request #3618 from aschackmull/java/typeflow-test Approved by aibaars	2020-06-04 10:09:44 +01:00
Mathias Vorreiter Pedersen	4b16067af2	C++: Fix testcases after merge from master	2020-06-04 11:02:03 +02:00
Erik Krogh Kristensen	60320a9d78	update TaintedPath to use new consistency checking	2020-06-04 11:00:40 +02:00
Erik Krogh Kristensen	68ca8e23c0	introduce consistency-checking utility predicates	2020-06-04 11:00:01 +02:00
Erik Krogh Kristensen	c7c46ea3d6	update test comments to be consistent	2020-06-04 10:55:09 +02:00
Max Schaefer	524b11b81a	Merge pull request #163 from robertbrignull/more-suites Add more code-scanning suites	2020-06-04 09:53:14 +01:00
Mathias Vorreiter Pedersen	2cf9bcef86	Merge branch 'master' into flat-structs	2020-06-04 10:52:25 +02:00
Erik Krogh Kristensen	550c578c3c	use MemberShipTest in TaintedPath	2020-06-04 10:51:08 +02:00
Erik Krogh Kristensen	d513e6c5b5	update comments in TaintedPath tests	2020-06-04 10:40:14 +02:00
Anders Schack-Mulligen	64225c31a6	Java: Add test case.	2020-06-04 10:31:08 +02:00
semmle-qlci	70131e6ac8	Merge pull request #3598 from asger-semmle/js/regexp-test Approved by esbena	2020-06-04 09:05:21 +01:00
Mathias Vorreiter Pedersen	b48fe6ac32	Merge pull request #3123 from jbj/dataflow-indirect-args C++: Wire up param/arg indirections in data flow	2020-06-04 09:38:57 +02:00
Dave Bartolomeo	cb2370cc7d	C++/C#: Fix formatting	2020-06-04 02:36:51 -04:00
Jonas Jensen	df96f8e4e8	Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args	2020-06-04 08:20:00 +02:00
Dave Bartolomeo	a409b9d451	Merge remote-tracking branch 'github/master' into github/codeql-c-analysis-team/69_union	2020-06-03 16:10:22 -04:00
Dave Bartolomeo	15f41c0107	C++/C#: Remove dead QL code	2020-06-03 15:42:30 -04:00
yo-h	5cdc29e49a	Merge pull request #3607 from aschackmull/java/array-instanceof-typeflow Java: Add instanceof type bounds for ArrayAccess.	2020-06-03 15:29:37 -04:00
Dave Bartolomeo	a18eba2c4c	Allow missing files in `sync-files --latest` When running `sync-files` (or `sync-identical-files`) with the `--latest` switch, if one or more of the files in a group does not exist, the script will crash. This happens all the time when I add a new group, or add a new file path in an existing group. This has bothered me for a long time, so I finally fixed it when I ran into it again today. I've changed the script as follows: - If _none_ of the paths in the group exist, print an error message listing the paths in the group. This happens with or without `--latest`. - If `--latest` is specified, copy the master file to the paths of the missing files.	2020-06-03 14:53:31 -04:00
Tom Hvitved	9e7ca25732	C#: Add call-sensitivity to data-flow call resolution	2020-06-03 20:43:49 +02:00

... 695 696 697 698 699 ...

48840 Commits