hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 22:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,673 Branches 157 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
d5f1c19152 Merge branch 'main' into ihsinme-patch-221 2021-01-29 13:05:07 +01:00
Erik Krogh Kristensen
c9ec983cd8 add js/client-side-unvalidated-url-redirection test for script tags inside react code 2021-01-29 12:50:43 +01:00
Erik Krogh Kristensen
39591687ba add js/code-injection sink for script tags in React 2021-01-29 12:50:17 +01:00
Artem Smotrakov
59f48ecea3 Removed LocalUserInput in JexlInjectionLib.ql 2021-01-29 12:38:51 +01:00
Luke Cartey
76c9b6466e Reformat TaintTrackingUtil.qll with more recent CodeQL CLI 2021-01-29 11:27:30 +00:00
Tamas Vajk
91152d3a65 Add additional tests to delegate call data flow 2021-01-29 12:02:11 +01:00
Tamas Vajk
191962f64c C#: Add data flow 'getARuntimeTarget' predicate to 'FunctionPointerCall' 2021-01-29 12:01:38 +01:00
Tom Hvitved
bf5851f1c2 C#: Reduce caching in SsaImplCommon.qll 2021-01-29 11:42:52 +01:00
ihsinme
bdbf5a4fae Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-01-29 13:41:45 +03:00
Tom Hvitved
1a507ff497 C#: Remove Cached module from SsaImplCommon.qll 2021-01-29 10:52:42 +01:00
Geoffrey White
50f2557dd2 Merge pull request #5043 from MathiasVP/uniform-treatment-of-params-and-qualifiers-in-model-dataflow 
C++: Uniform treatment of parameters and qualifiers in model dataflow
 2021-01-29 09:48:07 +00:00
Erik Krogh Kristensen
3f1e81533c support html attribute concatenations with single quotes 2021-01-29 10:37:37 +01:00
ihsinme
c8eeb5f73e Update WrongInDetectingAndHandlingMemoryAllocationErrors.ql 2021-01-29 11:51:15 +03:00
luchua-bc
ff1ed3a012 Revamp the query to use three configurations to detect password hash without salt 2021-01-29 03:39:02 +00:00
Mathias Vorreiter Pedersen
339c4c6ce0 C++: Model more pure functions. 2021-01-28 19:37:53 +01:00
Geoffrey White
7d9ebaf9d8 Merge pull request #5040 from MathiasVP/strset-and-strtok-models 
C++: Strset and strtok model implementations
 2021-01-28 18:34:06 +00:00
Geoffrey White
768be9ec2c Merge pull request #5041 from ihsinme/ihsinme-patch-198 
CPP: Improve cpp/memory-leak-on-failed-call-to-realloc
 2021-01-28 18:29:24 +00:00
Mathias Vorreiter Pedersen
23eb4d2009 C++: Fix isParameterDeref typo. 2021-01-28 18:29:30 +01:00
Mathias Vorreiter Pedersen
75aa1e8a3b C++: Respond to review comments. 2021-01-28 16:39:11 +01:00
Geoffrey White
02d60a26eb Merge pull request #5037 from github/igfoo/decltype 
C++: decltypes may have multiple expressions
 2021-01-28 14:44:53 +00:00
Shati Patel
1c56c30eba Merge pull request #5028 from shati-patel/docs/update-footer 
Docs: Update copyright date in footer
 2021-01-28 13:11:43 +00:00
Tom Hvitved
59d87e2570 Merge pull request #4557 from hvitved/csharp/dataflow/parameters 
C#: Simpler data-flow modelling of parameters
 2021-01-28 14:02:42 +01:00
ihsinme
f94a7fc2f0 Update MemoryLeakOnFailedCallToRealloc.ql 2021-01-28 15:47:38 +03:00
Mathias Vorreiter Pedersen
5a420f2bae C++: Use the new predicates for uniform treatment of parameters and qualifiers in model dataflow. 2021-01-28 13:33:08 +01:00
ihsinme
8ed28157e1 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.expected to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.expected 2021-01-28 15:28:52 +03:00
ihsinme
f65ec97ac2 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/test.c to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen/test.c 2021-01-28 15:28:34 +03:00
ihsinme
8880b38b1f Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.qlref to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.qlref 2021-01-28 15:28:15 +03:00
Rasmus Wriedt Larsen
b6007cf324 Merge pull request #5023 from yoff/python-unify-synthetic-post-update-nodes 
Python: Only generate one post-update node, even if there are multiple reasons for doing so.
