hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-15 06:23:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,690 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
4012076c90 fixup! Model spring util 
Apply review comments
 2021-06-28 10:52:58 -07:00
Felicity Chapman
267e36919e Merge pull request #6153 from github/docs-content-4456-multiple-dbs 
Add information on multi-db options to the CodeQL CLI docs
 2021-06-28 17:38:49 +01:00
Ryan Parman
0d7e4d5854 Update getting-started-with-the-codeql-cli.rst 
1. The documentation is at least one full macOS release behind, and we're past WWDC so we already know what the next version is. IMO, we should optimize the documentation for the now + future, rather than providing exceptions for them while favoring legacy releases. _Current_ macOS requires the steps that are currently hidden by default; I would recommend inverting the pattern so that _current_ is shown by default, and legacy releases are hidden away.

1. Homebrew is the bread and butter of many developers. Installing Python via Homebrew installs a custom version of `xattr` that is different from the system's `xattr`, which doesn't support the `-c` flag. By specifically executing the system-provided version of `xattr` by path, you are more-or-less guaranteed to get the system-provided `xattr` with the expected `-c` flag.
 2021-06-28 10:20:00 -06:00
Sauyon Lee
bddc88c010 Add stubs for Spring util tests 2021-06-28 08:26:40 -07:00
Sauyon Lee
60db9e1851 Rename springframework-5.2.3 to 5.3.8 2021-06-28 08:26:39 -07:00
Sauyon Lee
fb0e6bfb42 Fix tests for Spring util 2021-06-28 08:26:39 -07:00
Sauyon Lee
739b142209 Generate tests for Spring util 2021-06-28 08:26:38 -07:00
Sauyon Lee
92ebb63b1f Model Spring AntPath utils 2021-06-28 08:26:38 -07:00
Sauyon Lee
c4e9b1fd8e Model Spring util 2021-06-28 08:26:37 -07:00
Rasmus Lerchedahl Petersen
c7992f6c6e Python: add change note 2021-06-28 17:24:37 +02:00
Rasmus Lerchedahl Petersen
40ac91eecd Python: Add some tests for exponential ReDoS 
- `KnownCVEs` contain the currently triaged Python CVEs
- `unittest.py` contains some tests constructed by @erik-krogh
- `redos.py` contains a port of `tst.js` from javascript
The expected file has been ported as well with some fixups by @tausbn
 2021-06-28 17:04:49 +02:00
Rasmus Lerchedahl Petersen
591b6ef69c Python: Add ReDoS as identical files from JS 
The library specific file is `RegExpTreeView`.
The files are recorded as identical via the mapping
in `identical-files.json`.
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
d2eeaff441 JS: Refactor ReDoS to make files sharable 
the extra ordering conditions in ReDoSUtil will be needed
for the Python implementation.
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
2c27ce7aa5 Python: Make ast viewer see regexes 
This work is due to @erik-krogh who also
 - made corresponding fixes to `RegexTreeView.qll`
 - implemented `toUnicode` so it is available on `String`s
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
d953ba8dd4 Python: A parse-tree-view of regular expressions 
This contains several contributions from @erik-krogh
and also some fixes from @nickrolfe
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
21007d21f4 Python: track if qualifiers allow unbounded 
repeats. This in preparation for ReDoS
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
74ca1d00b9 Python: More precise regex parsing 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
e5f07cc4d3 Python: inline test of regex components 
- Added naive implementation of `charRange` so the test can run.
- Made predicates public as needed.
