hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 14:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,673 Branches 157 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
15049ca853 Merge pull request #5183 from erik-krogh/next 
Approved by asgerf
 2021-03-04 04:57:43 -08:00
Anders Schack-Mulligen
f9365dc9ac Merge pull request #5324 from aschackmull/java/merge-5226 
Java: merge #5226
 2021-03-04 13:47:59 +01:00
Tamas Vajk
3e0245a7fc Fix test case for RuntimeChecksBypass 2021-03-04 12:47:21 +01:00
Chris Smowton
da0a7f343a Move existing value-preserving methods to use ValuePreservingCallable 2021-03-04 11:45:45 +00:00
Chris Smowton
40b0f68d2a Add backward dataflow edges through modelled function invocations. 
Also add convenience abstract classes for easily modelling new functions as fluent or value-preserving.
 2021-03-04 11:45:19 +00:00
Chris Smowton
71cd329ded Directly import Lang from ExternalFlow's Frameworks module 2021-03-04 11:12:21 +00:00
Chris Smowton
563404120f Move calls to getSourceDeclaration 2021-03-04 11:11:56 +00:00
Chris Smowton
43b9436bb8 Convert Apache misc text models to CSV taint-flow specifications 2021-03-04 11:11:56 +00:00
Chris Smowton
0029d3b743 Java CSV flow summaries: allow specifying an unqualified typename to imply either the type itself or any generic specialisation. 
It is still possible to specify a precise generic signature if need be.
 2021-03-04 11:11:56 +00:00
Chris Smowton
224e537459 Add change note 2021-03-04 11:11:56 +00:00
Chris Smowton
b0ba0585a7 Add models for Apache Commons Lang and Text's Str[ing]Substitutor 2021-03-04 11:11:55 +00:00
Chris Smowton
f749c31136 Add models for commons lang/text's Str[ing]Lookup class 2021-03-04 11:11:55 +00:00
Chris Smowton
1580d23b2b Add models for WordUtils and StrTokenizer 
Both of these have commons-text and commons-lang variants.
 2021-03-04 11:11:55 +00:00
Tamas Vajk
90acd8c695 Explicitly enable nullability analysis in guards tests 2021-03-04 11:39:56 +01:00
Anders Schack-Mulligen
45f52289ea Merge branch 'main' into java/merge-5226 2021-03-04 11:36:16 +01:00
Anders Schack-Mulligen
fe07630e40 Merge pull request #5219 from smowton/smowton/feature/backward-dataflow-for-fluent-methods 
Java: Add backward dataflow edges through fluent function invocations.
 2021-03-04 11:13:32 +01:00
CodeQL CI
342c7abd74 Merge pull request #5301 from asgerf/js/ajv-model 
Approved by erik-krogh
 2021-03-04 01:27:38 -08:00
Rasmus Lerchedahl Petersen
9f8a028dfc Python: add .expected-file 2021-03-04 00:12:34 +01:00
Rasmus Wriedt Larsen
3dc0c2081e Python: Fix taint-propagation to methods 
Before we would add a step from _any_ request instance to _any_ method (CP).
