hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-15 15:34:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sharad
95f8ba433e Java: Fix training example 2020-06-22 12:21:15 -07:00
Robert Marsh
231b85cb11 C++: File-level QLDoc for publicly imported models 2020-06-22 11:43:43 -07:00
Alessio Della Libera
a759905a5c Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-22 20:37:38 +02:00
toufik-airane
364f0ca734 rewrite description 2020-06-22 20:11:58 +02:00
toufik-airane
ac8991b192 remove JWTMissingSecretOrPublicKeyVerification.qll 2020-06-22 20:09:48 +02:00
toufik-airane
d9ecb7d762 rewrite help 2020-06-22 20:06:17 +02:00
toufik-airane
d65b7be32b rewrite help 2020-06-22 20:00:52 +02:00
Toufik Airane
bb7ba50e23 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 19:27:36 +02:00
james
3fa49a9771 address review comment about sentence style 2020-06-22 17:07:10 +01:00
James Fletcher
676d486635 Apply suggestions from code review 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-06-22 17:03:31 +01:00
Asger Feldthaus
1efd71a681 JS: Sort security suite 2020-06-22 16:40:55 +01:00
Asger Feldthaus
8cc41a0c84 JS: Add new queries to security suite 2020-06-22 16:40:19 +01:00
Asger F
a067cd35aa Merge pull request #3756 from esbena/js/delay-slow-query-merge 
JS: delay merging two slow queries
 2020-06-22 16:35:15 +01:00
Asger F
7d54b02fb9 Merge branch 'js-team-sprint' into js/delay-slow-query-merge 2020-06-22 16:34:49 +01:00
Asger F
4a459c8a7d Merge pull request #3755 from esbena/js/polish-imcs 
JS: polish js/incomplete-html-attribute-sanitization
 2020-06-22 16:32:16 +01:00
Jonas Jensen
39137510ba Merge pull request #3736 from rneatherway/exclude-cs-vulnerable-package 
Exclude dependency-based query from C# Code Scanning
 2020-06-22 17:27:23 +02:00
Geoffrey White
466f36c7e1 C++: Autoformat. 2020-06-22 16:04:32 +01:00
Rasmus Wriedt Larsen
d5895c16c8 Python: Changing signature in overriden method is not an error 
Rather, fulfiling the Liskov substitution principle is an opinionated
recommendation. Looking at `py/inheritance/incorrect-overridden-signature` and
`py/mixed-tuple-returns`, it seems very appropriate that this should have
`@severity recommendation`, and `@sub-severity high`.
 2020-06-22 16:58:52 +02:00
Rasmus Lerchedahl Petersen
e8289d6fa1 Python: add regression tests and organise tests 2020-06-22 16:36:19 +02:00
Asger Feldthaus
5cd2c7cdb2 JS: Reduce precision of js/unused-npm-dependency 2020-06-22 15:25:24 +01:00
Rasmus Lerchedahl Petersen
aa04a2a476 Python: sync dataflow files 2020-06-22 14:56:11 +02:00
Esben Sparre Andreasen
d4ad9a8bb2 Update change-notes/1.25/analysis-javascript.md 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-22 14:55:27 +02:00
Rasmus Lerchedahl Petersen
656c76558a Merge branch 'master' of github.com:github/codeql into SharedDataflow 
To sync dataflow files
 2020-06-22 14:55:04 +02:00
Esben Sparre Andreasen
9a0bbb31f4 Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" 
This reverts commit eca5e2df8a, reversing
changes made to 1548eca994.
 2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen
0a8d15ccc4 Revert "Merge pull request #3672 from esbena/js/server-crashing-route-handler" 
This reverts commit 243e3ad9e3, reversing
changes made to df79f2adc5.
