hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 01:01:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,689 Branches 159 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
e4af34253a C++: Actually fix incorrect annotation 2022-02-24 11:06:57 +00:00
Paolo Tranquilli
01a37e5165 fix check-qhelp.py again 2022-02-24 11:56:47 +01:00
Geoffrey White
e3493e32e0 C++: Change note. 2022-02-24 10:54:09 +00:00
Geoffrey White
fc8ebdaeb2 C++: Increase the query to precision high. 2022-02-24 10:54:09 +00:00
Geoffrey White
c16302be13 C++: Fix the FP. 2022-02-24 10:54:08 +00:00
Paolo Tranquilli
11c1b6a8a3 fix typo in .pre-commit-config.yaml 2022-02-24 11:46:19 +01:00
Paolo Tranquilli
4020464c2d fix check-qhelp.py 
It turns out checking changes on `.inc.qhelp` files is a bit trickier,
as we need to first find which `qhelp` files use them. The previous
iteration of this script was working under the assumption that
`.inc.qhelp` files were only included from the current or a parent
path, but this turns out to be wrong.

This time around, if we are asked to check one or more `.inc.qhelp`
files we build an include map from all `qhelp` files and run the help
generator on the `qhelp` files actually including them.
 2022-02-24 11:40:46 +01:00
Paolo Tranquilli
9667315d49 pre-commit: add qhelp check 
Also the instructions on customizing `pre-commit`'s behaviour have been
updated to use the `--config` option.
 2022-02-24 10:55:53 +01:00
Mathias Vorreiter Pedersen
ef5f16ddd3 Merge branch 'main' into add-using-expired-stack-address-query 2022-02-24 08:41:27 +00:00
Harry Maclean
fc351fbd64 Ruby: Remove value-flow for name-matched summaries 
String summaries that are identified by name only should not specify
value-preserving flow as this can cause spurious flow in cases where
they are applied to different but identically-named methods.
 2022-02-24 16:15:15 +13:00
Harry Maclean
07369916b0 Ruby: Remove bad flow to/from block arguments 
In these cases there is no block argument to the method call.
 2022-02-24 14:44:59 +13:00
Erik Krogh Kristensen
e13b2df86f Merge pull request #8185 from erik-krogh/amdImp 
JS: recognize modules imported by AMD imports as library inputs
 2022-02-23 20:21:45 +01:00
Geoffrey White
326dfa5bc2 C++: Add test cases. 2022-02-23 18:37:58 +00:00
Chris Smowton
3167a67e65 Fix typo 2022-02-23 18:19:11 +00:00
Chris Smowton
01db73bfc7 Merge pull request #5935 from porcupineyhairs/javaSstiNew 
Java : Add SSTI query
 2022-02-23 17:30:02 +00:00
Mathias Vorreiter Pedersen
8900f6c043 C++: Add comment about ir re-evaluation. 2022-02-23 17:12:05 +00:00
Mathias Vorreiter Pedersen
033edc24f4 C++: Respond to review comments. 2022-02-23 16:23:49 +00:00
Mathias Vorreiter Pedersen
fd83f3a999 Merge pull request #8209 from jketema/ir-structured-bindings-tests 
C++: Add IR structured binding tests
 2022-02-23 16:09:40 +00:00
Chris Smowton
7b425a80bc Note path query expectations 2022-02-23 16:02:54 +00:00
Rasmus Wriedt Larsen
aeba497832 Merge pull request #7735 from yoff/python/promote-log-injection 
Python: promote log injection
 2022-02-23 16:21:12 +01:00
Jeroen Ketema
99dd049c1b Add IR test for tuple structured bindings 2022-02-23 16:15:19 +01:00
Jeroen Ketema
caf0f28547 Add IR test for data member structured bindings 2022-02-23 15:55:19 +01:00
Taus
3ce7d47b5b Merge pull request #7452 from jorgectf/python_jwt 
Python: Add Python_JWT to JWT security query
 2022-02-23 15:23:20 +01:00
Jeroen Ketema
ec2567b64b Add IR test for array structured bindings 2022-02-23 15:10:10 +01:00
Chris Smowton
a8fe10f353 Java template injection query: import pathgraph 2022-02-23 13:47:24 +00:00
Asger Feldthaus
f1bfb31403 Shared: fix typo in a comment 2022-02-23 14:13:41 +01:00
Asger Feldthaus
bb9348d77f Ruby: reject ArrayElement[-n] instead of interpreting it as ArrayElement[?] 2022-02-23 14:13:41 +01:00
Asger Feldthaus
a11c6f0f8e Ruby: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
efec348eb3 Java: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
9cff065dca C#: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
5cab737ef1 Shared: sync AccessPathSyntax.qll 2022-02-23 14:13:40 +01:00
Asger Feldthaus
abd4933d6c Shared: move numeric parsing into AccessPathSyntax.qll 2022-02-23 14:13:37 +01:00
Mathias Vorreiter Pedersen
4b03778938 Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-02-23 13:10:29 +00:00
Rasmus Wriedt Larsen
b17c769257 Python: Remove accidental "foo" snippet 2022-02-23 13:30:56 +01:00
Rasmus Wriedt Larsen
5626427ea5 Python: Add "debug partial flow" snippet 2022-02-23 13:30:56 +01:00
CodeQL CI
7d55771092 Merge pull request #8150 from asgerf/js/prep-sharing-api-graph-mad 
Approved by erik-krogh
 2022-02-23 11:59:31 +00:00
CodeQL CI
62ee8fce3a Merge pull request #8186 from asgerf/js/request-forgery-docs-followup 
Approved by esbena, hubwriter
 2022-02-23 11:46:37 +00:00
Stephan Brandauer
a664e02d04 Merge pull request #8014 from kaeluka/js/functionality-from-untrusted-source 
JS: Functionality from untrusted sources query (CWE-830)
 2022-02-23 12:45:31 +01:00
Chris Smowton
50d9945625 Autoformat 2022-02-23 11:41:23 +00:00
Mathias Vorreiter Pedersen
53299d61eb C++: Add more tests. 2022-02-23 11:38:01 +00:00
Mathias Vorreiter Pedersen
c8f940124f C++: Respond to review comments. 2022-02-23 11:17:12 +00:00
Chris Smowton
476997a599 Replace more non-breaking spaces 2022-02-23 11:02:17 +00:00
Stephan Brandauer
1ed71e15f3 apply docreview feedback 2022-02-23 11:21:22 +01:00
Michael Nebel
20f71110ef C#: Add change note for compression extractor option. 2022-02-23 11:02:28 +01:00
Tony Torralba
f011bbc92c Merge pull request #8055 from luchua-bc/java/unsafe-url-forward-with-shared-lib 
CWE-552: Switch to the shared PathSanitizer library
 2022-02-23 11:00:23 +01:00
Stephan Brandauer
517d6969e1 Merge pull request #8171 from kaeluka/js/update-atm-query-docs-for-nosql-sql-injection 
update ATM NosqlInjection and SqlInjection query docs
 2022-02-23 10:54:37 +01:00
Asger Feldthaus
22ba43fff6 JS: Minor fixup in the client-side request forgery qhelp 2022-02-23 10:54:26 +01:00
Erik Krogh Kristensen
203212657e recognize modules imported by AMD imports as library inputs 2022-02-23 10:39:45 +01:00
Mathias Vorreiter Pedersen
8b7214621b Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.qhelp 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-02-23 09:38:30 +00:00
Mathias Vorreiter Pedersen
8e0f354c2c Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.cpp 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-02-23 09:38:06 +00:00