hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 22:44:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
edc33b6516 C++: Add getOutputParameterIndex override to UserDefinedFormattingFunction and accept test changes 2020-07-15 14:46:08 +02:00
Mathias Vorreiter Pedersen
d711c22cd2 C++: Add testcase demonstrating lost query results 2020-07-15 14:42:45 +02:00
Rasmus Wriedt Larsen
7ac4ea9bf1 Python: CG trace: use standardized etree import 
makes it easy to switch out XML library.
 2020-07-15 14:41:39 +02:00
Rasmus Wriedt Larsen
ba4207fc90 Python: CG trace: sort output before writing/printing 
Allows comparing output of one run with another
 2020-07-15 14:37:41 +02:00
Rasmus Wriedt Larsen
e6873956ca Python: CG trace: add canonic_filename helper 2020-07-15 14:25:42 +02:00
Raul Garcia (MSFT)
3e0481b889 Queries to help on the detection based on misuse of DataSet and DataTable serialization that could lead to security problems. 
https://go.microsoft.com/fwlink/?linkid=2132227
 2020-07-14 17:54:54 -07:00
Robert Marsh
7dd2677746 Merge pull request #3950 from MathiasVP/simple-range-analysis-unsigned-multiplication-tests 
C++: Add test cases for range analysis for unsigned multiplication
 2020-07-14 14:18:06 -07:00
Raul Garcia (MSFT)
896cdf9b12 Merge branch 'master' of https://github.com/github/codeql 2020-07-14 11:16:51 -07:00
Mathias Vorreiter Pedersen
174b30461a C++: Fix syntax error in testfile 2020-07-14 19:47:21 +02:00
Calum Grant
dcff87fb2e Merge pull request #3366 from hvitved/csharp/dataflow/arrays 
C#: Precise data-flow for collections
 2020-07-14 17:12:29 +01:00
Mathias Vorreiter Pedersen
834ad92453 C++: Add test cases for unsigned multiplication and fix missing return value in existing tests 2020-07-14 16:57:47 +02:00
Geoffrey White
37158f46ed C++: Remove deprecated class from test. 2020-07-14 15:36:48 +01:00
semmle-qlci
0bee0687cb Merge pull request #3911 from RasmusWL/python-call-graph-tracing 
Approved by tausbn
 2020-07-14 15:33:45 +01:00
Geoffrey White
3f6d8490e0 C++: Autoformat. 2020-07-14 15:09:12 +01:00
Ian Lynagh
616bad7b5c C++: Add an upgrade script 2020-07-14 13:53:46 +01:00
Ian Lynagh
c254de464a C++: Update stats following static_asserts change 2020-07-14 13:53:01 +01:00
Rasmus Wriedt Larsen
f1601d643a Python: autoformat 2020-07-14 14:12:56 +02:00
Rasmus Wriedt Larsen
1d9c3b3bcd Python: call-graph tracing: callable => callee 
to use consistent naming
 2020-07-14 14:12:02 +02:00
semmle-qlci
f8c03dcae6 Merge pull request #3924 from RasmusWL/python-metrics-queries-for-dist-compare 
Approved by tausbn
 2020-07-14 13:03:02 +01:00
Rasmus Wriedt Larsen
ee42d0839e Python: Rename target => callee 
To use a standardised naming :)
 2020-07-14 11:26:05 +02:00
Rasmus Wriedt Larsen
d913d33289 Python: Autoformat 2020-07-14 11:21:55 +02:00
Taus
ee13e87f3b Merge pull request #3947 from RasmusWL/python-fix-tests 
Python: Make experimental/library-tests/CallGraph pass for Python 2
 2020-07-13 22:10:34 +02:00
Arthur Baars
67b6018079 Merge pull request #3729 from luchua-bc/java-hardcoded-aws-credentials 
Java: Hardcoded AWS credentials
 2020-07-13 18:04:42 +02:00
Rasmus Wriedt Larsen
dc7d92ba2f Python: Autoformat experimental/library-tests/CallGraph/ 2020-07-13 16:20:02 +02:00
Geoffrey White
646efe2a20 C++: Deprecate ConversionConstructor. 2020-07-13 15:04:39 +01:00
Arthur Baars
c585b2e483 Java: stack trace exposure: address false positives 2020-07-13 15:26:55 +02:00
Geoffrey White
61178c5330 Merge branch 'master' into copymove 2020-07-13 14:11:12 +01:00
Rasmus Wriedt Larsen
83bd14b687 Python: Make experimental/library-tests/CallGraph pass for Python 2 
The import doesn't actually work the intended way, so running
```
$ python python/ql/test/experimental/library-tests/CallGraph/test.py
```

will procude no output. but our extractor will extract the things we need, so
for a quick fix this will need to suffice.
