hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 09:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
ed430ce855 C++/C#: Bind parameter in new case. 2020-02-24 09:12:14 +01:00
Mathias Vorreiter Pedersen
af364e66fc C++/C#: Move sanity check inside InstructionSanity module and accept tests 2020-02-23 20:53:49 +01:00
Grzegorz Golawski
fda4ab155a CodeQL query to detect open Spring Boot actuator endpoints 2020-02-23 20:03:41 +01:00
Peter Stöckli
e81d3ce0b4 Add type for java.net.URL 2020-02-23 12:35:03 +01:00
Dave Bartolomeo
170331b105 C++: Better fix for void type on buffer access 
Fixes issue https://github.com/github/codeql-c-analysis-team/issues/20

This change undoes the workaround in https://github.com/Semmle/ql/pull/2736, and replaces it with a fix for the underlying cause. The problem was that the IR construction code for side effects incorrectly assumed that `BufferAccessOpcode` included `SizedBufferAccessOpcode`. I think that was actually a perfectly reasonable assumption to make, so I changed the `Opcode` hierarchy to make it true.
 2020-02-21 18:46:32 -07:00
Taus
285be2893c Merge pull request #2893 from BekaValentine/python-objectapi-to-valueapi-unnecessarylambda 
Python: ObjectAPI to ValueAPI: UnnecessaryLambda
 2020-02-21 22:23:02 +01:00
Taus
e444fb8bfa Merge pull request #2818 from BekaValentine/objectapi-to-valueapi-hashedbutnohash 
Python: ObjectAPI to ValueAPI: HashedButNoHash
 2020-02-21 22:19:58 +01:00
Rebecca Valentine
14273fc677 Adds missing result to expected file 2020-02-21 11:25:03 -08:00
Peter Stöckli
e1e03e326b Add query documentation header 2020-02-21 18:22:05 +00:00
Peter Stöckli
9de2be8eba Fix whitespace issues in OpenStream.java 2020-02-21 17:13:04 +00:00
Peter Stöckli
b622e2ae06 Java: Calling openStream on URLs created from remote source can lead to local file disclosure. 2020-02-21 17:51:15 +01:00
Rasmus Wriedt Larsen
bfa7553095 Python: urlsplit sanitizer handles in [KNOWN_VALUE] 2020-02-21 16:03:29 +01:00
mchammer01
b4c72f610a pre-migration tasks: start adding intros 2020-02-21 14:51:38 +00:00
Rasmus Wriedt Larsen
798db91f71 Python: Add more urlsplit tests 2020-02-21 15:51:33 +01:00
Erik Krogh Kristensen
44db0f4e5d better printing of the options arg 2020-02-21 15:39:49 +01:00
Asger Feldthaus
d1df251b92 JS: Proto pollution: Add is-plain-object sanitizer 2020-02-21 14:38:33 +00:00
Erik Krogh Kristensen
90e5671d98 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE481 2020-02-21 15:25:07 +01:00
Rasmus Wriedt Larsen
31ff652cb3 Python: Make Sanitizer available for urlsplit taint 
It isn't used by default, it has to *actively* be enabled.
