hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,357 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.6
Commit Graph

20357 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
b55f18bffd Merge pull request #4549 from erik-krogh/pruneReturn 
Approved by asgerf
 2020-11-05 09:13:21 +00:00
CodeQL CI
c85f817cee Merge pull request #4579 from erik-krogh/redos 
Approved by asgerf
 2020-11-05 08:38:44 +00:00
Robert Marsh
2f204869e7 Merge pull request #4604 from criemen/ir-block-sort-order 
C++, C# IR: Stabilize sort order for basic blocks.
 2020-11-04 18:22:23 -05:00
Erik Krogh Kristensen
342b6a4f2d Update javascript/ql/src/semmle/javascript/security/performance/SuperlinearBackTracking.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-11-04 22:37:56 +01:00
Tom Hvitved
1ba9e29a40 C#: Precise data flow for EntityFramework(Core) 2020-11-04 19:48:03 +01:00
Alvaro Muñoz
302062b670 Merge branch 'new_deser_sink' of https://github.com/pwntester/ql into new_deser_sink 2020-11-04 18:58:57 +01:00
Alvaro Muñoz
6fef63306e add qldoc 2020-11-04 18:58:41 +01:00
Erik Krogh Kristensen
e16fa0668a update expected output 2020-11-04 18:24:31 +01:00
Asger Feldthaus
5eb3067f58 JS: Add test case 2020-11-04 16:50:23 +00:00
Geoffrey White
48628fa195 Merge pull request #4589 from criemen/model-vector-emplace 
C++: Model std::vector emplace and emplace_back()
 2020-11-04 16:09:31 +00:00
Tom Hvitved
b5063bbcb5 Merge pull request #4495 from hvitved/csharp/dataflow/summaries 
C#: Shared interface/implementation for flow summaries
 2020-11-04 17:02:19 +01:00
Cornelius Riemenschneider
78d885ee7d C++: Accept test output. 2020-11-04 16:45:07 +01:00
Cornelius Riemenschneider
44d6584fa2 C++, C#: Auto-format. 2020-11-04 16:26:56 +01:00
Cornelius Riemenschneider
a13947424a C++, C# IR: Stabilize sort order for basic blocks. 2020-11-04 16:26:56 +01:00
Cornelius Riemenschneider
e7e5754270 C++: Add taint model for std::vector::emplace/_back. 2020-11-04 16:20:01 +01:00
Erik Krogh Kristensen
03c46c9be0 autoformat 2020-11-04 16:18:24 +01:00
yoff
79fcf598f3 Merge pull request #4608 from RasmusWL/patch-1 
Python: Remove unnecessary cached annotation from adjacentRefUse
 2020-11-04 16:08:30 +01:00
Cornelius Riemenschneider
62a02cde73 C++: Add test to show missing taint steps for std::vector::emplace/_back 2020-11-04 16:07:15 +01:00
Cornelius Riemenschneider
081ab1e2bb C++: Add std::vector::emplace/_back to our STL model. 2020-11-04 16:07:08 +01:00
Rasmus Lerchedahl Petersen
38b2bb2828 Python: Add testfile with regressions 2020-11-04 15:55:59 +01:00
Ian Lynagh
6ff939db5c Merge pull request #4432 from dbartol/dbartol/temporaries/work 
C++: Represent temporary object initialization in AST and IR
 2020-11-04 14:38:45 +00:00
Rasmus Lerchedahl Petersen
6df3b8d524 Python: Update query and expectation 2020-11-04 15:17:38 +01:00
Rasmus Wriedt Larsen
31247739d7 Python: Remove unnecessary cached annotation from adjacentRefUse 
As discussed in https://github.com/github/codeql/pull/4544#pullrequestreview-516575676
 2020-11-04 15:16:08 +01:00
Rasmus Lerchedahl Petersen
9baa7b73da Merge branch 'main' of github.com:github/codeql into SharedDataflow_PointsToImpliesDataflow 2020-11-04 15:05:59 +01:00
yoff
62cb4ec974 Merge pull request #4605 from RasmusWL/python-fix-django-response-modeling 
Python: fix django response modeling
 2020-11-04 15:00:52 +01:00
Tom Hvitved
131a05563a C#: Disable shared compilation when building with Mono+MSBuild 2020-11-04 14:16:25 +01:00
Porcupiney Hairs
0a028dcb47 Java : Refactor all instances of java.net.URI into TypeUri 2020-11-04 18:23:26 +05:30
Rasmus Wriedt Larsen
5cf8285717 Python: Fix default mimetype for django FileResponse 2020-11-04 12:28:51 +01:00
Rasmus Wriedt Larsen
826aedeb85 Python: Remove resolved TODO 2020-11-04 12:17:31 +01:00
Rasmus Wriedt Larsen
353505ec6c Python: Handle content of Django redirects correctly 2020-11-04 12:10:58 +01:00
Taus
180373c41d Merge pull request #4597 from yoff/python-fix-ql-doc 
Python: Fix ql doc
 2020-11-04 11:37:32 +01:00
Rasmus Wriedt Larsen
92dc7dc2f3 Python: Use mimetype instead of content-type in django modeling 
This enables the XSS query to actually find results from django responses.
 2020-11-04 11:34:20 +01:00
Alvaro Muñoz
aa7b87aa33 Update java/change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-11-04 10:58:27 +01:00
Alvaro Muñoz
b284141a16 Merge branch 'new_deser_sink' of https://github.com/pwntester/ql into new_deser_sink 2020-11-04 10:51:07 +01:00
Alvaro Muñoz
436563d914 ChangeNote for new unsafe deserialization sinks 2020-11-04 10:50:50 +01:00
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00
Alvaro Muñoz
6f78b725e6 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-11-04 10:43:37 +01:00
Anders Schack-Mulligen
14c4d8d565 Java: Add change note for #3812. 2020-11-04 10:15:08 +01:00
Anders Schack-Mulligen
26495225e0 Update java/ql/src/experimental/Security/CWE/CWE-927/SensitiveBroadcast.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-11-04 10:05:55 +01:00
luchua-bc
3f0cdb6a1a Update qldoc and comments 2020-11-03 19:40:28 +00:00
Tom Hvitved
c5abf29dfc C#: Update flow-summary test 2020-11-03 20:28:42 +01:00
Dave Bartolomeo
4cc9110dbd Fix test expectation 2020-11-03 13:39:33 -05:00
Calum Grant
4259c81061 Merge pull request #4599 from github/calumgrant/catchup-1.26 
Catchup 1.26
 2020-11-03 17:16:05 +00:00
Dave Bartolomeo
f0b9794907 Merge remote-tracking branch 'upstream/main' into work 2020-11-03 11:33:44 -05:00
luchua-bc
fa54c23a83 Handle the edge case that an exception is rethrown in a catch clause 2020-11-03 16:31:12 +00:00
Anders Schack-Mulligen
92494441a7 Merge pull request #4554 from aschackmull/dataflow/reverse-partial 
Dataflow: Add support reverse partial flow exploration.
 2020-11-03 15:34:30 +01:00
Tom Hvitved
438b8dd273 C#: Fix typos 2020-11-03 14:57:07 +01:00
Erik Krogh Kristensen
b02004430c prune results that end with newline, where the input cannot contain newlines 2020-11-03 14:48:39 +01:00
Erik Krogh Kristensen
120faf9d1a add a code injection sink for JSDOM when "runScripts" is set to "dangerously" 2020-11-03 14:29:00 +01:00
Tom Hvitved
f4d1d73bcd C#: Shared interface/implementation for flow summaries 2020-11-03 13:47:28 +01:00