hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-16 12:36:55 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,820 Commits 1,713 Branches 162 Tags
codeql-cli/v2.12.6
Commit Graph

51820 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Raul Garcia (MSFT)
3e0481b889 Queries to help on the detection based on misuse of DataSet and DataTable serialization that could lead to security problems. 
https://go.microsoft.com/fwlink/?linkid=2132227
 2020-07-14 17:54:54 -07:00
Robert Marsh
7dd2677746 Merge pull request #3950 from MathiasVP/simple-range-analysis-unsigned-multiplication-tests 
C++: Add test cases for range analysis for unsigned multiplication
 2020-07-14 14:18:06 -07:00
Raul Garcia (MSFT)
896cdf9b12 Merge branch 'master' of https://github.com/github/codeql 2020-07-14 11:16:51 -07:00
Mathias Vorreiter Pedersen
174b30461a C++: Fix syntax error in testfile 2020-07-14 19:47:21 +02:00
Calum Grant
dcff87fb2e Merge pull request #3366 from hvitved/csharp/dataflow/arrays 
C#: Precise data-flow for collections
 2020-07-14 17:12:29 +01:00
Mathias Vorreiter Pedersen
834ad92453 C++: Add test cases for unsigned multiplication and fix missing return value in existing tests 2020-07-14 16:57:47 +02:00
Geoffrey White
37158f46ed C++: Remove deprecated class from test. 2020-07-14 15:36:48 +01:00
semmle-qlci
0bee0687cb Merge pull request #3911 from RasmusWL/python-call-graph-tracing 
Approved by tausbn
 2020-07-14 15:33:45 +01:00
Geoffrey White
3f6d8490e0 C++: Autoformat. 2020-07-14 15:09:12 +01:00
Ian Lynagh
616bad7b5c C++: Add an upgrade script 2020-07-14 13:53:46 +01:00
Ian Lynagh
c254de464a C++: Update stats following static_asserts change 2020-07-14 13:53:01 +01:00
Rasmus Wriedt Larsen
f1601d643a Python: autoformat 2020-07-14 14:12:56 +02:00
Rasmus Wriedt Larsen
1d9c3b3bcd Python: call-graph tracing: callable => callee 
to use consistent naming
 2020-07-14 14:12:02 +02:00
semmle-qlci
f8c03dcae6 Merge pull request #3924 from RasmusWL/python-metrics-queries-for-dist-compare 
Approved by tausbn
 2020-07-14 13:03:02 +01:00
Rasmus Wriedt Larsen
ee42d0839e Python: Rename target => callee 
To use a standardised naming :)
 2020-07-14 11:26:05 +02:00
Rasmus Wriedt Larsen
d913d33289 Python: Autoformat 2020-07-14 11:21:55 +02:00
Taus
ee13e87f3b Merge pull request #3947 from RasmusWL/python-fix-tests 
Python: Make experimental/library-tests/CallGraph pass for Python 2
 2020-07-13 22:10:34 +02:00
Arthur Baars
67b6018079 Merge pull request #3729 from luchua-bc/java-hardcoded-aws-credentials 
Java: Hardcoded AWS credentials
 2020-07-13 18:04:42 +02:00
Chris Smowton
830f83f21a Merge pull request #257 from smowton/smowton/fix/go-mod-comment-group-indices 
Extractor: assign unique indices to comment-groups in go.mod files
 2020-07-13 15:40:14 +01:00
Rasmus Wriedt Larsen
dc7d92ba2f Python: Autoformat experimental/library-tests/CallGraph/ 2020-07-13 16:20:02 +02:00
Geoffrey White
646efe2a20 C++: Deprecate ConversionConstructor. 2020-07-13 15:04:39 +01:00
Arthur Baars
c585b2e483 Java: stack trace exposure: address false positives 2020-07-13 15:26:55 +02:00
Geoffrey White
61178c5330 Merge branch 'master' into copymove 2020-07-13 14:11:12 +01:00
Rasmus Wriedt Larsen
83bd14b687 Python: Make experimental/library-tests/CallGraph pass for Python 2 
The import doesn't actually work the intended way, so running
```
$ python python/ql/test/experimental/library-tests/CallGraph/test.py
```

will procude no output. but our extractor will extract the things we need, so
for a quick fix this will need to suffice.
 2020-07-13 14:52:28 +02:00
luchua-bc
12803f1f53 Merge Hardcoded AWS Credentials check into the mail source folder 2020-07-13 12:22:34 +00:00
Chris Smowton
3ab948f81c Extractor: assign unique indices to comment-groups in go.mod files 
The schema requires that (parent, index) is a key.
