hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-22 21:27:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,446 Commits 1,783 Branches 169 Tags
codeql-cli/v2.25.5
Commit Graph

87446 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
46a1a4e010 Add a test. 2020-03-25 20:34:34 +00:00
Tom Hvitved
95b6f6aee0 C#: Add change note 2020-03-25 20:05:39 +01:00
Tom Hvitved
54677189de C#: Introduce RemoteFlowSink class 2020-03-25 20:05:39 +01:00
Tom Hvitved
142737dc61 C#: Move HtmlSinks from XSS.qll into separate file 2020-03-25 20:05:39 +01:00
Tom Hvitved
fddbce0b7b C#: Move all predefined sources and sinks into security/dataflow/flow{sinks,sources} 2020-03-25 20:05:39 +01:00
Erik Krogh Kristensen
4b0bc6b2b3 autoformat 2020-03-25 19:47:41 +01:00
Dave Bartolomeo
f981ce6be4 Merge pull request #3122 from jbj/getParameter-docs 
C++: Improve QLDoc for Function.getParameter
 2020-03-25 12:59:28 -04:00
Calum Grant
87970337ae C#: Improvements to buildless extraction, particularly for .NET Core. 2020-03-25 15:27:48 +00:00
Max Schaefer
e6bdc1809b Update ql/src/semmle/go/dataflow/internal/DataFlowDispatch.qll 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-25 15:04:48 +00:00
Max Schaefer
13b61383e2 Merge pull request #65 from sauyon/openredirect-fps 
OpenUrlRedirect: Expand safe URL flow configuration
 2020-03-25 15:04:21 +00:00
Jonas Jensen
b622d62d3c C++: Wire up param/arg indirections in data flow 2020-03-25 15:23:43 +01:00
Jonas Jensen
bc3bdbb11b C++: Improve QLDoc for Function.getParameter 2020-03-25 15:21:24 +01:00
Dave Bartolomeo
1edd492abf C++: Late fix for PR feedback 
I missed this suggestion before I merged the original PR. Fixing it now before I forget.
 2020-03-25 10:10:30 -04:00
Asger Feldthaus
ad1e0ec50b JS: Inline variable again 2020-03-25 14:01:33 +00:00
Dave Bartolomeo
376779421d Merge pull request #2975 from rdmarsh2/printir-generate-all 
C++/C#: generate IR for funcs excluded in PrintIR
 2020-03-25 09:45:02 -04:00
Tom Hvitved
7ac25d2439 C#: Add more tests for cs/information-exposure-through-exception 2020-03-25 14:33:49 +01:00
Asger Feldthaus
54021a1c30 JS: Update old entry point and add a test 2020-03-25 13:24:18 +00:00
Asger Feldthaus
a78f1b864b JS: Fix trailing whitespace 2020-03-25 12:45:48 +00:00
Asger Feldthaus
6c9e35c22e JS: Skip .js files with a same-named .ts file next to it 2020-03-25 12:45:37 +00:00
semmle-qlci
cf5b1f0cd5 Merge pull request #3019 from erik-krogh/ArrayStep 
Approved by asgerf
 2020-03-25 12:08:44 +00:00
Erik Krogh Kristensen
abcdfe3c53 use LibraryName class for websocket library names 2020-03-25 13:06:21 +01:00
Sauyon Lee
fbc2499118 OpenUrlRedirect: Add change note for fixed FPs 2020-03-25 04:01:17 -07:00
Sauyon Lee
f77d46f296 Address review comments. 2020-03-25 04:01:15 -07:00
Sauyon Lee
bd5f0b01cf Fix tests 2020-03-25 04:01:14 -07:00
Sauyon Lee
9321ff9110 OpenUrlRedirect: Add support for url.Host reassignments 2020-03-25 04:01:14 -07:00
Sauyon Lee
5f83dbd07b OpenUrlRedirect: Exclude header sources 2020-03-25 04:01:13 -07:00
Sauyon Lee
49aa43bd49 Make header Get and Values calls into taint steps 2020-03-25 04:01:12 -07:00
