codeql

mirror of https://github.com/github/codeql.git synced 2025-12-29 07:06:43 +01:00

Author	SHA1	Message	Date
ihsinme	ed6d8e3d18	Add files via upload	2021-01-11 23:40:38 +03:00
ihsinme	b185a33157	Add files via upload	2021-01-11 23:39:02 +03:00
Geoffrey White	7409dd015e	C++: Autoformat.	2021-01-11 18:58:32 +00:00
ihsinme	b28444b55c	Update MemoryLeakOnFailedCallToRealloc.ql I thought since there is no work on this PR, I will delete the residual import.	2021-01-11 21:17:49 +03:00
intrigus	85286f362c	Java: Replace global flow by local flow	2021-01-11 19:02:07 +01:00
intrigus-lgtm	722bd4dafa	Java: Revise qhelp	2021-01-11 18:57:24 +01:00
intrigus-lgtm	4cfdb10ddc	Java: Improve QLDoc & simplify code Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-01-11 18:50:43 +01:00
Geoffrey White	1cde5e1828	C++: Test of taint through ConstructorDelegationInit.	2021-01-11 17:35:50 +00:00
CodeQL CI	4bc287e89b	Merge pull request #4933 from madneal/fix-for-predicates Approved by shati-patel	2021-01-11 06:01:33 -08:00
Max Schaefer	f40b406a2d	JavaScript: Address review comments.	2021-01-11 13:53:47 +00:00
Max Schaefer	c9132ca6f8	JavaScript: Refactor `trackUseNode` to avoid bad join order.	2021-01-11 13:53:47 +00:00
Max Schaefer	7a229d9381	JavaScript: Simplify NoSQL framework modelling.	2021-01-11 13:53:47 +00:00
Max Schaefer	b3ab6efd1d	JavaScript: Remove a bindingset annotation.	2021-01-11 13:53:47 +00:00
Max Schaefer	3853da0969	JavaScript: Teach API-graphs about bound arguments.	2021-01-11 13:53:46 +00:00
Max Schaefer	ecab17a626	JavaScript: Teach API graphs to handle `promisify`. Following a suggestion by Asger, we track use nodes through calls to `promisify`. When we see a call to a promisified function, we introduce a new synthetic API-graph node representing the callback argument synthesised by the promisification, and track the result of the call to an `await` (or other promise resolution), which is then considered to be a use of the first parameter of the synthetic callback (the zeroth parameter being an error code, which we do not model yet).	2021-01-11 13:53:46 +00:00
madneal	ee3ffa0700	add extra clarifications in the comments	2021-01-11 21:43:24 +08:00
Esben Sparre Andreasen	2dbd762bd9	JS: reintroduce reverted js/server-crash This reverts commit `0a8d15ccc4`.	2021-01-11 14:13:41 +01:00
Mathias Vorreiter Pedersen	59abcd6dae	Merge pull request #4938 from geoffw0/cpp302 C++: Tidy up old QL headers	2021-01-11 14:12:16 +01:00
intrigus	5c1e746c96	Java: Rename to `EnvReadMethod`	2021-01-11 13:42:08 +01:00
intrigus	1eb2b75389	Java: Further reduce FPs, simply Flag2Guard flow	2021-01-11 13:42:08 +01:00
intrigus	b4692734b2	Java: Add QLDoc improve query message	2021-01-11 13:42:08 +01:00
intrigus-lgtm	f4b912cd8a	Apply suggestions from doc review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-01-11 13:42:08 +01:00
intrigus	e11304a1ca	Java: Autoformat	2021-01-11 13:42:08 +01:00
intrigus-lgtm	b8f3e64a0f	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-01-11 13:42:08 +01:00
intrigus	502e4c39f5	Java: Fix Qhelp	2021-01-11 13:42:08 +01:00
intrigus-lgtm	355cb6eeec	Fix Qhelp format Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-01-11 13:42:07 +01:00
intrigus-lgtm	10fc2cf9f8	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2021-01-11 13:42:07 +01:00
intrigus	c88f07dde4	Java: Accept test output	2021-01-11 13:42:07 +01:00
intrigus	33b0ff28d8	Java: Update test	2021-01-11 13:42:07 +01:00
intrigus	9e2ef9bd74	Java: Filter results by feature flags. This ignores results that are guarded by a feature flag that suggests an intentionally insecure feature. Inspired by Go's `InsecureFeatureFlag.qll` and `DisabledCertificateCheck.ql`.	2021-01-11 13:42:07 +01:00
intrigus	a62a2e58dd	Java: Improve QL-Doc	2021-01-11 13:42:07 +01:00
intrigus	d98b171998	Java: Make `EnvTaintedMethod` public + QL-Doc	2021-01-11 13:42:07 +01:00
intrigus	e021158b5f	Java: Tighter model of `HostnameVerifier#verify` This more tightly models `HostnameVerifier#verify` previously it was possible to accidentally match other methods called `verify`.	2021-01-11 13:42:07 +01:00
intrigus	0a9df07df7	Apply suggestions from review.	2021-01-11 13:42:07 +01:00
intrigus	70b0703952	Java: Remove overlapping code	2021-01-11 13:42:07 +01:00
intrigus	3da1cb0879	Java: Add unsafe hostname verification query	2021-01-11 13:42:07 +01:00
intrigus	8df5d77398	Java: Model `HostnameVerifier` method Model `HostnameVerifier#setDefaultHostnameVerifier`	2021-01-11 13:42:06 +01:00
Anders Schack-Mulligen	3a2dd8f1ed	Merge pull request #4867 from RasmusWL/java-externalapis-taint-step Java: Fix taint-step handling for untrusted-data-external-api	2021-01-11 13:36:59 +01:00
madneal	4e373aaf29	replace error with errors	2021-01-11 19:38:27 +08:00
Rasmus Wriedt Larsen	7d94bab75e	Merge branch 'main' into django-request-handler-without-route	2021-01-11 12:24:41 +01:00
madneal	e0fc9bac08	add error for shotString	2021-01-11 19:15:22 +08:00
Rasmus Wriedt Larsen	828bb9a902	Python: Small refactor for request param modeling in Django	2021-01-11 11:29:54 +01:00
Esben Sparre Andreasen	580a24e982	JS: rewrite js/incomplete-multi-character-sanitization	2021-01-11 11:26:45 +01:00
Rasmus Wriedt Larsen	141b9adc4d	Python: Minor refactoring Co-authored-by: yoff <lerchedahl@gmail.com>	2021-01-11 11:18:59 +01:00
Geoffrey White	cf1d1dc5c0	C++: Remove old tags.	2021-01-11 09:31:06 +00:00
Mathias Vorreiter Pedersen	46393c33ef	C++: Fix bad join orders introduced in previous commit.	2021-01-11 09:19:58 +01:00
madneal	1e2487320c	address #4932,fix for errors of Binding behavior	2021-01-09 21:38:25 +08:00
Mathias Vorreiter Pedersen	a00bd7ae02	C++: Respond to review comments.	2021-01-08 19:47:02 +01:00
Geoffrey White	70ce5fde75	C++: Improve metadata for GlobalNamespaceClasses.ql.	2021-01-08 18:27:06 +00:00
Geoffrey White	a6937beee3	Merge branch 'main' into sqltaint	2021-01-08 17:27:43 +00:00

... 13 14 15 16 17 ...

19777 Commits