 2020-07-13 11:28:28 +01:00
Arthur Baars
b1e604b490 Java: treat Stack.push as data flow instead of taint flow 2020-07-13 11:36:34 +02:00
Arthur Baars
a484aff76d Java: improve comments 2020-07-13 11:09:05 +02:00
Geoffrey White
6519629472 Merge pull request #3942 from MathiasVP/remove-abstract-preprocessor 
C++: Remove abstract classes from Preprocessor.qll
 2020-07-13 10:00:50 +01:00
Rasmus Wriedt Larsen
3127bb27d0 Python: Remove strange empty line 2020-07-13 10:55:43 +02:00
Rasmus Wriedt Larsen
0b6c3ff99d Python: Don't use PointsTo module name in metrics query 
To avoid confusion with the normal PointsTo module in
python/ql/src/semmle/python/pointsto/PointsTo.qll
 2020-07-13 10:46:03 +02:00
Rasmus Wriedt Larsen
a7d23063de Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2020-07-13 10:44:19 +02:00
dilanbhalla
48e540fa9a minor fixes 2020-07-13 01:25:42 -07:00
dilanbhalla
db6d5c329f file/buffer write dataflow queries complete 2020-07-13 00:57:05 -07:00
Sauyon Lee
32510eb2d0 Merge pull request #255 from max-schaefer/alias-types 
Improve modelling of alias declarations
 2020-07-10 21:07:48 -07:00
Mathias Vorreiter Pedersen
d6da318645 C++: Remove abstract classes from Preprocessor.qll 2020-07-10 21:55:14 +02:00
Jonathan Leitschuh
1f6615b3b8 Merge branch 'master' into feat/JLL/jOOQ_SQL_injection 
* master: (485 commits)
  C++: Remove @stmt_while from the TConditionalStmt union type.
  C++: Remove abstract classes from Stmt.qll
  Drop Map.merge as taint step
  Add the printAst.ql contextual query for C++
  Fix modelling of Stack.push
  C#: Sync identical files
  C++: Replace getResultType() with getResultIRType() in IR dataflow
  C++: Replace getResultType() with getResultIRType() in IR range analysis
  C++: Introduce isSigned() and isUnsigned() predicates on IRIntegerType to mirror IntegralType
  Add missing java import
  Add missing java import
  Mark ServletUrlRedirectSink private
  Java: model Object.clone
  Add file-level qldoc
  Optimize imports
  Join ServletUrlRedirectSink with UrlRedirectSink
  Extend UrlRedirectSink from DataFlow::Node
  Remove superfluous imports
  Java: ContainerFlow add comments
  Generalize QueryInjectionSink
  ...
 2020-07-10 14:37:41 -04:00
Dave Bartolomeo
912c50a881 Merge pull request #3937 from MathiasVP/replace-result-type-with-ir-result-type 
C++: Replace getResultType() with getResultIRType()
 2020-07-10 13:37:30 -04:00
Geoffrey White
456a05ecd5 Merge pull request #3940 from MathiasVP/remove-abstract-stmt 
C++: Remove abstract classes and predicates from Stmt.qll
 2020-07-10 16:41:45 +01:00
Mathias Vorreiter Pedersen
7cc83da97a C++: Remove @stmt_while from the TConditionalStmt union type. 2020-07-10 15:51:34 +02:00
Max Schaefer
4eac5a1d4e Add test to demonstrate that aliases have entities. 
There are, however, no corresponding types.
 2020-07-10 14:41:15 +01:00
Taus
df3eb9f9c5 Merge pull request #3790 from RasmusWL/python-add-annotated-callgraph-tests 
Python: Add annotated call-graph tests
 2020-07-10 15:38:38 +02:00
Max Schaefer
1a8688a8f4 Extract enough information to distinguish type definitions from alias declarations. 2020-07-10 14:12:51 +01:00
Max Schaefer
4257a68c27 Include newlines in messages printed by go-gen-dbscheme. 2020-07-10 14:08:37 +01:00
Geoffrey White
2941f413f9 Merge pull request #3931 from aeisenberg/aeisenberg/cpp-print-ast 
Add the printAst.ql contextual query for C++
 2020-07-10 14:08:25 +01:00
Max Schaefer
9347413e77 Merge pull request #254 from smowton/smowton/admin/fix-go-autoformat 
Make the gofmt CI test actually fatal
 2020-07-10 14:01:44 +01:00
Philippe Antoine
bf7e3a004e Reverting to enclosing block logic 2020-07-10 14:58:00 +02:00
Philippe Antoine
50b2b12ce2 put back missing condition 2020-07-10 14:41:35 +02:00
Philippe Antoine
3117c67a66 Updates result message to be more precise 2020-07-10 14:26:09 +02:00
Mathias Vorreiter Pedersen
567984af3d C++: Remove abstract classes from Stmt.qll 2020-07-10 14:21:56 +02:00