hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,350 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.5
Commit Graph

20350 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus Brock-Nannestad
72a699e099 Python: Add CallCfgNode class and rewrite using that class 
I prefer this name to `CfgCallNode` as the latter will make
autocomplete more difficult.
 2021-02-08 16:55:18 +01:00
Asger Feldthaus
b278233a94 JS: Mention all versions of Angular are supported 2021-02-08 15:45:46 +00:00
Taus Brock-Nannestad
46eb3fd10a Python: Even more API::Node pushing. 2021-02-08 14:22:42 +01:00
Taus
c0c2aa69b3 Merge branch 'main' into python-port-flask-to-api-graphs 2021-02-08 14:17:25 +01:00
Taus Brock-Nannestad
2c4a477a4e Python: Support moduleImport("dotted.name") in API graphs 2021-02-08 14:08:34 +01:00
Taus
738d1bc3d4 Python: More use of API::Node 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-02-08 14:08:16 +01:00
Tamas Vajk
bd50ed975f Fix doc comment 2021-02-08 11:18:37 +01:00
CodeQL CI
8a2e063af7 Merge pull request #5107 from asgerf/js/json-in-script-tag 
Approved by erik-krogh
codeql-cli/v2.4.4 		2021-02-08 09:52:53 +00:00
Erik Krogh Kristensen
504db8739d fix typo in execa change-note file name 2021-02-08 10:00:26 +01:00
Erik Krogh Kristensen
8ca75e41d2 add change note 2021-02-08 09:59:45 +01:00
intrigus
2e30f2d9ce Java: Fix QHelp & accept test output 
Accept test output for changed alert message.
 2021-02-08 00:05:02 +01:00
Tamas Vajk
ef55ca179b Improve file read exception logging 2021-02-07 09:06:11 +01:00
Tamas Vajk
6d908876e0 Add new .stats file 2021-02-07 09:06:11 +01:00
Tamas Vajk
96248f8845 Add DB upgrade folder 2021-02-07 09:06:11 +01:00
Tamas Vajk
63b0fe10e4 Rework foreach_stmt_info extraction 2021-02-07 09:06:11 +01:00
Tamas Vajk
7c506f445c C#: Extract underlying methods of foreach statements 2021-02-07 09:06:11 +01:00
Jonas Jensen
7859c5234a Merge pull request #5085 from geoffw0/msprintf2 
C++: Fix FormattingFunction regression.
 2021-02-06 16:06:35 +01:00
yoff
f1a0ec2dec Merge pull request #4981 from RasmusWL/port-url-redirect-query 
Python: Port url redirect query
 2021-02-06 00:39:10 +01:00
yoff
ddd362bc16 Update python/ql/src/semmle/python/frameworks/Django.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2021-02-05 23:31:20 +01:00
Raul Garcia (MSFT)
d775528069 Fixes on multiple files. 2021-02-05 14:09:26 -08:00
Asger Feldthaus
0ceb8aa638 JS: Bump extractor version 2021-02-05 21:55:43 +00:00
Asger Feldthaus
236b7c5887 JS: Tolerate JSON in script tags 2021-02-05 21:54:50 +00:00
Taus
d3a79ecff1 Update python/ql/src/semmle/python/frameworks/Flask.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-02-05 22:54:27 +01:00
Jonathan Leitschuh
f00b0baaea Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-05 16:31:37 -05:00
Taus Brock-Nannestad
3d2548ed28 Python: Get rid of remaining type trackers in Flask model 
At this point, we may want to reconsider whether we really want the
deeply-nested module structure we had before (and which made the type
trackers somewhat bearable).

There's also a question of how we can make this a bit more
smooth. I think we need to consider exactly how we would like the
interface to this to work.
 2021-02-05 21:58:08 +01:00
Taus Brock-Nannestad
5bfde2c0f2 Python: Fix overly broad class attribute node class 
This is not strictly necessary, but it was bothering me that this
simply covered _all_ nodes that were both definitions and names at the
same time. Now it actually encompasses what the documentation claims
it does.
 2021-02-05 21:56:57 +01:00
Taus Brock-Nannestad
7f3c6acd08 Python: Handle class attribute references in API graph 
This is slightly dubious, and should really be in the currently
unimplemented "def" counterpart to the "use" bits we already have.

