hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 01:38:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,721 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Marsh
396ccda81f Merge pull request #3422 from Cornelius-Riemenschneider/inbounds-ptr 
C++: Add InBoundsPointerDeref.qll to experimental
 2020-05-13 16:55:42 -07:00
Mathias Vorreiter Pedersen
8f3ba75534 C++: Remove abstract keyword from Access and Cast and create .dbscheme unions 2020-05-13 23:15:11 +02:00
Dave Bartolomeo
ea2081ca40 Merge pull request #3459 from dbartol/github/codeql-c-analysis-team/69 
C++/C#: Remove `UnmodeledUse` instruction
 2020-05-13 13:13:40 -04:00
Sauyon Lee
97b3ec5cfc Update dependency stubs 2020-05-13 10:07:14 -07:00
Rasmus Lerchedahl Petersen
f9f52b0105 Python: test for unicode in raw strings 2020-05-13 18:47:36 +02:00
Sauyon Lee
ac55287210 Merge pull request #138 from max-schaefer/fix-tests 
Fix frontend errors in two tests and a code example
 2020-05-13 08:50:35 -07:00
Asger Feldthaus
2ef7719b06 JS: PathExprInModule deprecation notice 2020-05-13 16:35:24 +01:00
Asger Feldthaus
3846f534a8 JS: Factor out overridden part of PathExpr.getSearchRoot 2020-05-13 16:34:43 +01:00
Asger Feldthaus
5f510878f3 JS: Remove PathExprBase and PathExprInModule 2020-05-13 16:34:28 +01:00
Sauyon Lee
b8b9ff13f3 Merge pull request #139 from max-schaefer/cleanup-131 
Cleanup of `io` model
 2020-05-13 08:29:45 -07:00
Max Schaefer
d5fcf28e03 Add change note. 
While we didn't see any new results in the evaluation, this is a fairly substantial amount of changes, so adding a change note is probably justified.
 2020-05-13 15:55:52 +01:00
Max Schaefer
e852caea07 Cleanup of Io module. 
- Undid rename from `Io` to `IO`
  - Ensured function signatures in comments have leading `func`
  - Removed superfluous `extends Function` clauses
  - Renamed a few classes to be more consistent.
 2020-05-13 15:55:52 +01:00
Max Schaefer
41b5fc17ab Inline two single-use predicates. 
This fixes a TODO.
 2020-05-13 15:40:36 +01:00
Max Schaefer
6e58524b78 Fix a typo. 2020-05-13 15:40:31 +01:00
Max Schaefer
ec2314310e Fix code example in query. 2020-05-13 15:38:48 +01:00
Max Schaefer
ac9e39120b Fix unused variable in test. 2020-05-13 15:28:49 +01:00
Max Schaefer
e034458574 Fix MongoDB tests. 2020-05-13 15:25:54 +01:00
Asger Feldthaus
2d88385ffb JS: Cache moduleImport 2020-05-13 15:07:13 +01:00
Mathias Vorreiter Pedersen
34314d0cb6 C++: Annotation field flow tests with [IR] and [AST] 2020-05-13 15:16:02 +02:00
Calum Grant
f5daeea618 Merge pull request #3421 from hvitved/csharp/dataflow/change-note 
C#/Java/C++: Add change note for #3110
 2020-05-13 13:53:01 +01:00
semmle-qlci
2a341d973d Merge pull request #3458 from esbena/js/NoSQLCodeInjection 
Approved by erik-krogh
 2020-05-13 13:33:28 +01:00
Bt2018
7b88988981 Convert to path-problem query 2020-05-13 08:09:22 -04:00
Dave Bartolomeo
b0f7e9c6a7 C++: Accept test output 2020-05-13 08:02:17 -04:00
Bt2018
632cb8b666 Simplify CredentialExpr as the AddExpr step is included by TaintTracking::localTaintStep(node1, node2) 2020-05-13 07:55:32 -04:00
Bt2018
d9cc3c6f8d Add a comment for reasoning in why debug and trace are included and other variations are excluded 2020-05-13 07:46:44 -04:00
Sauyon Lee
83a3b6336f Add change note 2020-05-13 04:31:23 -07:00
Sauyon Lee
748dd6801e Handle HTTP response writers that are fields 2020-05-13 04:31:07 -07:00
Sauyon Lee
9e5645fa9d Add similar predicate to SsaWithFields 2020-05-13 03:56:55 -07:00
Esben Sparre Andreasen
c6fa88af28 JS: change notes 2020-05-13 12:56:33 +02:00
Esben Sparre Andreasen
9552352d6a JS: address qhelp feedback 2020-05-13 12:53:59 +02:00
Rasmus Lerchedahl Petersen
d9d86e1f56 Make test pass 2020-05-13 12:16:11 +02:00
Jonas Jensen
1018eaff09 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected
 2020-05-13 12:05:58 +02:00
Sauyon Lee
2089cb4543 Merge pull request #133 from max-schaefer/cleanup-conditional-bypass 
Cleanup conditional-bypass query
 2020-05-13 02:31:13 -07:00
Esben Sparre Andreasen
7305a873b1 JS: formatting 2020-05-13 11:28:48 +02:00
Max Schaefer
005e49fe94 Merge pull request #130 from porcupineyhairs/MongoInjection 
Golang : Add MongoDB injection support
 2020-05-13 09:43:49 +01:00
Sauyon Lee
24e939730a Merge pull request #134 from max-schaefer/fix-test-errors 
Fix frontend errors in tests
 2020-05-13 01:38:30 -07:00
Esben Sparre Andreasen
fedd32fc2b JS: address review comment 2020-05-13 09:57:02 +02:00
Esben Sparre Andreasen
91f43a7dae JS: address review comments 2020-05-13 09:52:01 +02:00
Jonas Jensen
038bea2f52 C++: Add type check to prevent field conflation 2020-05-13 09:25:24 +02:00
Jonas Jensen
250e12a323 C++: Demonstrate new field conflation 2020-05-13 09:24:36 +02:00
Esben Sparre Andreasen
7722d77c86 JS: add the NoSQL $where as a sink for js/code-injection 2020-05-13 08:30:22 +02:00
Esben Sparre Andreasen
20cf04442c JS: model marsdb and minimongo 2020-05-13 08:28:59 +02:00
Anders Schack-Mulligen
f5e491caf0 Merge pull request #3448 from yo-h/java-qldoc-add 
Java: improve QLDoc completeness
 2020-05-13 08:26:02 +02:00
Dave Bartolomeo
5d3f25211d C++/C#: Remove UnmodeledUse instruction 2020-05-13 01:06:40 -04:00
Dave Bartolomeo
7f2c6dd9f9 C++/C#: Remove UnmodeledUseOperand 2020-05-13 01:05:27 -04:00
Bt2018
ffd442a17a Fine tuning criteria 
1. Change the regex pattern from variable contains "url" to variable starts with "url"
2. Add the logging trace method to sink
 2020-05-12 23:24:55 -04:00
Bt2018
491b67e658 Change string concatenation in the source to TaintTracking::Configuration 2020-05-12 22:57:07 -04:00
Bt2018
106c181ab1 Formatting with auto-format 2020-05-12 15:53:29 -04:00
Max Schaefer
89d633ac3f Merge pull request #120 from porcupineyhairs/SensitiveActionBypass 
User-controlled bypass of sensitive action
 2020-05-12 19:48:24 +01:00
Max Schaefer
d438b5ec03 Merge pull request #131 from porcupineyhairs/IO 
Model stdlib's IO package.
 2020-05-12 19:41:40 +01:00