hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 04:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,697 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
James Fletcher
4d8983830e Merge pull request #4734 from github/sd-263 
[Docs] Add missing introduction text and improve sidebar toc
 2020-11-30 14:06:21 +00:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Nick Rolfe
baf29ae56b Add qldoc comment and isOptional predicate to KeywordParameter 2020-11-30 13:42:02 +00:00
Rasmus Wriedt Larsen
94e90aac39 Python: Only one Unit implementation 
Conflict arose since the Unit in DataFlowPrivate was added in a merged PR.

The behavior from this PR will make it match what java does (931322e4c5/java/ql/src/semmle/code/Unit.qll)
 2020-11-30 14:41:47 +01:00
Rasmus Wriedt Larsen
1eac1995a9 Merge branch 'main' into python-untrusted-flow 2020-11-30 14:38:52 +01:00
Rasmus Lerchedahl Petersen
f345e55951 Python: Adjust test expectations 2020-11-30 14:21:30 +01:00
Rasmus Lerchedahl Petersen
673ff901fb Python: Test for unpacking assignment 2020-11-30 14:18:22 +01:00
Anders Schack-Mulligen
88e0759365 Java: Change RemoteUserInput to private instead of removing. 2020-11-30 13:40:53 +01:00
Rasmus Wriedt Larsen
8b2c34e267 Merge pull request #4747 from yoff/python-path-injection-doc 
Python: Fix documentation for path injection.
 2020-11-30 13:17:59 +01:00
James Fletcher
509d153b61 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-11-30 12:12:10 +00:00
Rasmus Lerchedahl Petersen
fd8c696b67 Python: Fix documentation for path injection. 2020-11-30 12:24:35 +01:00
Anders Schack-Mulligen
5a66d6ab93 Java: Improve performance of SSA. 2020-11-30 11:26:03 +01:00
Rasmus Wriedt Larsen
4ab3fff973 Python: Fix untrusted data to external API example 
The hmac.digest function was only added in python 3.7, so obviously doesn't work
on Python 2
 2020-11-30 10:42:30 +01:00
Anders Schack-Mulligen
931322e4c5 Merge pull request #4668 from aschackmull/dataflow/refactor-pruning 
Dataflow: Refactor pruning stages.
 2020-11-30 09:37:04 +01:00
Pavel Avgustinov
74af41c76d Merge pull request #4357 from RasmusWL/design-patterns 
Add docs on CodeQL Design Patterns
 2020-11-30 08:19:15 +00:00
yo-h
7e8bc4a61b Merge commit '2fa9037' into yo-h/java15-merge 2020-11-29 18:42:20 -05:00
Erik Krogh Kristensen
33b2701551 refine isFork to remove false positive when a state has epsilon transition to itself 2020-11-29 21:42:50 +01:00
Tom Hvitved
c0dd89122c Handle parameters with overlapping names 2020-11-28 19:23:08 +01:00
ihsinme
d088d5b0f3 CPP: Add query for CWE-191 
into experimental this reveals a dangerous comparison
 2020-11-28 15:52:00 +03:00
Erik Krogh Kristensen
d7b22e3b1b update expected output for PolynomialBackTracking 2020-11-27 20:15:27 +01:00
Erik Krogh Kristensen
729073fb43 detect ReDoS when the choices are "match some string" or "match Epsilon" 2020-11-27 20:15:23 +01:00
Geoffrey White
905b04a6fb C++: Model classes in StdString.qll. 2020-11-27 19:12:01 +00:00
Rasmus Wriedt Larsen
cbfcfdf883 Python: Fix UntrustedDataToExternalAPI.qhelp 2020-11-27 17:54:22 +01:00
luchua-bc
ad0ac5b874 Change kind to problem 2020-11-27 16:43:57 +00:00
Rasmus Wriedt Larsen
faa5c220c5 Design Patterns: Add advice on abstract classes 2020-11-27 17:38:56 +01:00
Rasmus Wriedt Larsen
452417509f Design Patterns: Reword advice on imports of subclasses 
I had totally overlooked the fact that this doesn't only apply to abstract
classes.
