hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 09:11:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,689 Branches 159 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
7c1bd9a533 Ruby: add a test case for cleartext logging that uses NonCleartextPasswordFlow 2022-02-10 15:50:56 +00:00
Alex Ford
83a3808bbe Ruby: avoid marking mutator methods as being safe (i.e. not returning sensitive data) 2022-02-10 15:50:56 +00:00
Alex Ford
b46e4ccd71 Ruby: drop SanitizerIn from ClearTextLoggingQuery 2022-02-10 15:50:56 +00:00
Alex Ford
7b4af39315 Ruby: track masked variables potentially containing sensitive data more accurately 2022-02-10 15:50:56 +00:00
Alex Ford
59ab384825 Ruby: rb/clear-text-logging-sensitive-data - match on CFG nodes rather than AST nodes 2022-02-10 15:50:56 +00:00
Jonathan Leitschuh
eee521e6ce Fix test failure for TempDirLocalInformationDisclosure 2022-02-10 10:40:40 -05:00
Tom Hvitved
a3d631f2df Add C# 10 and .NET 6 to versions-compilers.rst 2022-02-10 15:45:00 +01:00
Tom Hvitved
1c66444a61 C#: Use Brotli instead of Gzip 2022-02-10 14:30:24 +01:00
Felicity Chapman
efed21b99a Merge pull request #7885 from Marcono1234/marcono1234/extractor-doc-improvements 
Fix and improve Extractor options documentation formatting
 2022-02-10 12:59:45 +00:00
CodeQL CI
9ebbd9efa1 Merge pull request #7591 from asgerf/js/mysql-sinks 
Approved by esbena
 2022-02-10 12:50:36 +00:00
Felicity Chapman
5ec1fc11f9 Apply suggestions from code review 2022-02-10 12:41:37 +00:00
CodeQL CI
a57ee019c2 Merge pull request #7819 from asgerf/asgerf/ruby-def-nodes 
Approved by hvitved
 2022-02-10 12:37:34 +00:00
Taus Brock-Nannestad
be323bafaf Merge remote-tracking branch 'upstream/main' into python-normalise-prefixes 2022-02-10 12:55:49 +01:00
CodeQL CI
1a91a79b5b Merge pull request #5841 from erik-krogh/libCode 
Approved by esbena, ethanpalm
 2022-02-10 11:36:45 +00:00
Mathias Vorreiter Pedersen
d05dbb285c Merge pull request #7841 from jketema/structured-bindings-fix 
C++: Update C++ variable hiding test
 2022-02-10 11:29:38 +00:00
Geoffrey White
b0c2a144cc C++: Remove no longer relevant tests. 2022-02-10 11:11:31 +00:00
Geoffrey White
20ad92a82e C++: Filter noisiest sources. 2022-02-10 11:11:30 +00:00
Geoffrey White
7b5b2fdcd1 C++: Modernize cpp/system-data-exposure as a path-problem using IR taint, RemoteFlowSinkFunction. 2022-02-10 11:11:26 +00:00
Geoffrey White
5490809bcf C++: Expand tests. 2022-02-10 10:43:21 +00:00
Erik Krogh Kristensen
d55920ad27 add model for the snapdragon library 2022-02-10 11:32:59 +01:00
Jeroen Ketema
46821fe136 Update C++ variable hiding test 
Structured bindings are now handled better, so the false negative
related to structured bindings is now a true positive.