 2021-06-28 17:04:48 +02:00
Tony Torralba
8112d723e0 Merge branch 'main' into atorralba/spring-beans 2021-06-28 17:02:31 +02:00
Tony Torralba
393b95cbbe Remove 'magic' from tests 2021-06-28 17:01:34 +02:00
Tamas Vajk
006303420b Fix CSV framework coverage commenter workflow 2021-06-28 15:07:13 +02:00
Jorge
a5009efb4b Merge pull request #5 from RasmusWL/nosql-fixes 
Small NoSQL fixes
 2021-06-28 14:23:57 +02:00
Chris Smowton
ca4c519a2a Merge pull request #6170 from smowton/smowton/admin/cleanup-exec-tainted-query 
Change ID and description of cloned query
 2021-06-28 13:22:34 +01:00
jorgectf
1d432af498 Update .expected 2021-06-28 14:18:27 +02:00
jorgectf
1d4d8ab6e0 Fix tests 2021-06-28 14:16:52 +02:00
jorgectf
b9422518b3 Rephrase .qhelp 2021-06-28 14:00:00 +02:00
Felicity Chapman
c4047afc05 Add extra reference to docs.github.com 
Clarify the existing reference and add one for CodeQL code scanning using GitHub Actions.
 2021-06-28 12:30:49 +01:00
Felicity Chapman
b52b158c97 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-06-28 12:20:20 +01:00
Chris Smowton
3d69868297 Change ID and description of cloned query 
This should be cleaned up more effectively soon, but this suffices to fix the clashing-id problem.
 2021-06-28 12:18:59 +01:00
Rasmus Wriedt Larsen
318694ccc8 Python: Don't rely on d = d.getOutput() for Decoding 
Although it is for `json.loads` and the like.
 2021-06-28 13:17:45 +02:00
Rasmus Wriedt Larsen
59711424bd Python: Fix qhelp for NoSQL injection 2021-06-28 11:48:28 +02:00
Tamas Vajk
3b5856907f Add updated C# framework coverage report 2021-06-28 11:29:46 +02:00
Tamas Vajk
3170781d57 Rework timeseries report to iterate git history only once 2021-06-28 11:29:45 +02:00
Tamas Vajk
1ec1e1cfc8 Adjust framework coverage report generator to include all sources not just remote ones 2021-06-28 11:20:32 +02:00
Tamas Vajk
4524563923 Fix timeseries coverage report to handle multiple languages 2021-06-28 11:20:32 +02:00
Tamas Vajk
a90a86bcbf Fix flow from Element of Argument[0] for Int32.TryParse(ReadOnlySpan<Char>,... 2021-06-28 11:20:32 +02:00
Tamas Vajk
1d8b19e153 Adjust coverage report generator to allow multiple sink identifiers per CWE 2021-06-28 11:20:32 +02:00
Tamas Vajk
2a75989881 Migrate StringContent sink to CSV format 2021-06-28 11:20:32 +02:00
Tamas Vajk
5aba7142e8 C#: Add framework coverage report 2021-06-28 11:20:32 +02:00
Tamas Vajk
016e8fb2cf Adjust framework coverage jobs to cover C# 2021-06-28 11:20:32 +02:00
Tamas Vajk
b7a43dccd3 C#: Migrate System.Int32 flow summaries to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
a9ccd65fa9 C#: Migrate System.Web.HttpResponse sinks to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
45568d5b10 C#: Convert System.Console.Read* local flow source to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
9606816c39 Fix missing summarizedCallable case 2021-06-28 11:20:32 +02:00
Cornelius Riemenschneider
a1c38b78a9 Merge pull request #6163 from adityasharad/lines-of-code-make-unique 
Ensure only one query per language is tagged `lines-of-code`
codeql-cli/v2.5.7 		2021-06-28 10:57:29 +02:00
Rasmus Wriedt Larsen
5477b2e0d5 Python: Minor refactoring cleanup 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
4a2c99a021 Python: Inline LDAPImproperAuth.qll 
Since having it inlined makes the query a bit easier to read. We
obviously need to share it if we want to share this predicate, but for
now that does not seem to be the case.
 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
b33f6a315c Python: Fix select for py/improper-ldap-auth 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
dfe16aae4c Python: Handle both positional and keyword args for LDAP bind 2021-06-28 10:46:13 +02:00
Tom Hvitved
4f8a103df2 C#: Add active preprocessor conditions as suffix in all TRAP .push instructions 2021-06-28 10:34:42 +02:00