 2021-01-28 13:11:50 +01:00
Rasmus Wriedt Larsen
173012578e Python: Add missing type-tracking step for django.views 
Easy to overlook, and will onyl be caught by tests if they use `import
parent.thing` and not `from parent import thing`
 2021-01-28 12:10:42 +01:00
Rasmus Wriedt Larsen
54725ccbb9 Python: Support full-path import of Django View class 
requestHandler still MISSING :(
 2021-01-28 12:10:40 +01:00
Rasmus Wriedt Larsen
61d69f2cc8 Python: Add test for full-path import of Django View class 2021-01-28 12:10:39 +01:00
ihsinme
2b4296feb1 Update MemoryLeakOnFailedCallToRealloc.ql 2021-01-28 13:38:26 +03:00
ihsinme
cf565970e3 Merge pull request #1 from github/main 
update fork
 2021-01-28 13:26:11 +03:00
yoff
1068edeb28 Merge pull request #5038 from RasmusWL/import-fix 
Python: Fix too many results from DataFlow::importNode
 2021-01-28 11:25:17 +01:00
Mathias Vorreiter Pedersen
2c70106d2d Merge pull request #5009 from ihsinme/ihsinme-patch-219 
CPP: add query for CWE-788 Access of memory location after the end of a buffer using strncat.
 2021-01-28 11:10:30 +01:00
Anders Schack-Mulligen
bbdd7c9b57 Merge pull request #4963 from joefarebrother/guava-collections 
Java: Add flow steps for Guava collection utilities
 2021-01-28 11:01:03 +01:00
Mathias Vorreiter Pedersen
7affbfc6cb C++: Add tests. 2021-01-28 10:57:39 +01:00
Mathias Vorreiter Pedersen
6255662114 C++: Add two new model implementation classes. 2021-01-28 10:57:30 +01:00
Tom Hvitved
e6f81bcf0b C#: Update expected test output 2021-01-28 10:34:50 +01:00
Tom Hvitved
6ee5cdf2b2 C#: Simpler data-flow modelling of parameters 2021-01-28 10:34:47 +01:00
Jonas Jensen
69ce24d4b8 Merge pull request #5035 from MathiasVP/implied-deref-flow 
C++: Implied dataflow models
 2021-01-28 09:35:58 +01:00
Tom Hvitved
65ea01e145 Merge pull request #4999 from hvitved/csharp/dataflow/phi-input 
C#: Adjust flow into phi nodes
 2021-01-28 09:07:01 +01:00
luchua-bc
ab7d257569 Add more cases and change EC to 256 bits 2021-01-28 04:06:27 +00:00
luchua-bc
2ac7b4bab4 Update qldoc 2021-01-28 04:06:27 +00:00
luchua-bc
058f3af4b2 Refactor the hasShortSymmetricKey method 2021-01-28 04:06:27 +00:00
luchua-bc
cbaee937d0 Optimize the query 2021-01-28 04:06:27 +00:00
luchua-bc
cfc950f803 Query for weak encryption: Insufficient key size 2021-01-28 03:25:15 +00:00
luchua-bc
6a93099b64 Simplify the query and update qldoc 2021-01-28 03:02:53 +00:00
Rasmus Lerchedahl Petersen
0e0b18c214 Python: Adjust comment based on review. 2021-01-28 01:09:03 +01:00
Robert Marsh
0addce5be4 Merge pull request #5036 from MathiasVP/memcpy-models 
C++: Model aliasing of memcpy-like functions and include more functions
 2021-01-27 14:38:08 -08:00