hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 12:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,689 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
d619a8c693 Merge pull request #1192 from geoffw0/severity 
CPP: Change some query severities
 2019-04-05 09:23:27 +02:00
Jonas Jensen
8c17278808 Merge pull request #1191 from geoffw0/microsoft 
CPP: Workaround improvement for File.compiledAsMicrosoft.
 2019-04-05 09:22:08 +02:00
Jonas Jensen
b555f5025e Merge pull request #1209 from geoffw0/gmtime 
CPP: Add variants to PotentiallyDangerousFunction.ql
 2019-04-05 09:19:40 +02:00
yh-semmle
6ba57fc639 Merge pull request #1202 from aschackmull/java/slf4j-print-array 
Java: Exclude slf4j calls in PrintLnArray as it supports array formatting.
 2019-04-04 20:08:20 -04:00
Rebecca Valentine
b7939029bf removes bigint cases 2019-04-04 16:41:52 -07:00
Rebecca Valentine
5b87b85960 fixes comment language 2019-04-04 16:41:14 -07:00
Esben Sparre Andreasen
0ec0aa35be JS: change notes for Express 2019-04-04 21:42:23 +02:00
Esben Sparre Andreasen
60ba74a210 JS: Express cleanup and generalization 2019-04-04 21:42:08 +02:00
Esben Sparre Andreasen
c94ca46366 JS: add more Express tests 2019-04-04 21:42:08 +02:00
Robert Marsh
46f93ff322 C++: update test expectations 2019-04-04 10:55:27 -07:00
Robert Marsh
427b853077 C++: add another test case for IR stmtexpr 2019-04-04 10:55:27 -07:00
Robert Marsh
81dd03848f C++: respond to PR comments 2019-04-04 10:52:08 -07:00
Robert Marsh
f2fbdac31b C++: add support for GNU StmtExpr in IR 2019-04-04 10:51:06 -07:00
Geoffrey White
0a0bcdf939 CPP: Move some code into IncorrectPointerScalingCommon.qll. 2019-04-04 18:08:18 +01:00
Mark Shannon
2ba122373a Merge pull request #1128 from taus-semmle/python-paramiko-unsafe-host-key-validation 
Python: Add query for insecure SSH host key policies in Paramiko.
 2019-04-04 16:57:13 +01:00
Geoffrey White
7aee334baf CPP: Update the qhelp. 2019-04-04 16:48:14 +01:00
Geoffrey White
e8b7bf9ddf CPP: Change note. 2019-04-04 16:38:42 +01:00
Geoffrey White
a437e6c103 CPP: Extend coverage. 2019-04-04 16:31:02 +01:00
Geoffrey White
a1e503f428 CPP: Add test cases for PotentiallyDangerousFunction. 2019-04-04 16:26:53 +01:00
Felicity Chapman
bec6316c09 Move support information into a version-neutral location 2019-04-04 16:17:09 +01:00
Taus
c5f41c1a5a Merge pull request #1207 from markshannon/python-fix-cwe-ref 
Fix CWE tag for Code injection query.
 2019-04-04 17:08:51 +02:00
Mark Shannon
c2e814a11a Fix CWE tag for Code injection query. 2019-04-04 15:09:12 +01:00
Mark Shannon
3bcd445a32 Python change 'SimpleHttpResponseTaintSink' to 'HttpResponseTaintSink'. 2019-04-04 14:45:37 +01:00
Asger F
c38b8d81ca JS: review comments 2019-04-04 14:43:11 +01:00
Geoffrey White
5e71207a23 CPP: Add '/' case. 2019-04-04 14:32:22 +01:00
Mark Shannon
e2a3d91a7d Python taint-tracking: If taint has no class allow it flow through both branches of isinstance test. 2019-04-04 14:29:34 +01:00
Asger F
d594e55a61 JS: Remove ShellJS::Instance for simplicity 2019-04-04 11:45:59 +01:00
Asger F
a2b8721898 JS: Add change note 2019-04-04 11:45:59 +01:00
Asger F
43f6b8fa70 JS: Add test 2019-04-04 11:44:56 +01:00
Asger F
3da76cb798 JS: add model of ShellJS 2019-04-04 11:44:56 +01:00
Geoffrey White
cb09d23069 CPP: Add a test of common mistakes using locking and similar classes. 2019-04-04 11:23:06 +01:00
Mark Shannon
8b01bac900 Python: make sure unsafe deserialization query is using correct sources and that pickle is included in sinks. 2019-04-04 10:56:45 +01:00
Mark Shannon
bc19769e6d Python: make sure code injection query is using correct sources. 2019-04-04 10:56:45 +01:00
Mark Shannon
35e82dca68 Python revert .getNode() to .getSink()/.getSource() to keep expected test output the same. 2019-04-04 10:56:45 +01:00
Mark Shannon
f8c43ca40b Python: make sure all django and flask request sources conform to interface. 2019-04-04 10:56:45 +01:00
Mark Shannon
61e6ae7c4a Python: Use new taint-tracking query in unsafe deserialization query. 2019-04-04 10:56:45 +01:00
Mark Shannon
3c1a5bb046 Python: Use new taint-tracking query in code-injection query. 2019-04-04 10:56:44 +01:00
Mark Shannon
64e8be6ed1 Python: Use new taint-tracking query in reflected-xss query. 2019-04-04 10:56:44 +01:00
Mark Shannon
7fc5d690cd Python: Use new taint-tracking query in SQL-injection query. 2019-04-04 10:56:44 +01:00
Anders Schack-Mulligen
15fa4f8b7a Merge pull request #1007 from jbj/dataflow-dispatch-no-ctx 
C++: Simplify stubs in DataFlowDispatch.qll
 2019-04-04 11:25:50 +02:00
Anders Schack-Mulligen
d144ea2f1c Java: Exclude slf4j calls in PrintLnArray as it supports array formatting. 2019-04-04 11:09:41 +02:00
yh-semmle
b226cb64cd Merge pull request #1189 from aschackmull/java/preconditions 
Java: Support precondition calls as guards (ODASA-7796).
 2019-04-03 21:36:08 -04:00
Ziemowit Laski
921523e8e7 Merge branch 'cpp340a' of github.com:zlaski-semmle/ql into cpp340a 2019-04-03 17:56:34 -07:00
Ziemowit Laski
970c45e896 Merge branch 'master' into cpp340a 2019-04-03 17:52:46 -07:00
zlaski-semmle
b060fd13a6 Merge branch 'master' into cpp340a 2019-04-03 17:00:33 -07:00
Ziemowit Laski
e4ce8347bc [CPP-340] Simplify MistypedFunctionArguments.ql and reduce its 
precision from very-high to high.
 2019-04-03 16:19:37 -07:00
Rebecca Valentine
ec2e17f07a adds whitelist and recursive cases, per PR change req 2019-04-03 10:06:02 -07:00
Tom Hvitved
f5d52d0652 Merge pull request #274 from lukecartey/csharp/remove-security-tags 
C#: Remove the 'security' tag from some queries
 2019-04-03 17:04:25 +02:00
Asger F
3bc7371fd6 JS: be less conservative about incomplete nodes in prefix sanitizers 2019-04-03 15:20:03 +01:00
Jonas Jensen
d0091b28ee Merge pull request #1199 from geoffw0/printfld 
CPP: Support %Ld in printf.qll
 2019-04-03 15:38:16 +02:00