hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 10:24:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,684 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
5afebc8418 C++: Autoformat. 2020-02-24 11:40:47 +00:00
Asger Feldthaus
01309d7c2e TS: Add test for named re-export and exportsAs 2020-02-24 11:40:28 +00:00
Asger Feldthaus
78954489fb TS: Fix expected output 2020-02-24 11:40:28 +00:00
Asger Feldthaus
4e1bd9056c TS: Fix javadoc 2020-02-24 11:40:28 +00:00
Asger Feldthaus
05d9e64dab TS: Add change note 2020-02-24 11:40:27 +00:00
Asger Feldthaus
18974bad1c TS: Add upgrade script and stats 2020-02-24 11:40:27 +00:00
Asger Feldthaus
47673c6e21 TS: Disable export analysis for type-only exports 2020-02-24 11:40:27 +00:00
Asger Feldthaus
16c909b433 TS: Add test case for import type * as ns 2020-02-24 11:40:27 +00:00
Asger Feldthaus
260b243c28 TS: Add test case to DeclBeforeUse 2020-02-24 11:40:27 +00:00
Asger Feldthaus
8d58aad0f2 TS: Support type-only import/export 2020-02-24 11:40:27 +00:00
Asger Feldthaus
0351f0b775 TS: Add test and documentation for private fields 2020-02-24 11:40:27 +00:00
Asger Feldthaus
8531c113a1 TS: Fix imports 2020-02-24 11:40:27 +00:00
Asger Feldthaus
9b52acc62a TS: Handle export * as ns 2020-02-24 11:40:27 +00:00
Asger Feldthaus
7f939fe1e4 TS: Update to TypeScript 3.8.2 2020-02-24 11:40:27 +00:00
Geoffrey White
c45bf90e98 Update cpp/ql/src/semmle/code/cpp/models/implementations/Gets.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-02-24 11:36:09 +00:00
Geoffrey White
34b790d601 C++: Change note. 2020-02-24 11:33:27 +00:00
semmle-qlci
94aa77748d Merge pull request #2810 from erik-krogh/CVE74 
Approved by asgerf
 2020-02-24 11:32:42 +00:00
Geoffrey White
e683f6113d C++: Model 'gets'. 2020-02-24 11:27:35 +00:00
Geoffrey White
8dcd46f9e7 C++: Add a taint test for gets. 2020-02-24 11:25:28 +00:00
Asger Feldthaus
f923b24bc5 JS: Fix test 2020-02-24 11:19:23 +00:00
Erik Krogh Kristensen
75c1852ee4 doc changes from review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-24 11:58:59 +01:00
Mathias Vorreiter Pedersen
ed430ce855 C++/C#: Bind parameter in new case. 2020-02-24 09:12:14 +01:00
Mathias Vorreiter Pedersen
af364e66fc C++/C#: Move sanity check inside InstructionSanity module and accept tests 2020-02-23 20:53:49 +01:00
Grzegorz Golawski
fda4ab155a CodeQL query to detect open Spring Boot actuator endpoints 2020-02-23 20:03:41 +01:00
Peter Stöckli
e81d3ce0b4 Add type for java.net.URL 2020-02-23 12:35:03 +01:00
Dave Bartolomeo
170331b105 C++: Better fix for void type on buffer access 
Fixes issue https://github.com/github/codeql-c-analysis-team/issues/20

This change undoes the workaround in https://github.com/Semmle/ql/pull/2736, and replaces it with a fix for the underlying cause. The problem was that the IR construction code for side effects incorrectly assumed that `BufferAccessOpcode` included `SizedBufferAccessOpcode`. I think that was actually a perfectly reasonable assumption to make, so I changed the `Opcode` hierarchy to make it true.
 2020-02-21 18:46:32 -07:00
Taus
285be2893c Merge pull request #2893 from BekaValentine/python-objectapi-to-valueapi-unnecessarylambda 
Python: ObjectAPI to ValueAPI: UnnecessaryLambda
 2020-02-21 22:23:02 +01:00
Taus
e444fb8bfa Merge pull request #2818 from BekaValentine/objectapi-to-valueapi-hashedbutnohash 
Python: ObjectAPI to ValueAPI: HashedButNoHash
 2020-02-21 22:19:58 +01:00
Rebecca Valentine
14273fc677 Adds missing result to expected file 2020-02-21 11:25:03 -08:00
Peter Stöckli
e1e03e326b Add query documentation header 2020-02-21 18:22:05 +00:00
Peter Stöckli
9de2be8eba Fix whitespace issues in OpenStream.java 2020-02-21 17:13:04 +00:00
Peter Stöckli
b622e2ae06 Java: Calling openStream on URLs created from remote source can lead to local file disclosure. 2020-02-21 17:51:15 +01:00
Rasmus Wriedt Larsen
bfa7553095 Python: urlsplit sanitizer handles in [KNOWN_VALUE] 2020-02-21 16:03:29 +01:00
mchammer01
b4c72f610a pre-migration tasks: start adding intros 2020-02-21 14:51:38 +00:00
Rasmus Wriedt Larsen
798db91f71 Python: Add more urlsplit tests 2020-02-21 15:51:33 +01:00
Erik Krogh Kristensen
44db0f4e5d better printing of the options arg 2020-02-21 15:39:49 +01:00
Asger Feldthaus
d1df251b92 JS: Proto pollution: Add is-plain-object sanitizer 2020-02-21 14:38:33 +00:00
Erik Krogh Kristensen
90e5671d98 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE481 2020-02-21 15:25:07 +01:00
Rasmus Wriedt Larsen
31ff652cb3 Python: Make Sanitizer available for urlsplit taint 
It isn't used by default, it has to *actively* be enabled.
 2020-02-21 15:18:53 +01:00
Mathias Vorreiter Pedersen
d9753b0ca5 C++/C#: Accept test output after adding sanity check to Instruction.qll 2020-02-21 15:09:53 +01:00
Asger Feldthaus
1ee112a341 JS: Add change note 2020-02-21 13:55:27 +00:00
Asger Feldthaus
a673539c98 JS: Update expected output 2020-02-21 13:51:23 +00:00
Asger Feldthaus
b780bc4d59 JS: Also track into callbacks 2020-02-21 13:51:22 +00:00
Asger Feldthaus
e8e649102f JS: Also propagate out of returns 2020-02-21 13:51:22 +00:00
Asger Feldthaus
8c36b999cc JS: Track flow into calls to bound functions 2020-02-21 13:51:20 +00:00
semmle-qlci
ee5cf95f5b Merge pull request #2892 from asger-semmle/js/field-methods 
Approved by esbena
 2020-02-21 13:49:42 +00:00
semmle-qlci
e163d8d8c8 Merge pull request #2796 from asger-semmle/js/partial-invoke-receiver 
Approved by esbena
 2020-02-21 13:48:43 +00:00
Rasmus Wriedt Larsen
083dd4380b Python: Add example for how to write your own sanitizer 2020-02-21 14:28:48 +01:00
Erik Krogh Kristensen
75410e5760 big refactor of UselessUseOfCal 2020-02-21 14:26:42 +01:00
Rasmus Wriedt Larsen
e804e98d60 Python: Update change-notes 2020-02-21 14:08:09 +01:00