hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-16 07:54:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,680 Branches 158 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
f2ce125e61 Merge pull request #3902 from Marcono1234/fix-outdated-query-links 
Approved by shati-patel
 2020-07-06 21:13:05 +01:00
Philippe Antoine
8f7ff1a537 Adds another redundant null check rule 2020-07-06 21:45:54 +02:00
Marcono1234
5649254dbd Fix broken link formatting in introduce-libraries-java.rst 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-07-06 20:35:11 +02:00
Ian Lynagh
0d9b18dbd7 C++: Accept test changes for is_constexpr 
Generated copy and move constructors may now be marked as constexpr.
 2020-07-06 19:24:39 +01:00
Geoffrey White
0caa17ab10 C++: Test the new methods. 2020-07-06 18:47:56 +01:00
Geoffrey White
52e501c41d C++: Extend the 'swap' taint tests with methods that do not have recognizable signatures (copy/move assignment). 2020-07-06 18:44:37 +01:00
Shati Patel
f98491a052 Apply suggestions from code review 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-07-06 18:30:01 +01:00
Erik Krogh Kristensen
442ee8d1cc add consistency-checking for CWE-089 2020-07-06 19:02:50 +02:00
Marcono1234
0a9686709b Fix wrong method name 2020-07-06 18:52:07 +02:00
semmle-qlci
fe0c5a9ea6 Merge pull request #3892 from asger-semmle/js/redirect-starts-with-sanitizer 
Approved by esbena
 2020-07-06 17:04:30 +01:00
Rasmus Wriedt Larsen
d00e7396c4 Python: Consistently use camelCase in annotated call-graph tests 2020-07-06 17:59:16 +02:00
Rasmus Wriedt Larsen
65c4e6c02a Python: Disable class instantiation annotation for now 
Adjusting test setup properly requires some deep thinking, and I don't think I'm
ready to do that right now. Added a TODO instead.
 2020-07-06 17:48:15 +02:00
Rasmus Wriedt Larsen
cd8ea78420 Python: Autoformat 2020-07-06 17:34:19 +02:00
Rasmus Wriedt Larsen
9e252d5465 Python: Explain random example 2020-07-06 17:30:49 +02:00
Rasmus Wriedt Larsen
849159b279 Python: Unlimited import depth 2020-07-06 17:30:26 +02:00
Rasmus Wriedt Larsen
acfc62cad6 Python: Fix grammar 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-07-06 17:21:29 +02:00
Anders Schack-Mulligen
f98460cfd0 Java: Use SpringHttpEntity class. 2020-07-06 16:54:20 +02:00
Anders Schack-Mulligen
ae21de90b6 Java: Misc grammar and formatting. 2020-07-06 16:19:42 +02:00
Anders Schack-Mulligen
b06d1c715a Java: More qldoc and some formatting. 2020-07-06 16:04:14 +02:00
Marcono1234
6ff8508d01 Java: Clarify documentation for Location predicate results 2020-07-06 15:46:11 +02:00
semmle-qlci
6d80445f24 Merge pull request #3851 from erik-krogh/queryStuff 
Approved by esbena
 2020-07-06 14:40:41 +01:00
Anders Schack-Mulligen
5e9e7feddc Java: Add some qldoc and minor formatting. 2020-07-06 15:39:20 +02:00
Anders Schack-Mulligen
e6658c5110 Java: Cleanup TaintTrackingUtil.qll 2020-07-06 15:35:16 +02:00
Erik Krogh Kristensen
9a944625d1 autoformat 2020-07-06 15:17:15 +02:00
Anders Schack-Mulligen
5d8f9a79f1 Java: Misc grammar fixes. 2020-07-06 14:50:33 +02:00
Anders Schack-Mulligen
a80e663ab5 Java: Minor typo fix and autoformat 2020-07-06 14:43:01 +02:00
Anders Schack-Mulligen
2ce0921935 Java: Clean up SpringHttp.qll 2020-07-06 14:35:53 +02:00
Anders Schack-Mulligen
2ae15f9ace Java: Remove list, map, and StringReplaceMethod flow steps. 2020-07-06 14:19:13 +02:00
Anders Schack-Mulligen
a41c2d8abf Java: Make a few predicates private and autoformat SpringController. 2020-07-06 14:18:16 +02:00
Erik Krogh Kristensen
2a8b37e004 update consistency comments in unsafe-jquery-plugin.js 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-07-06 14:15:23 +02:00
Erik Krogh Kristensen
c986f3bb7c add consistency checking for CWE-079 2020-07-06 13:42:35 +02:00
Erik Krogh Kristensen
dc8042adeb introduce conistency-checking for CWE-078 2020-07-06 12:47:56 +02:00
semmle-qlci
13c3513d76 Merge pull request #3905 from erik-krogh/unsafeShellTypo 
Approved by esbena
 2020-07-06 11:41:56 +01:00
Arthur Baars
f917b9e3cb Merge pull request #3608 from aschackmull/java/backport-switchexpr-cfg-fix 
Java: Backport missing CFG edge fix for switch expressions
 2020-07-06 11:43:16 +02:00
Arthur Baars
d2734b2903 Merge pull request #3684 from aschackmull/java/javadoctag-qldoc 
Java: Improve qldoc for JavadocTag.
