hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-24 22:27:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,446 Commits 1,785 Branches 169 Tags
codeql-cli/v2.25.5
Commit Graph

87446 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yo-h
0d8d5773b7 Java: add missing QLDoc for Clover.qll 2020-05-11 20:01:44 -04:00
yo-h
6e64f3dd05 Java: add missing QLDoc for JavaxAnnotations.qll 2020-05-11 20:01:44 -04:00
yo-h
537c657b19 Java: add missing QLDoc for EJBRestrictions.qll 2020-05-11 20:01:44 -04:00
yo-h
4594b51dfc Java: add missing QLDoc for EJB.qll 2020-05-11 20:01:43 -04:00
yo-h
3a82090087 Java: add missing QLDoc for EJBJarXML.qll 2020-05-11 20:01:42 -04:00
yo-h
8fe093c854 Java: add missing QLDoc for PersistenceXML.qll 2020-05-11 20:01:42 -04:00
yo-h
5b962c1add Java: add missing QLDoc for Persistence.qll 2020-05-11 20:01:42 -04:00
Sauyon Lee
58e41e9302 ReflectedXss: More broadly exclude values with a constant prefix 2020-05-11 15:49:37 -07:00
Robert Marsh
090977447b Merge pull request #3445 from geoffw0/rangerounding 
C++: Round result of >> in SimpleRangeAnalysis
 2020-05-11 13:07:18 -07:00
Felicity Chapman
0366c5d035 Merge pull request #3446 from hmakholm/rc/1.24 
Merge rc/1.24 back into master
 2020-05-11 20:15:34 +01:00
Jason Reed
66da91fe59 Java, Javascript, Csharp: Restrict definitions predicates 
Only expose definition-use relation itself, and getEncodedFile.
 2020-05-11 15:14:16 -04:00
Dave Bartolomeo
e5bd66809a C++/C#: Add QLDoc for renamed queries 2020-05-11 14:16:21 -04:00
Geoffrey White
a4fa4c859a C++: Fix rounding for >>. 2020-05-11 18:55:01 +01:00
Geoffrey White
b1c32deabc C++: Add some tests with 64-bit values. 2020-05-11 18:54:50 +01:00
Dave Bartolomeo
3987267f26 Rename sanity -> consistency 2020-05-11 13:46:26 -04:00
Dave Bartolomeo
06783938d3 JavaScript: Rename sanity -> consistency 2020-05-11 13:46:12 -04:00
Dave Bartolomeo
b39d4bc4bd Java: Rename sanity -> consistency 2020-05-11 13:37:01 -04:00
Dave Bartolomeo
09d1da2f7a C++/C#: Rename sanity -> consistency 
I did both of these languages together because they share some of the changed code via `identical-files.json`.
 2020-05-11 13:29:52 -04:00
James Fletcher
46140c3c1f Merge pull request #3440 from jf205/sd-68-2 
CodeQL docs: more updates to "Further reading" sections
 2020-05-11 16:33:29 +01:00
Max Schaefer
a55c828fe4 Update ql/src/experimental/CWE-840/ConditionalBypass.ql 
Co-authored-by: porcupineyhairs <61983466+porcupineyhairs@users.noreply.github.com>
 2020-05-11 15:26:30 +01:00
Porcupiney Hairs
d0061bfd4b Golang : Add MongoDB injection support 
This PR adds support for MongoDB injection to the existing SQL injection query.
This models the official Golang MongoDB driver.

A  brief summary of changes made in this query are :

