hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 22:44:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
8b4b5781e6 JavaScript: Add utility predicate getBasePortal(i). 
This iterates the existing `getBasePortal()` predicate `i` times.
 2020-07-09 09:08:18 +01:00
Robert Marsh
0e66d0892b Merge pull request #3785 from MathiasVP/dataflow-operand-nodes 
C++: Operands as dataflow nodes
 2020-07-08 14:50:54 -07:00
Arthur Baars
6367eb9ee8 Address review comments 2020-07-08 22:08:27 +02:00
lcartey@github.com
0638b512bc C++: Support custom range expression modeling for variable accesses 2020-07-08 17:56:31 +01:00
dilanbhalla
6e6921b11e implemented pr fixes 2020-07-08 09:23:52 -07:00
dilanbhalla
05a4798b5e working on implementing pr fixes 2020-07-08 09:19:46 -07:00
Ian Lynagh
71b70b4bd0 C++: Give static_assert's an enclosing element 2020-07-08 17:10:43 +01:00
Remco Vermeulen
5f560e0465 Extract HeaderSplittingSink and WhitelistedSource 
- Extract `HeaderSplittingSink` and `WhitelistedSource` into an
importable library.
- Rename the existing `HeaderSplittingSink` implementation to
`ServletHeaderSplittingSink`.
 2020-07-08 17:17:24 +02:00
lcartey@github.com
b4929dbb97 C++: Adopt range analysis interface in the SimpleRangeAnalysis library 2020-07-08 16:00:44 +01:00
lcartey@github.com
5c1275ec5d C++: Add an interface for exprs that can contribute to range analysis 2020-07-08 16:00:07 +01:00
Remco Vermeulen
170be9ffe8 Move UrlRedirectSink into importable library 
- The `UrlRedirect` class is renamed to `ServletUrlRedirect`.
- Abstract class `UrlRedirectSink` is defined that can be imported and
used to customise CWE-601 via Customizations.qll
 2020-07-08 16:47:51 +02:00
Jonas Jensen
0bbbfe58cf Merge pull request #3916 from geoffw0/cc_followup2 
C++: Add missing constructor taint test
 2020-07-08 16:35:47 +02:00
Remco Vermeulen
06517c6f82 Move QueryInjectionSink into importable library 
This enables defining of new sinks to customise the CWE-089 queries.
 2020-07-08 16:24:06 +02:00
Arthur Baars
e8f216c761 Merge remote-tracking branch 'upstream/master' into set-map-list-copy-of 2020-07-08 15:11:13 +02:00
Anders Schack-Mulligen
bf5c5297d3 Merge pull request #3897 from aibaars/util-objects 
Java: data flow for `java.util.Objects`
 2020-07-08 15:07:50 +02:00
Anders Schack-Mulligen
528f250af3 Merge pull request #3653 from lcartey/java/improve-spring-support 
Java: Improve modelling of Spring requests, flow steps and XSS sinks
 2020-07-08 15:00:14 +02:00
Luke Cartey
443c13d516 Merge pull request #2 from aschackmull/java/spring-3653-2 
Java: Fix qltests for https://github.com/github/codeql/pull/3653
 2020-07-08 13:19:45 +01:00
Anders Schack-Mulligen
b88ebd69c1 Java: Fix OgnlInjection qltest 2020-07-08 14:12:27 +02:00
Anders Schack-Mulligen
a4fe4f41b9 Java: Fix JndiInjection qltest 2020-07-08 14:09:08 +02:00
Anders Schack-Mulligen
581d496167 Java: Fix LdapInjection qltest 2020-07-08 14:04:01 +02:00
Arthur Baars
72a24972e7 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-07-08 13:30:24 +02:00
Rasmus Wriedt Larsen
32219e58c0 Python: Add basic call-graph metric queries 
For use with dist-compare
 2020-07-08 13:29:54 +02:00
Anders Schack-Mulligen
48e4759632 Merge branch 'master' into java/spring-3653-2 2020-07-08 13:06:51 +02:00
semmle-qlci
6ef7288848 Merge pull request #3922 from aschackmull/java/stub-cleanup 
