hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 00:44:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
972551edd7 sync-files.py: cast line to string before concat 2020-04-23 15:32:28 -07:00
Dave
95b55f86ba Add a VS Code task to run sync-files.py 
If you're developing one of the libraries that has muiltiple copies auto-generated by `sync-files.py`, you can now run `sync-files.py --latest` by going to the `Terminal | Run Task...` menu in VS Code and selecting the `Sync Identical Files` task. You can set a keyboard binding to run this task for quicker access.
 2020-04-23 16:58:34 -04:00
james
5e87bc998e docs: add note about path queries 2020-04-23 20:30:28 +01:00
Erik Krogh Kristensen
19c6092998 autoformat 2020-04-23 20:59:34 +02:00
Erik Krogh Kristensen
ea1628ef54 fix typo in jQuery.qll 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 20:58:49 +02:00
Erik Krogh Kristensen
a71567da54 autoformat 2020-04-23 18:58:33 +02:00
Taus
1d6b6a48ae Merge pull request #2924 from BekaValentine/python-objectapi-to-valueapi-wrongnumberargumentsincall 
Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInCall
 2020-04-23 17:56:39 +02:00
Erik Krogh Kristensen
ee43db1b58 slightly expand the $().each model 2020-04-23 16:49:47 +02:00
Erik Krogh Kristensen
448ed150df allow the empty string to flow to a JQuery XSS sink 2020-04-23 16:45:37 +02:00
Cornelius Riemenschneider
0ea7fedeb0 Address review and fix bug in deconstructSizeExpr/3. 
Logic is hard, and I made a mistake inverting the formula for the second case, so the
predicate never held for a sizeExpr like sizeof(int)*sizeof(void).
Now, this case is correctly handled by the fallback.
 2020-04-23 16:39:29 +02:00
Cornelius Riemenschneider
492f1f446a Remove pragma[inline] from deconstructSizeExpr/3. 2020-04-23 15:53:11 +02:00
Erik Krogh Kristensen
96896fd7f5 second round of UnsafeJQueryPlugin reuse 2020-04-23 15:12:32 +02:00
Erik Krogh Kristensen
ea569dba78 update doc for JQuery plugin predicate 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 15:03:39 +02:00
Asger Feldthaus
cafdcfa4de JS: Preserve reflective calls in getAMethodCall 2020-04-23 13:57:14 +01:00
Erik Krogh Kristensen
1954a60b6e reuse existing predicate from UnsafeJqueryPlugin 2020-04-23 14:25:34 +02:00
Erik Krogh Kristensen
09b6727e6d refactor $.each model 2020-04-23 14:24:56 +02:00
Erik Krogh Kristensen
ce106981b3 add tests 2020-04-23 14:24:33 +02:00
Mathias Vorreiter Pedersen
deff2820c2 C++: Modernize getAnAssignedValue following PR comments 2020-04-23 14:14:35 +02:00
Rasmus Wriedt Larsen
fe50811bbf Python: In taint test, list comprehension => for loop 
Apparently they're not the same thing :(
 2020-04-23 14:13:00 +02:00
Rasmus Wriedt Larsen
06edd076b6 Python: Enable taint when iterating over ExternalFileObject 2020-04-23 14:11:50 +02:00
Erik Krogh Kristensen
e7d8cd8e8c Merge remote-tracking branch 'upstream/master' into MoarJQuery 2020-04-23 14:10:53 +02:00
semmle-qlci
36b28386f8 Merge pull request #3332 from erik-krogh/JGrowl 
Approved by esbena
 2020-04-23 13:06:00 +01:00
Erik Krogh Kristensen
67443718c0 change note 2020-04-23 13:55:37 +02:00
Erik Krogh Kristensen
6897dda614 model that this in $().each(callback) is a DOM-node 2020-04-23 13:51:17 +02:00
Erik Krogh Kristensen
8de86967aa model that this in a jQuery plugin is a jQuery object 2020-04-23 13:48:54 +02:00
semmle-qlci
801ce89c67 Merge pull request #3099 from esbena/js/introduce-poi-utility 
Approved by erik-krogh
 2020-04-23 12:14:00 +01:00
Jonas Jensen
37e3bc4b3e C++: invoke unique without | | 
Based on PR feedback. This will avoid a syntactic wart and make the
invocation do the right thing both with and without
`language[monotonicAggregates]`.
