hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 03:01:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,816 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.4
Commit Graph

50816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
50b9f5bba0 Merge pull request #11892 from erik-krogh/clap 
QL: update clap to 3.0 in QL-for-QL
 2023-01-17 12:33:18 +01:00
Jean Helie
fec7ea6964 ATM: add missing query help files 2023-01-17 12:20:17 +01:00
Jean Helie
b08fa43fdf update tests 2023-01-17 12:20:17 +01:00
Jean Helie
f07984bab2 update test data 2023-01-17 12:20:17 +01:00
Jean Helie
13aaa22df5 add bosted version of ShellCommandInjectionFromEnvironment 2023-01-17 12:20:17 +01:00
Mathias Vorreiter Pedersen
77a9cea737 Merge pull request #11901 from github/redsun82/swift-ql-internal 
Swift: introduce `@ql.internal` pragma for classes
 2023-01-17 10:46:56 +00:00
Rasmus Wriedt Larsen
f8d7a367ad Python: Rewrite test for __add__ special method 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-17 11:45:57 +01:00
Paolo Tranquilli
67bd8cba32 Merge pull request #11900 from github/alexdenisov/swift-ignore-lsregister 
Swift: do not trace lsregister
 2023-01-17 11:26:22 +01:00
Rasmus Wriedt Larsen
ae1d4decc3 Python: ExternalAPIs.qll: Swap order of classes 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-17 11:01:47 +01:00
Rasmus Wriedt Larsen
b6f76d784c Python: Remove accidentally committed files 2023-01-17 10:59:11 +01:00
Rasmus Wriedt Larsen
479f019eb0 Python: Minor rewrite removing unnecessary exists 
Co-authored-by: Taus <tausbn@github.com>
 2023-01-17 10:59:11 +01:00
Rasmus Wriedt Larsen
608b16c98a Python: Minor adjustment in QLDoc 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-17 10:56:53 +01:00
Chris Smowton
29425982a5 Merge pull request #11899 from ataillefer/patch-1 
Fix partial path traversal Java example
 2023-01-17 09:39:36 +00:00
Rasmus Wriedt Larsen
700e40b11b Python: Fix ql4ql 2023-01-17 10:35:20 +01:00
Rasmus Wriedt Larsen
4f3876f184 Python: Accept rewrite for _join( predicates 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-17 10:32:31 +01:00
Rasmus Wriedt Larsen
7c242b1409 Python: Minor QLDoc fix 
Co-authored-by: Taus <tausbn@github.com>
 2023-01-17 10:32:15 +01:00
Paolo Tranquilli
6106edd5e2 Swift: add INTERNAL doc marker to ql.internal classes 2023-01-17 10:30:59 +01:00
Paolo Tranquilli
b22da25e05 Swift: remove ql.internal classes from global import 2023-01-17 10:18:03 +01:00
Paolo Tranquilli
48825442c3 Swift: add ql.internal pragma in schema definitions 2023-01-17 10:10:35 +01:00
Paolo Tranquilli
cdc99b5240 Swift: simplify pragma definition 2023-01-17 10:10:02 +01:00
Geoffrey White
449ebb8a12 Swift: Add tests for RNCryptor library. 2023-01-17 09:03:07 +00:00
Paolo Tranquilli
e3502e2e5f Merge branch 'main' into redsun82/swift-open-redirection 2023-01-17 09:43:00 +01:00
Alex Denisov
63b4e5ef5c Swift: do not trace lsregister 2023-01-17 09:26:31 +01:00
Erik Krogh Kristensen
51bd1ef1e1 Merge pull request #11884 from erik-krogh/qlWin 
QL/Ryby: fix qltest on Windows
 2023-01-16 21:57:01 +01:00
Antoine Taillefer
660e6d7085 Fix partial path traversal Java example 
The Java recommendation example for the "Partial path traversal vulnerability from remote" query doesn't seem right to me. Indeed, the following statement doesn't compile, since `dir.getCanonicalPath()` returns a String:
```
dir.getCanonicalPath().toPath()
```
Maybe the author wanted to state `dir.getCanonicalFile().toPath()`, which would compile, but is useless compared to `dir.getCanonicalPath()`.