 2020-11-27 17:38:40 +01:00
Tom Hvitved
58baa33a3f Various changes to user-facing library 
- Remove `abstract` classes from public API.
- Align `Variable.qll` with rest of library.
- Introduce `Callable` class.
- Make `Pattern` class cover everything that can be on the LHS of an assignment
  and in a pattern (except special parameters such as `**param`).
 2020-11-27 17:07:03 +01:00
Cornelius Riemenschneider
644a0fac98 C++: Port dataflow/dataflow-tests to inline expectations test library. 2020-11-27 16:03:15 +01:00
Rasmus Wriedt Larsen
a0c7365ae6 Python: Proper models of json.loads and json.dumps 2020-11-27 15:57:56 +01:00
Tom Hvitved
d4ee8cdd18 C#: Always create basic blocks for nodes with a conditional predecessor 2020-11-27 15:08:33 +01:00
Rasmus Wriedt Larsen
014fbfa86b Python: Add regex FP with + for flags 
Notice that there is no new results for line 54

I also added a test for the short-named version of a flag, just since I didn't
see any of those already. That just works out of the box (due to points-to).
 2020-11-27 14:57:11 +01:00
yoff
346a007bf6 Merge pull request #4720 from RasmusWL/python-better-open-models 
Python: better models of `open` function
 2020-11-27 14:47:10 +01:00
Tom Hvitved
59d45de118 Move AST files into ast folder 2020-11-27 14:45:15 +01:00
Tom Hvitved
00f3daabfe Rename Variables.qll to Variable.qll 2020-11-27 14:39:20 +01:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00
Erik Krogh Kristensen
46ca56458a introduce a printable state class 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
8a3e87fe42 remove unnecessary one-step inline 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
36b9f0254e performance improvements for suffix check in js/redos 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
e177d46c0a add two test cases that demonstrate the limits of the suffix construction 2020-11-27 13:45:34 +01:00
Rasmus Wriedt Larsen
e6319e5d84 Python: Rewrite StringConstCompare to use IterableNode 2020-11-27 13:37:03 +01:00
Rasmus Wriedt Larsen
098f8c4f21 Python: Add IterableNode 
I'm specifically not using an abstract class, since that is an anti-pattern:
https://github.com/github/codeql/pull/4357#discussion_r520526275 (I'm still
trying to wrap my head fully aroudn this)
 2020-11-27 13:36:55 +01:00
Tamás Vajk
2fa9037934 Merge pull request #4738 from tamasvajk/feature/revert-relational-pattern 
C#: Revert "Merge pull request #4653 from tamasvajk/feature/csharp9-relational-pattern"
 2020-11-27 13:30:33 +01:00
Rasmus Wriedt Larsen
33e46e168f Python: Add QLDoc for SetNode 2020-11-27 13:29:16 +01:00
james
4cea019cee add/improve intro text and add links to example queries 2020-11-27 12:26:42 +00:00
Tamas Vajk
998e2de2c6 Revert "Merge pull request #4653 from tamasvajk/feature/csharp9-relational-pattern" 
This reverts commit 5e75a4109c, reversing
changes made to c751c516bf.
 2020-11-27 12:23:38 +01:00
Anders Schack-Mulligen
fec9758252 Dataflow: Sync. 2020-11-27 12:16:43 +01:00
Anders Schack-Mulligen
8f4fce185b Dataflow: Review fixes. 2020-11-27 12:16:28 +01:00
Rasmus Wriedt Larsen
cc9a7fe4fe Python: Move BarrierGuards to own file 2020-11-27 12:09:57 +01:00
Geoffrey White
a94f244659 Merge pull request #4736 from jbj/downgrade-to-recommendations 
C++: Downgrade two queries to recommendation
 2020-11-27 10:58:20 +00:00
CodeQL CI
d3cded330e Merge pull request #4693 from RasmusWL/python-add-import-test-shadowing-stdlib-v2 
Approved by tausbn
 2020-11-27 10:32:21 +00:00