hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 17:03:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
578ce1e512 Merge pull request #5683 from asgerf/js/typescript-template-literal-type-crash 
Approved by erik-krogh
 2021-04-15 05:11:11 -07:00
Mathias Vorreiter Pedersen
7fbc62358e C++: Accept test changes after making the exprMightOverFlow predicates more sound. 2021-04-15 13:57:44 +02:00
haby0
0e183ab4a4 Finish comment 2021-04-15 19:49:06 +08:00
Chris Smowton
fa36ba901a Merge pull request #5471 from artem-smotrakov/el-injection 
Java: Query for detecting Jakarta Expression Language injections
 2021-04-15 12:39:34 +01:00
haby0
d269a7e717 CWE-598 reduction 2021-04-15 19:33:15 +08:00
haby0
216f204438 delete FilterClass 2021-04-15 19:28:25 +08:00
haby0
583d0889e2 delete tomcat-embed-core stub, update the ServletGetMethod class 2021-04-15 17:40:51 +08:00
Arthur Baars
bf556a2b53 Implement method lookup 2021-04-15 11:32:43 +02:00
Arthur Baars
5837af0936 Add MethodBase::getMethod 2021-04-15 11:32:43 +02:00
Arthur Baars
d361ef37af Rename Method -> MethodDeclaration 2021-04-15 11:32:43 +02:00
Arthur Baars
3590a2c2ac Merge pull request #164 from github/aibaars/fix-modules 
Improve module/class resolution
 2021-04-15 11:32:28 +02:00
haby0
5d05e4d224 Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-15 17:28:53 +08:00
Tom Hvitved
0f24db8759 C#: Improve performance of SsaImpl::CallGraph::SimpleDelegateAnalysis 2021-04-15 11:25:27 +02:00
Asger Feldthaus
f8570bb293 JS: Update TRAP 2021-04-15 10:16:46 +01:00
Rasmus Lerchedahl Petersen
d361d999b7 Python: add some path returning functions 
that were only listed as file sytem accesses.
 2021-04-15 10:55:09 +02:00
Rasmus Lerchedahl Petersen
02e41d8018 Python: update annotations 
This because `resolve` accesses the file system,
I am open to not include that fact in the modelling.
 2021-04-15 10:49:22 +02:00
Rasmus Lerchedahl Petersen
3eb1813584 Python: update test expectations 2021-04-15 10:47:49 +02:00
Asger Feldthaus
cb736c8c82 JS: Change note 2021-04-15 09:37:57 +01:00
Tom Hvitved
972cc47f67 Merge pull request #5673 from hvitved/csharp/customizations 
C#: Add `Customizations.qll`
 2021-04-15 10:24:29 +02:00
Asger Feldthaus
b4a2a9db25 JS: Fix extraction of non-substitution template literal types 2021-04-15 09:23:45 +01:00
Chris Smowton
bd3b3178ba Fix documentation of Modifier.qll 2021-04-15 09:16:51 +01:00
Rasmus Lerchedahl Petersen
c9b2c7885e Python: add changenote 2021-04-15 10:14:35 +02:00
Rasmus Lerchedahl Petersen
52a9040d73 Python update tests 2021-04-15 09:46:53 +02:00
Rasmus Lerchedahl Petersen
2387dc640c Python: Attempts at modelling pathlib-Paths 2021-04-15 09:40:23 +02:00
Rasmus Lerchedahl Petersen
8489403051 Python: Add some tests for pathlib 2021-04-15 09:40:23 +02:00
haby0
b3bdf89fc2 rm VerificationMethodFlowConfig, use springframework-5.2.3 stub 2021-04-15 10:25:40 +08:00
Thank You
f1e71e21ed Add SqlAlchemy module 2021-04-14 22:00:25 -04:00
CodeQL CI
4be183c7f6 Merge pull request #5675 from erik-krogh/libXss 
Approved by esbena
 2021-04-14 14:34:23 -07:00
edvraa
b027fddc7e Remove redundant check 2021-04-15 00:14:09 +03:00
edvraa
3a9d1f46fd Hide implementation details 2021-04-15 00:09:19 +03:00
edvraa
a4fd70aa3d Use don't care expression 2021-04-14 23:35:38 +03:00
ihsinme
b30ae3980c Update InsufficientControlFlowManagementAfterRefactoringTheCode.ql 2021-04-14 20:48:20 +03:00
Robert Marsh
fe57876fd8 Merge pull request #5643 from dbartol/smart-pointers/side-effect-refactor 
C++: Refactor some side effect generation code
 2021-04-14 09:59:41 -07:00
Taus
897d12420b Python: Prevent bad join in isinstanceEvaluatesTo 
In some cases, we were joining the result of `val.getClass()` against
the first argument of `Types::improperSubclass` before filtering out the
vast majority of tuples by the call to `isinstance_call`.