 2020-06-22 14:45:35 +02:00
Esben Sparre Andreasen
3be094ea5b JS: polish js/incomplete-html-attribute-sanitization 2020-06-22 14:35:00 +02:00
Rasmus Lerchedahl Petersen
13bb971b05 Python: sort out some enclosing callable confusion 2020-06-22 14:26:25 +02:00
Jonas Jensen
5a5df4de26 Revert "Merge pull request #3419 from MathiasVP/flat-structs" 
There was unfortunately a semantic merge conflict between #3419 and
 #3587 that caused a performance regression on (at least) OpenJDK.

This reverts commit 982fb38807, reversing
changes made to b841cacb83.
 2020-06-22 14:09:06 +02:00
semmle-qlci
7a5aae7432 Merge pull request #3630 from erik-krogh/DevServer 
Approved by asgerf
 2020-06-22 12:59:13 +01:00
Asger F
56124b68a3 Update javascript/ql/src/Security/CWE-079/ExceptionXss.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 12:54:19 +01:00
Rasmus Wriedt Larsen
daa1b6fc79 Python: Fix grammar in QLDoc 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-06-22 13:41:03 +02:00
Rasmus Wriedt Larsen
287bc40264 Merge pull request #3743 from tausbn/python-fix-deprecated-terms 
Python: Fix a bunch of deprecated terms.
 2020-06-22 13:36:06 +02:00
semmle-qlci
7f29465f35 Merge pull request #3752 from erik-krogh/limitStr 
Approved by asgerf
 2020-06-22 12:31:49 +01:00
toufik-airane
4853b8a281 Try to finish the PR 
- Add help documentation
- Empty qll file
- rename examples
 2020-06-22 13:26:13 +02:00
semmle-qlci
e06a54c33d Merge pull request #3494 from hvitved/dataflow/partial-flow-access-path-limit 
Approved by aschackmull
 2020-06-22 12:09:00 +01:00
James Fletcher
5ebaa1d303 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-06-22 12:07:42 +01:00
Rasmus Lerchedahl Petersen
8d564e06d7 Python: sync data flow files 2020-06-22 12:16:11 +02:00
Geoffrey White
104298e09a Merge branch 'master' into models5 2020-06-22 10:59:15 +01:00
Asger Feldthaus
1edb2a1892 JS: Rephrase XSS queries that use exception/dom text as source 2020-06-22 10:44:46 +01:00
Calum Grant
f2f020fa51 Merge pull request #3610 from hvitved/csharp/dataflow/call-sensitivity 
C#: Add call-sensitivity to data-flow call resolution
 2020-06-22 10:36:45 +01:00
Rasmus Lerchedahl Petersen
94a828aca2 Merge branch 'master' of github.com:github/codeql into SharedDataflow 
To avoid CodeScan check failing
 2020-06-22 11:29:00 +02:00
Rasmus Lerchedahl Petersen
b65e6fba9e Python: attempt at capturing maximal flows 
(this is what used to be "all flows")
 2020-06-22 11:28:28 +02:00
Esben Sparre Andreasen
0654823b97 Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen
f1dad0d6e0 Update DisablingCertificateValidation.qhelp 2020-06-22 11:24:33 +02:00
Esben Sparre Andreasen
3e898487e8 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-22 11:23:40 +02:00
Rasmus Lerchedahl Petersen
cc8367bff2 Python: update readme with lessons learned 2020-06-22 11:22:32 +02:00
Anders Schack-Mulligen
71665a02fa Merge pull request #3737 from Marcono1234/patch-1 
Simplify NoAssignInBooleanExprs.ql
 2020-06-22 10:46:00 +02:00
Erik Krogh Kristensen
8d1b080d78 limit size of getStringValue 2020-06-22 10:29:53 +02:00
Tom Hvitved
72e6c9c2b1 Data flow: Use accessPathLimit() in partial flow as well 2020-06-22 10:08:51 +02:00
Rasmus Lerchedahl Petersen
47819bbcda Python: obtain remaining expected flows 
- implement encosing callable for more nodes
 - implement extra flow for ESSA global variables
 2020-06-22 07:36:09 +02:00