 2020-07-13 14:52:28 +02:00
luchua-bc
12803f1f53 Merge Hardcoded AWS Credentials check into the mail source folder 2020-07-13 12:22:34 +00:00
Arthur Baars
b1e604b490 Java: treat Stack.push as data flow instead of taint flow 2020-07-13 11:36:34 +02:00
Arthur Baars
a484aff76d Java: improve comments 2020-07-13 11:09:05 +02:00
Geoffrey White
6519629472 Merge pull request #3942 from MathiasVP/remove-abstract-preprocessor 
C++: Remove abstract classes from Preprocessor.qll
 2020-07-13 10:00:50 +01:00
Rasmus Wriedt Larsen
3127bb27d0 Python: Remove strange empty line 2020-07-13 10:55:43 +02:00
Rasmus Wriedt Larsen
0b6c3ff99d Python: Don't use PointsTo module name in metrics query 
To avoid confusion with the normal PointsTo module in
python/ql/src/semmle/python/pointsto/PointsTo.qll
 2020-07-13 10:46:03 +02:00
Rasmus Wriedt Larsen
a7d23063de Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2020-07-13 10:44:19 +02:00
dilanbhalla
48e540fa9a minor fixes 2020-07-13 01:25:42 -07:00
dilanbhalla
db6d5c329f file/buffer write dataflow queries complete 2020-07-13 00:57:05 -07:00
Mathias Vorreiter Pedersen
d6da318645 C++: Remove abstract classes from Preprocessor.qll 2020-07-10 21:55:14 +02:00
Jonathan Leitschuh
1f6615b3b8 Merge branch 'master' into feat/JLL/jOOQ_SQL_injection 
* master: (485 commits)
  C++: Remove @stmt_while from the TConditionalStmt union type.
  C++: Remove abstract classes from Stmt.qll
  Drop Map.merge as taint step
  Add the printAst.ql contextual query for C++
  Fix modelling of Stack.push
  C#: Sync identical files
  C++: Replace getResultType() with getResultIRType() in IR dataflow
  C++: Replace getResultType() with getResultIRType() in IR range analysis
  C++: Introduce isSigned() and isUnsigned() predicates on IRIntegerType to mirror IntegralType
  Add missing java import
  Add missing java import
  Mark ServletUrlRedirectSink private
  Java: model Object.clone
  Add file-level qldoc
  Optimize imports
  Join ServletUrlRedirectSink with UrlRedirectSink
  Extend UrlRedirectSink from DataFlow::Node
  Remove superfluous imports
  Java: ContainerFlow add comments
  Generalize QueryInjectionSink
  ...
 2020-07-10 14:37:41 -04:00
Dave Bartolomeo
912c50a881 Merge pull request #3937 from MathiasVP/replace-result-type-with-ir-result-type 
C++: Replace getResultType() with getResultIRType()
 2020-07-10 13:37:30 -04:00
Geoffrey White
456a05ecd5 Merge pull request #3940 from MathiasVP/remove-abstract-stmt 
C++: Remove abstract classes and predicates from Stmt.qll
 2020-07-10 16:41:45 +01:00
Mathias Vorreiter Pedersen
7cc83da97a C++: Remove @stmt_while from the TConditionalStmt union type. 2020-07-10 15:51:34 +02:00
Taus
df3eb9f9c5 Merge pull request #3790 from RasmusWL/python-add-annotated-callgraph-tests 
Python: Add annotated call-graph tests
 2020-07-10 15:38:38 +02:00
Geoffrey White
2941f413f9 Merge pull request #3931 from aeisenberg/aeisenberg/cpp-print-ast 
Add the printAst.ql contextual query for C++
 2020-07-10 14:08:25 +01:00
Philippe Antoine
bf7e3a004e Reverting to enclosing block logic 2020-07-10 14:58:00 +02:00
Philippe Antoine
50b2b12ce2 put back missing condition 2020-07-10 14:41:35 +02:00
Philippe Antoine
3117c67a66 Updates result message to be more precise 2020-07-10 14:26:09 +02:00
Mathias Vorreiter Pedersen
567984af3d C++: Remove abstract classes from Stmt.qll 2020-07-10 14:21:56 +02:00
Anders Schack-Mulligen
a1d272e870 Merge pull request #3918 from aibaars/organise-container-flow 
Java: Clean up ContainerFlow, consider more methods
 2020-07-10 14:19:44 +02:00
Arthur Baars
43b61038e9 Drop Map.merge as taint step 2020-07-10 13:00:14 +02:00