 2020-07-06 11:42:04 +02:00
Arthur Baars
98d24101b1 Merge pull request #3687 from aschackmull/java/getanenclosingstmt 
Java: Add Expr.getAnEnclosingStmt.
 2020-07-06 11:41:21 +02:00
semmle-qlci
73d606d2c3 Merge pull request #3844 from github/esbena-patch-3 
Approved by erik-krogh
 2020-07-06 09:47:59 +01:00
Erik Krogh Kristensen
8585312271 fix typo in js/shell-command-constructed-from-input 2020-07-06 10:33:49 +02:00
Marcono1234
2d9b52f750 Update query console links in source-locations.rst, replace deprecated predicates 
Removes 'eclipse-cdt/cdt' and 'gradle/gradle' from the queried projects
because they cannot be queried currently, and instead queries all demo
projects which are currently available.
 2020-07-05 22:32:53 +02:00
Marcono1234
7b4960c9a7 Update query console links in javadoc.rst 
Removes 'gradle/gradle' from the queried projects because it cannot be
queried currently, and instead queries all demo projects which are currently
available.
 2020-07-05 22:06:39 +02:00
Marcono1234
b835d7879c Update query console links in introduce-libraries-java.rst 
Removes 'eclipse-cdt/cdt' and 'gradle/gradle' from the queried projects
because they cannot be queried currently, and instead queries all demo
projects which are currently available.
 2020-07-05 22:06:26 +02:00
Marcono1234
2b3b64cdbc Update query console links in expressions-statements.rst 
Removes 'eclipse-cdt/cdt' and 'gradle/gradle' from the queried projects
because they cannot be queried currently, and instead queries all demo
projects which are currently available.
 2020-07-05 20:04:36 +02:00
Marcono1234
c10a598670 Update query console links in call-graph.rst 
Removes 'eclipse-cdt/cdt' and 'gradle/gradle' from the queried projects
because they cannot be queried currently, and instead queries all demo
projects which are currently available.
 2020-07-05 19:54:27 +02:00
Marcono1234
ab2456630c Update query console links in annotations.rst 
Removes 'eclipse-cdt/cdt' and 'gradle/gradle' from the queried projects
because they cannot be queried currently, and instead queries all demo
projects which are currently available.
 2020-07-05 19:43:48 +02:00
Marcono1234
13ffd7307c Update query console links in types-class-hierarchy.rst 
Removes 'gradle/gradle' from the queried projects because it cannot be
queried currently, and instead queries all demo projects which are currently
available.
 2020-07-05 19:20:42 +02:00
Marcono1234
f8e474f89a Add missing java.nio.file.Files methods to FileReadWrite.qll 2020-07-05 18:39:26 +02:00
luchua-bc
d6e9b07a9e Add JBoss BasicLogger and SciJava Logger 2020-07-03 22:34:48 +00:00
lcartey@github.com
b242a61701 Java: Untrusted data used in external APIs 
This commit adds two queries for identifying external APIs which are
used with untrusted data.

These queries are intended to facilitate a security review of the
application, and will report any external API which is called with
untrusted data. The purpose of this is to:
 - review how untrusted data flows through this application
 - identify opportunities to improve taint modeling of sinks and taint
   steps.
As a result this is not suitable for integration into a developer
workflow, as it will likely have high false positive rate, but it may
help identify false negatives for other queries.
 2020-07-03 17:32:08 +01:00
Arthur Baars
19a481f809 Java: Arrays: add tests 2020-07-03 17:15:17 +02:00
Arthur Baars
0b89efbee4 Java: model Arrays::addList 2020-07-03 17:15:17 +02:00