hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-26 03:43:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Calum Grant
cd914deeff Merge pull request #3666 from hvitved/csharp/ir-experimental 
C#: Move IR code into 'experimental' folder
 2020-06-10 19:50:37 +01:00
Erik Krogh Kristensen
373a437d71 add query to detect improperly sanitized code 2020-06-10 19:50:12 +02:00
Owen Mansel-Chan
d8900448ec Add references to the AST class reference for go 2020-06-10 17:32:41 +01:00
Owen Mansel-Chan
48ff00832c Add a reference to the AST class reference for go 2020-06-10 17:24:40 +01:00
semmle-qlci
4cdb3c13df Merge pull request #3658 from RasmusWL/python-3.8-dict-ismapping 
Approved by tausbn
 2020-06-10 17:19:49 +01:00
semmle-qlci
f7c6b1364b Merge pull request #3640 from RasmusWL/python-handle-3.8-enum-convert 
Approved by tausbn
 2020-06-10 17:19:22 +01:00
Erik Krogh Kristensen
5c31b94761 autoformat and update expected output 2020-06-10 18:00:56 +02:00
Marcono1234
5d2b911596 Fix incorrect java.util.regex.Pattern name in specification 2020-06-10 17:56:57 +02:00
Max Schaefer
0f2186c844 JavaScript: Fix a few typos. 2020-06-10 16:44:24 +01:00
Owen Mansel-Chan
5b2c0fbb04 AST class reference for go 
The master copy of this file is in the codeql-go repository
 2020-06-10 16:42:03 +01:00
Mathias Vorreiter Pedersen
1a95095505 C++: Add default move constructor. Also removed debug comment I forgot to remove earlier. Luckily, that meant that no line numbers changed in .expected files. 2020-06-10 17:13:04 +02:00
Rasmus Wriedt Larsen
ce1f0a39ac Python: Minor fixup of qhelp for XPath injection 2020-06-10 16:59:40 +02:00
Mathias Vorreiter Pedersen
5abab25c28 Update cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-06-10 16:51:21 +02:00
Rasmus Wriedt Larsen
48b2d2cc5c Python: Make isSequence() and isMapping() tests version specific 
Since unicode/bytes difference, output can't match between Python 2 and Python 3.
 2020-06-10 16:43:56 +02:00
Asger Feldthaus
f23c6030aa JS: Restrict domValueRef to known DOM property names 2020-06-10 15:14:23 +01:00
Asger Feldthaus
bb2b7fb6fb JS: Add test with class stored in global variable 2020-06-10 15:14:23 +01:00
Rasmus Wriedt Larsen
721713b9e1 Python: Minor fixes from code review 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-06-10 16:14:21 +02:00
Taus
5b0d92d72b Merge pull request #3464 from yoff/UnicodeEscape 
Python: Handle more escapes in regexes
 2020-06-10 15:47:09 +02:00
Taus
da6736df37 Merge pull request #3668 from RasmusWL/python-random-modernisations 
Python: Two small modernisations
 2020-06-10 15:45:07 +02:00
Geoffrey White
91b9b78c48 C++: Add a test case for CWE-114 involving pointers and references. 2020-06-10 14:09:46 +01:00
Asger Feldthaus
36c4803694 JS: Add test 2020-06-10 14:08:33 +01:00
Mathias Vorreiter Pedersen
88dabffd2b C++: Add tests that demonstrate flow through custom swap functions 2020-06-10 15:06:57 +02:00
Asger Feldthaus
07e90ff65f JS: Autoformat 2020-06-10 14:03:01 +01:00
semmle-qlci
df79f2adc5 Merge pull request #3655 from asger-semmle/js/string-ops-regexp-test-fix 
Approved by esbena
 2020-06-10 13:35:22 +01:00
Esben Sparre Andreasen
1d396524a3 JS: add initial version of ServerCrash.ql 2020-06-10 14:25:56 +02:00
