hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 15:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.2
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
james
ac2d621558 update search settings in docs template 2020-12-04 17:08:26 +00:00
james
18fc33c78c update links to codeql cli manual 2020-12-04 17:08:26 +00:00
james
f659e6c9df fix table in go article 2020-12-04 17:08:26 +00:00
james
e346b479d2 update links in banner 2020-12-04 17:08:26 +00:00
james
5d717a53fa fix some table formatting and update some links 2020-12-04 17:08:26 +00:00
james
b62d01a74f update links to query help and libraries landing pages 2020-12-04 17:08:26 +00:00
james
8c4c6501ee update links to standard library reference pages 2020-12-04 17:08:26 +00:00
Jonas Jensen
bc340e210b Merge pull request #4745 from ihsinme/main 
CPP: Add query for CWE-191 into experimental this reveals a dangerous comparison
 2020-12-04 18:00:41 +01:00
yo-h
54d7cac46d Merge pull request #4718 from aschackmull/java/cleanup-deprecated 
Java: Remove some deprecated classes.
 2020-12-04 11:17:14 -05:00
yo-h
a5393b4661 Merge pull request #4746 from aschackmull/java/ssa-perf 
Java: Improve performance of SSA.
 2020-12-04 11:16:39 -05:00
Tom Hvitved
5d73566859 C#: Add tests for PersistentCookie.ql 2020-12-04 17:14:00 +01:00
Tamás Vajk
4226467556 Merge pull request #4678 from tamasvajk/feature/external-api-untrusted-data 
C#: Add queries to check untrusted data flow to external APIs
 2020-12-04 15:03:09 +01:00
Rasmus Wriedt Larsen
608ce50399 Python: Expose HTTP verbs in HTTP concept 
Let's discuss whether doing it this way is reasonable, since I'm not 100% sure
whether this fits into "concepts" or not.
 2020-12-04 14:04:56 +01:00
Rasmus Wriedt Larsen
c7ab78f8c2 Python: Add modeling of django class based view handlers 
BUT, since MyCustomViewBaseClass.post (django-v2-v3/testapp/views.py) and
Foo.post (django-v2-v3/routing_test.py) aren't handled, this raises important
question about how to do MRO without points-to :S
 2020-12-04 14:03:59 +01:00
Cornelius Riemenschneider
2ea9b4a62b Merge pull request #4719 from geoffw0/issue84 
C++: Create tests readme.
 2020-12-04 13:49:56 +01:00
Tamas Vajk
aa3ae0f567 Remove calls to deprecated predicates 2020-12-04 13:28:14 +01:00
Jonas Jensen
9cf318b72c C++: Autoformat the new query 
Tweak whitespace, also in the alert message.
 2020-12-04 13:27:07 +01:00
Rasmus Wriedt Larsen
4ead118a31 Python: Add class based route handler in django tests 
Disabled CSRF middleware for now, since it blocked my debugging curl POST requests :(
 2020-12-04 13:27:01 +01:00
Tamas Vajk
d55fbc8a05 Add test cases for safe API calls 2020-12-04 13:26:53 +01:00
Tamas Vajk
24670160c2 Address code review findings 2020-12-04 13:26:53 +01:00
Tamas Vajk
cd5c1f06ee C#: Add queries to check untrusted data flow to external APIs 2020-12-04 13:26:53 +01:00
Tom Hvitved
9afce31e92 C#: Add one more CFG test for nested finally blocks 2020-12-04 13:26:00 +01:00
Jonas Jensen
bf88df8134 C++: CRLF -> LF line endings 2020-12-04 13:25:32 +01:00
Tom Hvitved
37f32f4014 C#: Improve join-order in DefaultToString.qll 2020-12-04 13:05:53 +01:00
Rasmus Wriedt Larsen
