hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 23:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,693 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henning Makholm
534e771309 Merge pull request #5934 from github/hmakholm/pr/monotonic-agg 
QL language reference: add monotonic aggregate example
 2021-06-01 13:10:50 +02:00
Taus
53b7492aa3 Generate QLDoc for getChild 2021-06-01 10:57:39 +00:00
Taus
6cf7a12c8c Undo field name escaping 2021-06-01 10:56:45 +00:00
Tamás Vajk
e7a349be2d Merge pull request #5978 from tamasvajk/fix/change-note-workflow 
Fix change note workflow to handle paginated results
 2021-06-01 12:50:32 +02:00
Anders Schack-Mulligen
fc913e744e Java: Minor model fix. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
dbe352f3ff Java: Remove deprecated tests. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
901996f9fd Java: Add collection flow test. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
43d1b0ab27 Java: Update qltests. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
a40880af70 Java: Add read-as-taint and config-dependent store-as-taint. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
2f087e17cb Java: Allow <> in types for now. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
3f538e7fac Java: Update some models. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
9e313d0cf6 Java: Remove container taint steps. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
3b6cef4f74 Java: Add container flow models. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
ffd52bb673 Java: Fix bug in matching generic signatures. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
1001dd84e6 Java: Switch array steps and one containerstep. 2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
ce509eb7e1 Merge pull request #5927 from aschackmull/dataflow/flowthrough-dispatch-perf 
Dataflow: Improve performance in flow-through pruning
 2021-06-01 11:46:22 +02:00
Anders Schack-Mulligen
a4661e1aca Merge pull request #5704 from edvraa/regexj 
Java: Regex injection
 2021-06-01 11:45:59 +02:00
Artem Smotrakov
8dc1451d42 Better recommendation in UnsafeDeserializationRmi.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-06-01 12:16:09 +03:00
Erik Krogh Kristensen
0b225419a3 Merge pull request #5977 from security-prince/patch-1 
Adding reference link for csurf
 2021-06-01 11:07:36 +02:00
Tom Hvitved
5771b0420f Merge pull request #5936 from hvitved/csharp/cfg/perf-tweaks 
C#: Various CFG related performance tweaks
 2021-06-01 11:06:01 +02:00
Anders Schack-Mulligen
5d21c64247 Dataflow: qldoc fix. 2021-06-01 10:49:47 +02:00
Tamas Vajk
bc02f28ddd Fix change note workflow to handle paginated results 2021-06-01 10:44:44 +02:00
Jonas Jensen
2261085cfe Merge pull request #5973 from MathiasVP/more-uncontrolled-arith-improvements 
C++: More `cpp/uncontrolled-arithmetic` improvements
 2021-06-01 10:44:29 +02:00
Anders Schack-Mulligen
4f9a6c151b Dataflow: Code review fixes. 2021-06-01 10:29:17 +02:00
Mathias Vorreiter Pedersen
8765c33847 C++: Also check the number of parameters to keep the tests happy. 2021-06-01 10:17:57 +02:00
Ishaq Mohammed
96150a455d Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-06-01 13:47:43 +05:30
Ishaq Mohammed
975355de4a Adding reference link for csurf 2021-06-01 13:41:25 +05:30
Mathias Vorreiter Pedersen
615c805b2c C++: Only use std::rand as a source of randomness. 2021-06-01 09:28:06 +02:00
Taus
d38520dc73 Escape field names correctly 
This should make `field('unique', $.whatever)` valid again.
 2021-05-31 20:56:29 +00:00
Taus
64090b086c Autogenerate QLDoc for TreeSitter.qll 
It's not quite perfect, as there's still some QLDoc missing on the
various `getChild` methods, but it wasn't immediately clear to me how
to get this working (especially since the QLDoc would ideally be
different depending on whether there was a child index or not).

Then again, `getChild` probably has a pretty intuitive meaning...
 2021-05-31 20:54:10 +00:00
Henning Makholm
70b9739d2d QL language reference: add monotonic aggregate example 
It's easier to understand what's going on if we start with a
(contrived) example that _doesn't_ involve recursion.
 2021-05-31 21:23:08 +02:00
Tom Hvitved
3ffef634d7 More synthesis refactoring 
- Join `TElementReferenceSynth` and `TMethodCallSynth`.
- Move arity and setter information into `MethodCallKind`.
- Add `Synthesis::methodCall` for specifying which method calls need synthesis.
 2021-05-31 16:29:41 +02:00
Mathias Vorreiter Pedersen
41c93d92d7 C++: Remove FPs from right shifts and explicitly bounded random functions. 2021-05-31 15:40:02 +02:00
Mathias Vorreiter Pedersen
10755ece88 C++: Add testcase with bounded randomness source. 2021-05-31 15:33:39 +02:00
Anders Schack-Mulligen
683f853fa5 Dataflow: Fix another bad join order. 2021-05-31 15:14:13 +02:00
Erik Krogh Kristensen
85bd8f1020 add change-note for TypeScript 4.3 2021-05-31 13:08:52 +02:00
Erik Krogh Kristensen
e6b1c61e81 add tests for TypeScript 4.3 2021-05-31 13:08:43 +02:00
Erik Krogh Kristensen
2cc2d116bc bump extractor version 2021-05-31 13:08:24 +02:00
Erik Krogh Kristensen
35d7fda5e2 update typescript to 4.3 in the extractor 2021-05-31 13:08:09 +02:00
Mathias Vorreiter Pedersen
6d7b95c15d Merge pull request #5966 from erik-krogh/overrideConsistency 
CPP/C#: make some parameter names consistent with the names used in the super class
 2021-05-31 11:57:10 +02:00
Jonas Jensen
4e502d10d6 Merge pull request #5951 from MathiasVP/optimize-switcCase-getAStmt 
C++: Remove large antijoin in `SwitchCase.getAStmt`
 2021-05-31 11:50:32 +02:00
Taus
bae3728e3c Merge pull request #5945 from RasmusWL/minor-qldoc-cleanup 
Python: Minor QLDoc cleanup
 2021-05-31 11:40:44 +02:00
Taus
d9911a016e Merge pull request #5933 from RasmusWL/expand-use-of-input-test 
Python: Expand test of py/use-of-input
 2021-05-31 11:39:33 +02:00
Mathias Vorreiter Pedersen
b4e4c12d0f C++: Use a rank aggregate for a much better implementation. 2021-05-31 11:17:09 +02:00
Taus
9abe340a1f Fix getQLDoc compilation error 2021-05-31 08:55:27 +00:00
Taus
cbd0caa4ab QL: Fix getQLDoc compilation error 2021-05-31 08:55:27 +00:00
Jonas Jensen
f97b8ad1d4 Merge pull request #5961 from MathiasVP/fix-FPs-in-incorrect-allocation-error-handling 
C++: Exclude custom `operator new` from `cpp/incorrect-allocation-error-handling`
 2021-05-31 10:54:59 +02:00
Mathias Vorreiter Pedersen
66d284ee59 Merge pull request #5766 from ihsinme/ihsinme-patch-267 
CPP: Add query for CWE-415 Double Free
 2021-05-31 10:51:32 +02:00
Taus
3cdc6a18ae Merge branch 'main' into dbscheme-and-qlpack-support 2021-05-31 10:50:39 +02:00
Taus
ada77a3c8b QL: Merge branch 'main' into dbscheme-and-qlpack-support 2021-05-31 10:50:39 +02:00