hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 15:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
cf76d31161 C#: Add nomagic pragmas to fix performance issues 2020-12-01 15:16:00 +01:00
Tamas Vajk
b20a08dbac C#: Update DB stats file 2020-12-01 15:16:00 +01:00
James Fletcher
f7fe7c03b8 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-12-01 13:42:53 +00:00
Mathias Vorreiter Pedersen
df29a16365 Merge pull request #4748 from aschackmull/autoformat-callchain 
C++/C#/Java/JavaScript/Python: Autoformat.
 2020-12-01 13:21:19 +01:00
james
5002968e86 restructure codeql docs 2020-12-01 12:00:37 +00:00
Calum Grant
9897a81a5c Merge pull request #4677 from jbj/largeVariable-overflow 
C++: Decrease largeVariable cut-off to 100k
 2020-12-01 11:54:17 +00:00
Tom Hvitved
e86db3c7a1 Merge pull request #4725 from hvitved/csharp/cfg/constant-condition-block 
C#: Always create basic blocks for nodes with a conditional predecessor
 2020-12-01 10:03:17 +01:00
Erik Krogh Kristensen
c50951cbae add missing qldoc 2020-12-01 09:48:35 +01:00
Erik Krogh Kristensen
afbb921c7e add change note 2020-12-01 09:18:40 +01:00
Erik Krogh Kristensen
9a31ed13ac add test case 2020-12-01 09:18:40 +01:00
Erik Krogh Kristensen
dea2eb5443 simplify the logging sink - using the new API-graph logging models 2020-12-01 09:18:40 +01:00
Erik Krogh Kristensen
6f29a877fa move logInjection out of experimental 2020-12-01 09:18:40 +01:00
Erik Krogh Kristensen
f6c358861c convert logging models to use API-graphs 2020-12-01 09:18:36 +01:00
Geoffrey White
9c277b3cb1 C++: Fix a small bug in the ArrayFunction model for FormattingFunction. 2020-11-30 17:55:25 +00:00
Geoffrey White
510bce36f1 C++: Change note. 2020-11-30 17:55:24 +00:00
Geoffrey White
b52ddbfc42 C++: Implement isOutputStream, isOutputString for UserDefinedFormattingFunction as well. 2020-11-30 17:55:24 +00:00
Geoffrey White
c3b16a5fd2 C++: Implement FormattingFunction isOutputStream, isOutputString so that subclasses don't need to be accessed for this information, and can be private. 2020-11-30 17:55:23 +00:00
Rasmus Wriedt Larsen
a08e1db601 Python: Remove leftover note to self in qhelp file 2020-11-30 17:44:18 +01:00
Cornelius Riemenschneider
659e3d46e3 C++: Add vscode snippets for Inline Expectations test. 2020-11-30 17:34:02 +01:00
Cornelius Riemenschneider
0d0fa1b341 C++: Delete difference tests. 2020-11-30 17:33:27 +01:00
Cornelius Riemenschneider
b632ca40b4 C++: Port dataflow/taint-tests to inline expectations test. 2020-11-30 17:32:54 +01:00
Max Schaefer
978d2db252 JavaScript: Add models for more Mongoose methods. 2020-11-30 16:32:13 +00:00
Geoffrey White
99b01e7d36 C++: Additional test case for FormattingFunction. 2020-11-30 15:25:51 +00:00
James Fletcher
4d8983830e Merge pull request #4734 from github/sd-263 
[Docs] Add missing introduction text and improve sidebar toc
 2020-11-30 14:06:21 +00:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Rasmus Wriedt Larsen
94e90aac39 Python: Only one Unit implementation 
Conflict arose since the Unit in DataFlowPrivate was added in a merged PR.

The behavior from this PR will make it match what java does (931322e4c5/java/ql/src/semmle/code/Unit.qll)
 2020-11-30 14:41:47 +01:00
Rasmus Wriedt Larsen
1eac1995a9 Merge branch 'main' into python-untrusted-flow 2020-11-30 14:38:52 +01:00
Anders Schack-Mulligen
88e0759365 Java: Change RemoteUserInput to private instead of removing. 2020-11-30 13:40:53 +01:00
Rasmus Wriedt Larsen
8b2c34e267 Merge pull request #4747 from yoff/python-path-injection-doc 
Python: Fix documentation for path injection.
 2020-11-30 13:17:59 +01:00
James Fletcher
509d153b61 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-11-30 12:12:10 +00:00
Rasmus Lerchedahl Petersen
fd8c696b67 Python: Fix documentation for path injection. 2020-11-30 12:24:35 +01:00
Anders Schack-Mulligen
5a66d6ab93 Java: Improve performance of SSA. 2020-11-30 11:26:03 +01:00
Rasmus Wriedt Larsen
4ab3fff973 Python: Fix untrusted data to external API example 
The hmac.digest function was only added in python 3.7, so obviously doesn't work
on Python 2
 2020-11-30 10:42:30 +01:00
Anders Schack-Mulligen
931322e4c5 Merge pull request #4668 from aschackmull/dataflow/refactor-pruning 
Dataflow: Refactor pruning stages.
 2020-11-30 09:37:04 +01:00
Pavel Avgustinov
74af41c76d Merge pull request #4357 from RasmusWL/design-patterns 
Add docs on CodeQL Design Patterns
 2020-11-30 08:19:15 +00:00
yo-h
7e8bc4a61b Merge commit '2fa9037' into yo-h/java15-merge 2020-11-29 18:42:20 -05:00
Erik Krogh Kristensen
33b2701551 refine isFork to remove false positive when a state has epsilon transition to itself 2020-11-29 21:42:50 +01:00
ihsinme
d088d5b0f3 CPP: Add query for CWE-191 
into experimental this reveals a dangerous comparison
 2020-11-28 15:52:00 +03:00
Erik Krogh Kristensen
d7b22e3b1b update expected output for PolynomialBackTracking 2020-11-27 20:15:27 +01:00
Erik Krogh Kristensen
729073fb43 detect ReDoS when the choices are "match some string" or "match Epsilon" 2020-11-27 20:15:23 +01:00
Rasmus Wriedt Larsen
cbfcfdf883 Python: Fix UntrustedDataToExternalAPI.qhelp 2020-11-27 17:54:22 +01:00
luchua-bc
ad0ac5b874 Change kind to problem 2020-11-27 16:43:57 +00:00
Rasmus Wriedt Larsen
faa5c220c5 Design Patterns: Add advice on abstract classes 2020-11-27 17:38:56 +01:00
Rasmus Wriedt Larsen
452417509f Design Patterns: Reword advice on imports of subclasses 
I had totally overlooked the fact that this doesn't only apply to abstract
classes.
 2020-11-27 17:38:40 +01:00
Cornelius Riemenschneider
644a0fac98 C++: Port dataflow/dataflow-tests to inline expectations test library. 2020-11-27 16:03:15 +01:00
Rasmus Wriedt Larsen
a0c7365ae6 Python: Proper models of json.loads and json.dumps 2020-11-27 15:57:56 +01:00
Tom Hvitved
d4ee8cdd18 C#: Always create basic blocks for nodes with a conditional predecessor 2020-11-27 15:08:33 +01:00
Rasmus Wriedt Larsen
014fbfa86b Python: Add regex FP with + for flags 
Notice that there is no new results for line 54

I also added a test for the short-named version of a flag, just since I didn't
see any of those already. That just works out of the box (due to points-to).
 2020-11-27 14:57:11 +01:00
yoff
346a007bf6 Merge pull request #4720 from RasmusWL/python-better-open-models 
Python: better models of `open` function
 2020-11-27 14:47:10 +01:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00