hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-07 16:14:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
85,907 Commits 1,732 Branches 164 Tags
codeql-cli/v2.24.2
Commit Graph

85907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
c43025d7b3 add model for xml2js 2021-02-10 14:16:30 +01:00
Erik Krogh Kristensen
44ca2e26a6 add taint-step to XML parsers 2021-02-10 14:16:08 +01:00
intrigus
5c82ff83de Java: Fix qhelp, fix CWE reference 2021-02-10 13:57:51 +01:00
Anders Schack-Mulligen
3a6fa9d99b Java: Add support for framework modelling through csv data. 2021-02-10 13:25:03 +01:00
Alvaro Muñoz
645b021845 Add support for the Preconditions Class in the Guava framework 2021-02-10 13:20:29 +01:00
Alvaro Muñoz
0cf3a29429 Add support for Apache Commons Lang ArrayUtils 2021-02-10 13:09:57 +01:00
Shati Patel
18225fa254 Merge pull request #4997 from github/shati-patel/cwe-coverage-docs 
Docs: Add outline for CWE coverage page
 2021-02-10 11:45:09 +00:00
Alvaro Muñoz
3b4357792b Remove sanitizing condition which does not prevent 
vulnerability.
 2021-02-10 12:21:48 +01:00
Anders Schack-Mulligen
66d0bf6b5e Merge pull request #5128 from hvitved/dataflow/exploration-clears-content 
Data flow: Take `clearsContent()` into account in flow exploration
 2021-02-10 11:52:24 +01:00
yoff
9930d59aca Merge pull request #5124 from RasmusWL/typetracking-with-decorator 
Python: Add test for type-tracking through decorators
 2021-02-10 09:34:54 +01:00
Chris Smowton
617b5510d9 Merge pull request #465 from smowton/smowton/feature/less-equality-test-panic-edges 
Remove panicking edges leading from an equality test where possible
 2021-02-10 08:20:27 +00:00
user
c29ab8958f tests and docs updated 2021-02-10 00:26:46 +03:00
Your Name
4b24e5641e formatting + example 
fix

