hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-16 16:04:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Calum Grant
313c9ac6ec C#: Address review comments. 2020-05-07 10:35:29 +01:00
Rasmus Wriedt Larsen
f099e0fdc6 Merge branch 'master' into python-keyword-only-args 2020-05-07 11:27:11 +02:00
Erik Krogh Kristensen
945fe45b6f all split()[0] are safe for url-redirect 2020-05-07 10:55:17 +02:00
Erik Krogh Kristensen
a3fb13882b Merge branch 'master' into SplitFPs 2020-05-07 10:51:11 +02:00
James Fletcher
29eed6866c Merge pull request #3409 from jf205/sd-68 
"CodeQL for X" docs: update "Further reading" sections
 2020-05-07 09:35:23 +01:00
Dave Bartolomeo
f0e86a9191 C++: Add missing module comment 2020-05-06 17:30:20 -04:00
Dave Bartolomeo
df4fdaf6ff C++: Fix PR feedback 
Note that the various predicates to access the singleton instances of the `EdgeKind` classes have been moved into a module named `EdgeKind`.
 2020-05-06 17:06:48 -04:00
Geoffrey White
c8524522c8 C++: Add test cases. 2020-05-06 18:51:50 +01:00
monkey-junkie
4594aa470d Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 18:18:06 +03:00
Cornelius Riemenschneider
e397e5d325 Add new testcase to arraylengthanalysis library. 2020-05-06 16:36:48 +02:00
Cornelius Riemenschneider
1c9fa4eb1d This library proves that a subset of pointer dereferences in a program are safe, i.e. in-bounds. 
It does so by first defining what a pointer dereference is (on the IR
`Instruction` level), and then using the array length analysis and the range
analysis together to prove that some of these pointer dereferences are safe.
 2020-05-06 16:36:48 +02:00
Tom Hvitved
f19b1045d6 Java: Add change note 2020-05-06 15:52:49 +02:00
semmle-qlci
b2f1008a00 Merge pull request #3420 from max-schaefer/js/fix-missing-triple-backtick 
Approved by asgerf
 2020-05-06 13:52:18 +01:00
Jason Reed
5934345fe3 Python: Fix formatting. 2020-05-06 08:48:45 -04:00
Esben Sparre Andreasen
7cc3a5a242 JS: qhelp fixups 2020-05-06 14:46:34 +02:00
Tom Hvitved
ddd62a56cc C#: Add change note for #3110 2020-05-06 14:28:47 +02:00
Anders Schack-Mulligen
f7410739d9 Java: Fix bug in qldoc. 2020-05-06 14:06:49 +02:00
Anders Schack-Mulligen
8c5e89c160 Java: Add PrintAst. 2020-05-06 14:06:40 +02:00
Esben Sparre Andreasen
69191577d6 JS: qhelp for js/unsafe-html-expansion 2020-05-06 14:03:27 +02:00
monkey-junkie
5ce9e0d0a2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 14:32:55 +03:00
Asger F
5725814774 Merge pull request #3403 from asger-semmle/js/getcontainer 
JS: Move getContainer to single rootdef (+fixes)
 2020-05-06 12:06:44 +01:00
Max Schaefer
9335a6cb79 JavaScript: Fix missing triple backtick in qldoc comment. 2020-05-06 11:40:00 +01:00
Arthur Baars
39e652b26b Java: teach UnsafeDeserialization about ValidatingObjectInputStream 
The class org.apache.commons.io.serialization.ValidatingObjectInputStream
is an implementation of ObjectInputStream that validates the deserialized
classes against a white list. Therefore, this class should not be considered an
unsafe deserialization sink.
 2020-05-06 12:15:30 +02:00
Arthur Baars
797721cd31 Test 2020-05-06 12:15:27 +02:00
monkey-junkie
122354a81a Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 12:54:50 +03:00
Esben Sparre Andreasen
344f0c36b0 JS: update expected output 2020-05-06 11:18:14 +02:00
monkey-junkie
3314dd0614 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-06 11:17:41 +03:00
Rasmus Wriedt Larsen
f1630983d3 Python: Cleanup default-indexing upgrade script 2020-05-06 09:57:07 +02:00
Rasmus Wriedt Larsen
010d5fb769 Python: Fix indexes of keyword-only defaults in upgrade script 
Works like a charm ;)
 2020-05-06 09:57:07 +02:00
Rasmus Wriedt Larsen
a15833d194 Python: DB upgrade script for default-indexing change 
Follow this excellent guide:
https://github.com/github/codeql-c-extractor-team/blob/master/docs/db-upgrade.md
 2020-05-06 09:56:53 +02:00
Tom Hvitved
0466e36985 C#: Teach Implements.qll about nested types 2020-05-06 09:25:40 +02:00
Tom Hvitved
f9ece0aefb C#: Add implements test for nested types 2020-05-06 09:25:40 +02:00
Tom Hvitved
4c1a9b25c1 C#: Teach unification library about nested types 2020-05-06 09:25:40 +02:00
Tom Hvitved
851fc98b01 C#: Add type unification tests for nested types 2020-05-06 09:25:40 +02:00
Anders Schack-Mulligen
3b3ca6d41e Merge pull request #3214 from aibaars/base64 
Java: Add org.apache.commons.codec.(De|En)coder to TaintTrackingUtil
 2020-05-06 09:21:18 +02:00
Jonas Jensen
63f04afa8d Merge pull request #3312 from hvitved/dataflow/impl-no-postupdate 
Data flow: Support stores into nodes that are not `PostUpdateNode`s
 2020-05-06 09:09:31 +02:00
semmle-qlci
9210660ea0 Merge pull request #3401 from erik-krogh/jsonLike 
Approved by esbena
 2020-05-06 08:00:44 +01:00
Asger F
b2da4fe491 Update javascript/ql/src/semmle/javascript/internal/StmtContainers.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 07:59:04 +01:00
Asger Feldthaus
926e79d272 JS: Autoformat 2020-05-06 07:59:04 +01:00
Asger Feldthaus
f51e846439 JS: Fix ClosureModule implementation 2020-05-06 07:59:04 +01:00
Asger Feldthaus
0f870a4992 JS: Use TCapturedVariableNode as starting point of callInputStep 2020-05-06 07:59:04 +01:00
Asger Feldthaus
4d6da19173 JS: Improve performance of getExceptionTarget 2020-05-06 07:59:04 +01:00
Asger Feldthaus
639f04386c JS: Avoid bad join ordering in ClosureModule 2020-05-06 07:59:04 +01:00
Asger Feldthaus
e52e1b26c6 JS: Upgrade script 2020-05-06 07:59:04 +01:00
Asger Feldthaus
5f710bc881 JS: Move definition of getContainer() to a single rootdef 2020-05-06 07:59:04 +01:00
semmle-qlci
86c5b38d62 Merge pull request #3341 from hvitved/csharp/generics-nested-types 
Approved by calumgrant
 2020-05-06 07:16:37 +01:00
Raul Garcia (MSFT)
f051f46ee9 Merge branch 'master' of https://github.com/semmle/ql 2020-05-05 13:37:03 -07:00
Erik Krogh Kristensen
52392f2a6d autoformat 2020-05-05 22:33:53 +02:00
Robert Marsh
78d2ac1ff4 Merge pull request #3368 from Cornelius-Riemenschneider/local-ala 
C++: Add experimental Array Length Tracking library
 2020-05-05 13:05:52 -07:00
Felicity Chapman
0e0d0499bb Merge pull request #3413 from felicitymay/update-docs-reviews 
Update requirements for docs review
 2020-05-05 19:05:57 +01:00