hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 22:21:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,690 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
52529d590b Model private methods and "main objects" 2021-07-02 10:41:06 +02:00
Tom Hvitved
9de4ed4d4d Add tests for private methods 2021-07-02 10:39:49 +02:00
CodeQL CI
61ee193dc0 Merge pull request #6197 from asgerf/js/recompose 
Approved by esbena
 2021-07-02 00:58:06 -07:00
Esben Sparre Andreasen
0cf9c95981 Merge pull request #6193 from esbena/esbena/mootools-xss 
JS: add Mootools XSS sinks
 2021-07-02 09:24:56 +02:00
Anders Schack-Mulligen
4e1155cfd2 Merge pull request #6202 from smowton/smowton/admin/cleanup-duplicated-experimental-query 
Deduplicate shared body of regular and experimental versions of `java/command-line-injection` query.
 2021-07-02 09:23:50 +02:00
Anders Schack-Mulligen
f9da044e54 Merge pull request #6185 from aschackmull/java/perf-fix-request-forgery 
Java: Fix bad magic.
 2021-07-02 09:07:07 +02:00
github-actions[bot]
55aff21587 Add changed framework coverage reports 2021-07-02 00:09:02 +00:00
Taus
a9c1d3ba86 Python: Clean up LocalSourceNode charpred 
This results in the same set of nodes, but is a bit more clear about
the reasons why. For instance, `ModuleVariableNode`s are included
directly, and not in a roundabout way by virtue of not having flow to
them. This should hopefully be a bit more robust as well.
 2021-07-01 19:12:18 +00:00
Geoffrey White
41a540e4e0 C++: Make isMicrosoft() faster. 2021-07-01 17:42:02 +01:00
Tom Hvitved
8de1eedb41 Merge pull request #227 from github/hvitved/expose-call-graph 2021-07-01 18:29:14 +02:00
Taus
f151338def Merge pull request #6198 from RasmusWL/fix-cleartext-logging 
Python: Some minor fixes to `py/clear-text-logging-sensitive-data`
 2021-07-01 18:28:25 +02:00
jorgectf
3d2b6f7a2d Delete outdated comment 2021-07-01 17:54:46 +02:00
jorgectf
7fb44470ee Add .expected results 2021-07-01 17:53:04 +02:00
jorgectf
a1f48db60b Make verifiesSignature() a predicate 2021-07-01 17:51:56 +02:00
jorgectf
4079e5352e Add JWT framework to Frameworks.qll 2021-07-01 17:51:34 +02:00
jorgectf
07422a1dce Move tests under test/ 2021-07-01 17:51:00 +02:00
Chris Smowton
8b7db8a8cc Merge pull request #5408 from p0wn4j/urlclassloader-webclient-ssrf-sinks 
Java: Add URLClassLoader, WebClient SSRF sinks
 2021-07-01 16:14:22 +01:00
Tamás Vajk
05842dcdb3 Merge pull request #6181 from tamasvajk/feature/test-options-files 
C#: Start using 'options' files in tests
 2021-07-01 17:03:27 +02:00
Taus
336c0662ef Python: Remove pointless LocalSourceNodes 
This gets rid of a large number of nodes that seemingly have no impact.
 2021-07-01 15:02:31 +00:00
Tom Hvitved
c3cff3e113 Expose call graph through Call::getATarget() 2021-07-01 16:40:45 +02:00
Joe Farebrother
1e82c607ef Mark failing tests as missing 2021-07-01 15:29:47 +01:00
Tamas Vajk
5e2770339f Add adjusted expected files 2021-07-01 16:09:11 +02:00
Tamas Vajk
03d1a3e0ad Trim test files + remove duplicate newlines 2021-07-01 16:09:11 +02:00
Tamas Vajk
4900ecfabe Manual fixes 2021-07-01 16:09:11 +02:00
Tamas Vajk
c29d11087b C#: Start using 'options' files in tests 2021-07-01 16:08:47 +02:00
Chris Smowton
e0a7f6e14f Fix URLClassLoader test 2021-07-01 15:03:38 +01:00
Chris Smowton
d5a9f3d87b Deduplicate shared body of regular and experimental versions of java/command-line-injection query. 2021-07-01 14:53:56 +01:00
Joe Farebrother
160f3b4312 Remove ArrayElement from sink specifications 2021-07-01 14:41:39 +01:00
Joe Farebrother
4bea33402c Rename test labels for more clarity 2021-07-01 14:38:20 +01:00
Joe Farebrother
1a06c132be Use ArrayElement of to handle arargs case in SpringJdbc.qll 2021-07-01 14:38:20 +01:00
Joe Farebrother
29f82fc81f Use ArrayElementOf in Android sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
f4a59cc2e3 Convert tainted arrays to arrays of tainted elements in tests 2021-07-01 14:38:19 +01:00
Joe Farebrother
865477d020 Convert android tests to inline expectations 2021-07-01 14:38:19 +01:00
Joe Farebrother
95d8018a43 Include overrides for SQLiteQueryBuilder sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
0d4f8aedb8 Use Argument ranges in CSV rows 2021-07-01 14:38:19 +01:00
Joe Farebrother
7926d16844 Convert SQL sinks to CSV format 2021-07-01 14:38:19 +01:00
Rasmus Lerchedahl Petersen
eee56e0156 Python/JS: Make most of the new library private 2021-07-01 15:34:06 +02:00
Chris Smowton
44e8dd9ec5 Add change note 2021-07-01 13:36:00 +01:00
Anders Schack-Mulligen
cda5c22f6e Merge pull request #5590 from github/sauyon/java-spring-errors 
Add models for Spring validation.Errors
 2021-07-01 14:29:49 +02:00
Asger Feldthaus
993cc29275 JS: Autoformat 2021-07-01 14:22:44 +02:00
Anders Schack-Mulligen
37f8794d01 Merge pull request #6165 from edoardopirovano/fix-regression 
Performance: Improve join order in data flow library
 2021-07-01 14:13:18 +02:00
Rasmus Wriedt Larsen
b0309dd321 Python: Limit SensitiveDataSources to prevent _some_ cross-talk 2021-07-01 12:08:12 +02:00
Rasmus Wriedt Larsen
f64e58a21c Python: Fix a QLDoc for SensitiveDataSources 2021-07-01 12:05:59 +02:00
Rasmus Wriedt Larsen
d7e3ebb15c Python: Add tests showing sensitive data cross-talk 2021-07-01 12:05:51 +02:00
Esben Sparre Andreasen
85b9003af4 JS: add Mootools XSS sinks 2021-07-01 09:17:27 +02:00
ihsinme
02bf800b6d Update FindIncorrectlyUsedSwitch.ql 2021-07-01 08:50:46 +03:00
yo-h
d325d2ae81 Merge pull request #6180 from tamasvajk/fix/coverage-report-search-path 
Upgrade database in coverage report jobs
 2021-06-30 21:00:09 -04:00
p0wn4j
0db7496617 Add URLClassLoader and Spring WebClient SSRF sinks 2021-07-01 03:34:14 +04:00
Rasmus Wriedt Larsen
d9e2f504f8 Python: Fix clear text logging sink 
No need to restrict it to arguments that are calls
 2021-06-30 20:31:17 +02:00
Nick Rolfe
d99b5510e5 Merge pull request #219 from github/regex 
Add regexp parser and exponential ReDoS query
 2021-06-30 17:23:29 +01:00