 2022-02-10 10:58:32 +01:00
Tom Hvitved
58d90c7f8d Python: More points-to performance improvements 2022-02-10 10:29:30 +01:00
Tom Hvitved
7fd8d6dd30 Address review comments 2022-02-10 10:29:30 +01:00
Tom Hvitved
2de892bfd8 Python: Points-to performance improvements 2022-02-10 10:29:30 +01:00
Erik Krogh Kristensen
12d31d750a convert more type-trackers to API-graphs 2022-02-10 09:54:52 +01:00
Stephan Brandauer
a73cdf3527 Merge pull request #7911 from kaeluka/javascript/add-getFlowLabel-to-PathNode 
JS: add a getFlowLabel method to the PathNode class
 2022-02-10 09:10:08 +01:00
Jonathan Leitschuh
bafcce17d4 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-09 22:14:17 -05:00
Harry Maclean
d966ca8466 Ruby: recognise additional form for OpenURI 2022-02-10 15:42:15 +13:00
luchua-bc
ce03aeb4d9 Fixed an issue related to normalized path 2022-02-09 23:19:40 +00:00
Rasmus Wriedt Larsen
94f9656e8e Python: Solve deprecation warnings for old experimental queries 2022-02-10 00:09:43 +01:00
Harry Maclean
f30222256f Merge pull request #7061 from github/hmac/actiondispatch 
Ruby: Rails route resolution
 2022-02-10 09:46:36 +13:00
Ethan Palm
2f7f9d9032 Move explanation of example above sample code 2022-02-09 10:45:24 -08:00
Jonathan Leitschuh
ded8d64301 Remove CAPC and add CWE-93 2022-02-09 12:31:53 -05:00
Jonathan Leitschuh
03fdee3767 Cleanup Netty Response Splitting Query 2022-02-09 12:28:11 -05:00
Jonathan Leitschuh
8ffe878722 Apply suggestions from code review 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2022-02-09 12:28:11 -05:00
Jonathan Leitschuh
c732cb7759 Add HTTP Request Splitting to Netty Query 2022-02-09 12:28:10 -05:00
Stephan Brandauer
3e88d46e0f add a getFlowLabel method to the PathNode class 2022-02-09 17:28:25 +01:00
Jonathan Leitschuh
49a73673b6 Fix FP from mkdirs call on exact temp directory 2022-02-09 11:04:23 -05:00
Tamás Vajk
6483a92587 Merge pull request #7865 from github/post-release-prep/codeql-cli-2.8.0 
Post-release preparation for codeql-cli-2.8.0
 2022-02-09 16:42:38 +01:00
Jonathan Leitschuh
787e3dac31 Update java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-09 10:07:56 -05:00
Tom Hvitved
c695388c29 Merge pull request #7891 from hvitved/ruby/dataflow/hide-ssa-nodes 
Ruby: Hide more SSA nodes from data-flow path explanations
 2022-02-09 15:56:15 +01:00
Tom Hvitved
0bd8411cb6 Ruby: Hide more SSA nodes from data-flow path explanations 2022-02-09 15:31:10 +01:00
Rasmus Lerchedahl Petersen
aa010e420b python: update qhelp 2022-02-09 15:27:39 +01:00
Rasmus Lerchedahl Petersen
75a2f92ce4 pthon: add change note 2022-02-09 15:23:36 +01:00
Mathias Vorreiter Pedersen
336c25d929 Merge pull request #7913 from RasmusWL/ql-qlpacks 
QL: Streamline qlpacks
 2022-02-09 13:37:19 +00:00
Rasmus Lerchedahl Petersen
313f9f056c python: switch to using concepts 2022-02-09 14:36:48 +01:00
Rasmus Lerchedahl Petersen
17aa2898f9 python: model (xpathEval from) libxml2 2022-02-09 14:25:43 +01:00
Rasmus Lerchedahl Petersen
e8649d8947 python: model (etree from) lxml 2022-02-09 14:15:17 +01:00
Rasmus Wriedt Larsen
1f50624cf4 QL: Streamline qlpacks 
So they follow the same format as the other languages.

`git grep codeql-ql` in the ql/ subfolder does not yield any results
now.
 2022-02-09 14:08:36 +01:00
Rasmus Wriedt Larsen
9d5e8d5bd8 Merge pull request #7842 from RasmusWL/consistency-queires 
Misc: Streamline `consistency-queries/qlpack.yml`
 2022-02-09 13:42:18 +01:00