hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
064d89735b Merge pull request #5046 from MathiasVP/model-more-pure-functions 
C++: Model more pure functions
 2021-01-29 22:05:48 +00:00
Geoffrey White
03922aa1f5 C++: Exclude custom vprintf implementations. 2021-01-29 21:20:36 +00:00
Rasmus Lerchedahl Petersen
f6fa1276a6 Python: Add consistency checks 
to all data-flow test floders
 2021-01-29 21:28:43 +01:00
Rasmus Lerchedahl Petersen
05a138694d Python: Fix crashing test 2021-01-29 21:12:44 +01:00
Rasmus Lerchedahl Petersen
7f1affa122 Python: UnpackingAssignment -> IterableUnpacking 2021-01-29 17:44:53 +01:00
Rasmus Lerchedahl Petersen
182d435dc6 Python: Replace comprehension read-step by for 
read-step. Add a version targetting sequence nodes.
 2021-01-29 17:31:59 +01:00
Tamas Vajk
7e9913a8a7 Fix failing pattern tests 2021-01-29 17:25:44 +01:00
Rasmus Wriedt Larsen
94e7980ca4 Merge branch 'main' into port-url-redirect-query 2021-01-29 16:22:50 +01:00
Rasmus Wriedt Larsen
ef831bb16f Python: Fix tornado redirect QLdoc 2021-01-29 16:21:39 +01:00
Rasmus Wriedt Larsen
9c01aa2304 Python: Add modeling for django.shortcuts.redirect 2021-01-29 15:41:00 +01:00
Rasmus Wriedt Larsen
ff2f2b5792 Python: Add django.shortcuts.redirect test 2021-01-29 15:37:20 +01:00
Tamas Vajk
a9c51e7300 Fix missing pattern matching completions 2021-01-29 15:16:30 +01:00
CodeQL CI
c9537f2639 Merge pull request #5029 from asgerf/js/silence-angular-template-fps 
Approved by erik-krogh
 2021-01-29 06:06:37 -08:00
Taus Brock-Nannestad
817a142abc Python: Add getLocation to EssaVariable. 
This may be a slightly "bogus" location to provide for ESSA variables,
but it can be useful for debugging. For instance, where previously you
might just see

```
SSA variable x | ...
SSA variable x | ...
SSA variable x | ...
SSA variable x | ...
SSA variable x | ...
SSA variable x | ...
```

where each instance of `SSA variable x` was just a bare string, now
each occurrence will tell you (via its location) _where_ this variable
is being (re)defined.
 2021-01-29 14:45:12 +01:00
Taus
cb195a0dc4 Merge pull request #4752 from yoff/python-dataflow-unpacking-assignment 
Python: Dataflow, unpacking assignment
 2021-01-29 14:15:28 +01:00
Taus
be5b7bb4c4 Merge pull request #5022 from yoff/python-split-lambdas 
Python: Callable for lambdas
 2021-01-29 14:12:26 +01:00
Mathias Vorreiter Pedersen
92a5a2a06a C++: Solve merge conflicts by merging the two test.c test files. 2021-01-29 13:34:19 +01:00
Mathias Vorreiter Pedersen
d5f1c19152 Merge branch 'main' into ihsinme-patch-221 2021-01-29 13:05:07 +01:00
Erik Krogh Kristensen
c9ec983cd8 add js/client-side-unvalidated-url-redirection test for script tags inside react code 2021-01-29 12:50:43 +01:00
Erik Krogh Kristensen
39591687ba add js/code-injection sink for script tags in React 2021-01-29 12:50:17 +01:00
Luke Cartey
76c9b6466e Reformat TaintTrackingUtil.qll with more recent CodeQL CLI 2021-01-29 11:27:30 +00:00
Tamas Vajk
91152d3a65 Add additional tests to delegate call data flow 2021-01-29 12:02:11 +01:00
Tamas Vajk
191962f64c C#: Add data flow 'getARuntimeTarget' predicate to 'FunctionPointerCall' 2021-01-29 12:01:38 +01:00
Tom Hvitved
bf5851f1c2 C#: Reduce caching in SsaImplCommon.qll 2021-01-29 11:42:52 +01:00
ihsinme
bdbf5a4fae Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-01-29 13:41:45 +03:00
Tom Hvitved
1a507ff497 C#: Remove Cached module from SsaImplCommon.qll 2021-01-29 10:52:42 +01:00
Geoffrey White
