hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 09:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,693 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
9820116734 Merge pull request #5603 from hvitved/csharp/dataflow/no-unique 
C#: Remove `unique` wrappers from `DataFlow::Node::get(EnclosingCallable|ControlFlowNode)`
 2021-04-08 14:19:34 +02:00
Asger Feldthaus
52a2260dc7 JS: Rename change note file 2021-04-08 12:52:23 +01:00
Rasmus Wriedt Larsen
c738f387b1 Merge pull request #5624 from tausbn/python-make-callcfgnode-a-localsourcenode 
Python: Improve `CallCfgNode` interface
 2021-04-08 13:38:24 +02:00
haby0
1da48ed4d1 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-08 19:22:14 +08:00
haby0
bfbfe7af13 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-08 19:21:58 +08:00
haby0
21004006d6 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-08 19:17:04 +08:00
Taus
cf5f760ecd Merge pull request #5582 from RasmusWL/all-tuple 
Python: Add support for `__all__` assigned to tuple
 2021-04-08 13:03:27 +02:00
Rasmus Wriedt Larsen
83477439a1 Python: Make django views/fields/forms class modeling extensible 
This also requires that we make this part of the modeling public, which I guess
is step we want to take eventually anyway!

I'm not quite sure whether the modules `Django::Views` and `Django::Forms` are
actually helpful, or whether we should just have their modules available as
`Django::View`, `Django::Form`, and `Django::Field`...
 2021-04-08 12:45:37 +02:00
Rasmus Wriedt Larsen
b7483a5394 Python: Add modeledSubclassRef for Django views/fields/forms 2021-04-08 12:45:36 +02:00
Rasmus Wriedt Larsen
322bdcb703 Python: Port Django view modeling to API graphs 2021-04-08 12:45:35 +02:00
Rasmus Wriedt Larsen
8ce5c46e05 Python: Minor refactor 
modName/clsName _is_ shorter, but also looks way worse :D
 2021-04-08 12:45:34 +02:00
Tamas Vajk
a790eb8110 Fix for unconstrained generic types 2021-04-08 12:20:01 +02:00
Tamas Vajk
a8cbdc92b9 Add more test cases 2021-04-08 12:17:19 +02:00
Tamas Vajk
551a7ce9e5 Fix expression value of struct default argument values 2021-04-08 12:14:53 +02:00
Tamas Vajk
c069c3384e Fix tests 2021-04-08 12:07:36 +02:00
Tamas Vajk
cb9a9db356 C# Improve default argument value extraction 2021-04-08 12:07:22 +02:00
Tamas Vajk
2ac1e60406 C#: Add parameter default value tests 2021-04-08 12:04:18 +02:00
haby0
86ef2588f1 Restore @Component annotation 2021-04-08 17:55:29 +08:00
Jonas Jensen
51bab81f56 Merge pull request #5622 from MathiasVP/inline-is-before 
C++: Inline Location::isBefore
 2021-04-08 11:24:33 +02:00
haby0
3f0a3266aa [Java] CWE-348: Use of less trusted source 2021-04-08 17:14:03 +08:00
Erik Krogh Kristensen
99dd5330c2 add taint-step for URL construction in js/request-forgery 2021-04-08 11:10:33 +02:00
Geoffrey White
517fd23ca5 C++: Correct and add to test cases. 2021-04-08 09:48:38 +01:00
CodeQL CI
a9527fd913 Merge pull request #5621 from erik-krogh/shellSink 
Approved by esbena
 2021-04-08 09:47:45 +01:00
Tom Hvitved
2faf52b6bd Java: Remove unique wrapper from DataFlow::Node::getEnclosingCallable()` 2021-04-08 10:07:19 +02:00
jorgectf
33423eaef3 Optimize calls 2021-04-08 00:31:53 +02:00
jorgectf
7e456494ef Set up taint config and custom sink 2021-04-08 00:20:04 +02:00
jorgectf
8ca6e84268 Refactor Calls to use ApiGraphs 2021-04-08 00:19:46 +02:00
jorgectf
aa7763b3d2 Set up Concepts 2021-04-08 00:19:14 +02:00
jorgectf
db1f54a5f3 Polish query file 2021-04-08 00:19:00 +02:00
Dilan
675de07c3e autoformat ql 2021-04-07 15:04:18 -07:00
thank_you
83f28bfdda Catch any keyword argument passed to MongoEngine's objects method 
After some research, we discovered that any keyword argument passed to the objects method will result in NoSQL injection. This includes scenarios where we have the following:

objects(name_of_model_attribute=unsanitized_user_input)
 2021-04-07 16:45:48 -04:00
thank_you
719c30bd92 Fix file name and adjust where the test points to 2021-04-07 16:42:51 -04:00
ihsinme
ed34c96357 Update InsufficientControlFlowManagementWhenUsingBitOperations.ql 2021-04-07 21:40:49 +03:00
ihsinme
eb9b41acab Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-04-07 21:31:12 +03:00
Artem Smotrakov
a764a79090 Always bind arguments in TaintPropagatingCall 2021-04-07 21:12:21 +03:00
Artem Smotrakov
c13ee0859a LambdaExpression should extend JakartaType 2021-04-07 21:02:21 +03:00
Shati Patel
4cf0b8e725 Merge pull request #5626 from shati-patel/docs/broken-links 
Docs: Fix broken link to cached "RemoteFlowSource"
 2021-04-07 19:01:33 +01:00
Artem Smotrakov
3d8e173c57 Removed a reference to Apache Commons EL 2021-04-07 20:59:07 +03:00
Artem Smotrakov
80ac2aff26 Fixed typos 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-04-07 20:55:03 +03:00
Shati Patel
f372274857 Docs: Fix broken links 2021-04-07 18:02:29 +01:00
Shati Patel
2373bf2dfb Docs: Link to CodeQL CLI manual from the sidebar 2021-04-07 17:55:05 +01:00
Tom Hvitved
1cf30d2a9e C#: Compute enclosing callable as a transitive closure 2021-04-07 17:44:41 +02:00
Arthur Baars
039e8b36a5 Add some include/prepend tests 2021-04-07 17:27:33 +02:00
Arthur Baars
84f6e902ea AST: move some scope related methods to AstNode 2021-04-07 17:16:10 +02:00
Jonas Jensen
ab58cb3d44 Merge pull request #5604 from MathiasVP/fix-false-positive-in-assign-where-compare-meant 
C++: Fix FP in cpp/assign-where-compare-meant
 2021-04-07 16:54:45 +02:00
CodeQL CI
f0491af64c Merge pull request #5529 from erik-krogh/socketInput 
Approved by esbena
 2021-04-07 15:03:13 +01:00
Arthur Baars
063b085078 Address comments 2021-04-07 15:57:13 +02:00
Asger F
0c724a8427 Merge pull request #5304 from asgerf/js/non-alert-data 
JS: Implement new metric queries for line counting
 2021-04-07 14:52:51 +01:00
yoff
38daeb4df2 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-07 15:50:51 +02:00
Mathias Vorreiter Pedersen
03b12dbc6d C++: Inline Location::isBefore. 2021-04-07 15:45:08 +02:00