hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-26 11:53:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
f5a2603cc1 C++: Add store steps that target the new partial definitions. 2020-12-22 09:14:54 +01:00
Mathias Vorreiter Pedersen
7a2b69feed C++: Add partial definition class backed by an IPA. 2020-12-22 09:14:54 +01:00
Mathias Vorreiter Pedersen
2930128421 C++: Implement read steps using ReadNodes. 2020-12-22 09:14:54 +01:00
Mathias Vorreiter Pedersen
91debe8669 C++: Add ReadNodes and implement local flow steps into them. 2020-12-22 09:14:54 +01:00
Mathias Vorreiter Pedersen
ba4da72b9e C++: Add examples that require longer access paths 2020-12-22 09:14:53 +01:00
Esben Sparre Andreasen
ab4f3ea259 JS: fixup for execa.shell and execa.shellSync models 2020-12-22 09:06:18 +01:00
Esben Sparre Andreasen
ba714a1214 JS: add execa.shell tests 2020-12-22 09:01:43 +01:00
Erik Krogh Kristensen
34a6e15426 make TypeOfSanitizer slightly more robost 2020-12-22 08:53:14 +01:00
Erik Krogh Kristensen
18d26cabe5 Update javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-12-22 08:37:24 +01:00
Jonas Jensen
430194bb66 Merge pull request #4863 from MathiasVP/is-source-on-default-taint-tracking 
C++: Overridable isSource on DefaultTaintTracking
 2020-12-22 08:32:07 +01:00
Mathias Vorreiter Pedersen
4f07474b62 C++: Also allow custom sources in taintedWithoutGlobals 2020-12-21 19:55:47 +01:00
Rasmus Wriedt Larsen
71a6ef5b00 Python: Model RequestHandler from standard library explicitly 2020-12-21 18:02:31 +01:00
Rasmus Wriedt Larsen
05ab6cd54a Python: Add RemoteFlowSource for django handler without route 
A bit scary that we don't have any tests to indicate that I forgot to add this :O
 2020-12-21 18:02:30 +01:00
Rasmus Wriedt Larsen
d4d6f0ca0c Python: Model django request handlers without known route 2020-12-21 18:02:22 +01:00
Rasmus Wriedt Larsen
004ff38e22 Python: Add separate RequestHandler concept 
Since I really want to use our existing infrastructure to model that we can
recognize something as a request handler without it having a route, we need this
as a separate concept. All tests have been adjusted.

The early modeling was based on flask, where all request-handling is based on
handling requests from a specific route. But with the standard library handling
and handlers without routes, the naming had to change.
 2020-12-21 17:31:58 +01:00
Mathias Vorreiter Pedersen
f4f96fe257 C++: Use isSource in queries. These were the only queries that restrict the source after dataflow terminates. 2020-12-21 16:35:35 +01:00
Mathias Vorreiter Pedersen
0e84c638b6 C++: Add isSource to AdjustedConfiguration 2020-12-21 16:34:22 +01:00
Rasmus Wriedt Larsen
a9bbe1d087 Python: Test Django un-routed class-based route handler 2020-12-21 16:01:23 +01:00
Erik Krogh Kristensen
876ba7ef2d add typeof sanitizer to js/shell-command-constructed-from-input 2020-12-21 14:16:55 +01:00
Tom Hvitved
0c78fb2933 Merge pull request #4855 from madneal/fix-for-csharp-docs 
Fix for csharp docs
 2020-12-21 14:11:36 +01:00
Erik Krogh Kristensen
4ef569fbbe recognize more exported functions in js/shell-command-constructed-from-input 2020-12-21 13:50:22 +01:00
Shati Patel
0a0137bb5e Merge pull request #4859 from github/shati-patel-patch-1 