However, it seems to work correctly, and in the spirit of moving
things along, this seemed like the easier solution. We can always
replace the implementation with the "proper" approach at a later point.
 2021-02-05 21:54:35 +01:00
Alexander Eyers-Taylor
9af99f195e Merge pull request #5095 from alexet/imporve-js-perf 
Javascript: Improve performance of ExplicitInvokeNode::getArgument
 2021-02-05 18:49:03 +00:00
Jonathan Leitschuh
bfa9324266 CWE-1104: Maven POM dependence upon Bintray/JCenter 2021-02-05 13:05:51 -05:00
Raul Garcia (MSFT)
d48a713f30 Fixing cutom edges predicate 2021-02-05 09:27:08 -08:00
Raul Garcia (MSFT)
681e6a9303 Adding Solorigate context for the generic backdoor queries. 2021-02-05 09:02:59 -08:00
Taus Brock-Nannestad
ef600575ca Python: Add API graph support for subclasses 2021-02-05 16:52:58 +01:00
Taus Brock-Nannestad
b39cbf82c6 Python: Port Flask models to use API graphs 
Most of the type trackers in this model were easily replaceable with
uses of the API graph, but the ones for tracking subclasses are
problematic, as these take us out of the API graph.
 2021-02-05 14:41:42 +01:00
yoff
7fef1a8817 Merge pull request #5069 from tausbn/python-api-graphs 
Python: Add support for API graphs
 2021-02-05 13:17:09 +01:00
Shati Patel
6a46be2379 Install sphinx extension for building markdown tables 2021-02-05 12:07:06 +00:00
Shati Patel
5f17fa8366 Docs: Add outline for CWE coverage page 2021-02-05 12:06:57 +00:00
Taus Brock-Nannestad
78cb53449d Python: Slight cleanup of Cached::call 
Makes it more similar to the other functions in this module.
 2021-02-05 12:47:26 +01:00
Taus
6c8dfb253d Python: Use flowsTo instead of hasLocalSource 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-02-05 12:42:41 +01:00
Tamás Vajk
d7505e41db Merge pull request #5091 from tamasvajk/feature/cleanup-nullable 
C#: Fix nullable warnings and some code quality issues
 2021-02-05 12:07:42 +01:00
Jonas Jensen
6e5d56cbcb Merge pull request #5097 from geoffw0/qldoceg11 
C++: QLDoc Improvements
 2021-02-05 12:00:35 +01:00
Shati Patel
474ddc9bc8 Merge pull request #5090 from RasmusWL/docs-fix-direct-query-link 
Docs: Use /blob/ instead of /tree/ for direct query link
 2021-02-05 10:50:40 +00:00
Jonas Jensen
c945ece80d Merge pull request #5100 from MathiasVP/fix-changenote-unsigned-difference-expression-compared-zero 
C++: Add query author and link to original PR in change-note
 2021-02-05 11:21:48 +01:00
Geoffrey White
55b0dbd7b8 C++: Autoformat. 2021-02-05 10:02:31 +00:00
Taus
a66743192e Python: Fix typo in docs 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-02-05 10:58:47 +01:00
Mathias Vorreiter Pedersen
a416a089b4 Update cpp/change-notes/2020-02-04-unsigned-difference-expression-compared-zero.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-02-05 09:48:54 +01:00
Tamás Vajk
87ba9d55b6 Merge pull request #4687 from tamasvajk/feature/csharp9-records 
C#: Extract record declarations
 2021-02-05 08:56:24 +01:00
luchua-bc
a183b00166 Query to detect main method in servlets 2021-02-05 03:53:01 +00:00
Raul Garcia (MSFT)
3dc1b81d65 Changing ProcessNameToHash query to path-problem. Any additional feedback will be welcomed 2021-02-04 17:54:35 -08:00
Raul Garcia (MSFT)
9ef4aef28e Changing location for NonCryptographicHash qll 
Changing the TimeBomb query to path-problem (any suggestions to improve it would be welcomed, no previous experience iwth path-problem queries)
 2021-02-04 16:59:38 -08:00
Robert Marsh
649bd03db6 Merge pull request #5101 from NateD-MSFT/patch-1 
Add KeGetCurrentProcessorNumberEx to CWE-457 whitelist
 2021-02-04 16:59:07 -08:00