hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-06 07:34:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,732 Branches 164 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
6debc48e79 Merge branch 'master' of github.com:github/codeql into SharedDataflow_SequenceFlow 2020-08-03 07:05:34 +02:00
luchua-bc
ff0dacf1d7 Optimize the TaintTracking 2020-08-03 00:52:47 +00:00
luchua-bc
b65a033302 Shorten the regex private domain match 2020-08-01 03:42:13 +00:00
luchua-bc
ff58abb7d3 Revamp the sink code 2020-08-01 03:25:02 +00:00
Calum Grant
595ab442e6 Merge pull request #3996 from yoff/SharedDataflow_Syntax 
Python: Test all expressions that incur dataflow
 2020-07-31 17:45:00 +01:00
Rasmus Lerchedahl Petersen
3e13056140 Python: Address most review comments 2020-07-31 17:20:58 +02:00
Tamás Vajk
c8dc2ee611 Merge pull request #3993 from tamasvajk/remove-noise 
Turn off C# auto-compile on topmost folder
 2020-07-31 16:59:36 +02:00
Tamas Vajk
17e256b2c7 C#: Add VS Code tasks to build and test the C# bits 2020-07-31 16:56:51 +02:00
Rasmus Lerchedahl Petersen
b21da86ac1 Python: Field flow for sequence elements 
only from displays so far
 2020-07-31 15:45:20 +02:00
Rasmus Lerchedahl Petersen
e8ce62e211 Python: Fix missing flow annotation 2020-07-31 15:28:27 +02:00
Max Schaefer
f6da34b546 Speed up unresolvedReference. 2020-07-31 14:13:05 +01:00
Rasmus Lerchedahl Petersen
e13cf2e126 Python: fix formatting 2020-07-31 14:25:09 +02:00
Tom Hvitved
54ce73b40e Merge pull request #3995 from hvitved/csharp/fix-alerts 
C#: Fix a few alerts
 2020-07-31 14:07:35 +02:00
Rasmus Lerchedahl Petersen
29493f5bd7 Python: Make the coverage test a path query 2020-07-31 12:38:57 +02:00
CodeQL CI
18fa6b613d Merge pull request #3998 from ceh-forks/ceh-fix-typos 
Approved by shati-patel
 2020-07-31 11:08:58 +01:00
Mathias Vorreiter Pedersen
4990d00498 C++: Add taint tests demonstrating lack of taint through range based for loops 2020-07-31 09:57:35 +02:00
Mathias Vorreiter Pedersen
b88ef56cb4 C++: Add basic iterator definition that matches STL 2020-07-31 09:45:32 +02:00
Emil Hessman
246ae575be Fix typos 2020-07-31 06:59:55 +02:00
Raul Garcia (MSFT)
a5dab4e768 removing a redundant line 2020-07-30 17:05:42 -07:00
luchua-bc
81de1b14d9 Revamp the source of path query 2020-07-30 19:16:48 +00:00
Chris Smowton
7e65575e95 Merge pull request #272 from smowton/smowton/admin/fix-makefile-escaping 
Escape go-fmt file filter
 2020-07-30 20:05:04 +01:00
Raul Garcia (MSFT)
64f4613a3f Removing the options file as requested 2020-07-30 10:25:15 -07:00
Raul Garcia (MSFT)
9e74c183fe Fixing expected results after adding comments to the unit test .cs file 2020-07-30 10:24:24 -07:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Chris Smowton
2a7754af59 Factor ErrorType out of two duplicate tests 2020-07-30 17:25:53 +01:00
Chris Smowton
4b6810eefc InsecureFeatureFlag: make getAFlag a member of FlagKind 2020-07-30 17:23:01 +01:00
Chris Smowton
7dd20107fe Insecure-TLS query: trivial style and typo fixes 2020-07-30 17:18:54 +01:00
Rasmus Lerchedahl Petersen
133e18edd9 Python: Annotate missing flow 2020-07-30 18:13:39 +02:00
Chris Smowton
3c1daf08f8 Escape go-fmt file filter 
This should have been looking for \.go$, but I forgot to escape the dollar sign in a Makefile
 2020-07-30 17:06:01 +01:00
Rasmus Lerchedahl Petersen
1467d6b419 Python: Test all expressions that incur dataflow 2020-07-30 17:51:17 +02:00
semmle-qlci
5b1d25591e Merge pull request #3979 from max-schaefer/js/more-comand-injection-models 
Approved by asgerf
 2020-07-30 15:10:46 +01:00
Tom Hvitved
e08e7cdf34 C#: Fix a few alerts 2020-07-30 16:03:36 +02:00
Tom Hvitved
07f1e133f3 C#: More type-based adjustment of library-flow access paths 
This change removes the restriction that only access paths of length 1 can
have the head adjusted, based on type information from the call to the relevant
library-code callable.
