hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 23:26:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,673 Branches 157 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
intrigus
b4692734b2 Java: Add QLDoc improve query message 2021-01-11 13:42:08 +01:00
intrigus-lgtm
f4b912cd8a Apply suggestions from doc review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:08 +01:00
intrigus
e11304a1ca Java: Autoformat 2021-01-11 13:42:08 +01:00
intrigus-lgtm
b8f3e64a0f Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:08 +01:00
intrigus
502e4c39f5 Java: Fix Qhelp 2021-01-11 13:42:08 +01:00
intrigus-lgtm
355cb6eeec Fix Qhelp format 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:07 +01:00
intrigus-lgtm
10fc2cf9f8 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-01-11 13:42:07 +01:00
intrigus
c88f07dde4 Java: Accept test output 2021-01-11 13:42:07 +01:00
intrigus
33b0ff28d8 Java: Update test 2021-01-11 13:42:07 +01:00
intrigus
9e2ef9bd74 Java: Filter results by feature flags. 
This ignores results that are guarded by a feature flag
that suggests an intentionally insecure feature.
Inspired by Go's `InsecureFeatureFlag.qll` and
`DisabledCertificateCheck.ql`.
 2021-01-11 13:42:07 +01:00
intrigus
a62a2e58dd Java: Improve QL-Doc 2021-01-11 13:42:07 +01:00
intrigus
d98b171998 Java: Make EnvTaintedMethod public + QL-Doc 2021-01-11 13:42:07 +01:00
intrigus
e021158b5f Java: Tighter model of HostnameVerifier#verify 
This more tightly models `HostnameVerifier#verify` previously it
was possible to accidentally match other methods called `verify`.
 2021-01-11 13:42:07 +01:00
intrigus
0a9df07df7 Apply suggestions from review. 2021-01-11 13:42:07 +01:00
intrigus
70b0703952 Java: Remove overlapping code 2021-01-11 13:42:07 +01:00
intrigus
3da1cb0879 Java: Add unsafe hostname verification query 2021-01-11 13:42:07 +01:00
intrigus
8df5d77398 Java: Model HostnameVerifier method 
Model `HostnameVerifier#setDefaultHostnameVerifier`
 2021-01-11 13:42:06 +01:00
Anders Schack-Mulligen
3a2dd8f1ed Merge pull request #4867 from RasmusWL/java-externalapis-taint-step 
Java: Fix taint-step handling for untrusted-data-external-api
 2021-01-11 13:36:59 +01:00
madneal
4e373aaf29 replace error with errors 2021-01-11 19:38:27 +08:00
Rasmus Wriedt Larsen
7d94bab75e Merge branch 'main' into django-request-handler-without-route 2021-01-11 12:24:41 +01:00
madneal
e0fc9bac08 add error for shotString 2021-01-11 19:15:22 +08:00
Rasmus Wriedt Larsen
828bb9a902 Python: Small refactor for request param modeling in Django 2021-01-11 11:29:54 +01:00
Esben Sparre Andreasen
580a24e982 JS: rewrite js/incomplete-multi-character-sanitization 2021-01-11 11:26:45 +01:00
Rasmus Wriedt Larsen
141b9adc4d Python: Minor refactoring 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-11 11:18:59 +01:00
Geoffrey White
cf1d1dc5c0 C++: Remove old tags. 2021-01-11 09:31:06 +00:00
Mathias Vorreiter Pedersen
46393c33ef C++: Fix bad join orders introduced in previous commit. 2021-01-11 09:19:58 +01:00
madneal
1e2487320c address #4932,fix for errors of Binding behavior 2021-01-09 21:38:25 +08:00
Mathias Vorreiter Pedersen
a00bd7ae02 C++: Respond to review comments. 2021-01-08 19:47:02 +01:00
Geoffrey White
70ce5fde75 C++: Improve metadata for GlobalNamespaceClasses.ql. 2021-01-08 18:27:06 +00:00
Geoffrey White
a6937beee3 Merge branch 'main' into sqltaint 2021-01-08 17:27:43 +00:00
Geoffrey White
7f0209f72e Merge branch 'main' into modelclasses 2021-01-08 17:11:25 +00:00
Shati Patel
b794fcb841 Merge pull request #4925 from shati-patel/fix-links 
Fix broken links in CodeQL documentation
 2021-01-08 16:35:15 +00:00
Shati Patel
53c46edc1c Address review comments 2021-01-08 15:20:40 +00:00
Rasmus Wriedt Larsen
00c253a710 Java: Don't ignore local taint steps (fixup) 2021-01-08 15:29:01 +01:00
luchua-bc
39103af718 Remove additional taint step 2021-01-08 13:02:57 +00:00
Anders Schack-Mulligen
e5b4975450 Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs 
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
 2021-01-08 12:41:34 +01:00
Tamás Vajk
136e5c93d1 Merge pull request #4672 from tamasvajk/feature/extract-anon-types 
C#: Extract anonymous types explicitly
 2021-01-08 11:54:37 +01:00
CodeQL CI
807fc94627 Merge pull request #4921 from erik-krogh/moreShellSan 
Approved by esbena
 2021-01-08 00:58:26 -08:00
Tamas Vajk
800fd94572 Add DB upgrade folder 2021-01-08 08:20:49 +01:00
Tamas Vajk
056dbe31d5 C#: Remove throw completion from StringLiteral 2021-01-08 08:14:08 +01:00
Erik Krogh Kristensen
6423c32990 Update javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-07 22:02:39 +01:00
luchua-bc
b56fe2b25f Remove specific method name in additional taint step 2021-01-07 16:31:21 +00:00
Shati Patel
cdcb4a9599 Fix redirects from Sphinx linkcheck 2021-01-07 15:45:40 +00:00
Shati Patel
3da66b7fd9 Fix broken links from Sphinx linkcheck 2021-01-07 15:45:28 +00:00
Tamas Vajk
f971f42bb1 Add new stats file 2021-01-07 15:24:10 +01:00
Tamas Vajk
fdf5cf9dd0 C#: Extract anonymous types explicitly 2021-01-07 15:24:10 +01:00
Tom Hvitved
63f76b1b43 C#: Uniform treatment of all SSA definitions 2021-01-07 15:16:44 +01:00
Tom Hvitved
8d77f4bac9 C#: Remove ImplicitUntrackedDefinition 2021-01-07 15:16:39 +01:00
luchua-bc
606d0946fc Update qldoc 2021-01-07 14:05:12 +00:00
Tamás Vajk
3b16d2689d Merge pull request #4821 from tamasvajk/feature/csharp9-cil-init-prop 
C#: Extract init only accessors from CIL
 2021-01-07 15:04:40 +01:00