hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 09:11:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,689 Branches 159 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
bfa14fa066 Merge pull request #7823 from JLLeitschuh/improve/JLL/combined_http_headers 
Java: Add HTTP Request Splitting to Netty Query
 2022-02-15 10:24:36 +01:00
Rasmus Wriedt Larsen
5a90214ece Merge pull request #7783 from yoff/python/promote-ldap-injection 
Python: promote LDAP injection query
 2022-02-15 10:24:18 +01:00
Jeroen Ketema
bf6ca7a7be C++: Remove some unused legacy relations from the DB scheme 2022-02-15 10:16:35 +01:00
Tamas Vajk
0c667fa544 Move change note from lib to src folder 2022-02-15 09:58:12 +01:00
Tamas Vajk
c386ab5e51 Add change note 2022-02-15 09:55:18 +01:00
CodeQL CI
8f8621f82c Merge pull request #8022 from asgerf/js/url-parse-qs 
Approved by esbena
 2022-02-15 09:34:21 +01:00
Tamas Vajk
e8bf94faf9 C#: Downgrade hardcoded credentials queries to medium precision 2022-02-15 09:34:20 +01:00
Marcono1234
a496b1d1a1 Java: Add predicates for sealed classes 2022-02-14 21:04:38 +01:00
Robert Marsh
0e50c4b186 C++: Add openssl low-level API 2022-02-14 14:47:55 -05:00
Chris Smowton
0bf6c83ef2 Merge pull request #4388 from JLLeitschuh/feat/JLL/java/CWE-200_temp_directory_local_information_disclosure 
Java: CWE-200: Temp directory local information disclosure vulnerability
 2022-02-14 18:58:44 +00:00
Chris Smowton
fd4dc95d84 Merge pull request #6443 from artem-smotrakov/ignored-hostname-verifier 
Java: An experimental query for ignored hostname verification
 2022-02-14 18:56:27 +00:00
yoff
de5b3a272d Merge pull request #7660 from RasmusWL/deprecate-old-modeling 
Python: Deprecate old points-to based modeling
 2022-02-14 19:48:03 +01:00
Chris Smowton
f2bc5849ce format 2022-02-14 17:00:14 +00:00
Nick Rolfe
9c79a171ae Merge pull request #8017 from github/nickrolfe/csharp_externalData 
C#: add externalData back to dbscheme
 2022-02-14 16:54:32 +00:00
Jonathan Leitschuh
2048aed0a9 Review feedback and improve temp dir vulnerable/safe code sugestion 2022-02-14 11:29:16 -05:00
Chris Smowton
a62eae5a1e Remove redundant conditions from HostnameVerificationCall.isIgnored 2022-02-14 16:26:41 +00:00
Jonathan Leitschuh
76964d58f2 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-14 11:04:31 -05:00
Jonathan Leitschuh
bb580ddbab Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-14 11:02:05 -05:00
Jonathan Leitschuh
7dee22a130 Fix implicit 'this' usage 2022-02-14 11:00:41 -05:00
luchua-bc
2b5982fd9d Remove specified value step from additional taint step 2022-02-14 15:42:54 +00:00
yoff
3a995ec1b1 Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-14 16:08:44 +01:00
yoff
62598c0fd1 Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-14 16:07:40 +01:00
yoff
86786d3368 Update docs/codeql/support/reusables/frameworks.rst 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-14 16:05:59 +01:00
Asger Feldthaus
8b55a24e7c JS: Add url-parse.qs as an alias for the querystringify library 2022-02-14 15:29:50 +01:00
luchua-bc
35a924292b Model value passing between a setter and a getter call as a value step 2022-02-14 14:08:55 +00:00
Asger Feldthaus
f7108506f2 JS: Raise precision tag of js/request-forgery 2022-02-14 14:20:41 +01:00
Nick Rolfe
2633f9d02e C#: delete externalData.rel in downgrade script 2022-02-14 12:25:32 +00:00
Nick Rolfe
6e7f5f8c12 C#: add DB upgrade and downgrade scripts 2022-02-14 12:16:39 +00:00
Nick Rolfe
d43a62a09f C#: add externalData back to dbscheme 
That table is still used, and is populated by the CSV extractor.