Moreover, `parent.getCanonicalFile().toPath()` or `parent.getCanonicalPath()` will **not** be slash-terminated, contrary to what the description says.
From what I can see (and test), the correct fix is to concatenate `File.separator` to the parent canonical path.
 2023-01-16 21:14:29 +01:00
Rasmus Wriedt Larsen
690a09d9b6 Python: new-call-graph: pragma[noinline] => pragma[nomagic] 
As suggested by @tausbn. Obviously, this needs to be performance tested.
 2023-01-16 20:45:44 +01:00
Rasmus Wriedt Larsen
a3b7273844 Python: Fix duplicated meta query id 2023-01-16 20:33:28 +01:00
Rasmus Wriedt Larsen
3fcb8f3f4b Python: Accept suggestions from code-review 2023-01-16 20:33:28 +01:00
erik-krogh
dcc1c3d487 add --working-dir=. to pre-finalize for c# 2023-01-16 18:09:00 +01:00
Ian Lynagh
17de5c120a Kotlin: Make a couple of functions private 2023-01-16 15:29:14 +00:00
Tony Torralba
bd5619147d Merge pull request #11590 from atorralba/atorralba/swift/sensitive-info-logs 
Swift: Add Cleartext Logging query
 2023-01-16 16:22:20 +01:00
erik-krogh
713599963b add --working-dir to Ruby qltest.cmd to fix Windows 2023-01-16 15:37:35 +01:00
erik-krogh
9e153cfb0d change the Ruby-build test such that Windows fails 2023-01-16 15:37:35 +01:00
erik-krogh
587adea809 QL: add --working-dir to qltest.cmd to fix qltest 2023-01-16 15:37:14 +01:00
erik-krogh
2c1ecb507d fix windows 2023-01-16 15:36:57 +01:00
erik-krogh
1de65131fe add compilation cache to QL-for-QL tests 2023-01-16 15:36:57 +01:00
erik-krogh
0685732e3f delete ql/ specific format step now that we have an all-languages format check 2023-01-16 15:36:57 +01:00
erik-krogh
1d62751e15 test QL-for-QL on mac/win 2023-01-16 15:36:55 +01:00
Tony Torralba
0017461e2d Update swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-01-16 15:35:58 +01:00
Tony Torralba
cca6a13fbb Update java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.qhelp 2023-01-16 14:21:03 +01:00
Rasmus Wriedt Larsen
a1513cc1d3 Python: Minor QLDoc fix 2023-01-16 14:07:11 +01:00
Rasmus Wriedt Larsen
dfbb744a7a Python: Add comment on *args argument handling 2023-01-16 14:04:25 +01:00
Rasmus Wriedt Larsen
e5e5d84361 Python: Add change-note 2023-01-16 13:44:24 +01:00
Michael Nebel
8981d4c06b C#: Add change note. 2023-01-16 13:43:26 +01:00
Rasmus Wriedt Larsen
61151d4aa7 Merge branch 'main' into call-graph-code 2023-01-16 13:39:15 +01:00
Michael Nebel
2f602a629f C#: Add upgrade and downgrade scripts. 2023-01-16 13:27:37 +01:00
Erik Krogh Kristensen
8ccc384043 Merge pull request #11858 from erik-krogh/moreSpawn 
JS: track shell:true more in js/shell-command-constructed-from-input
 2023-01-16 13:24:50 +01:00
Erik Krogh Kristensen
59a8b21851 Merge pull request #10862 from erik-krogh/unsafeCodeConstruction 
Rb: Add an `unsafe-code-construction` query
 2023-01-16 13:22:58 +01:00
Michael Nebel
3552a41552 C#: Add test case for static abstract and static virtual interface members. 2023-01-16 13:07:50 +01:00
Michael Nebel
dc50b6bad3 C#: Support for operators in implements relations. 2023-01-16 13:07:50 +01:00