hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 14:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,673 Branches 157 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
41a0c0b55e support React links in js/client-side-unvalidated-url-redirection 2021-03-02 12:25:49 +01:00
Francis Alexander
4384f78595 Play stubs improvements, cleanup and return values 2021-03-02 16:50:16 +05:30
CodeQL CI
79839d2304 Merge pull request #5267 from erik-krogh/httpProxy 
Approved by asgerf
 2021-03-02 02:46:50 -08:00
Owen Mansel-Chan
6460ce3f83 Add @codeql-go as code owners for the shared data-flow library files 2021-03-02 10:39:47 +00:00
Anders Schack-Mulligen
b0fa8dfeae Merge pull request #4214 from porcupineyhairs/springViewManipulation 
[Java] Add QL for detecting Spring View Manipulation Vulnerabilities.
 2021-03-02 11:31:42 +01:00
Mathias Vorreiter Pedersen
6ba35f4aac C++: Fix function renaming and accept test change. 2021-03-02 11:31:24 +01:00
Mathias Vorreiter Pedersen
9f02c144a8 C++: Remove files that were incorrectly added when resolving merge conflicts. 2021-03-02 11:14:49 +01:00
CodeQL CI
2957131853 Merge pull request #5258 from erik-krogh/nextPerf 
Approved by asgerf
 2021-03-02 02:04:20 -08:00
CodeQL CI
9ea8f8201c Merge pull request #5265 from erik-krogh/cacheRemote 
Approved by asgerf
 2021-03-02 02:03:09 -08:00
Mathias Vorreiter Pedersen
ffc6af73b7 C++: Accept test changes. 2021-03-02 11:00:43 +01:00
Mathias Vorreiter Pedersen
748f5344ff Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-02 10:43:37 +01:00
Anders Schack-Mulligen
394c82d564 Apply suggestions from code review 
Adjust qldoc.
 2021-03-02 10:17:07 +01:00
Tamas Vajk
faf69d65da Fix merge error 2021-03-02 09:23:15 +01:00
Tamas Vajk
3b82abd7c7 Simplify MissingCallTarget for calli 2021-03-02 09:21:24 +01:00
Tamas Vajk
7ae640ce16 Fix OS specific tests 2021-03-02 09:21:24 +01:00
Tamas Vajk
f2e667173c C#: Add calli IL opcode extraction 2021-03-02 09:21:24 +01:00
Tamas Vajk
17109a36ce Fix extraction error due to missing DLL 2021-03-02 09:21:24 +01:00
Tamas Vajk
6205ec233c Fix more failing tests 2021-03-02 09:21:24 +01:00
Tamas Vajk
2b1c6faefd Fix failing test 2021-03-02 09:21:24 +01:00
Tamas Vajk
4f383be13b Fix new (nullability) compiler warnings 2021-03-02 09:21:24 +01:00
Tamas Vajk
71f095d6d4 Upgrade projects to .net 5 2021-03-02 09:20:31 +01:00
Aditya Sharad
dbed4a1a8b Actions: Add workflow to request docs review 
When a PR is labelled with 'ready-for-docs-review',
this workflow comments on the PR to notify the GitHub CodeQL docs team.
Runs on `pull_request_target` events so it can write comments to the PR.
Since this runs in the context of the base repo, it must not check out the PR
or use untrusted data from the event payload.

Only runs when the PR base is github/codeql, to prevent notifications from forks.
 2021-03-01 17:15:03 -08:00
Robert Marsh
2b382d588a C++: autoformat Operand.qll 2021-03-01 11:13:04 -08:00
Calum Grant
cee96775b8 Merge pull request #5305 from asgerf/js/tuple-type-rest-index-stats 
JS: Regenerate stats for tuple_type_rest_index
codeql-cli/v2.4.5 		2021-03-01 17:43:55 +00:00
Porcuiney Hairs
5151a528ac Include suggestions from review 2021-03-01 22:59:30 +05:30
Chris Smowton
5d2f3421d8 Add change notes 2021-03-01 16:59:20 +00:00
Chris Smowton
cdccc1a064 Remove needless typecasts 2021-03-01 16:47:34 +00:00
yoff
92128babef Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-01 17:39:17 +01:00
Asger Feldthaus
26924a3378 JS: Regenerate stats for tuple_type_rest_index 2021-03-01 16:30:09 +00:00
Rasmus Lerchedahl Petersen
38748f9e23 Python: restrict attention to ss.wrap_socket 2021-03-01 16:35:21 +01:00
Tamás Vajk
2ac94255b7 Merge pull request #5299 from tamasvajk/feature/limit-codescanning-csharp2 
C#: Fix codeql analysis workflow
 2021-03-01 16:20:03 +01:00
Porcuiney Hairs
14ec148272 refactor to meet experimental guidelines. 2021-03-01 18:46:33 +05:30
Rasmus Wriedt Larsen
0874712c97 C++/Java/Python: Allow Python string prefix in InlineExpectationsTest 
I've been writing tests for crypto libraries in Python, and have wanted to write
code along the lines of

```py
md5.hash(b"some message") # $ HashInput=b"some message"
```