Approved by aibaars
 2020-07-08 12:04:39 +01:00
Geoffrey White
61dfebceb9 C++: Add getFullyConverted() as suggested. 2020-07-08 11:28:39 +01:00
Erik Krogh Kristensen
022cafebd3 make sure the consisntecy-checking library does not mix configurations 2020-07-08 10:28:41 +02:00
Anders Schack-Mulligen
b38839e84e Merge pull request #3920 from Marcono1234/patch-3 
Improve VariableAssign.getSource documentation
 2020-07-08 10:25:13 +02:00
Erik Krogh Kristensen
ec38df69b3 update consistency comments for CWE-918 2020-07-08 10:24:55 +02:00
Erik Krogh Kristensen
c5285f7418 update inconsistency comment for CWE-843 2020-07-08 10:16:43 +02:00
Erik Krogh Kristensen
45b6906a0d move comments to match alert location for CWE-834 2020-07-08 10:16:04 +02:00
Erik Krogh Kristensen
71a3d49d2b update comments to match alert location for CWE-807 2020-07-08 10:15:26 +02:00
Erik Krogh Kristensen
d814e73023 update comment position to match alert location for CWE-798 2020-07-08 10:12:12 +02:00
Erik Krogh Kristensen
bcffc97de7 update comment position to match alert location for CWE-776 2020-07-08 10:10:31 +02:00
Erik Krogh Kristensen
2235634347 update consistency comments for CWE-754 2020-07-08 10:08:51 +02:00
Anders Schack-Mulligen
6eac8e82a3 Java: Consolidate spring-ldap-2.3.2 stubs. 2020-07-08 10:08:44 +02:00
Erik Krogh Kristensen
0d64a0f2c8 update consistency comment for CWE-730 2020-07-08 10:07:34 +02:00
Erik Krogh Kristensen
5a87628478 update consistency comments for CWE-611 2020-07-08 10:03:03 +02:00
Erik Krogh Kristensen
1f1c09af02 update consistency comments for CWE-601 2020-07-08 10:02:29 +02:00
Erik Krogh Kristensen
ce6a211340 update inconsistency comment for CWE-506 2020-07-08 10:01:40 +02:00
Erik Krogh Kristensen
bf36137834 update inconsistency comment for CWE-346 2020-07-08 10:01:04 +02:00
Erik Krogh Kristensen
16b0427dc4 update inconsistency comment for CWE-338 2020-07-08 10:00:19 +02:00
Anders Schack-Mulligen
40b9d34ab9 Java: Consolidate springframework-5.2.3 stubs 2020-07-08 09:57:48 +02:00
Erik Krogh Kristensen
9bcbedde46 update consistency comment in passwords.js 2020-07-08 09:55:00 +02:00
Erik Krogh Kristensen
664c5e64b4 add [INCONSISTENCY] comment in CodeInjection test 2020-07-08 09:48:12 +02:00
Erik Krogh Kristensen
00e900f1b1 only include named topmost package.json files for js/shell-command-constructed-from-input 2020-07-08 09:25:08 +02:00
Anders Schack-Mulligen
c166fee198 Merge pull request #3894 from aibaars/util-arrays 
Java: model taint for java.util.Arrays
 2020-07-08 09:06:40 +02:00
Marcono1234
00a61816c0 Improve VariableAssign.getSource documentation 2020-07-07 22:37:58 +02:00
Dave Bartolomeo
6f7a8d029c C++: Move .gitignore into autobuilder directory 
On second thought, I'm going to make this apply only to the AutoBuilder directory. C# has it in the root of `csharp`, but they need it for their extractor as well.
 2020-07-07 16:31:46 -04:00
Dave Bartolomeo
d3bcc1dae4 C++: Add .gitignore for autobuilder 
C# has its own additional `.gitignore` to ignore the output files of the AutoBuilder build. Now that we have our own AutoBuilder in C++, we need the same thing.
 2020-07-07 16:27:43 -04:00
Taus
548fceb306 Merge pull request #3917 from RasmusWL/python-fix-experimental-tests 
Python: Fix experimental tests
 2020-07-07 22:05:47 +02:00