hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 08:23:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,693 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
3d30efed11 Python: Add exec as a shared built-in 
This is _slightly_ wrong, since `exec` isn't a built-in function in
Python 2. It should be harmless, however, since `exec` is a keyword,
and so cannot be redefined anyway.
 2021-05-12 11:07:16 +00:00
Anders Schack-Mulligen
7974e3ad38 Merge pull request #5883 from zbazztian/consider-boxed-booleans-to-avoid-xxe-fps 
Consider boxed booleans to avoid false positives for XXE.ql
 2021-05-12 12:51:22 +02:00
Tony Torralba
09b40601a7 Consider ExpressionAccessor 2021-05-12 12:32:38 +02:00
Sebastian Bauersfeld
b05512a958 Add change notes. 2021-05-12 16:58:24 +07:00
Taus
5c7e73d485 Python: Add exception types 2021-05-12 09:53:09 +00:00
Sebastian Bauersfeld
bf4d88175c Consider boxed booleans to avoid false positives for XXE.ql 2021-05-12 16:40:00 +07:00
Geoffrey White
8f152b7380 Merge pull request #5877 from MathiasVP/detect-more-abs-in-overflow-library 
C++: Detect more uses of `abs`
 2021-05-12 10:02:12 +01:00
Tom Hvitved
fc121e1cbd Merge pull request #5865 from tamasvajk/feature/remove-base-class-dependency-id 
C#: Remove base class from type IDs in trap files
 2021-05-12 10:30:31 +02:00
Taus
07a70af344 Python: Limit set of globals that may be built-ins 
I am very tempted to leave out the constants, or at the very least
`False`, `True`, and `None`, as these have _many_ occurrences in the
average codebase, and are not terribly useful at the API-graph level.

If we really do want to capture "nodes that refer to such and such
constant", then I think a better solution would be to create classes
extending `DataFlow::Node` to facilitate this.
 2021-05-12 08:19:35 +00:00
Tom Hvitved
961467e06e C#: Always pass /p:UseSharedCompilation=false to dotnet build in auto builder 2021-05-12 10:15:04 +02:00
Anders Schack-Mulligen
a247ae4357 Merge pull request #5843 from JLLeitschuh/feat/JLL/improve_kryo_support 
[Java] Fix Kryo FP & Kryo 5 Support
 2021-05-12 09:52:24 +02:00
Anders Schack-Mulligen
74ae2e0857 Merge pull request #5773 from hvitved/dataflow/aggressive-caching 
Data flow: Cache most language-dependent predicates
 2021-05-12 09:41:55 +02:00
haby0
12f47bcf24 Add UnsafeDeserialization 2021-05-12 12:37:16 +08:00
thank_you
3e25b14a68 Update NoSQLInjection.expected 2021-05-11 20:07:09 -04:00
Alex Ford
0016146e11 limit summary queries to files from within the source directory 2021-05-11 21:07:08 +01:00
Tamas Vajk
8e371fd05a Adjust expected IR test file 2021-05-11 21:54:05 +02:00
Alex Ford
49d9bb798c revamp the diagnostics tests 2021-05-11 19:53:00 +01:00
Alex Ford
9b115129fe move diagnostics queries to match other languages more closely 2021-05-11 19:53:00 +01:00
Alex Ford
1381d8d076 tidy up Diagnostics library 2021-05-11 19:28:31 +01:00
Alex Ford
9663b74e12 use severity level 3 to indicate an extraction error for a file 2021-05-11 19:23:05 +01:00
Alex Ford
d1d8cff915 tests for some more diagnostics queries 2021-05-11 19:14:22 +01:00
Alex Ford
de497dd1ba tests for NumberOfFiles* summary queries 2021-05-11 19:14:22 +01:00
Mathias Vorreiter Pedersen