which didn't work before this commit, forcing me to store my text in a variable
like below. This turned out to be really annoying when dealing with more complex
examples, so therefore I'm adding this new functionality to allow this behavior.

```py
msg = b"some message"
md5.hash(msg) # $ HashInput=msg
```
 2021-03-01 13:44:28 +01:00
Chris Smowton
aab9deceef Remove package from test Java file 2021-03-01 10:32:44 +00:00
Chris Smowton
c32514bf66 Sync dataflow library files 2021-03-01 10:27:28 +00:00
Chris Smowton
e6b1fe9b5f Fluent interface dataflow: support argument-output flow directly declared by the simpleLocalFlowStep relation 
This means we will treat fluent interfaces that are modelled the same as those where we determine an argument flows to an output by inspection of the function body.
 2021-03-01 10:23:38 +00:00
Chris Smowton
54caf501e7 Switch fluent-methods test to use a plain DataFlow::Configuration 
No taint edges are involved, so TaintTracking was unnecessary.
 2021-03-01 10:16:02 +00:00
Chris Smowton
fadbb32bd6 Add backward dataflow edges through fluent function invocations. 
This means that much as obj.getA().setB(...) already has a side-effect on `obj`, all three setters in obj.setA(...).setB(...).setC(...) will have a side-effect on `obj`.
 2021-03-01 10:11:28 +00:00
Tamas Vajk
1ecbbf6af3 C#: Fix codeql analysis workflow 2021-03-01 09:18:05 +01:00
Anders Schack-Mulligen
37baf77b93 Merge pull request #5273 from intrigus-lgtm/java/unify-main-method-check 
Java: Remove duplicate code.
 2021-03-01 09:05:28 +01:00
Tamás Vajk
3b56e3520c Merge pull request #5277 from tamasvajk/feature/fix-name-resolution 
Fix method name resolution issue with nullable suppression
 2021-03-01 08:47:21 +01:00
Jonas Jensen
208a374c58 Merge pull request #5256 from MathiasVP/promote-insecure-memset-query 
C++: Promote insecure removal of memset query
 2021-03-01 08:30:16 +01:00
Artem Smotrakov
15a43ffe36 Simplified returnsRemoteInvocationSerializingExporter() 2021-02-27 13:41:20 +01:00
Rasmus Wriedt Larsen
443780f27e Python/JS: Share modeling of cryptographic algorithms 
I didn't quite know where to place it for JS, so I tried my best :)

The canonical Python version might be changed in the future, but I wanted to
keep this change small.
 2021-02-27 11:39:35 +01:00
Rasmus Wriedt Larsen
010488c899 Python/JS: Update QLDoc for crypto algorithms before sharing 2021-02-27 11:38:45 +01:00
Rasmus Wriedt Larsen
646ea55944 Python/JS: Update Python copy of crypto algorithm modeling 
Now to be shared accross both languages, with sync-identical-files
 2021-02-27 11:38:45 +01:00
Rasmus Lerchedahl Petersen
8b68912c40 Python: Update help and add example 2021-02-26 20:19:31 +01:00
Rasmus Lerchedahl Petersen
9533c92fcc Python: Clean up tests and add comment 2021-02-26 19:28:44 +01:00
Mathias Vorreiter Pedersen
d4f7fab7df Update cpp/change-notes/2021-02-24-memset-may-be-deleted.md 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-02-26 19:17:13 +01:00
Mathias Vorreiter Pedersen
0f7256752a Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-02-26 19:16:28 +01:00