hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 23:26:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
8b2c34e267 Merge pull request #4747 from yoff/python-path-injection-doc 
Python: Fix documentation for path injection.
 2020-11-30 13:17:59 +01:00
James Fletcher
509d153b61 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-11-30 12:12:10 +00:00
Rasmus Lerchedahl Petersen
fd8c696b67 Python: Fix documentation for path injection. 2020-11-30 12:24:35 +01:00
Anders Schack-Mulligen
5a66d6ab93 Java: Improve performance of SSA. 2020-11-30 11:26:03 +01:00
Rasmus Wriedt Larsen
4ab3fff973 Python: Fix untrusted data to external API example 
The hmac.digest function was only added in python 3.7, so obviously doesn't work
on Python 2
 2020-11-30 10:42:30 +01:00
Anders Schack-Mulligen
931322e4c5 Merge pull request #4668 from aschackmull/dataflow/refactor-pruning 
Dataflow: Refactor pruning stages.
 2020-11-30 09:37:04 +01:00
Pavel Avgustinov
74af41c76d Merge pull request #4357 from RasmusWL/design-patterns 
Add docs on CodeQL Design Patterns
 2020-11-30 08:19:15 +00:00
yo-h
7e8bc4a61b Merge commit '2fa9037' into yo-h/java15-merge 2020-11-29 18:42:20 -05:00
Erik Krogh Kristensen
33b2701551 refine isFork to remove false positive when a state has epsilon transition to itself 2020-11-29 21:42:50 +01:00
ihsinme
d088d5b0f3 CPP: Add query for CWE-191 
into experimental this reveals a dangerous comparison
 2020-11-28 15:52:00 +03:00
Erik Krogh Kristensen
d7b22e3b1b update expected output for PolynomialBackTracking 2020-11-27 20:15:27 +01:00
Erik Krogh Kristensen
729073fb43 detect ReDoS when the choices are "match some string" or "match Epsilon" 2020-11-27 20:15:23 +01:00
Geoffrey White
905b04a6fb C++: Model classes in StdString.qll. 2020-11-27 19:12:01 +00:00
Rasmus Wriedt Larsen
cbfcfdf883 Python: Fix UntrustedDataToExternalAPI.qhelp 2020-11-27 17:54:22 +01:00
luchua-bc
ad0ac5b874 Change kind to problem 2020-11-27 16:43:57 +00:00
Rasmus Wriedt Larsen
faa5c220c5 Design Patterns: Add advice on abstract classes 2020-11-27 17:38:56 +01:00
Rasmus Wriedt Larsen
452417509f Design Patterns: Reword advice on imports of subclasses 
I had totally overlooked the fact that this doesn't only apply to abstract
classes.
 2020-11-27 17:38:40 +01:00
Cornelius Riemenschneider
644a0fac98 C++: Port dataflow/dataflow-tests to inline expectations test library. 2020-11-27 16:03:15 +01:00
Rasmus Wriedt Larsen
a0c7365ae6 Python: Proper models of json.loads and json.dumps 2020-11-27 15:57:56 +01:00
Tom Hvitved
d4ee8cdd18 C#: Always create basic blocks for nodes with a conditional predecessor 2020-11-27 15:08:33 +01:00
Rasmus Wriedt Larsen
014fbfa86b Python: Add regex FP with + for flags 
Notice that there is no new results for line 54

I also added a test for the short-named version of a flag, just since I didn't
see any of those already. That just works out of the box (due to points-to).
 2020-11-27 14:57:11 +01:00
yoff
346a007bf6 Merge pull request #4720 from RasmusWL/python-better-open-models 
Python: better models of `open` function
 2020-11-27 14:47:10 +01:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00
Erik Krogh Kristensen
46ca56458a introduce a printable state class 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
8a3e87fe42 remove unnecessary one-step inline 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
36b9f0254e performance improvements for suffix check in js/redos 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
e177d46c0a add two test cases that demonstrate the limits of the suffix construction 2020-11-27 13:45:34 +01:00
Rasmus Wriedt Larsen
e6319e5d84 Python: Rewrite StringConstCompare to use IterableNode 2020-11-27 13:37:03 +01:00
Rasmus Wriedt Larsen
098f8c4f21 Python: Add IterableNode 
I'm specifically not using an abstract class, since that is an anti-pattern:
https://github.com/github/codeql/pull/4357#discussion_r520526275 (I'm still
trying to wrap my head fully aroudn this)
 2020-11-27 13:36:55 +01:00
Tamás Vajk
2fa9037934 Merge pull request #4738 from tamasvajk/feature/revert-relational-pattern 
C#: Revert "Merge pull request #4653 from tamasvajk/feature/csharp9-relational-pattern"
 2020-11-27 13:30:33 +01:00
Rasmus Wriedt Larsen
33e46e168f Python: Add QLDoc for SetNode 2020-11-27 13:29:16 +01:00
james
4cea019cee add/improve intro text and add links to example queries 2020-11-27 12:26:42 +00:00
Tamas Vajk
998e2de2c6 Revert "Merge pull request #4653 from tamasvajk/feature/csharp9-relational-pattern" 
This reverts commit 5e75a4109c, reversing
changes made to c751c516bf.
 2020-11-27 12:23:38 +01:00
Anders Schack-Mulligen
fec9758252 Dataflow: Sync. 2020-11-27 12:16:43 +01:00
Anders Schack-Mulligen
8f4fce185b Dataflow: Review fixes. 2020-11-27 12:16:28 +01:00
Rasmus Wriedt Larsen
cc9a7fe4fe Python: Move BarrierGuards to own file 2020-11-27 12:09:57 +01:00
Geoffrey White
a94f244659 Merge pull request #4736 from jbj/downgrade-to-recommendations 
C++: Downgrade two queries to recommendation
 2020-11-27 10:58:20 +00:00
CodeQL CI
d3cded330e Merge pull request #4693 from RasmusWL/python-add-import-test-shadowing-stdlib-v2 
Approved by tausbn
 2020-11-27 10:32:21 +00:00
Tamás Vajk
5e75a4109c Merge pull request #4653 from tamasvajk/feature/csharp9-relational-pattern 
C#: Extract relational patterns
 2020-11-27 11:23:12 +01:00
Geoffrey White
390e61b674 C++: Add public domain and translated from QL exceptions. 2020-11-27 10:15:56 +00:00
Rasmus Wriedt Larsen
7b4e890e7b Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2020-11-27 11:00:30 +01:00
Erik Krogh Kristensen
fd0d5c9e46 add command parsing model for "commander" 2020-11-27 09:58:00 +00:00
Erik Krogh Kristensen
653ebf7668 add command parsing model for "dashdash" 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
269de49196 add model for "meow" 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
c5ac98d2e8 add command parsing model for command-line-args 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
f33cd8bc8e add command parsing model for argparse 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
45067ee651 add command parsing model for "arg" 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
821b4be522 more accurately model command parsers that take process.argv as an argument 2020-11-27 09:56:50 +00:00
Jonas Jensen
8069e7b031 C++: Downgrade two queries to recommendation 
The `cpp/local-variable-hides-global-variable` doesn't seem right as a
warning without some additional context. For example, is the local
variable and the global variable used in the same function body, and
do they have similar enough types that it would be possible to confuse
them.

The `cpp/missing-header-guard` query enforces good style and helps with
compilation speed, but AFAIK it has never flagged a correctness issue.
Therefore I think it should be a recommendation.
 2020-11-27 10:45:03 +01:00
Tamas Vajk
07c989deb1 C#: Add upgrade folder 2020-11-27 10:21:17 +01:00