hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 23:14:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
5c2f1169d0 Merge pull request #3679 from asger-semmle/js/dom-value-ref-restriction 
Approved by erik-krogh, esbena
 2020-06-12 07:39:26 +01:00
Esben Sparre Andreasen
243e3ad9e3 Merge pull request #3672 from esbena/js/server-crashing-route-handler 
JS: add initial version of ServerCrash.ql
 2020-06-12 08:38:37 +02:00
Robert Marsh
65f4ef712e C++: accept false positive tests after merge 
The IR false positives are due to the same path length limit as the AST
false positives on the same line.
 2020-06-11 15:27:13 -07:00
Erik Krogh Kristensen
5b491313ad add simple query for detecting sensitive files downloaded over unsecure connection 2020-06-11 23:19:28 +02:00
Erik Krogh Kristensen
065cb04202 make PropNode private again 2020-06-11 23:19:03 +02:00
Erik Krogh Kristensen
ef72c03ca9 use simpler taint-step for DestructingPattern 2020-06-11 23:16:46 +02:00
Marcono1234
7cd6dd27a6 Add link to Java regex Pattern documentation to language.rst 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-06-11 23:02:59 +02:00
intrigus-lgtm
422b059aec Fix typo 2020-06-11 22:54:13 +02:00
Robert Marsh
a7efa0d602 Merge branch 'master' into ir-this-parameter-2 2020-06-11 13:21:52 -07:00
Mathias Vorreiter Pedersen
b78c06559e Merge pull request #3691 from geoffw0/reftest 
C++: Add a test case for CWE-114 involving pointers and references.
 2020-06-11 22:02:45 +02:00
Geoffrey White
fdd7ad2300 C++: Add a SideEffectFunction model to 'system'. 2020-06-11 18:59:17 +01:00
Geoffrey White
e8b34e07f8 C++: Add an AliasFunction model to 'system'. 2020-06-11 18:44:41 +01:00
Geoffrey White
7fee2c239d C++: Add an ArrayFunction model to 'system'. 2020-06-11 18:44:09 +01:00
Geoffrey White
b38a7a9ffc C++: Fill out ArrayFunction model for 'fgets'. 2020-06-11 18:20:24 +01:00
Robert Marsh
ae46a8d8a1 Merge pull request #3692 from igfoo/blockstmt 
C++: Fix reference to `Block`
 2020-06-11 09:49:19 -07:00
Geoffrey White
40c20f2731 C++: Add the test for DefaultTaintTracking as well. 2020-06-11 17:37:05 +01:00
Geoffrey White
2f192f6a0c C++: Add a test of char* -> std::string -> char* taint. 2020-06-11 17:37:05 +01:00
Dave Bartolomeo
41df7000c5 Merge from master, including fixing up merge conflicts 2020-06-11 12:20:46 -04:00
Ian Lynagh
fd88289e46 C++: Fix reference to Block 
We don't call it `BlockStmt`.