 2021-03-03 21:55:33 +01:00
luchua-bc
1784c202a7 Clean up the query 2021-03-03 17:03:37 +00:00
Rasmus Lerchedahl Petersen
3dd34c9ba9 Python: rewrite comment 2021-03-03 17:41:20 +01:00
Owen Mansel-Chan
f9973d10ae Merge pull request #5245 from owen-mc/add-codeql-go-as-codeowner-of-shared-dataflow-library-files 
Add @codeql-go as code owners for the shared data-flow library files
 2021-03-03 16:36:05 +00:00
Taus
c1fd48468a Merge pull request #5286 from RasmusWL/share-crypto-algorithms 
Python/JS: Share modeling of crypto algorithms
 2021-03-03 17:00:01 +01:00
Tamas Vajk
cb4ed90c5c Fix failing tests 2021-03-03 16:58:48 +01:00
Rasmus Lerchedahl Petersen
dcf8c881ff Python: correct mistake in example 2021-03-03 16:54:36 +01:00
Rasmus Lerchedahl Petersen
fafc36a9cb Python: remove (do not introduce) unused import 2021-03-03 16:49:35 +01:00
Rasmus Lerchedahl Petersen
f02a19669f Python: Make exception info concept local 2021-03-03 16:47:31 +01:00
Anders Schack-Mulligen
f91c71c8f7 Merge pull request #5270 from Marcono1234/marcono1234/class-isPackageProtected 
Java: Add Class and Interface.isPackageProtected()
 2021-03-03 16:33:57 +01:00
Anders Schack-Mulligen
7ca57fd7a5 Merge pull request #5294 from Marcono1234/patch-1 
Java: Fix wrong algorithm name matching
 2021-03-03 16:33:13 +01:00
Tamás Vajk
f3885a8a05 Merge pull request #4627 from tamasvajk/feature/csharp9-covariant-return 
C#: Add test for covariant return types
 2021-03-03 16:12:13 +01:00
Marcono1234
d5d0439471 Java: Fix wrong algorithm name matching 
The regex character class `[5|7]` matches `5`, `7` and `|`.
 2021-03-03 15:44:23 +01:00
Marcono1234
b9c0193022 Sync .qhelp file renaming to other languages 2021-03-03 15:38:08 +01:00
Tamas Vajk
ed5d31a385 C#: Upgrade Roslyn dependencies to 3.9 2021-03-03 14:57:56 +01:00
Tamas Vajk
a5a4329669 C#: Add tests for covariant return types 2021-03-03 14:52:10 +01:00
Tamas Vajk
bd2b3e72f8 C#: Use covariant return for context overrides 2021-03-03 14:35:07 +01:00
Tamas Vajk
cfd8a87496 C#: Fix nullability warnings after .net 5 upgrade 2021-03-03 14:25:59 +01:00
Rasmus Wriedt Larsen
c3175ae7b1 Python/JS: Sync CryptoAlgorithms.qll 2021-03-03 14:18:33 +01:00
Tamas Vajk
828e1f81ae Share core analysis logic between standalone and normal analysis 2021-03-03 14:18:19 +01:00
Tamas Vajk
15e26e1a91 C#: Reduce disabled nullability regions by splitting 'Extractor' and 'Analyser' 2021-03-03 14:18:19 +01:00
Tamas Vajk
2697677239 Merge Extractor.Standalone and OutputPath 2021-03-03 14:18:19 +01:00
Tamas Vajk
10ab17a7e0 C#: Enable nullability in csharp extraction project v1 2021-03-03 14:18:19 +01:00
Rasmus Wriedt Larsen
dd75ea31df Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-03 14:17:22 +01:00
Anders Schack-Mulligen
3400c121d6 Merge pull request #5202 from joefarebrother/apache-http 
Java: Add modelling for Apache HTTP Components
 2021-03-03 13:41:41 +01:00
Anders Schack-Mulligen
220383b9fb Merge pull request #5313 from joefarebrother/guava-change-note 
Java: Add change note for Guava
 2021-03-03 13:03:54 +01:00
Anders Schack-Mulligen
663c72ab1d Update java/change-notes/2021-03-23-guava-collections-and-preconditions.md 2021-03-03 12:53:16 +01:00
Tamás Vajk
73ad417757 Merge pull request #5132 from tamasvajk/feature/dotnet502 
C#: Upgrade projects to .net 5
 2021-03-03 12:47:08 +01:00
CodeQL CI
8e2af077a7 Merge pull request #5237 from erik-krogh/moreInf 
Approved by asgerf
 2021-03-03 03:09:07 -08:00
Joe Farebrother
a77cf12596 Add change note for Guava 2021-03-03 10:56:12 +00:00
Artem Smotrakov
7cc7ec962e Updated recommendations for avoiding JEXL injections 2021-03-03 11:40:59 +01:00
Erik Krogh Kristensen
b9450c901a remove development comment 2021-03-03 11:18:09 +01:00