1. A `NoSQL.qll` files has been created to model a `NoSQLQueryString`.

2. An entry is added in `go.qll` by default as I find these changes may be generally useful.

3. Library tests along with there expected outputs are added.

4. Query tests are added. However, I am unable to add the expected output as qltest
can't find depstubber. However, these can be easily added. I have created a separate
codeql-go database with the same files and ran the query against the same. I can see
there should be 14 correct results added from this PR.
 2020-05-11 19:55:48 +05:30
Porcupiney Hairs
9b53ad3b3c model IO package 2020-05-11 19:39:01 +05:30
Asger F
86a774d912 Merge pull request #3394 from monkey-junkie/master 
JS SSTI CWE-094
 2020-05-11 15:06:17 +01:00
Porcupiney Hairs
c1856ba260 fix tests 2020-05-11 19:32:28 +05:30
James Fletcher
7f952963e1 Update docs/language/learn-ql/writing-queries/debugging-queries.rst 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-05-11 14:58:46 +01:00
Jonas Jensen
cec73e689e Merge pull request #3393 from dbartol/codeql-c-analysis-team/40/1 
C++: A few IR QLDoc comments
 2020-05-11 15:56:43 +02:00
Erik Krogh Kristensen
970ddcac7b autoformat 2020-05-11 15:38:45 +02:00
Jonas Jensen
48d2bd6102 C++: Improve suppression of duplicate sources 
This fixes a cosmetic bug in `.../CWE-134/.../examples.c` in the
internal repo.
 2020-05-11 14:44:53 +02:00
Jonas Jensen
3a89f43cd6 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected
 2020-05-11 14:44:17 +02:00
Jonas Jensen
3369453bb1 Merge pull request #3427 from MathiasVP/remove-abstract-from-builtin-op 
C++: Remove abstract keyword from `BuiltInOperation`
 2020-05-11 14:16:46 +02:00
Erik Krogh Kristensen
8b3e86c4f8 change note 2020-05-11 13:40:59 +02:00
Erik Krogh Kristensen
3ce60733cc add test case 2020-05-11 13:11:24 +02:00
Max Schaefer
4a7171d91e Fix frontend errors in BadRedirectCheck tests. 2020-05-11 11:45:21 +01:00
Max Schaefer
17dd99d326 Fix frontend errors in Mux tests. 2020-05-11 11:45:08 +01:00
Erik Krogh Kristensen
acb0f2e54f exclude "@babel/helpers - .." from js/unknown-directive 2020-05-11 12:42:18 +02:00
james
148c7eb34d docs: further reading ql training 2020-05-11 11:40:58 +01:00
james
3a00c4838e docs: further reading QL tutorials 2020-05-11 11:40:58 +01:00
james
5292051c3e docs: further reading for codeql queries section 2020-05-11 11:40:50 +01:00
Jonas Jensen
4f5b8f7306 Merge pull request #3430 from MathiasVP/comments-about-comments 
C++: Add QLDoc to CaptionedComments.qll and CommentedOutCode.qll
 2020-05-11 12:36:54 +02:00
Max Schaefer
df9902512f More cleanup in help and tests. 
In particular, I have copied over the examples referenced in the qhelp into the test folder and made sure they compile.
 2020-05-11 11:07:38 +01:00
Max Schaefer
287dda0ab5 Minor cleanup in query and tests. 2020-05-11 11:05:40 +01:00
Max Schaefer
78201a2c5f Rename ConditionBypass* to ConditionalBypass* for consistency with other languages. 2020-05-11 10:47:00 +01:00
Tom Hvitved
c837ab7d1a Apply suggestions from code review 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-05-11 11:42:50 +02:00
Max Schaefer
3e830b69b5 Merge pull request #121 from porcupineyhairs/conditionBypass 
User-controlled bypass of a comparision
 2020-05-11 10:41:33 +01:00
Slavomir
5df81d3210 Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-05-11 12:37:14 +03:00
Mathias Vorreiter Pedersen
715fa9e446 Simplify comment 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-05-11 11:32:10 +02:00
Mathias Vorreiter Pedersen
104545f3a7 Replace 'Returns' with 'Gets' 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-05-11 11:31:51 +02:00
Calum Grant
91229f8d52 Merge pull request #3398 from hvitved/csharp/missing-x-frame-option 
C#: More results for `cs/web/missing-x-frame-options`
 2020-05-11 10:28:26 +01:00
Mathias Vorreiter Pedersen
411e52a231 C++: Replace @buildin_op with @builtin_op 2020-05-11 11:12:48 +02:00
Jonas Jensen
b3498bd0ad Merge pull request #3425 from MathiasVP/remove-more-abstract-classes 
C++: Remove abstract keyword from a couple of AST classes
 2020-05-11 10:55:35 +02:00