Sauyon Lee
83a417f52e OpenUrlRedirect: Use a taint-tracking safe URLs 2020-03-25 04:01:11 -07:00
Sauyon Lee
932840b0a3 Address review comments. 2020-03-25 04:01:10 -07:00
Sauyon Lee
fd88d913f7 Fix tests 2020-03-25 04:01:09 -07:00
Sauyon Lee
cc13a5d618 OpenUrlRedirect: Expand safe URL flow configuration 
Also add some more tests
 2020-03-25 04:01:08 -07:00
Rasmus Wriedt Larsen
dc9dbf3682 Python: Autoformat 2020-03-25 11:56:18 +01:00
Jonas Jensen
2b2667aef7 Merge remote-tracking branch 'upstream/master' into detect-conflated-memory 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRSanity.qll
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ir/raw_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_sanity.expected
	csharp/ql/src/semmle/code/csharp/ir/implementation/raw/IRSanity.qll
	csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/IRSanity.qll
	csharp/ql/test/library-tests/ir/ir/raw_ir_sanity.expected
	csharp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
 2020-03-25 11:55:39 +01:00
Rasmus Wriedt Larsen
12c6997e7b Python: Reduce result set in custom taint sanitizer 2020-03-25 11:55:29 +01:00
Max Schaefer
6edbe74c09 Revert "Add queries to inspect and measure dispatch differences." 
This reverts commit 752ee3909a.
 2020-03-25 10:43:05 +00:00
Erik Krogh Kristensen
f7faaa634f change-note 2020-03-25 11:37:39 +01:00
semmle-qlci
a413a3254b Merge pull request #3114 from RasmusWL/python-add-fp-for-non-callable 
Approved by tausbn
 2020-03-25 10:34:50 +00:00
semmle-qlci
ac7c74dcee Merge pull request #3111 from RasmusWL/python-fabric-command-injection 
Approved by BekaValentine
 2020-03-25 10:07:33 +00:00
Mathias Vorreiter Pedersen
ae076da517 Merge pull request #3112 from dbartol/codeql-c-analysis/34-Bad-Overlap 
C++/C#: Fix invalid overlap
 2020-03-25 10:40:39 +01:00
Max Schaefer
4ca87b84db Merge pull request #68 from adityasharad/go/request-forgery 
Add experimental query for request forgery.
 2020-03-25 09:09:34 +00:00
Erik Krogh Kristensen
f2b9e2019c remove isRelevant from flowStep 2020-03-25 09:46:07 +01:00
Erik Krogh Kristensen
6f0e507242 outline predicate to fix join-ordering 2020-03-25 09:44:03 +01:00
Erik Krogh Kristensen
3000486b35 add more isRelevant calls 2020-03-25 09:42:24 +01:00
yo-h
116c13eb18 Merge pull request #3106 from aschackmull/java/getstmtbody-type 
Java: Sharpen return type of LambdaExpr.getStmtBody().
 2020-03-24 19:20:57 -04:00
Erik Krogh Kristensen
1d8e103322 autoformat 2020-03-25 00:19:23 +01:00
Mathias Vorreiter Pedersen
f92dd3c565 C++: Autoformat 2020-03-24 22:28:55 +01:00
Mathias Vorreiter Pedersen
077c282cd3 C++: Add field flow and accept tests 2020-03-24 22:28:54 +01:00
Mathias Vorreiter Pedersen
a5f08e1ea6 C++: Split parameter node class into an explicit and implicit version 2020-03-24 22:28:54 +01:00
Mathias Vorreiter Pedersen
22381f3ee6 C++: Demonstrate amount of field flow already present 2020-03-24 22:28:54 +01:00
yo-h
ac68b62b48 Merge pull request #3115 from aschackmull/java/experimental-dir 
Java: Fix directory structure in experimental.
 2020-03-24 16:50:28 -04:00