hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-25 03:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
d86705fe7a remove benign result for js/whitespace-contradicts-precedence related to " | 0" expressions 2021-01-25 10:43:39 +01:00
Jonas Jensen
1b3d69d617 Merge pull request #4784 from MathiasVP/mathiasvp/reverse-read-take-3 
C++: Support longer access paths in IR field flow
 2021-01-25 10:36:03 +01:00
Tom Hvitved
3a0c9a8104 CFG: Replace special parameters with their identifiers 
For example, instead of including `**kwargs` in the CFG, we include `kwargs`.
This means that all variable accesses belonging to parameter definitions will
be included in the CFG.
 2021-01-25 10:02:21 +01:00
Tom Hvitved
c235462f7d C++: Sync IRType.qll 2021-01-25 09:43:57 +01:00
ihsinme
b899229298 Add files via upload 2021-01-25 00:33:54 +03:00
ihsinme
9ae503a5a8 Add files via upload 2021-01-25 00:30:35 +03:00
ihsinme
20e19ec467 Add files via upload 2021-01-25 00:09:55 +03:00
ihsinme
9071ba2f99 Add files via upload 2021-01-25 00:06:19 +03:00
ihsinme
fcd532522d Add files via upload 2021-01-24 22:36:42 +03:00
ihsinme
20d1b24e9c Add files via upload 2021-01-24 22:35:11 +03:00
Francis Alexander
75b79039a1 Example fixes 2021-01-24 20:46:37 +05:30
Rasmus Lerchedahl Petersen
89e56707c3 Python: Omit all unresolved parameter nodes. 
Drops the results further to 139.
 2021-01-24 16:16:07 +01:00
Francis Alexander
81e372d078 Formatting changes 2021-01-24 20:44:21 +05:30
Rasmus Lerchedahl Petersen
baf0917524 On saltstack this drops the number of consistency errors 
of type uniqueEnclosingCallable from 4026 to 614.
 2021-01-24 15:30:59 +01:00
Francis Alexander
a64fc2b24e Java: Queries to detect remote source flow to CORS header 2021-01-24 18:58:39 +05:30
Artem Smotrakov
71e5cb45d3 Simplified method and class definitions for JEXL 2021-01-23 19:50:16 +01:00
Artem Smotrakov
03348b18b5 Simplified TaintPropagatingJexlMethodCall 2021-01-23 19:41:14 +01:00
Artem Smotrakov
a47147bc5e Simplify sinks in JexlInjectionLib.qll 2021-01-23 19:22:43 +01:00
Artem Smotrakov
28ebbee61d Added TaintPropagatingJexlMethodCall class 2021-01-23 17:42:04 +01:00
haby0
0b326aae20 *)update XQueryInjectionLib.qll 2021-01-23 18:27:38 +08:00
haby0
44d99f8cd4 *)update XQueryInjection.ql 2021-01-23 18:26:58 +08:00
haby0
ec4c155043 *)update XQueryInjection.qhelp 2021-01-23 18:26:15 +08:00
Rasmus Lerchedahl Petersen
0d20a4cb4a Python: Simplify modelling 2021-01-22 19:40:34 +01:00
Nick Rolfe
12fc0b914b Merge pull request #102 from github/hvitved/blocks-no-params 
Recognize blocks without parameters
 2021-01-22 15:44:14 +00:00
Rasmus Lerchedahl Petersen
f948ef8f27 Merge branch 'main' of github.com:github/codeql into python-dataflow-unpacking-assignment 2021-01-22 16:26:48 +01:00
Tom Hvitved
586885f066 Recognize blocks without parameters 2021-01-22 16:16:01 +01:00
Tom Hvitved
0f3a4a1a60 Merge pull request #101 from github/stats 
Update stats
 2021-01-22 16:05:47 +01:00
CodeQL CI
527c41520e Merge pull request #4951 from esbena/js/reintroduce-server-crash 
Approved by erik-krogh
 2021-01-22 06:37:50 -08:00
Nick Rolfe
216b1de2dd Update stats 2021-01-22 14:35:43 +00:00
Nick Rolfe
858ca0b3bc Merge pull request #100 from github/call_ast 
Add AST classes and tests for method calls
 2021-01-22 14:33:10 +00:00
Nick Rolfe
243dfde72e Create ComplexSymbolRange class to deduplicate some predicates 2021-01-22 14:21:39 +00:00
Tom Hvitved
6fc14976cf C#: Remove uses of getAQlClass() 2021-01-22 15:00:45 +01:00
Erik Krogh Kristensen
b3497191b1 add .venv/ to .gitignore 2021-01-22 14:44:18 +01:00
Mathias Vorreiter Pedersen
87b738d48c Merge pull request #5002 from MathiasVP/fix-PrivateCleartextWrite-format 
C++: Fix path-problem format in cpp/private-cleartext-write
 2021-01-22 14:28:03 +01:00
Mathias Vorreiter Pedersen
b4f9b1590d C++: Restore lost result on git/git. We lost the result in a00bd7ae02 because the added check for type T to type T* conversion didn't handle const qualifiers. 2021-01-22 14:20:18 +01:00
Esben Sparre Andreasen
3f3962f7a9 Update javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-B.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-22 14:03:21 +01:00
Mathias Vorreiter Pedersen
682b246441 C++: Fix path-problem format. 2021-01-22 13:40:44 +01:00
Esben Sparre Andreasen
718f6eb3fd JS: update and prettify examples 2021-01-22 13:17:38 +01:00
Tom Hvitved
7e374c416a Categorize variable accesses into reads and (implicit or explicit) writes 2021-01-22 13:17:26 +01:00
Nick Rolfe
3939008fd5 Small tweaks based on PR feedback 2021-01-22 12:17:17 +00:00
Nick Rolfe
ccd8a2aae6 Merge remote-tracking branch 'origin/main' into call_ast 2021-01-22 11:48:32 +00:00
Asger Feldthaus
b36593a76b JS: Fix broken link tag 2021-01-22 10:11:16 +00:00
Asger Feldthaus
0ffa720d3b JS: Capitalize other enum constants 2021-01-22 09:48:11 +00:00
Asger Feldthaus
c257f6617f JS: Capitalize enum members in ScopeKind and TopLevelKind 2021-01-22 09:33:25 +00:00
Mathias Vorreiter Pedersen
7bc461aeb2 Merge pull request #4990 from geoffw0/cpp401b 
C++: Further improvements to experimental query cpp/memory-leak-on-failed-call-to-realloc
 2021-01-22 09:51:10 +01:00
CodeQL CI
0e059cea56 Merge pull request #5000 from erik-krogh/redosOnlyNonMin 
Approved by esbena
 2021-01-21 15:29:03 -08:00
Erik Krogh Kristensen
11f35a5193 Update javascript/ql/src/semmle/javascript/security/performance/ReDoSUtil.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-21 23:11:50 +01:00
Artem Smotrakov
73c8338e52 Use <code> tag in JexlInjection.qhelp 2021-01-21 22:49:36 +01:00
Artem Smotrakov
ee6d28b562 Use LocalUserInput when looking for JEXL injections 2021-01-21 22:46:18 +01:00
Erik Krogh Kristensen
62746bbbac skip analyzing regular expressions in minified files for ReDoS 2021-01-21 22:31:42 +01:00