test fix

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:46 +03:00
Your Name
bd09868686 test fixed, comments added 
Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:46 +03:00
Your Name
8c5e0a42b3 test fixed 
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:40 +03:00
Your Name
41e808dab4 conversion detect + tests 2021-02-10 00:26:40 +03:00
Your Name
a77f36fba8 formatting fix 
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:33 +03:00
Chris Smowton
ef658b292a Fix join order for ListOfConstantsComparisonSanitizerGuard 2021-02-09 19:42:23 +00:00
Arthur Baars
d4ebcbf18f Merge pull request #118 from github/aibaars/dataflow 
More dataflow steps
 2021-02-09 20:36:28 +01:00
Tom Hvitved
1f9b42f9ab Data flow: Sync files 2021-02-09 20:10:23 +01:00
Tom Hvitved
e5970f4c65 Data flow: Take clearsContent() into account in flow exploration 2021-02-09 20:09:24 +01:00
Tom Hvitved
9cfc08319d Use Generated::AstNode in ExprChildMapping 2021-02-09 19:32:41 +01:00
Chris Smowton
1b9abc5310 Merge pull request #470 from sauyon/go116flagadd 
Add -overlay to recognized go build flags
 2021-02-09 18:31:41 +00:00
Arthur Baars
1e64b264ba Fix compilation errors after merge 2021-02-09 18:50:30 +01:00
Arthur Baars
3e0b7c491a Merge remote-tracking branch 'origin/main' into aibaars/dataflow 2021-02-09 18:49:53 +01:00
Sauyon Lee
8c60c614db Add -overlay to recognized go build flags 2021-02-09 17:09:48 +00:00
Owen Mansel-Chan
abf59ec98f Merge pull request #469 from github/owen-mc-code-owners-file 
Create CODEOWNERS
 2021-02-09 17:04:29 +00:00
Owen Mansel-Chan
5cab5b2912 Create CODEOWNERS 
This is so that `@codeql-go` is automatically suggested as a reviewer for PRs
 2021-02-09 17:02:29 +00:00
Tom Hvitved
248f5cd648 Merge pull request #119 from github/hvitved/ast-range 
Rangify `AstNode`
 2021-02-09 16:47:50 +01:00
Tom Hvitved
85c13a1190 Make entries in RemoveWhenFullCoverage explicit 2021-02-09 16:34:25 +01:00
Geoffrey White
d475e55ec0 Update cpp/ql/test/README.md 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-02-09 15:20:03 +00:00
Geoffrey White
cc031118dd Update CONTRIBUTING.md 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-02-09 15:19:30 +00:00
yo-h
e5331a4735 Java: accept changes in expected output 2021-02-09 09:17:35 -05:00
yo-h
e194411cfa Java: fix javac errors in test code 2021-02-09 09:16:57 -05:00
luchua-bc
cb01613aa6 Exclude FP token patterns 2021-02-09 13:53:23 +00:00
Tamas Vajk
9854b95c30 Fix query performance 2021-02-09 14:45:22 +01:00
Alexander Eyers-Taylor
1c43505d30 Merge pull request #5121 from alexet/fix-js-jdoc 
Javascript Extractor: Update <tt> tages to <code>
 2021-02-09 13:07:19 +00:00
Arthur Baars
daa7bd7fd4 Move ReturningStmt::getValue implementation to internal library 2021-02-09 14:01:08 +01:00
Arthur Baars
e398837bdc Rename Statement to Stmt 2021-02-09 13:55:06 +01:00
Arthur Baars
bb89e134c4 Address comments 2021-02-09 13:54:46 +01:00
CodeQL CI
475d216f8e Merge pull request #5087 from erik-krogh/immutable 
Approved by asgerf
 2021-02-09 12:43:19 +00:00
Rasmus Wriedt Larsen
1d25184b32 Python: Add test for type-tracking through decorators 
In general, if there is _some_ decorator on a function, it might not be safe to
track content out of it (since the decorator could do anything), but in this
case, we can see what the decorator does, so we should be able to handle it (but
we don't right now).

By my understanding of how type-tracking works, if we track content through
`my_decorator`, then we would also track content to the result of
`unrelated_func()`, which I wanted to make sure our tests would catch.

I found out the core of the problem seems to come from our lack of being able to
track to the inner scope, and added an explicit test for that.
 2021-02-09 13:43:10 +01:00
Rasmus Wriedt Larsen
eb7e30d472 Python: Add test of django view handler with decorator 
Which we currently don't handle :(

Also added a bit more explanatory comments
 2021-02-09 13:25:12 +01:00
Geoffrey White
d1910a3f5c Update CONTRIBUTING.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-02-09 12:12:24 +00:00
alexet
8dd5a7e7c7 Javascript Extractor: Update <tt> tages to <code> 2021-02-09 12:10:09 +00:00
Remco Vermeulen
3818971b79 Add redirect sinks 
Both the familiy of `Accepted` and `Created` method set the location
header based on provided input. If this is untrusted input this can
result in an URL redirect attack.
 2021-02-09 13:09:02 +01:00
Chris Smowton
9a919cc6c8 Merge pull request #466 from smowton/smowton/fix/remove-html-template-models 
Remove models for html/template execution
 2021-02-09 11:55:13 +00:00
Tom Hvitved
32daf28b34 Rangify AstNode 2021-02-09 12:17:21 +01:00
Alexander Eyers-Taylor
bed10ad562 Merge pull request #5113 from github/alexet/fix-var-decls-spec 
Update the language specification to allow empty var_decls
 2021-02-09 11:08:23 +00:00
Rasmus Lerchedahl Petersen
e3002aa1bf Python: model for sys.exc_info 
made _easy_ by API graphs :D
 2021-02-09 11:39:44 +01:00