hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 17:03:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
76700d17d6 Merge pull request #5684 from RasmusWL/flask-more-taint-tests 
Python: Add taint tests for .get() in flask
 2021-04-20 14:08:08 +02:00
Asger Feldthaus
f8d428cb2d JS: Use function-forwarding steps when tracking rate limiters 2021-04-20 13:00:42 +01:00
Mathias Vorreiter Pedersen
93e55e2631 C++: Fix FP in cpp/return-stack-allocated-memory. 2021-04-20 13:58:12 +02:00
Mathias Vorreiter Pedersen
1797b6c7f9 C++: Add FP test from the work on smart pointers in dataflow. 2021-04-20 13:54:57 +02:00
Asger Feldthaus
581f4ed757 JS: Generalize handling of route handler wrapper functions 2021-04-20 12:46:40 +01:00
Chris Smowton
0ec3ee29e4 Style last use of SecureASTCustomizer 2021-04-20 12:44:49 +01:00
Hayk Andriasyan
bb58a50503 Update GroovyInjection.qhelp 2021-04-20 15:41:58 +04:00
p0wn4j
f2de440886 [Java] CWE-094: Query to detect Groovy Code Injections 2021-04-20 19:18:24 +04:00
Arthur Baars
122315db3f Remove 'Method' class 2021-04-20 13:41:11 +02:00
haby0
3e376f95c4 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:36:16 +08:00
haby0
b1ee864ad9 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:35:52 +08:00
haby0
9e87f4ec4e Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:35:34 +08:00
haby0
408dd31d3c Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:34:37 +08:00
haby0
9ece4dac0f Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:33:47 +08:00
haby0
d82878ac3b Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:33:06 +08:00
haby0
0b1637a409 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:32:39 +08:00
haby0
b60bffaf83 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-20 19:31:59 +08:00
Jonas Jensen
d4fdd50e2c Merge pull request #5723 from MathiasVP/cleanup-smart-ptr-model 
C++: Simplify smart pointer model
 2021-04-20 13:25:02 +02:00
Tom Hvitved
dd1bb18938 C#: Various data-flow performance tweaks 
- Cache `DataFlowCall::getEnclosingCallable()`.
- Cache `ParameterNode`.
- Cache `ArgumentNode`.
- Force proper join-orders for uses of `getNodeType()`.
- Inline `localFlow` to prevent calculating full TC.
 2021-04-20 11:56:25 +02:00
Tom Hvitved
1f9239089f Merge pull request #5695 from hvitved/csharp/dispose-not-called-on-exc-perf 
C#: Improve performance of `DisposeNotCalledOnException.ql`
 2021-04-20 11:52:18 +02:00
Tom Hvitved
b2a7a3ed30 Merge pull request #5674 from hvitved/csharp/ssa/call-graph-perf 
C#: Improve performance of `SsaImpl::CallGraph::SimpleDelegateAnalysis`
 2021-04-20 11:51:52 +02:00
Geoffrey White
2b7e599dc4 Merge pull request #5703 from MathiasVP/improve-access-of-memory-location-after-end-of-buffer-using-strncat 
C++: Improve cpp/access-memory-location-after-end-buffer-strncat
 2021-04-20 10:44:24 +01:00
Alex Ford
28e46c8915 add FLinesOfCode.ql metric query 2021-04-20 10:12:52 +01:00
Mathias Vorreiter Pedersen
61d4d17225 C++: Simplify smart pointer model and accept test changes. 2021-04-20 09:57:58 +02:00
Tamás Vajk
408954e4d8 C#: Add Dapper to supported frameworks 2021-04-20 09:30:47 +02:00
haby0
0053158884 update qhelp file and ql comments 2021-04-20 10:58:54 +08:00
thank_you
c5fbbc0551 Refactor SqlAlchemy model 
- Replaced classes that look for SqlAlchemy instances with predicates
- General clean-up of code
 2021-04-19 18:56:00 -04:00
yo-h
87cd72496c Java: add extractor diagnostic queries 2021-04-19 15:34:16 -04:00
yo-h
cb524b6c19 Merge pull request #5611 from github/yo-h/java16 
Java: adjust test `options` for JDK 16 upgrade
 2021-04-19 15:12:23 -04:00
Taus
bc6685aa3f Python: Fix typo 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-19 19:57:35 +02:00
Alex Ford
7bfc61789d line count MetricFile predicates 2021-04-19 18:08:01 +01:00
Alex Ford
62bf58b289 WIP: populate numlines table 2021-04-19 18:06:35 +01:00
Anders Schack-Mulligen
5458c02cc2 Merge pull request #5456 from aschackmull/java/adopt-flow-summary 
Java: Use shared flow summary library for CSV models.
 2021-04-19 16:21:10 +02:00
Anders Schack-Mulligen
33db0c13cd Merge pull request #5689 from github/aeisenberg/rework-staleness 
Actions: Change staleness calculation
 2021-04-19 15:57:41 +02:00
Tom Hvitved
9128ec72ad C#: A few minor SSA performance tweaks 2021-04-19 15:51:14 +02:00
Anders Schack-Mulligen
80eb0a2df6 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-19 15:45:58 +02:00
CodeQL CI
437bba1e3c Merge pull request #5716 from erik-krogh/vscodeRegress 
Approved by esbena
 2021-04-19 06:30:02 -07:00
Tom Hvitved
15e4b7f95d C#: Remove CP from HardcodedCredentials::getCredentialSink 2021-04-19 15:03:11 +02:00
haby0
0159956fa5 Fix Modify the ql query (the qhelp part is not modified). 2021-04-19 21:03:01 +08:00
Rasmus Wriedt Larsen
d607c13ab6 Python: Taint tests: include elment for forgotten MISSING 2021-04-19 15:01:42 +02:00
haby0
8296abcea8 Fix Modify the ql query (the qhelp part is not modified). 2021-04-19 20:59:47 +08:00
Rasmus Wriedt Larsen
9585390941 Python: Taint tests, report error location first 
To better match the standard output from inline expectation tests
 2021-04-19 14:59:47 +02:00
Rasmus Wriedt Larsen
b2cb284ff2 Python: Add more examples of what is ok with new taint tests 2021-04-19 14:56:20 +02:00
Anders Schack-Mulligen
7d84cfacef Java: Add MapKeyContent and MapValueContent. 2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen
39862740e0 Java: Convert support for fluent interfaces. 2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen
579c955892 Java: Adjust some tests. 2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen
175c71221a Java: Adjust some test output with more edges/nodes. 2021-04-19 14:06:27 +02:00
haby0
23b508c5e7 Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource 2021-04-19 20:05:49 +08:00
Anders Schack-Mulligen
60965b0d8c Java: Adjust some csv models. 2021-04-19 14:02:19 +02:00
Anders Schack-Mulligen
a27dac029f Java: Use shared flow summary library for csv models. 2021-04-19 14:02:19 +02:00