semmle-qlci
1b8f3c4b84 Merge pull request #3657 from hvitved/dataflow/hidden-nodes 
Approved by aschackmull, jbj
 2020-06-10 13:22:09 +01:00
Erik Krogh Kristensen
c4f61134f1 include the source of cryptographically random number in alert message 2020-06-10 13:32:46 +02:00
semmle-qlci
22d50f009e Merge pull request #3667 from aschackmull/java/compiletimeconstant-cast-eval 
Approved by aibaars
 2020-06-10 12:05:42 +01:00
Bas van Schaik
bf19489501 Update CONTRIBUTING.md 2020-06-10 12:02:24 +01:00
Bas van Schaik
be48daf0d0 Update CONTRIBUTING.md 2020-06-10 11:58:38 +01:00
Erik Krogh Kristensen
7e8fd80327 use steps from InsecureRandomness, and use small-steps 2020-06-10 12:27:50 +02:00
Rasmus Wriedt Larsen
f73876e6ce Python: Modernise ShouldBeContextManager 2020-06-10 11:53:11 +02:00
Rasmus Wriedt Larsen
37cfb5400d Python: Modernise RatioOfDefinitions 2020-06-10 11:51:41 +02:00
Anders Schack-Mulligen
4b3ca13f25 Merge pull request #3491 from luchua-bc/java-insecure-smtp-ssl 
Java: CWE-297 insecure JavaMail SSL configuration
 2020-06-10 11:02:50 +02:00
Robert Brignull
ded5eec76a rename slow-queries.yml to exclude-slow-queries.yml 2020-06-10 09:59:31 +01:00
Anders Schack-Mulligen
c334d72f11 Java: Fix CompileTimeConstantExpr qldoc and add char cast case. 2020-06-10 10:59:10 +02:00
Erik Krogh Kristensen
9029dbacf5 refactor isAdditionalTaintStep to a utility predicate in InsecureRandomness 2020-06-10 10:55:30 +02:00
Erik Krogh Kristensen
9189f23403 add support for secure-random 2020-06-10 10:39:02 +02:00
Erik Krogh Kristensen
16ec405724 add explanations about modulo by power of 2 2020-06-10 10:38:47 +02:00
Erik Krogh Kristensen
111f6d406c introduce query to detect biased random number generators 2020-06-10 10:00:10 +02:00
Tom Hvitved
70c3ff36f8 C#: Adjust IR imports 2020-06-10 09:54:56 +02:00
Tom Hvitved
d5b8c9728c Update identifal-files.json 2020-06-10 09:40:44 +02:00
Tom Hvitved
3c8735f43f C#: Move IR code into 'experimental' folder 2020-06-10 09:37:30 +02:00
Erik Krogh Kristensen
733e04c1eb Move rest-pattern inside property-pattern step to a taint-step 2020-06-10 09:02:22 +02:00
Erik Krogh Kristensen
2f9124f754 add missing qldoc 2020-06-09 23:32:58 +02:00
luchua-bc
1fd9c7fdec Add all dependent class stubs 2020-06-09 20:12:05 +00:00
Jonas Jensen
ad401e9f21 C++: Copy and adjust Java's correctness argumnt 
Instead of a vague reference to a code comment for another language, the
`controlsBlock` predicate now has the whole comment in it directly.

I've adjusted the wording so it should be reasonably correct for C/C++.
As with the other comments in this file, I don't distinguish between the
condition and its block. I think that makes the explanation clearer
without losing any detail we care about.

To make the code fit the wording of the comment, I changed the
`hasBranchEdge/2` predicate into `getBranchSuccessor/1`.
 2020-06-09 20:53:56 +02:00
Erik Krogh Kristensen
eb00da5b31 improve readability 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-09 20:02:46 +02:00
Asger Feldthaus
a923a404ab JS: Explicitly handle export declarations in PackageExports 2020-06-09 18:28:15 +01:00
Asger Feldthaus
806c9a372e JS: Resolve package.json main module differently 2020-06-09 18:28:15 +01:00