 2020-07-30 15:48:41 +02:00
Shati Patel
437baf160e Merge pull request #3973 from shati-patel/sd-189 
Add basic LGTM tutorials to CodeQL sphinx project
 2020-07-30 14:37:48 +01:00
Tamas Vajk
0ea5f347f7 Turn off C# auto-compile on topmost folder 
If the C# extension is installed, then it reports 25k+ errors on the C# extractor until it is properly built. This is pure noise because the solution would be opened and built from the correct subdirectory. This commit disables the C# compilation altogether.
 2020-07-30 15:26:16 +02:00
Tom Hvitved
632713c475 Merge pull request #3986 from hvitved/csharp/null-maybe-null-coalescing-assignment 
C#: Fix false-positives in `cs/dereferenced-value-may-be-null`
 2020-07-30 14:20:00 +02:00
Tom Hvitved
05307b8757 C#: Remove more FPs in cs/dereferenced-value-may-be-null 2020-07-30 12:16:59 +02:00
Tom Hvitved
4f4d9d35be C#: Add more nullness tests 2020-07-30 12:15:49 +02:00
Shati Patel
4da74dea28 Update C# example 2020-07-30 10:57:17 +01:00
Shati Patel
0a4b828432 Update docs/language/learn-ql/java/basic-query-java.rst 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-07-30 11:55:28 +02:00
Shati Patel
9aaf20e6f2 Update docs/language/learn-ql/java/basic-query-java.rst 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-07-30 11:55:14 +02:00
Max Schaefer
2134757ebf Merge pull request #261 from smowton/smowton/admin/cleanup-cwe-322 
Polish CWE-322: detect and exclude cases where host-checking is optional
 2020-07-30 10:38:57 +01:00
Raul Garcia (MSFT)
6f845b0044 Using CodeQL AutoFormat 2020-07-29 18:01:46 -07:00
Raul Garcia (MSFT)
7923c480af Fixing queries based on suggestions/comments. 
TODO: Auto-formatting is still pending (need guidance on how to enable it on my environment). Thanks
 2020-07-29 17:14:37 -07:00
Raul Garcia
83e9d052d9 Update csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qll 
Co-authored-by: Jaroslav Lobačevski <novaisas@gmail.com>
 2020-07-29 16:24:13 -07:00
Robert Marsh
ddbec50c07 Merge pull request #3990 from MathiasVP/mathiasvp/fix-qldoc-SemanticStackVariable 
C++: Fix QLDoc for `SemanticStackVariable`
 2020-07-29 12:27:29 -07:00
Tom Hvitved
bec415c5c1 Merge pull request #3988 from hvitved/csharp/collection-flow-change-note 
C#: Add change note
 2020-07-29 19:58:54 +02:00
Chris Smowton
cce3a70412 Insecure-TLS: restrict sources to potentially interesting integers. 2020-07-29 16:46:36 +01:00
Chris Smowton
d7c0671ea1 Add test using SSH host-key checker factory knownhosts.New 
This produces a secure host-key checker; we assume by default that an opaque function not otherwise specified returns an acceptable checker, but we need to particularly cope with its multiple return values to handle this factory function.
 2020-07-29 16:30:51 +01:00
Chris Smowton
d0e86f787d SSH host checking: Expand definition of a host-key checking function to include calls with multiple return types 
For example, https://godoc.org/golang.org/x/crypto/ssh/knownhosts#New returns a host-key checker and an error value, and we previously didn't consider the first return value a candidate checker function.
 2020-07-29 16:06:38 +01:00