 2022-02-14 12:09:00 +00:00
Rasmus Lerchedahl Petersen
d1200d0cd5 python: fix change-note formatting 2022-02-14 12:22:29 +01:00
Rasmus Lerchedahl Petersen
84447e4710 python: more detailed alert message 2022-02-14 11:55:07 +01:00
Rasmus Lerchedahl Petersen
bd14adefa0 python: add apologetic comment 2022-02-14 11:37:46 +01:00
Mathias Vorreiter Pedersen
9b8d85903c Merge pull request #8011 from MathiasVP/revert-remove-legacy-tables 
Revert "Merge pull request #7982 from jketema/remove-legacy-relations"
 2022-02-14 10:32:01 +00:00
Mathias Vorreiter Pedersen
bc24b03d31 Merge pull request #8012 from erik-krogh/db-in-upgrade 
QL: allow raw db types in upgrade/downgrade scripts
 2022-02-14 10:24:55 +00:00
Erik Krogh Kristensen
8c7bf69a87 allow raw db types in upgrade/downgrade scripts without adding a warning for it 2022-02-14 10:40:07 +01:00
Mathias Vorreiter Pedersen
ab7850c581 Revert "Merge pull request #7982 from jketema/remove-legacy-relations" 
This reverts commit 2b6d57d85b, reversing
changes made to 9b4dbb9dd8.
 2022-02-14 09:11:56 +00:00
Mathias Vorreiter Pedersen
2b6d57d85b Merge pull request #7982 from jketema/remove-legacy-relations 2022-02-14 07:59:19 +00:00
Artem Smotrakov
48604cd7b3 Better HostnameVerificationCall.isIgnored() 2022-02-12 15:52:16 +00:00
Artem Smotrakov
36e565d673 Use classes from semmle.code.java.security.Encryption 2022-02-12 15:31:35 +00:00
Artem Smotrakov
651e43dee6 Clarify what verifier is 2022-02-12 12:24:48 +00:00
luchua-bc
78630f25dd Match attribute name to reduce FP 2022-02-11 23:53:31 +00:00
Chuan-kai Lin
9b4dbb9dd8 Merge pull request #7895 from github/cklin/upgrades-initial-dbscheme 
Upgrade scripts testing: set initial dbschemes
 2022-02-11 11:06:12 -08:00
Andrew Eisenberg
0f3d780935 Merge pull request #7946 from github/aeisenberg/check-change-not 
Workflows: Augment workflow to ensure failure with invalid change notes
 2022-02-11 09:25:14 -08:00
Jeroen Ketema
7f4913d61f Add change notes 2022-02-11 18:15:33 +01:00
Jeroen Ketema
9d7aa176f3 C++: Mark classes depending on removed relations as deprecated 
Also ensure they no longer depend on the removed relations.
 2022-02-11 18:04:17 +01:00
Nick Rolfe
b3048eed21 Merge pull request #7979 from github/nickrolfe/charp 
C#: fix misspellings of 'csharp'
 2022-02-11 16:57:59 +00:00
Erik Krogh Kristensen
a1c5724be7 fix most ql-for-ql warnings in JS 2022-02-11 17:57:37 +01:00
Andrew Eisenberg
5092493160 Update .github/workflows/validate-change-notes.yml 2022-02-11 08:41:20 -08:00
Geoffrey White
c4d9c1d9e7 C++: Reduce result duplication. 2022-02-11 16:03:38 +00:00
Jeroen Ketema
5205db9e17 C++: Add DB downgrade script 2022-02-11 16:36:21 +01:00