hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 10:52:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yh-semmle
3d837542e8 Merge pull request #2373 from aschackmull/java/changenote-update 
Java: Update change note to cover #2304 and #2346.
 2019-11-18 12:14:07 -05:00
Taus Brock-Nannestad
3491d90b1e Python: Apply auto-format. 2019-11-18 16:50:32 +01:00
Taus Brock-Nannestad
1385f3c018 Python: Fix non-container FP relating to MappingProxyType. 
Fixes #2307.

Also modernises the query to use the `Value` API.
 2019-11-18 16:50:32 +01:00
Taus Brock-Nannestad
3c47394b7a Python: Apply auto-format. 2019-11-18 16:28:54 +01:00
Taus Brock-Nannestad
cac261858c Python: Don't report mutable parameters that are in fact immutable. 
Fixes #1832.

In the taint sink, we add an additional check that the given control-flow node
can indeed point to a value that is mutable. This takes care of the guard on the
type.

If and when we get around to adding configurations for all of the taint
analyses, we may want to implement this as a barrier instead, pruning any steps
that go through a type test where the type is not mutable.
 2019-11-18 16:18:44 +01:00
Calum Grant
b9d1c38753 Merge pull request #2371 from max-schaefer/rc/1.23 
Merge rc/1.23 into master
 2019-11-18 14:15:31 +00:00
semmle-qlci
ed4657c201 Merge pull request #2340 from hvitved/csharp/nunit-assertions 
Approved by calumgrant
 2019-11-18 13:02:49 +00:00
Nick Rolfe
9828315b6e Merge pull request #2033 from ian-semmle/edg 
C++: Changes following EDG upgrade
 2019-11-18 12:46:11 +00:00
Erik Krogh Kristensen
853c86685b remove some false positives 2019-11-18 13:32:47 +01:00
James Fletcher
e6574cc259 Merge pull request #2370 from shati-patel/docs/readme 
Docs: Update readme in docs folder (cherry-pick from master)
 2019-11-18 12:29:41 +00:00
Anders Schack-Mulligen
645cc99383 Java: Update change note to cover #2304 and #2346. 2019-11-18 13:26:50 +01:00
Geoffrey White
ff15c01ab9 CPP: Comma. 2019-11-18 11:51:54 +00:00
semmle-qlci
34f4b11416 Merge pull request #2368 from asger-semmle/regexp-max-length 
Approved by max-schaefer
 2019-11-18 11:49:46 +00:00
Geoffrey White
9a53706e87 CPP: Reword TlsSettingsMisconfiguration.qhelp. 2019-11-18 11:49:28 +00:00
Geoffrey White
2789c2dbac CPP: Fix typos. 2019-11-18 11:48:13 +00:00
James Fletcher
21832a8550 Merge pull request #2350 from shati-patel/docs/vscode 
Docs: Update links to new products
 2019-11-18 11:14:53 +00:00
Tom Hvitved
3d1ce55642 C#: Address review comments 2019-11-18 10:53:02 +01:00
shati-patel
08c91b05ac Docs: Update readme in docs folder 2019-11-18 09:38:53 +00:00
Shati Patel
d6a673c91a Docs: Update links to new products 2019-11-18 09:34:00 +00:00
Asger F
c02863842c JS: Raise limit to 1000 2019-11-18 08:33:26 +00:00
Jonas Jensen
74ca0e428d Merge pull request #2334 from rdmarsh2/rdmarsh/cpp/reword-pointeroverflow-qhelp 
C++: simplify PointerOverflow.qhelp
 2019-11-18 08:37:19 +01:00
Asger F
6f15eff954 JS: Cap length of extracted string 2019-11-17 23:06:47 +00:00
Erik Krogh Kristensen
5a6958a1cd add promise aggregators 2019-11-17 11:22:29 +01:00
Erik Krogh Kristensen
b3e88cdf31 refactored multiple implementations of getEnclosingTryStmt into a single predicate 2019-11-17 09:50:41 +01:00
Erik Krogh Kristensen
1b81526691 Merge remote-tracking branch 'upstream/master' into exceptionXss 2019-11-17 09:29:54 +01:00
Erik Krogh Kristensen
525da97dd4 changes based on review feedback 2019-11-17 09:24:00 +01:00
Erik Krogh Kristensen
3b9847e075 apply suggestions from max 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-17 09:01:48 +01:00
Paulino Calderon
56c12adab7 Adds check for insecure MaxLengthRequest values 2019-11-16 14:21:39 -05:00
Erik Krogh Kristensen
a59a414e0b update expected output 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
8ff515a58d address review feedback on MaskingReplacer 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
4ec2070e48 remove property reads on process.env as a taint step, and add a barrier for masking replace calls 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
052a331395 rename ProcessEnvLabel to PartiallySensitiveMap 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
2bd48db8cd refactor isSanitizerEdge in clear-text-logging 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
92dc759cf9 remove type cast, and fix expected test results 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
850278c62f some changes based on review. And change to only flag unknown reads of process.env 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
68c30aaef3 add flowlabels to js/clear-text-logging 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
14e4decffa changes based on review feedback. No flow-labels yet 2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen
1766f6a6d8 simplify global var "process" 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen
e1039d3a56 change note 2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen
297c71a64b add process.env as source for js/clear-text-logging 2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen
b12e255fd8 add indirect calls to logging methods as logging methods 2019-11-16 15:20:41 +01:00
shati-patel
e7705b0a1a Merge pull request #2348 from hmakholm/pr/point-to-vsc 
README.md: Don't speak of QL4E anymore
 2019-11-15 20:24:17 +00:00
Robert Marsh
180a3c9f26 C++: accept test changes 2019-11-15 11:01:18 -08:00
Robert Marsh
85314c42a9 Update cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.qhelp 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-15 10:38:58 -08:00
Henning Makholm
3e9757caf6 Update README.md 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-11-15 19:31:07 +01:00
James Fletcher
351cb46bb9 Merge pull request #2349 from shati-patel/docs/readme 
Docs: Update readme in docs folder
 2019-11-15 16:52:52 +00:00
Erik Krogh Kristensen
ddd217628f Merge pull request #2347 from esbena/js/fix-mjs-check 
JS: fix the check for an "mjs" extension on an extensionless file
 2019-11-15 17:39:10 +01:00
shati-patel
37931f2bcf Docs: Update readme in docs folder 2019-11-15 16:26:43 +00:00
yh-semmle
de65f023d6 Merge pull request #2167 from aschackmull/java/dataflow-out-of-arg-refactor 
Java/C++/C#: Refactor dataflow to simplify return flow.
 2019-11-15 11:10:06 -05:00
Tom Hvitved
c95db9e6f8 Merge pull request #2331 from calumgrant/cs/default-interface-methods 
C#: Tests for default interface methods
 2019-11-15 16:36:47 +01:00