hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 10:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,820 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.7
Commit Graph

51820 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
41f7c7ae53 Merge pull request #12092 from jbj/aliases-upper-case 2023-02-03 18:40:53 +01:00
Alvaro Muñoz
04d5b7e579 make RequestForgery import private 2023-02-03 18:19:35 +01:00
Alvaro Muñoz
4b198f9af8 apply code review feedback 2023-02-03 18:12:49 +01:00
Mathias Vorreiter Pedersen
09a7573163 C++: Add comments to the new FP. 2023-02-03 17:09:19 +00:00
Alvaro Muñoz
844193d065 use regexp to capture generated file names 2023-02-03 18:08:56 +01:00
Mathias Vorreiter Pedersen
ae774a6b95 C++: Add a test with an indirect source. 2023-02-03 16:59:54 +00:00
Alvaro Muñoz
1d0e80c2f5 Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-02-03 17:59:29 +01:00
Alvaro Muñoz
3002230af9 remove duplicated import 2023-02-03 17:48:13 +01:00
Philip Ginsbach
1ec2c2591b fix documentation generator problem 2023-02-03 16:42:07 +00:00
Robert Marsh
ad8e82ac65 C++: allow read steps at the sink in IR taint test 2023-02-03 11:38:49 -05:00
Owen Mansel-Chan
2f637e2c8e Remove unused variable 2023-02-03 16:36:20 +00:00
Alvaro Muñoz
c517eb89b2 add more sinks 2023-02-03 17:33:08 +01:00
Jonas Jensen
73112e401c Change type name to upper case 
QL doesn't allow types to be declared in lower case, so the example did
not compile.
 2023-02-03 17:30:12 +01:00
Calum Grant
7d8b624a71 Basic script to generate shared code metrics 2023-02-03 16:24:39 +00:00
Philip Ginsbach
a354e776bf document final type aliases 2023-02-03 15:59:47 +00:00
Alvaro Muñoz
20dc30d7e8 add RequestForgery test 2023-02-03 16:38:56 +01:00
Philip Ginsbach
a639f13fd9 Merge pull request #12085 from github/ginsbach/DocumentModuleSignatureMemberDefaults 
document module signature member defaults
 2023-02-03 15:33:00 +00:00
Alvaro Muñoz
6b3d458865 Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-02-03 16:20:21 +01:00
Alvaro Muñoz
c7637a7e1f Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-02-03 16:19:48 +01:00
Alex Ford
7768026e70 Merge branch 'main' into js-use-shared-cryptography 2023-02-03 15:18:30 +00:00
Anders Schack-Mulligen
2d6d8aaa74 Java: Account for additional constants in ArrayIndexOutOfBounds query. 2023-02-03 16:16:39 +01:00
Anders Schack-Mulligen
a1aeb995e6 Java: Apply deadcode guard to data flow nodes. 2023-02-03 16:16:39 +01:00
Anders Schack-Mulligen
e8dbd65d77 Java: Refactor compile-time constant calculation and apply to ConstantIntegerExpr. 2023-02-03 16:16:27 +01:00
Alvaro Muñoz
a0cf8e786c fix SSRF sink 2023-02-03 16:16:00 +01:00
Alvaro Muñoz
7140b956e8 improve generated files matching predicates 2023-02-03 16:13:44 +01:00
Sarita Iyer
d99f7b56bd Merge branch 'codeql-cli-articles-migration-update' of https://github.com/github/codeql into codeql-cli-articles-migration-update 2023-02-03 09:56:51 -05:00
Sarita Iyer
c33c5ed517 Update codeql-cli links 2023-02-03 09:56:49 -05:00
Alex Ford
6c35feaa98 ConceptsShared: add a default implementation of BlockMode CryptographicOperation#getBlockMode() for compatibility with external code 2023-02-03 14:39:32 +00:00
Alex Ford
b968b59afc CryptoAlgorithms: make CryptographicAlgorithm#matchesName hold only if that algorithm is the most specific match 2023-02-03 14:15:32 +00:00
Tamas Vajk
f90c5346bf C#: Change handled exception in TrapWriter.ArchiveContents 2023-02-03 15:13:23 +01:00
Mathias Vorreiter Pedersen
0a6f914bfc C++: Make the documentation on 'isSink' less ambiguous. 2023-02-03 14:09:01 +00:00
Mathias Vorreiter Pedersen
0aed890b15 C++: Undo QLDoc change. 2023-02-03 14:02:55 +00:00
erik-krogh
8e05fdb369 make more imports private 2023-02-03 15:00:31 +01:00
erik-krogh
c5350ca6a0 add change-note 2023-02-03 14:47:58 +01:00
erik-krogh
cf094c2f4f adjust which folders are seen as exported to remove an FP 2023-02-03 14:47:55 +01:00
erik-krogh
848b24cfe4 adjust concept tests after changing subprocess model 2023-02-03 14:47:55 +01:00
erik-krogh
ef44cb86c2 remove FPs related to parameters that are meant to be commands 2023-02-03 14:47:55 +01:00
erik-krogh
e9ebba3350 assume shell=False for subprocess calls, fixes FPs in e.g. youtube-dl 2023-02-03 14:47:55 +01:00
erik-krogh
d228cf0e7b use more API-nodes to model subprocess.run (and friends) 2023-02-03 14:47:55 +01:00
erik-krogh
bce83bfc4e add failing test for indirectly setting the shell=true flag for subprocess.run 2023-02-03 14:47:55 +01:00
erik-krogh
0a2c7d062c add Fabric test, and add tracking of the shell flag in Fabric 2023-02-03 14:47:55 +01:00
erik-krogh
6bbc4f4a48 add more tests 2023-02-03 14:47:55 +01:00
erik-krogh
33c506d7fe add minimal test for Array join as a sink, and learn that the order is flipped compared to JS. Thanks Copilot! 2023-02-03 14:47:55 +01:00
erik-krogh
5bddfc0d79 add test for f-strings as sink 2023-02-03 14:47:55 +01:00
erik-krogh
47a06d2824 add library inputs as a source, and get minimal test to work 2023-02-03 14:47:55 +01:00
erik-krogh
7fcc548665 add py/shell-command-constructed-from-input, but without a source. 
It's a very direct port from Ruby, with only minor adjustments to fit the Python APIs
 2023-02-03 14:47:55 +01:00
erik-krogh
187cfd7be7 add isShellInterpreted to the SystemCommandExecution concept 2023-02-03 14:47:54 +01:00
Geoffrey White
38eeb9c747 Swift: Model String methods. 2023-02-03 12:26:55 +00:00
Alex Ford
e17b3d975d JS: pick up CryptographicKeys used in asmCrypto encrypt/decrypt calls 2023-02-03 12:16:25 +00:00
Alex Ford
6b2a92a7ca JS: update CryptographicKey.expected 2023-02-03 12:12:47 +00:00