hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 08:23:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,693 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
6853f6affa C#: Fix type of temp foreach variable in IR 2021-05-17 15:53:57 +02:00
Tom Hvitved
ad036f8af1 Merge pull request #179 from github/hvitved/synth-framework-take2 
AST synthesis framework (take 2)
 2021-05-17 15:36:56 +02:00
Mathias Vorreiter Pedersen
d46452e8de Merge pull request #5903 from MathiasVP/tainted-allocation-size-barrier 
C++: Add barriers to `cpp/uncontrolled-allocation-size`
 2021-05-17 15:24:45 +02:00
Tony Torralba
cfb38c43b3 QLDocs 2021-05-17 15:04:50 +02:00
Tom Hvitved
25f226e9dc Add comment to getVariableReal 2021-05-17 15:02:40 +02:00
CodeQL CI
12b1bbe484 Merge pull request #5897 from erik-krogh/uid 
Approved by RasmusWL, esbena
 2021-05-17 06:01:04 -07:00
Tony Torralba
897cd5384f Created JWT.qll and refactored to use CSV models 2021-05-17 14:44:33 +02:00
Tom Hvitved
b434d42d05 Rename ParenthesizedExprSynth to StmtSequenceSynth 2021-05-17 13:39:44 +02:00
luchua-bc
7af1984348 Update the change note 2021-05-17 11:35:35 +00:00
haby0
689c28a178 modified JsonIoSafeOptionalArgs 2021-05-17 19:00:59 +08:00
haby0
95c33a240f Update java/change-notes/2021-05-17-add-unsafe-deserialization-sinks.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-17 18:49:16 +08:00
Tony Torralba
3e4ccaf9a8 Move from experimental to standard 2021-05-17 10:41:54 +02:00
Anders Schack-Mulligen
77c93dcf26 Make private 2021-05-17 10:35:04 +02:00
Tom Hvitved
b142ecb1db C#: Address review comment 2021-05-17 10:33:06 +02:00
haby0
58d774ae85 add change notes 2021-05-17 14:52:05 +08:00
Mathias Vorreiter Pedersen
31091c66c1 C++: Add a test containing a guarded long. 2021-05-17 08:06:06 +02:00
Robert Marsh
d706d7b7a4 Merge pull request #5887 from MathiasVP/fewer-rand-sources-in-uncontrolled-arithmetic 
C++: Add more sanitizers to `cpp/uncontrolled-arithmetic`
 2021-05-14 15:35:56 -07:00
luchua-bc
1a072f3bb9 Move APIs from predicates flagged auto-generated to the other section 2021-05-14 20:38:23 +00:00
Marcono1234
e205e4bbce Java: Add change note for close resource query changes 2021-05-14 22:31:14 +02:00
Marcono1234
73c7e15580 Java: Add back StringInputStream to CloseReader.ql 2021-05-14 22:25:00 +02:00
Ethan P
58c746e42b fix formatting 2021-05-14 14:09:07 -04:00
Ethan P
0e99d5e379 Add examples of both tracing mechanisms 2021-05-14 14:05:55 -04:00
Ethan Palm
6dd30ee5e2 clarify options for tracing 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-05-14 14:00:33 -04:00
Alex Ford
ca046c9af5 Merge pull request #182 from github/loc-query-tag 2021-05-14 17:42:21 +01:00
Robin Neatherway
17b74319fa Merge pull request #5902 from github/rneatherway/lines-of-code-tags 
Add lines-of-code tags
 2021-05-14 17:16:50 +01:00
Alex Ford
1ba491a956 add lines-of-code tag to rb/summary/lines-of-code 2021-05-14 17:06:49 +01:00
Alex Ford
3c0f20cec8 Merge pull request #170 from github/weak-file-permissions 
Add `rb/overly-permissive-file` query
 2021-05-14 17:04:15 +01:00
Arthur Baars
6c382ccd4b Merge pull request #169 from github/aibaars/codespace 
Add CodeSpace container
 2021-05-14 18:00:51 +02:00
Alex Ford
e9090cec70 Merge pull request #181 from github/loc-description-improvements 
LOC summary query improvements
 2021-05-14 16:13:42 +01:00
Alex Ford
65b0ce204d restrict rb/summary/lines-of-code to the source root 2021-05-14 16:00:55 +01:00
Alex Ford
71234155b8 improve rb/summary/lines-of-code description 2021-05-14 15:59:07 +01:00
Alex Ford
7ff2ca4ffe improve rb/summary/lines-of-user-code name and description 2021-05-14 15:56:59 +01:00
Alex Ford
6bd2e4e4b7 Merge pull request #175 from github/loc-summary-queries-1 
Summary queries for total LOC and user-code LOC
 2021-05-14 15:51:45 +01:00
Ethan Palm
4cf695b5ab specify `--command` option 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-05-14 10:00:17 -04:00
Mathias Vorreiter Pedersen
58dde68b10 C++: Add change-note. 2021-05-14 14:16:00 +02:00
Mathias Vorreiter Pedersen
2d0a56128d C++: Prevent flow out of pointer-difference expressions. 2021-05-14 13:49:48 +02:00
Mathias Vorreiter Pedersen
c1d41b3169 C++: Add false positive result from pointer-difference expressions. 2021-05-14 13:47:23 +02:00
luchua-bc
1497fba6f2 Remove the isAdditionalTaintStep predicate 2021-05-14 11:43:49 +00:00
Mathias Vorreiter Pedersen
5031b73f35 C++: Add barrier to cpp/uncontrolled-allocation-size that blocks flow when overflow isn't possible. 2021-05-14 13:43:20 +02:00
Erik Krogh Kristensen
3766678d60 move RegexpMetaChars into Regexp.qll 2021-05-14 13:23:36 +02:00
CodeQL CI
af0d31695a Merge pull request #5862 from asgerf/js/has-underlying-type 
Approved by erik-krogh, max-schaefer
 2021-05-14 04:10:43 -07:00
luchua-bc
9ef58e378c Remove the sample Java file in the src folder 2021-05-14 11:01:25 +00:00
Robin Neatherway
f378513ea3 Add lines-of-code tags 
This is a proposed method for advertising which queries are measuring
the lines of code in a project in a more robust manner than inspecting
the rule id.

Note that the python "LinesOfUserCode" query should _not_ have this
property, as otherwise the results of the two queries will be summed.
 2021-05-14 11:20:43 +01:00
haby0
60fc607449 Modify ql 2021-05-14 18:17:05 +08:00
Erik Krogh Kristensen
33641c84f6 recognize sanitizing string replace call for regexp-injection 2021-05-14 11:58:27 +02:00
haby0
498c99e26c Add left value, Add return expression tracing flow 2021-05-14 16:31:59 +08:00
Ethan P
406fb1e383 Update with Go custom build options 2021-05-13 17:29:34 -04:00
Erik Krogh Kristensen
9d60ec035f fix casing on the uid regexp 2021-05-13 23:04:30 +02:00
Erik Krogh Kristensen
662e335424 keep python in sync 2021-05-13 22:54:39 +02:00
Erik Krogh Kristensen
51067af784 add "uid" (and friends) as maybe being sensitive account info 2021-05-13 22:34:10 +02:00