ffdbecfbb7 Python: Simplify getARouteHandler for Django 2020-12-04 11:29:52 +01:00
CodeQL CI
0f5f0ed99e Merge pull request #4776 from asgerf/js/electron-openshell 
Approved by erik-krogh
 2020-12-04 09:12:44 +00:00
Asger F
22dbaf28ab Merge pull request #4709 from asgerf/js/typescript-4.1 
JS: Support for TypeScript 4.1
 2020-12-04 09:10:14 +00:00
Asger Feldthaus
f0516dd9e0 JS: Address review comments 2020-12-04 09:07:44 +00:00
Jonas Jensen
b4be72268d Merge pull request #4722 from rdmarsh2/rdmarsh2/cpp/range-analysis-overflow-perf 
C++: Filter out lower bounds on overflowing exprs
 2020-12-04 08:29:21 +01:00
ihsinme
69ed608a11 Update UnsignedDifferenceExpressionComparedZero.ql 2020-12-04 09:47:11 +03:00
Robert Marsh
b45f7846db C++: autoformat 2020-12-03 15:48:42 -08:00
Erik Krogh Kristensen
cc98c41dd6 revert marking repetitions with possibly empty body as forks 2020-12-03 20:08:07 +01:00
Geoffrey White
13d9d5dc45 C++: Use [,] more in general. 2020-12-03 18:50:43 +00:00
Geoffrey White
2a4fba0ff9 C++: Use [,] more in models. 2020-12-03 17:27:31 +00:00
Erik Krogh Kristensen
47488f86b5 update test 2020-12-03 16:58:08 +01:00
Erik Krogh Kristensen
3bad75dae5 better support for forms in js/xss-through-dom 2020-12-03 16:57:41 +01:00
Asger Feldthaus
20d9848f07 JS: Add test case 2020-12-03 15:08:43 +00:00
Asger Feldthaus
68d2bc861d JS: Update test expectations 2020-12-03 15:01:50 +00:00
Asger Feldthaus
e66a49bea6 JS: Change note 2020-12-03 13:58:40 +00:00
Asger Feldthaus
ec6b8d6d3a JS: Remove old workaround for template literals in import 2020-12-03 13:58:40 +00:00
Asger Feldthaus
757398f5fd JS: Add upgrade script and stats 2020-12-03 13:58:39 +00:00
Asger Feldthaus
3b3052d792 JS: Autoformat 2020-12-03 13:58:39 +00:00
Asger Feldthaus
5676891e44 JS: Add TemplateLiteralTypeExpr 2020-12-03 13:58:39 +00:00
Asger Feldthaus
9da5c5cc70 JS: Update to TypeScript 4.1.2 2020-12-03 13:58:39 +00:00
Asger F
254072dd6d Merge pull request #4546 from toufik-airane/main 
JS: Add ElectronShellOpenExternalSink class for Electron framework security
 2020-12-03 13:20:46 +00:00
Rasmus Wriedt Larsen
a9ce067e15 Python: Add examples of Path Injection FPs seen 
Not quite sure how to deal with these cases of safe if UNIX-only, otherwise not
safe.

If/when we actually try to deal with these, we also need to figure that
out. We _could_ split this queyr into 3: (1) for path injection on any
platform, (2) path injection on windows, (3) path injection on UNIX. Then
UNIX-only projects could disable the path-injection on windows query. -- that's
my best idea, if you have better ideas, DO tell 👍
 2020-12-03 13:41:55 +01:00
Rasmus Wriedt Larsen
e8f63311ac Python: Model abspath and realpath (for Path Injection) 2020-12-03 13:41:54 +01:00
Rasmus Wriedt Larsen
bd5cf80352 Python: Add Path Injection tests for realpath and abspath 
Not supported currently
 2020-12-03 13:41:53 +01:00
Rasmus Wriedt Larsen
e53ed478ab Python: Highlight os.path.join behavior with absolute paths 2020-12-03 13:41:52 +01:00
Rasmus Wriedt Larsen
4d9f24a24c Python: Rewrite path injection tests 
To match how you would normally structure your application code. In itself not
that important, but makes it easier to add more tests :)
 2020-12-03 13:41:26 +01:00