 2020-04-23 13:10:05 +02:00
Jonas Jensen
312e6229fb Merge pull request #3330 from MathiasVP/libc-assert 
C++: Generalize charpred of LibcAssert
 2020-04-23 13:06:41 +02:00
Rasmus Wriedt Larsen
1fe0040086 Python: Don't use six in urllib.parse string related tests 
Since this test inheriently has `--max-import-depth=1`, by using six, we would
never look at the actual source-code of urllib.parse/urlparse and therefore the
test would never show if we understood the library code good enough that we
could propagate taint out-of-the-box.

All tests moved by one line... that is why the diff is so big
 2020-04-23 13:00:45 +02:00
Erik Krogh Kristensen
d8c498bd15 add NOT OK comment 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-23 12:17:25 +02:00
Cornelius Riemenschneider
a33b7f8c99 Make getSizeMult() functional. 2020-04-23 12:15:31 +02:00
Rasmus Wriedt Larsen
94ae2febe5 Python: Propagate taint through parse_qsl 2020-04-23 12:14:22 +02:00
Erik Krogh Kristensen
e1423b0fa5 add test for jGrowl 2020-04-23 11:58:06 +02:00
Erik Krogh Kristensen
5382976195 change note 2020-04-23 11:52:16 +02:00
Taus
54d1991a9d Merge pull request #3300 from RasmusWL/python-pointsto-regression-open 
Python: Add points-to regression for uncalled function
 2020-04-23 11:50:30 +02:00
Pavel Avgustinov
adf12ba2b4 Merge pull request #3333 from sj/patch-3 
Update CODE_OF_CONDUCT.md to be based on Contributor Covenant template
 2020-04-23 10:46:41 +01:00
Bas van Schaik
0c8786f941 Update code of conduct in line with GH 
Updates CODE_OF_CONDUCT.md to use the Contributor Covenant Code of Conduct that is widely used for other open source projects at GitHub.
 2020-04-23 10:19:13 +01:00
Jonas Jensen
d6f77c0f98 Merge pull request #3328 from MathiasVP/literal-comment 
C++: Remove unnecessary part of comment
 2020-04-23 11:10:16 +02:00
Mathias Vorreiter Pedersen
0fb534c79e C++: Fix join order in getAnAssignedValue 2020-04-23 11:04:40 +02:00
Erik Krogh Kristensen
90652eeb25 add $.jGrowl as an XSS sink 2020-04-23 10:44:41 +02:00
Rasmus Wriedt Larsen
86630f1d6c Python: Handle readline, readlines for ExternalFileObject 2020-04-23 10:40:16 +02:00
Rasmus Wriedt Larsen
7385ea5024 Python: Add tests for ExternalFileObject 2020-04-23 10:36:51 +02:00
Rasmus Wriedt Larsen
c479a77d55 Python: Refactor ExternalFileObject to use field 
Instead of string matching. This brings it in line with what CollectionKind,
SequenceKind, and DictKind does.
 2020-04-23 10:28:29 +02:00
Shati Patel
9c12fa32e1 Merge pull request #3318 from shati-patel/lexer-unique 
Highlight "unique" as a keyword in CodeQL docs
 2020-04-23 09:18:39 +01:00
semmle-qlci
da3292606c Merge pull request #3191 from erik-krogh/XssDom 
Approved by esbena, mchammer01
 2020-04-23 09:17:07 +01:00
Jonas Jensen
f696594d35 Merge pull request #3295 from MathiasVP/field-flow-single-struct 
C++: Add PostUpdateNode for updates to structs with no chi instructions
 2020-04-23 10:02:10 +02:00
Jonas Jensen
cbed175931 Merge pull request #3273 from Semmle/rdmarsh/cpp/RemoteFlowSource-model 
C++: Add remote flow sources via models
 2020-04-23 09:54:40 +02:00
Mathias Vorreiter Pedersen
1016a0c0db C++: Generalize charpred of LibcAssert 2020-04-23 09:48:30 +02:00
Esben Sparre Andreasen
a66b4b55fe Update javascript/ql/src/experimental/poi/PoI.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-23 09:47:21 +02:00
semmle-qlci
1312fcccae Merge pull request #3324 from erik-krogh/BoundSocketIO 
Approved by asgerf
 2020-04-23 08:42:45 +01:00