948f1d8e34 C++: Add testcase with INTMAX_MIN. 2021-05-11 19:43:21 +02:00
Marcono1234
8969da7775 Java: Improve not closing resource query; add tests 2021-05-11 19:32:02 +02:00
Nick Rolfe
004147984b Simplify CFG classes for StmtSequences 2021-05-11 18:27:11 +01:00
luchua-bc
e7cd6c9972 Optimize the query 2021-05-11 16:56:12 +00:00
Jonathan Leitschuh
5a68ac88ef Cleanup Jackson logic after code review 2021-05-11 10:48:22 -04:00
Jonathan Leitschuh
bacc3ef5b3 [Java] Jackson add support for 2 step deserialization taint flow 2021-05-11 10:36:47 -04:00
Jonathan Leitschuh
e97bad3b33 Support field access data flow for JacksonDeserializedTaintStep 2021-05-11 10:36:47 -04:00
Jonathan Leitschuh
83d527ed19 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-11 10:36:47 -04:00
Jonathan Leitschuh
b871f48c50 [Java] Add release note to Jackson change 2021-05-11 10:36:47 -04:00
Jonathan Leitschuh
d0b0b767a2 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-11 10:36:47 -04:00
Jonathan Leitschuh
d0638db6e7 [Java] Add data flow through Iterator deserializers for Jackson 2021-05-11 10:36:47 -04:00
Jonathan Leitschuh
56b1f15dda [Java] Add taint tracking through Jackson deserialization 2021-05-11 10:36:47 -04:00
Geoffrey White
d7e560c611 Merge pull request #5767 from ihsinme/ihsinme-patch-268 
CPP: Add query for CWE-1126: Declaration of Variable with Unnecessarily Wide Scope
 2021-05-11 15:24:25 +01:00
Tony Torralba
8754c85a57 Use InlineExpectationsTest 2021-05-11 16:23:12 +02:00
Tony Torralba
fc03b92e11 Moved from experimental to standard 2021-05-11 15:42:13 +02:00
Tony Torralba
53da3b661a Refactor to CSV sink model 2021-05-11 15:33:49 +02:00
Alex Ford
8ab95324eb dedupe some error reporting code 2021-05-11 14:09:10 +01:00
Mathias Vorreiter Pedersen
3e21f479a9 C++: Add change-note. 2021-05-11 14:58:48 +02:00
Tom Hvitved
d66506b0a3 Data flow: Rename {Argument,Parameter}NodeExt to {Arg,Param}Node 2021-05-11 14:40:10 +02:00
Mathias Vorreiter Pedersen
48e783184c C++: Fix false positive by recognizing more absolute value functions in Overflow.qll 2021-05-11 14:30:28 +02:00
Jonathan Leitschuh
0d9a85ca6b Update java/change-notes/2021-05-05-kryo-improvements.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-05-11 08:29:50 -04:00
Mathias Vorreiter Pedersen
24d8abd2c2 C++: Add false positive testcase when an absolute value is used in comparison. 2021-05-11 14:27:53 +02:00
CodeQL CI
922b276fac Merge pull request #5728 from asgerf/js/source-sink-queries 
Approved by erik-krogh
codeql-cli/v2.5.5 		2021-05-11 05:04:47 -07:00
Tamas Vajk
717070c7e4 Fix/cleanup passed and default arguments values 2021-05-11 13:11:35 +02:00
yoff
a7f97895ac Merge pull request #5863 from erik-krogh/printReg 
JS: add printAst.ql support for regular expressions
 2021-05-11 12:45:49 +02:00
yoff
0e5a2c4573 Merge pull request #5442 from jorgectf/jorgectf/python/redos 
Python: Add Regular Expression Injection query
 2021-05-11 12:11:35 +02:00
yoff
549c9eee1a Merge pull request #5739 from RasmusWL/share-sensitive-data-modeling 
Python/JS: Share sensitive data modeling
 2021-05-11 11:53:59 +02:00
CodeQL CI
a87731115a Merge pull request #5860 from max-schaefer/js/improve-sql-modelling 
Approved by asgerf
 2021-05-11 02:24:52 -07:00