 2020-06-11 16:50:23 +01:00
Asger Feldthaus
475c631ff9 JS: Fix a misleading javadoc comment 2020-06-11 16:16:51 +01:00
Dave Bartolomeo
b116a3e8ea C#: Rename IR module references to point to experimental 2020-06-11 10:24:01 -04:00
Anders Schack-Mulligen
c961a31789 Java: Add Expr.getAnEnclosingStmt. 2020-06-11 13:46:12 +02:00
semmle-qlci
c2de54f5ca Merge pull request #3685 from shati-patel/ast-go-edits 
Approved by felicitymay, owen-mc
 2020-06-11 12:43:20 +01:00
Esben Sparre Andreasen
169c8909df formatting 2020-06-11 13:28:26 +02:00
Esben Sparre Andreasen
bc7f02156b JS: replace class with two predicates (and improve alert message) 2020-06-11 13:20:46 +02:00
Erik Krogh Kristensen
7c7af8d841 less heuristics when flagging division that is rounded 2020-06-11 12:55:13 +02:00
Erik Krogh Kristensen
f1b24ba901 use type inference to detect string concatenations 2020-06-11 12:34:58 +02:00
Esben Sparre Andreasen
2e059376fd JS: add query js/disabling-certificate-validation 2020-06-11 12:32:01 +02:00
Erik Krogh Kristensen
f634c62af5 remove redundant check 2020-06-11 12:18:41 +02:00
Shati Patel
2874050503 CodeQL for Go: Edit AST reference 2020-06-11 10:49:19 +01:00
Rasmus Wriedt Larsen
a24974b194 Python: Add missing <p> to qhelp 2020-06-11 11:45:38 +02:00
Anders Schack-Mulligen
f23eb0432e Java: Improve qldoc for JavadocTag. 2020-06-11 11:44:50 +02:00
Rasmus Wriedt Larsen
33a9fb6034 Python: Reorder XSLT qhelp to be valid 2020-06-11 11:30:54 +02:00
Tom Hvitved
ca531cbb9a C#: Rename a class 2020-06-11 11:26:25 +02:00
Tom Hvitved
8395980fb1 C#: Recognize more calls to IHtmlHelper.Raw 
Generalize logic by recognizing not only calls to
`Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw()`, but calls to all `Raw()`
methods that implement `Microsoft.AspNetCore.Mvc.Rendering.IHtmlHelper.Raw()`.
 2020-06-11 11:26:25 +02:00
Erik Krogh Kristensen
c375a0c611 fix compilation and update expected output 2020-06-11 11:16:38 +02:00
Owen Mansel-Chan
ab52010674 Give general syntax instead of examples for exprs 2020-06-11 10:06:46 +01:00
Owen Mansel-Chan
3ca5d34d9b Add more links to java AST class reference 
Using the explicit hyperlink target feature of rst to keep the text in
the tables short and put all the URLs at the end of the document
 2020-06-11 10:06:46 +01:00
Owen Mansel-Chan
84a4630eaf Move explicit hyperlink targets to the bottom 2020-06-11 10:06:42 +01:00
Erik Krogh Kristensen
1124816f73 fixing FPs in js/biased-cryptographic-random 2020-06-11 11:06:02 +02:00
Calum Grant
5e021c24c1 Merge pull request #3652 from hvitved/csharp/dataflow/impl-layer 
C#: Refactor data-flow predicates defined by dispatch
 2020-06-11 10:01:50 +01:00
Asger Feldthaus
4bb2e8b637 JS: Update test externs and include array indices 2020-06-11 09:53:55 +01:00
Pavel Avgustinov
60df00c7e3 Merge pull request #3669 from github/sj-patch-contributing-SLA 
Update CONTRIBUTING.md to clarify that CLAs are no longer required
 2020-06-11 09:17:11 +01:00
Shati Patel
d9d0903084 Merge pull request #3681 from github/rc/1.24 
Merge rc/1.24 into master
 2020-06-11 09:00:57 +01:00
Max Schaefer
cee248520e Merge pull request #3675 from owen-mc/ast-class-reference-for-go 
AST class reference for go
 2020-06-11 08:05:41 +01:00
Rasmus Lerchedahl Petersen
b5703cd3f6 Python: link to FP report in test file 2020-06-11 07:14:48 +02:00
Robert Marsh
982fb38807 Merge pull request #3419 from MathiasVP/flat-structs 
C++: Add reverse reads to IR field flow
 2020-06-10 14:31:00 -07:00
ubuntu
e8b05b70c4 Added support for detecting unsafe methods used for origin verification 2020-06-10 23:11:03 +02:00
ubuntu
cf3142e083 Updated qhelp with a third example 2020-06-10 23:09:35 +02:00
ubuntu
92f9f320f9 Added new example of an unsafe event.origin verification 2020-06-10 23:07:05 +02:00