 2020-02-21 15:18:53 +01:00
Mathias Vorreiter Pedersen
d9753b0ca5 C++/C#: Accept test output after adding sanity check to Instruction.qll 2020-02-21 15:09:53 +01:00
Asger Feldthaus
1ee112a341 JS: Add change note 2020-02-21 13:55:27 +00:00
Asger Feldthaus
a673539c98 JS: Update expected output 2020-02-21 13:51:23 +00:00
Asger Feldthaus
b780bc4d59 JS: Also track into callbacks 2020-02-21 13:51:22 +00:00
Asger Feldthaus
e8e649102f JS: Also propagate out of returns 2020-02-21 13:51:22 +00:00
Asger Feldthaus
8c36b999cc JS: Track flow into calls to bound functions 2020-02-21 13:51:20 +00:00
semmle-qlci
ee5cf95f5b Merge pull request #2892 from asger-semmle/js/field-methods 
Approved by esbena
 2020-02-21 13:49:42 +00:00
semmle-qlci
e163d8d8c8 Merge pull request #2796 from asger-semmle/js/partial-invoke-receiver 
Approved by esbena
 2020-02-21 13:48:43 +00:00
Rasmus Wriedt Larsen
083dd4380b Python: Add example for how to write your own sanitizer 2020-02-21 14:28:48 +01:00
Erik Krogh Kristensen
75410e5760 big refactor of UselessUseOfCal 2020-02-21 14:26:42 +01:00
Rasmus Wriedt Larsen
e804e98d60 Python: Update change-notes 2020-02-21 14:08:09 +01:00
Mathias Vorreiter Pedersen
da41cbca06 C#: Add similar fix to translation of switch statements in C# 2020-02-21 13:33:54 +01:00
Rasmus Wriedt Larsen
abbc9293db Merge pull request #2891 from tausbn/python-special-operations 
Python: Add AST support for special operations.
 2020-02-21 13:16:22 +01:00
semmle-qlci
382e4bc06a Merge pull request #2895 from max-schaefer/js/improve-param-qldoc 
Approved by asgerf
 2020-02-21 12:01:02 +00:00
mchammer01
6da729c6a6 pre-migration tasks: replace titles 2020-02-21 11:50:37 +00:00
Asger Feldthaus
01fed95fe6 JS: Add change note 2020-02-21 11:49:20 +00:00
Max Schaefer
75495d7aad Update javascript/ql/src/semmle/javascript/Variables.qll 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-02-21 10:06:32 +00:00
Geoffrey White
ad45a4b079 Merge pull request #2890 from nickrolfe/range_based_for 
C++: add more extensive test for desugaring of range-based-for loops
 2020-02-21 09:31:34 +00:00
Erik Krogh Kristensen
6ea14532ab small changes based on review 2020-02-21 10:27:57 +01:00
Max Schaefer
fc4afe6eb2 JavaScript: Improve qldoc for Parameter to clarify that it also contains catch-clause parameters. 2020-02-21 09:14:00 +00:00
Anders Schack-Mulligen
771cb754c2 Merge pull request #2822 from hvitved/dataflow/node-cand-simple-call-context 
Data flow: Track simple call contexts in `nodeCand[Fwd]1`
 2020-02-21 10:02:06 +01:00
Jonas Jensen
1d786abebd Merge pull request #2881 from rdmarsh2/ir-release-note 
C++/Docs: release notes for IR taint tracking and GVN
 2020-02-21 09:49:16 +01:00
Tom Hvitved
0cc3218115 Merge pull request #2872 from aschackmull/dataflow/pathstep-localflow-join 
Java/C++/C#: Improve join-order in pathStep predicate
 2020-02-21 09:39:17 +01:00
Rebecca Valentine
2b1d9c8d16 Updates last library difference 
I'm not entirely sure if `getLiteralObject` and `getLiteralValue` are equivalent, and there don't see to be library tests for this
 2020-02-20 20:20:56 -08:00
Rebecca Valentine
210387a8be Adds bulk of modernizations 2020-02-20 17:32:42 -08:00
Rebecca Valentine
df7f43ee86 Adds modernization 2020-02-20 17:07:56 -08:00
Rebecca Valentine
2f3ea10cf8 Move the query and examples over to 2/query-tests 2020-02-20 16:31:58 -08:00
Rebecca Valentine
376638e9c0 Move query over to Rasmus's API for NumericValue 2020-02-20 16:18:54 -08:00
Rebecca Valentine
ab1fcb32ae autoformats 2020-02-20 16:17:43 -08:00
Rebecca Valentine
5d9d724d43 Removes conflicting NumericValue definition 2020-02-20 16:17:33 -08:00
Rebecca Valentine
28be3b47fc Replaces name-reference to the class with canonical predicate. 2020-02-20 15:41:51 -08:00
Rebecca Valentine
5acd982d59 Swaps ...obj for ...val 2020-02-20 15:41:51 -08:00