hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,690 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
a23b8a4a43 Update java/ql/src/Security/CWE/CWE-470/FragmentInjection.inc.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-17 11:20:39 +01:00
Tony Torralba
ba3a4fb717 Rename filesystemStore predicate after d9e6e5aa04 2022-01-17 11:13:41 +01:00
Tony Torralba
500deac12d Change query description 2022-01-17 11:11:05 +01:00
Tony Torralba
d9e6e5aa04 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-17 11:11:05 +01:00
Tony Torralba
22aad17d0e Apply review suggestions 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-17 11:11:04 +01:00
Tony Torralba
9bbba3c96f Adjust UnsupportedExternalAPIs test 2022-01-17 11:11:04 +01:00
Tony Torralba
1e4840e071 Fix predicate name 2022-01-17 11:11:03 +01:00
Tony Torralba
79ddbd6fe4 Fix QLDoc and the qhelp example 2022-01-17 11:11:03 +01:00
Tony Torralba
c1ac09a063 Added query for Cleartext Storage in Android Filesystem 2022-01-17 11:11:00 +01:00
Paolo Tranquilli
6a53b7b233 Merge pull request #7543 from github/rdmarsh2/cpp/hex-format-range-analysis 
C++: Use range analysis for maximum lengths of `%x` formats
 2022-01-17 08:32:34 +01:00
Alex Ford
d09f48ecb4 Ruby: flag up protect_from_forgery calls without an exception strategy 2022-01-16 20:56:13 +00:00
Artem Smotrakov
825fe1797a Fixed another false-positive in CWE-297/IgnoredHostnameVerification.ql 2022-01-16 18:55:49 +00:00
Artem Smotrakov
6dad0e21d9 Ignore wrapped HostnameVerifier.vefify() calls 2022-01-16 18:29:30 +00:00
Artem Smotrakov
dcf251bb93 Fixed typos in IgnoredHostnameVerification.qhelp 2022-01-16 18:27:49 +00:00
Fosstars
2b33265d0f Added a query for ignored hostname verification 
- Added IgnoredHostnameVerification.ql
- Added a qhelp file with examples
- Added tests
 2022-01-16 18:27:49 +00:00
Artem Smotrakov
f78002bc02 Fixed a false-positive in CWE-297/IgnoredHostnameVerification.ql 2022-01-16 18:25:18 +00:00
Fosstars
e11cb943a6 Added a query for ignored hostname verification 
- Added IgnoredHostnameVerification.ql
- Added a qhelp file with examples
- Added tests
 2022-01-16 18:25:18 +00:00
luchua-bc
4797fce48a Update use cases and qldoc 2022-01-16 01:15:29 +00:00
luchua-bc
978ef1570a Update method names 2022-01-16 01:11:25 +00:00
jorgectf
9ab6d21757 Add forward type tracking test 2022-01-14 22:56:51 +01:00
Tom Hvitved
2ecf0d3264 Merge pull request #7550 from michaelnebel/csharp/global-using 
C#: Support for identifying whether a using directive is "global".
 2022-01-14 20:03:18 +01:00
Robert Marsh
5df6bcf952 C++: change note for hex format range analysis 2022-01-14 13:18:58 -05:00
Dave Bartolomeo
bce2a810a3 Merge pull request #7400 from github/dbartol/change-note-instructions 
Add instructions for creating change notes.
 2022-01-14 13:10:44 -05:00
Robert Marsh
9de63b2812 Merge branch 'main' into rdmarsh2/cpp/hex-format-range-analysis 
Accept test changes from query split
 2022-01-14 12:53:52 -05:00
Andrew Eisenberg
fbb5d7196f Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:23:43 -08:00
Tony Torralba
a2c98baf29 Reordering 2022-01-14 17:17:57 +01:00
Tony Torralba
eb1806c0a9 Split PathMatchGuard into three guards 2022-01-14 17:14:18 +01:00
Ian Lynagh
bba8e45e74 Merge pull request #7602 from igfoo/igfoo/typos 
Fix a couple of typos: clases / clasess
 2022-01-14 15:56:04 +00:00
Henry Mercer
ed28b7f174 Merge pull request #7575 from github/henrymercer/atm-remove-code-to-features 
JS: Remove ATM `CodeToFeatures` library
 2022-01-14 15:31:34 +00:00
Michael Nebel
e09009cd8e Merge pull request #7118 from michaelnebel/csharp-primary-ql-class 
C#: PrimaryQlClass
 2022-01-14 16:14:28 +01:00
Felicity Chapman
fdf77ad2b9 Update version numbers for LGTM 1.29 2022-01-14 15:07:29 +00:00
Ian Lynagh
22dc24629f Fix a couple of typos: clases / clasess 2022-01-14 14:28:29 +00:00
Tony Torralba
fb1287d577 Use dominance instead of getParent 
Add clarification comments to PathMatchGuard
 2022-01-14 15:28:02 +01:00
Mathias Vorreiter Pedersen
25253c7b8d C++: Don't count write operations as uses for IR dataflow. Accept test changes. 2022-01-14 13:39:57 +00:00
Mathias Vorreiter Pedersen
e8afec413a C++: Add testcase that demonstrates a FP caused by spurious flow through phi nodes in IR dataflow. 2022-01-14 13:34:27 +00:00
Tony Torralba
136fefbab5 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-14 13:38:17 +01:00
luchua-bc
877c52981f Remove the deprecated library keyword 2022-01-14 12:13:41 +00:00
Tony Torralba
cde7a35c1f QLDoc 2022-01-14 13:12:30 +01:00
Michael Nebel
8c6c8b0adb C#: Remove un-needed ql doc comment. 2022-01-14 12:55:54 +01:00
Tony Torralba
6aac848015 Fix imports 2022-01-14 12:43:08 +01:00
Tony Torralba
9f616e7cbe Refactor to use FlowState 
Remove the auxiliary DataFlow configuration
 2022-01-14 12:24:35 +01:00
Mathias Vorreiter Pedersen
b51c85597b Merge pull request #7529 from erik-krogh/fixup-library-deps 
QL: recognize dependecies of the form: libraryPathDependencies: library-name
 2022-01-14 11:13:56 +00:00
Erik Krogh Kristensen
b02fecf125 Merge pull request #7600 from erik-krogh/ql-for-ql-team 
QL: change reviewers of QL-for-QL to a newly created team
 2022-01-14 11:45:40 +01:00
Erik Krogh Kristensen
47e56365c4 QL: change reviewers of QL-for-QL to a newly created team 2022-01-14 11:32:09 +01:00
Henry Mercer
d55e6d1ca7 Merge pull request #7594 from github/henrymercer/js-atm-rename-queries 
JS: Update names, IDs, and tags for ML-powered queries
 2022-01-14 10:28:24 +00:00
Benjamin Muskalla
a4429d01a3 Add tests for writer models 2022-01-14 11:12:35 +01:00
Benjamin Muskalla
37ca6a5e41 Model Appenable and Writer 
This allows us to track taint carried through all kind of writers.
 2022-01-14 11:12:35 +01:00
Mathias Vorreiter Pedersen
6d95d47467 Merge branch 'main' into fix-join-order-in-get-conversion-type 2022-01-14 09:53:17 +00:00
Michael Nebel
6009d71e9a C#: Add getAPrimaryQlClass override to UnknownExpr. 2022-01-14 10:41:44 +01:00
Tony Torralba
df95317a58 Fix tests after stub change 2022-01-14 10:33:21 +01:00