50f2557dd2 Merge pull request #5043 from MathiasVP/uniform-treatment-of-params-and-qualifiers-in-model-dataflow 
C++: Uniform treatment of parameters and qualifiers in model dataflow
 2021-01-29 09:48:07 +00:00
Erik Krogh Kristensen
3f1e81533c support html attribute concatenations with single quotes 2021-01-29 10:37:37 +01:00
ihsinme
c8eeb5f73e Update WrongInDetectingAndHandlingMemoryAllocationErrors.ql 2021-01-29 11:51:15 +03:00
Mathias Vorreiter Pedersen
339c4c6ce0 C++: Model more pure functions. 2021-01-28 19:37:53 +01:00
Geoffrey White
7d9ebaf9d8 Merge pull request #5040 from MathiasVP/strset-and-strtok-models 
C++: Strset and strtok model implementations
 2021-01-28 18:34:06 +00:00
Geoffrey White
768be9ec2c Merge pull request #5041 from ihsinme/ihsinme-patch-198 
CPP: Improve cpp/memory-leak-on-failed-call-to-realloc
 2021-01-28 18:29:24 +00:00
Mathias Vorreiter Pedersen
23eb4d2009 C++: Fix isParameterDeref typo. 2021-01-28 18:29:30 +01:00
Mathias Vorreiter Pedersen
75aa1e8a3b C++: Respond to review comments. 2021-01-28 16:39:11 +01:00
Geoffrey White
02d60a26eb Merge pull request #5037 from github/igfoo/decltype 
C++: decltypes may have multiple expressions
 2021-01-28 14:44:53 +00:00
Shati Patel
1c56c30eba Merge pull request #5028 from shati-patel/docs/update-footer 
Docs: Update copyright date in footer
 2021-01-28 13:11:43 +00:00
Tom Hvitved
59d87e2570 Merge pull request #4557 from hvitved/csharp/dataflow/parameters 
C#: Simpler data-flow modelling of parameters
 2021-01-28 14:02:42 +01:00
ihsinme
f94a7fc2f0 Update MemoryLeakOnFailedCallToRealloc.ql 2021-01-28 15:47:38 +03:00
Mathias Vorreiter Pedersen
5a420f2bae C++: Use the new predicates for uniform treatment of parameters and qualifiers in model dataflow. 2021-01-28 13:33:08 +01:00
ihsinme
8ed28157e1 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.expected to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.expected 2021-01-28 15:28:52 +03:00
ihsinme
f65ec97ac2 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/test.c to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen/test.c 2021-01-28 15:28:34 +03:00
ihsinme
8880b38b1f Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.qlref to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.qlref 2021-01-28 15:28:15 +03:00
Rasmus Wriedt Larsen
b6007cf324 Merge pull request #5023 from yoff/python-unify-synthetic-post-update-nodes 
Python: Only generate one post-update node, even if there are multiple reasons for doing so.
 2021-01-28 13:11:50 +01:00
Rasmus Wriedt Larsen
173012578e Python: Add missing type-tracking step for django.views 
Easy to overlook, and will onyl be caught by tests if they use `import
parent.thing` and not `from parent import thing`
 2021-01-28 12:10:42 +01:00
Rasmus Wriedt Larsen
54725ccbb9 Python: Support full-path import of Django View class 
requestHandler still MISSING :(
 2021-01-28 12:10:40 +01:00
Rasmus Wriedt Larsen
61d69f2cc8 Python: Add test for full-path import of Django View class 2021-01-28 12:10:39 +01:00
ihsinme
2b4296feb1 Update MemoryLeakOnFailedCallToRealloc.ql 2021-01-28 13:38:26 +03:00
ihsinme
cf565970e3 Merge pull request #1 from github/main 
update fork
 2021-01-28 13:26:11 +03:00
yoff
1068edeb28 Merge pull request #5038 from RasmusWL/import-fix 
Python: Fix too many results from DataFlow::importNode
 2021-01-28 11:25:17 +01:00
Mathias Vorreiter Pedersen
2c70106d2d Merge pull request #5009 from ihsinme/ihsinme-patch-219 
CPP: add query for CWE-788 Access of memory location after the end of a buffer using strncat.
 2021-01-28 11:10:30 +01:00