hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 17:21:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,691 Branches 159 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jorgectf
85b5ef36ae XmlInjection -> XmlEntityInjection 2022-02-09 13:28:56 +01:00
Nick Rolfe
1eba8277ee Merge pull request #7614 from github/nickrolfe/array_flow_summaries 
Ruby: add more Array/Enumerable flow summaries
 2022-02-09 09:57:59 +00:00
Harry Maclean
f276904fa9 Ruby: Add nomagic pragma to helper 2022-02-09 22:38:35 +13:00
Michael Nebel
ff369f2a36 Merge pull request #7846 from michaelnebel/csharp/deconstruction 
C# 10: Tuple deconstruction.
 2022-02-09 10:08:16 +01:00
Mathias Vorreiter Pedersen
bbbb5268ce Merge pull request #7881 from geoffw0/clrtxtperf 
CPP: Fix performance for cpp/cleartext-transmission
 2022-02-09 09:03:44 +00:00
Erik Krogh Kristensen
5340530cb7 use the number guard in existing queries that contained typeof checks 2022-02-09 09:51:57 +01:00
Erik Krogh Kristensen
d6721ec574 implement a isNaN guard for unsafe-shell-command-construction 2022-02-09 09:51:57 +01:00
Tom Hvitved
9440a45015 Merge branch 'main' into post-release-prep/codeql-cli-2.8.0 2022-02-09 09:40:33 +01:00
yoff
f21ac04285 Update python/ql/lib/semmle/python/frameworks/Stdlib.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-09 09:22:31 +01:00
luchua-bc
4609227e76 Use data model for request/session attribute operations 2022-02-09 03:24:46 +00:00
jorgectf
3ccac4ed8a Update .expected 2022-02-08 23:59:36 +01:00
Jonathan Leitschuh
7f46640176 Consider calls to setReadable(false, false) then setReadable(true, true) to be safe 2022-02-08 17:57:10 -05:00
jorgectf
c6d8b97871 Make verifyCall() a private predicate 2022-02-08 23:37:17 +01:00
jorgectf
7b51b91d13 Improve test 2022-02-08 23:33:43 +01:00
jorgectf
ed60d16367 Refactor the way to check the verifying call 2022-02-08 23:33:30 +01:00
Jorge
f1fab98ea2 Merge branch 'github:main' into python_jwt 2022-02-08 23:12:58 +01:00
Taus Brock-Nannestad
54ae744b2c Python: Also update Python 2 file 2022-02-08 22:08:53 +01:00
Harry Maclean
3206384884 Merge pull request #7824 from github/hmac/constantize 2022-02-09 08:30:21 +13:00
Chuan-kai Lin
a7f1ee574c Upgrade scripts testing: set initial dbschemes 
This commit sets initial dbschemes for cpp, csharp, java, javascript, and
python so that automated testing for upgrade scripts would also cover legacy
upgrades.
