hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-15 23:44:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
ce5356f592 change note 2020-05-14 09:48:50 +02:00
Erik Krogh Kristensen
4175d36269 add test case 2020-05-14 09:46:54 +02:00
Erik Krogh Kristensen
b727fa81a0 add a path sanitizer to zipslip 2020-05-14 09:46:50 +02:00
Erik Krogh Kristensen
71e7083dcb add "linkname" as a file-name-property for zip-slip 2020-05-14 09:06:23 +02:00
Erik Krogh Kristensen
a19718a10f add fs.link and fs.linkSync as writing file system calls 2020-05-14 09:00:50 +02:00
Mathias Vorreiter Pedersen
671242ce5e C++: Add upgrade script 2020-05-14 08:49:34 +02:00
Mathias Vorreiter Pedersen
dbba2269ad C++: Add stats 2020-05-14 08:47:16 +02:00
yoff
e5eadf9126 Update python/ql/test/query-tests/Functions/general/protocols.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-05-14 07:34:53 +02:00
Rasmus Lerchedahl Petersen
c7ddd2c20c Python: make test for unicode names pass 2020-05-14 07:31:03 +02:00
Rasmus Lerchedahl Petersen
de50aabd60 Python: test for unicode names 2020-05-14 07:30:29 +02:00
Rasmus Lerchedahl Petersen
4c7cf2ac2d Python: Make test pass 
Also checked that the OP's snapshot no longer has alerts from
`duplicate_char_in_class`
 2020-05-14 07:06:59 +02:00
Robert Marsh
396ccda81f Merge pull request #3422 from Cornelius-Riemenschneider/inbounds-ptr 
C++: Add InBoundsPointerDeref.qll to experimental
 2020-05-13 16:55:42 -07:00
Mathias Vorreiter Pedersen
8f3ba75534 C++: Remove abstract keyword from Access and Cast and create .dbscheme unions 2020-05-13 23:15:11 +02:00
Dave Bartolomeo
ea2081ca40 Merge pull request #3459 from dbartol/github/codeql-c-analysis-team/69 
C++/C#: Remove `UnmodeledUse` instruction
 2020-05-13 13:13:40 -04:00
Rasmus Lerchedahl Petersen
f9f52b0105 Python: test for unicode in raw strings 2020-05-13 18:47:36 +02:00
Asger Feldthaus
2ef7719b06 JS: PathExprInModule deprecation notice 2020-05-13 16:35:24 +01:00
Asger Feldthaus
3846f534a8 JS: Factor out overridden part of PathExpr.getSearchRoot 2020-05-13 16:34:43 +01:00
Asger Feldthaus
5f510878f3 JS: Remove PathExprBase and PathExprInModule 2020-05-13 16:34:28 +01:00
Asger Feldthaus
2d88385ffb JS: Cache moduleImport 2020-05-13 15:07:13 +01:00
Mathias Vorreiter Pedersen
34314d0cb6 C++: Annotation field flow tests with [IR] and [AST] 2020-05-13 15:16:02 +02:00
Calum Grant
f5daeea618 Merge pull request #3421 from hvitved/csharp/dataflow/change-note 
C#/Java/C++: Add change note for #3110
 2020-05-13 13:53:01 +01:00
semmle-qlci
2a341d973d Merge pull request #3458 from esbena/js/NoSQLCodeInjection 
Approved by erik-krogh
 2020-05-13 13:33:28 +01:00
Bt2018
7b88988981 Convert to path-problem query 2020-05-13 08:09:22 -04:00
Dave Bartolomeo
b0f7e9c6a7 C++: Accept test output 2020-05-13 08:02:17 -04:00
Bt2018
632cb8b666 Simplify CredentialExpr as the AddExpr step is included by TaintTracking::localTaintStep(node1, node2) 2020-05-13 07:55:32 -04:00
Bt2018
d9cc3c6f8d Add a comment for reasoning in why debug and trace are included and other variations are excluded 2020-05-13 07:46:44 -04:00
Esben Sparre Andreasen
c6fa88af28 JS: change notes 2020-05-13 12:56:33 +02:00
Esben Sparre Andreasen
9552352d6a JS: address qhelp feedback 2020-05-13 12:53:59 +02:00
Rasmus Lerchedahl Petersen
d9d86e1f56 Make test pass 2020-05-13 12:16:11 +02:00
Jonas Jensen
1018eaff09 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected
 2020-05-13 12:05:58 +02:00
Esben Sparre Andreasen
7305a873b1 JS: formatting 2020-05-13 11:28:48 +02:00
Esben Sparre Andreasen
fedd32fc2b JS: address review comment 2020-05-13 09:57:02 +02:00
Esben Sparre Andreasen
91f43a7dae JS: address review comments 2020-05-13 09:52:01 +02:00
Jonas Jensen
038bea2f52 C++: Add type check to prevent field conflation 2020-05-13 09:25:24 +02:00
Jonas Jensen
250e12a323 C++: Demonstrate new field conflation 2020-05-13 09:24:36 +02:00
Esben Sparre Andreasen
7722d77c86 JS: add the NoSQL $where as a sink for js/code-injection 2020-05-13 08:30:22 +02:00
Esben Sparre Andreasen
20cf04442c JS: model marsdb and minimongo 2020-05-13 08:28:59 +02:00
Anders Schack-Mulligen
f5e491caf0 Merge pull request #3448 from yo-h/java-qldoc-add 
Java: improve QLDoc completeness
 2020-05-13 08:26:02 +02:00
Dave Bartolomeo
5d3f25211d C++/C#: Remove UnmodeledUse instruction 2020-05-13 01:06:40 -04:00
Dave Bartolomeo
7f2c6dd9f9 C++/C#: Remove UnmodeledUseOperand 2020-05-13 01:05:27 -04:00
Bt2018
ffd442a17a Fine tuning criteria 
1. Change the regex pattern from variable contains "url" to variable starts with "url"
2. Add the logging trace method to sink
 2020-05-12 23:24:55 -04:00
Bt2018
491b67e658 Change string concatenation in the source to TaintTracking::Configuration 2020-05-12 22:57:07 -04:00
Bt2018
106c181ab1 Formatting with auto-format 2020-05-12 15:53:29 -04:00
yo-h
a884538238 Update java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-12 14:14:26 -04:00
yo-h
facd429d0a Update java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-05-12 14:14:14 -04:00
Bt2018
d75841d6a7 Add sample usage and remove unused imports 2020-05-12 13:42:17 -04:00
jcreedcmu
3c233c762c Merge pull request #3431 from jcreedcmu/jcreed/jump-to-def-langs 
Java, Javascript, Csharp: Add jump-to-definition queries
 2020-05-12 10:54:11 -04:00
Tom Hvitved
d0c607c83f Address review comments 2020-05-12 16:13:02 +02:00
semmle-qlci
6fb047aef6 Merge pull request #3451 from erik-krogh/fstreamWrite 
Approved by esbena
 2020-05-12 14:58:02 +01:00
semmle-qlci
ee848328ab Merge pull request #3442 from erik-krogh/SmallPerfs 
Approved by esbena
 2020-05-12 14:36:34 +01:00