To fix this, we let `isinstance_call` take care of figuring out the
class of the value being tested. As a bonus, this cleans up the only
other place where `isinstance_call` is used, where we _also_ want to
know the class of the value being tested in the `isinstance` call.
 2021-04-14 16:49:12 +00:00
Artem Smotrakov
97186b3d30 Added comments for tests 2021-04-14 19:30:58 +03:00
Andrew Eisenberg
56ba0f080a Merge pull request #5659 from github/aeisenberg/mark-as-stale 
Actions: Add workflow for marking stale questions
 2021-04-14 08:37:55 -07:00
Taus
a7fcf52267 Python: Fix bad join in total_cost 
The recent change to `appliesTo` lead to a perturbation in the join
order of this predicate, which resulted in a cartesian product between
`call` and `ctx` being created (before being filtered by `appliesTo`).

By splitting the intermediate result into its own helper predicate,
suitably marked to prevent inlining/magic, we prevent this from
happening again.
 2021-04-14 15:36:01 +00:00
Andrew Eisenberg
392adf2a25 Workflows: Remove dry-run flag for labeller 2021-04-14 08:25:34 -07:00
Dave Bartolomeo
b29f35f564 Fix formatting 2021-04-14 11:15:16 -04:00
Arthur Baars
24bb11b20a Improve module/class resolution 2021-04-14 17:14:38 +02:00
Arthur Baars
12ee957331 Add test cases 2021-04-14 17:12:39 +02:00
Arthur Baars
3b73d41cc4 Merge pull request #163 from github/aibaars/modules-2 
Ignore include/prepend statements in blocks
 2021-04-14 17:09:34 +02:00
Geoffrey White
64fed4cb10 Merge pull request #5677 from MathiasVP/fix-duplicate-ids-in-experimental 
C++: Fix duplicate names in experimental queries
 2021-04-14 15:58:49 +01:00
Mathias Vorreiter Pedersen
ed64ed3d8d C++: Make exprMightOverflowPositively/exprMightOverFlowNegatively hold for unanalyzable expressions. This hopefully means that expressions that do not satisfy these predicates will never overflow/underflow. 2021-04-14 16:45:27 +02:00
Jonas Jensen
b4f01c9afa Merge pull request #5578 from MathiasVP/ast-flow-smart-pointers 
C++: AST dataflow through smart pointers
 2021-04-14 16:39:05 +02:00
Mathias Vorreiter Pedersen
53a320a810 C++: Fix duplicate names. 2021-04-14 16:33:18 +02:00
Mathias Vorreiter Pedersen
bb447d7174 C++: Make sure missingGuardAgainstOverflow (and underflow) holds when range analysis fails to deduce a bound. 2021-04-14 16:30:43 +02:00
yoff
447f339857 Merge pull request #5641 from tausbn/python-use-localsourcenode-in-typetrackers 
Python: Use API graphs in PEP249 support
 2021-04-14 15:39:49 +02:00
Mathias Vorreiter Pedersen
92508beb82 Merge pull request #5600 from ihsinme/ihsinme-patch-258 
CPP: Add query for CWE-691 Insufficient Control Flow Management When Using Bit Operations
 2021-04-14 14:55:30 +02:00
Anders Schack-Mulligen
f43d427875 Merge pull request #5645 from Marcono1234/marcono1234/primary-ql-class 
Java: Override getAPrimaryQlClass() for more classes
 2021-04-14 14:51:29 +02:00