Fix typo in docs title
 2020-12-21 12:07:32 +00:00
Erik Krogh Kristensen
e3ec67d5e3 avoid materializing isFeasibleTuple 2020-12-21 12:53:41 +01:00
Jonas Jensen
4308381057 Merge pull request #4846 from MathiasVP/default-taint-tracking-operand-instruction-interleaving 
C++: Instruction -> Operand interleaving for DefaultTaintTracking
 2020-12-21 12:44:06 +01:00
Shati Patel
66b85f1e5e Fix typo 2020-12-21 11:29:02 +00:00
Arthur Baars
c35283cefb Merge pull request #77 from github/aibaars/global-variables 
Add global variables
 2020-12-21 12:15:31 +01:00
Arthur Baars
f0ddeaa9f2 Merge pull request #81 from github/aibaars/revert-dup-code 
Update ruby.dbscheme.stats
 2020-12-21 12:15:10 +01:00
Neal Caffery
ee0257836f removed, as it fixed by #4848 2020-12-21 19:05:37 +08:00
Erik Krogh Kristensen
cbad705029 general performance improvements in the ReDoS utility library 2020-12-21 11:49:21 +01:00
Arthur Baars
ad1782b620 Address comments 2020-12-21 11:01:46 +01:00
Arthur Baars
8469bd3688 Uncomment getAPrimaryQlClass() 2020-12-21 11:01:46 +01:00
Arthur Baars
dc0de9132e Add GlobalVariable 2020-12-21 11:01:46 +01:00
Arthur Baars
1ada9feda7 Make VariableAccess "abstract" 2020-12-21 11:01:46 +01:00
Arthur Baars
ebacec41d5 Update ruby.dbscheme.stats 2020-12-21 10:58:25 +01:00
Nick Rolfe
b1b2815c26 Merge pull request #80 from github/aibaars/revert-dup-code 
Updates after CodeQL upgrade to 2.4.1
 2020-12-21 09:57:59 +00:00
Arthur Baars
d4874641a3 Revert "Add duplicate code tables to dbscheme" 
This reverts commit 4c699fcb32.
 2020-12-21 10:45:59 +01:00
Arthur Baars
bf232f0582 Update formatting for CodeQL 2.4.1 2020-12-21 10:45:59 +01:00
Tom Hvitved
591f90f98e C#: Add change note 2020-12-21 10:26:49 +01:00
Arthur Baars
ff8ea6d44f Merge pull request #79 from github/test_checks 
Add all the TRAP check flags in qltest workflow
 2020-12-21 10:20:47 +01:00
Tom Hvitved
b5a1e039a4 C#: Merge queries FormatInvalid.ql, FormatMissingArgument.ql, and FormatUnusedArgument.ql 2020-12-21 10:13:56 +01:00
Tom Hvitved
8d6c69bf74 C#: Move Expr::hasValue() to DotNet::Expr 2020-12-21 09:46:45 +01:00
Mathias Vorreiter Pedersen
06366fa320 Merge pull request #4856 from jbj/gvn-wrapper-test 
C++: Test the AST wrapper for IR GVN
 2020-12-21 09:31:10 +01:00
Tom Hvitved
16aee6e71e Merge pull request #4842 from hvitved/csharp/format-method-no-insertion-param 
C#: Recognize format methods without insertion parameters
 2020-12-21 09:25:18 +01:00
Jonas Jensen
3236cbd83e C++: Test the AST wrapper for IR GVN 
Out of our 3 GVN libraries, the one we actually use in production didn't
have tests -- except indirectly through `diff_ir_expr.ql`.
 2020-12-21 08:21:02 +01:00
neal1991
b9d24b8255 fix for issue #4849 2020-12-21 08:54:15 +08:00
neal1991
eac83df40b fix for issue #4848 2020-12-21 08:52:42 +08:00
luchua-bc
4ec78d04f8 Insecure LDAP authentication 2020-12-21 00:15:15 +00:00
Erik Krogh Kristensen
3a43421193 add missing qhelp 2020-12-19 00:02:42 +01:00
yo-h
402ed04189 Merge pull request #4844 from johnlugton/servicestack 
Add provisional support for ServiceStack framework to feature branch
 2020-12-18 16:24:27 -05:00
Nick Rolfe
5a54026bcc Add all the TRAP check flags in qltest workflow 2020-12-18 17:25:28 +00:00