 2022-02-08 11:11:41 -08:00
Tom Hvitved
b2419d60bd Merge pull request #7090 from hvitved/ruby/perf 
Ruby: Cache more predicates
 2022-02-08 20:02:33 +01:00
Chris Smowton
143d64c92c Merge pull request #7879 from github/smowton/admin/getting-started-mention-codeql-go-deps 
Docs: Note codeql-go needs an install step before use
 2022-02-08 18:07:26 +00:00
Alex Ford
81ed5d0ff7 Ruby: comment and node description fixes 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-02-08 18:03:29 +00:00
jorgectf
b00051e4ab Update .expected 2022-02-08 17:52:37 +01:00
jorgectf
01ad25f3f0 Apply .getALocalSource() and fix xmltodict's vulnerable predicate 2022-02-08 17:51:09 +01:00
jorgectf
7c4a6a12b0 Test polish 2022-02-08 17:50:39 +01:00
jorgectf
8f9cd16806 Update 2022-02-08 17:23:18 +01:00
Taus Brock-Nannestad
6ea8986daa Python: Normalise string prefixes 2022-02-08 16:48:17 +01:00
Erik Krogh Kristensen
4bbb7ad320 Merge pull request #7876 from erik-krogh/zipRelative 
JS: recognize more startswith sanitizers for path-injection queries
 2022-02-08 15:22:39 +01:00
Nick Rolfe
ade7921079 Merge pull request #7890 from github/nickrolfe/unique_node 
Ruby/QL: add `unique` annotation on `node` column
 2022-02-08 13:15:17 +00:00
Tom Hvitved
984e01ecf0 C#: Remove FPs from cs/dereferenced-value-may-be-null 
Apply a conservative approach by filtering out results for accesses to
captured nullable values, when there is an (implicit) call to the capturing
callable which is `null`-guarded. For example:

```
bool M(int? i, IEnumerable<int> @is)
{
    if (i.HasValue)
        return @is.Any(j => j == i.Value); // GOOD
    return false;
}
```
 2022-02-08 14:01:57 +01:00
Tom Hvitved
7948d965a0 C#: Add nullness tests for captured variables 2022-02-08 13:52:29 +01:00
Tom Hvitved
3b5267eca5 Ruby: Cache DataFlow::Node::{toString,getLocation} 2022-02-08 13:03:42 +01:00
Tom Hvitved
f337459a4a Ruby: Cache capturedEntryWrite 2022-02-08 13:03:42 +01:00
Tom Hvitved
b041bc03d1 Ruby: Cache ConditionBlock::(immediately)Controls 2022-02-08 13:03:41 +01:00
Tom Hvitved
4037d1ff96 Ruby: Cache ErbDirective::getAChildStmt 2022-02-08 13:03:41 +01:00
Tom Hvitved
4c5f32ba4a Ruby: Cache exprNodeReturnedFrom 2022-02-08 13:03:31 +01:00
Tom Hvitved
45412fa17f Cache hasLocalSource 2022-02-08 13:03:27 +01:00
Chris Smowton
a6596ea7ce Fix test requirements, formatting 2022-02-08 12:01:32 +00:00
Rasmus Lerchedahl Petersen
3f36ccba92 python: add name to concept 2022-02-08 12:40:13 +01:00
Rasmus Lerchedahl Petersen
8665fe4817 python: add concept for XPath construction 
also small fixup in `SqlConstruction`
 2022-02-08 12:31:37 +01:00
Erik Krogh Kristensen
28ba78cb76 add explicit this 2022-02-08 12:20:21 +01:00
Rasmus Wriedt Larsen
3e01816f0c Python: Add change-note 2022-02-08 12:03:40 +01:00
Rasmus Lerchedahl Petersen
7d287f1698 python: add concept for xpath execution 2022-02-08 11:46:28 +01:00
Rasmus Lerchedahl Petersen
103b5761f3 python: remove superfluous configuration 
this also removes duplicated nodes and edges
in the path results
 2022-02-08 11:34:11 +01:00
Michael Nebel
c04e344192 Merge pull request #7749 from michaelnebel/csharp/lambda-improvements 
C# 10 - Lambda improvements.
 2022-02-08 11:28:55 +01:00
Benjamin Muskalla
b62df5a9ad Merge pull request #7872 from bmuskalla/fixCoverageCollection 
Collect framework coverage on demand
 2022-02-08 11:27:48 +01:00
Rasmus Lerchedahl Petersen
a9cfc60ea1 python: move supporting libraries 
and update reference in query
 2022-02-08 11:27:45 +01:00
Henry Mercer
eff0ca01b1 Merge pull request #7417 from github/henrymercer/java/update-telemetry-query-metadata 
Java: Start running telemetry queries on Code Scanning
 2022-02-08 10:26:30 +00:00
Rasmus Lerchedahl Petersen
88efcff818 python: move query 
and update reference in query test
 2022-02-08 11:24:09 +01:00
Chris Smowton
79654592d9 Apply suggestions from code review 2022-02-08 10:23:46 +00:00