hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 01:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,693 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
c31f0e955d C#: Add more flow-through data-flow tests 2020-01-31 13:48:08 +01:00
alexet
cd688367c7 CPP: Avoid uncessary recursion 2020-01-31 12:47:03 +00:00
Rasmus Wriedt Larsen
72fddaf5ed Merge pull request #2733 from tausbn/python-add-stringvalue 
Python: Extend `Value` API.
 2020-01-31 13:12:14 +01:00
Erik Krogh Kristensen
e6d46b9279 add test for new prefix check on TaintedPath 2020-01-31 12:35:03 +01:00
Taus Brock-Nannestad
ba2bbf1788 Python: Extend Value API. 
Adds

- `StringValue` as a new class,
- `Value::booleanValue` which returns the boolean interpretation of the given
  value, and
- `ClassValue::str` which returns the value of the `str` class, depending on the
  Python version.
 2020-01-31 12:33:02 +01:00
Erik Krogh Kristensen
b6611b1fb3 add "slice" as a recognized prefix method in ClientSideUrlRedirectCustomizations.qll 2020-01-31 12:24:12 +01:00
Max Schaefer
7855a0b657 Merge pull request #2732 from aschackmull/java/upgrades-qlpack 
Java: Add qlpack.yml in upgrades.
 2020-01-31 10:53:50 +00:00
Anders Schack-Mulligen
18a8c2b220 Java: Add qlpack.yml in upgrades. 2020-01-31 11:39:46 +01:00
Erik Krogh Kristensen
279c584bb8 fix FP in js/path-injection by recognizing more prefix checks 2020-01-31 11:03:11 +01:00
semmle-qlci
f8d0b4e602 Merge pull request #2618 from erik-krogh/ExceptionalPromise 
Approved by asgerf
 2020-01-31 07:59:09 +00:00
Robert Marsh
83d611de11 C++: don't conflate pointers in data flow 2020-01-30 16:18:24 -08:00
yo-h
7ca7bdfc46 Merge pull request #2725 from aschackmull/java/sqlinjection-number-barrier 
Java: Add java.lang.Number as a sanitizer for SQL injection.
 2020-01-30 18:25:24 -05:00
yo-h
b542b08c95 Merge pull request #2726 from aschackmull/java/outputstream-write-taint 
Java: Improve taint for OutputStream.write and InputStream.read.
 2020-01-30 18:24:00 -05:00
yo-h
563be9f817 Merge pull request #2719 from aschackmull/java/deprecate-parexpr 
Java: Deprecate ParExpr
 2020-01-30 18:23:13 -05:00
Grzegorz Golawski
3fd8d9eb5c Rename CWE-90 into CWE-090 2020-01-30 22:33:20 +01:00
Grzegorz Golawski
db55ec250a Rename CWE-90 to CWE-090 2020-01-30 22:32:36 +01:00
ggolawski
d065ebddde Merge pull request #3 from aschackmull/java/pr-2651-unittest 
Java: Add unit test for ldap injection.
 2020-01-30 22:23:20 +01:00
Robert Marsh
209a30688a Merge pull request #2718 from jbj/DefaultTaintTracking-isUserInput 
C++: Fix mapping of sources from Expr to Node
 2020-01-30 16:22:48 -05:00
Esben Sparre Andreasen
5f1317fa2d JS: model path.parse and its ponyfill package: "path-parse" 2020-01-30 21:26:18 +01:00
Esben Sparre Andreasen
5b5f52979d JS: add uniform support for path, path.posix and path.win32 2020-01-30 21:26:18 +01:00
Tom Hvitved
fdda514a51 C#: Add new class AssignableDefinitionNode to the data-flow library 2020-01-30 20:27:57 +01:00
Robert Marsh
4617940eee Merge branch 'master' into connect-ir-dataflow-models 2020-01-30 08:49:42 -08:00
Robert Marsh
b2a87f64eb Merge pull request #2696 from dbartol/dbartol/Indirections 
C++/C#: Alias analysis of indirect parameters
 2020-01-30 11:43:26 -05:00
Anders Schack-Mulligen
2a0a568cbb Java: Remove duplicate class. 2020-01-30 17:04:35 +01:00
yo-h
dd517a433a Merge pull request #2671 from aschackmull/java/null-flow 
Java: Allow null literals as sources in data flow.
 2020-01-30 09:47:46 -05:00
Erik Krogh Kristensen
8fc273b9ec update expected output 2020-01-30 15:19:27 +01:00
Taus
b89273402d Merge pull request #2701 from RasmusWL/python-modernise-metrics 
Python: modernise import related queries
 2020-01-30 14:37:39 +01:00
Anders Schack-Mulligen
9bea581a23 Java: Improve taint for OutputStream.write and InputStream.read. 2020-01-30 14:29:56 +01:00
semmle-qlci
3158b8401a Merge pull request #2705 from erik-krogh/CVE75 
Approved by asgerf
 2020-01-30 13:07:05 +00:00
semmle-qlci
120b50f497 Merge pull request #2708 from asger-semmle/js/react-flow-through-imports 
Approved by esbena
 2020-01-30 13:05:07 +00:00
Erik Krogh Kristensen
162c19c348 changes based on review 2020-01-30 14:04:04 +01:00
Asger F
b88cc50cdb Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-01-30 12:42:58 +00:00
Asger Feldthaus
1bf8165098 TS: Other review comments 2020-01-30 12:41:02 +00:00
Asger Feldthaus
92dbfb2858 JS: Handle LGTM_WORKSPACE and fix emptiness check 2020-01-30 12:31:25 +00:00
Asger Feldthaus
141d4bfb70 TS: Handle multiple slashes in scope name 2020-01-30 12:28:16 +00:00
Anders Schack-Mulligen
a167577551 Java: Add java.lang.Number as a sanitizer for SQL injection. 2020-01-30 12:01:36 +01:00
Jonas Jensen
d0ac846cac Merge pull request #2721 from aschackmull/java/taintgetter-changenote 
Java/C++/C#: Add change note for taint-getters.
 2020-01-30 11:42:37 +01:00
Jonas Jensen
148e87c61d C++: Put AliasedSSA.qll in new qlformat style 2020-01-30 11:38:16 +01:00
Anders Schack-Mulligen
ea3d7b1b2f Java: Adjust stubs and unit test. 2020-01-30 11:27:33 +01:00
Erik Krogh Kristensen
7637ebcc03 Merge remote-tracking branch 'upstream/master' into exceptionFPs 2020-01-30 10:56:41 +01:00
Anders Schack-Mulligen
d8b842298c Java: Autoformat. 2020-01-30 10:54:54 +01:00
Anders Schack-Mulligen
843fd37c75 Java: Add change note. 2020-01-30 10:52:16 +01:00
Anders Schack-Mulligen
75c549baa1 Java: Deprecate ParExpr. 2020-01-30 10:52:16 +01:00
Anders Schack-Mulligen
b7a8d0e903 Apply suggestions from code review 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-01-30 10:41:13 +01:00
Jonas Jensen
f0f752844e Merge remote-tracking branch 'upstream/master' into dbartol/Indirections 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
	csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll
 2020-01-30 10:26:44 +01:00
Jonas Jensen
036e16af8b Merge remote-tracking branch 'upstream/master' into ir-crement-load 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
 2020-01-30 09:07:30 +01:00
Jonas Jensen
c4d2163321 Merge pull request #2673 from aschackmull/ql/autoformat-comparisonterm 
Java/C++/C#: Autoformat comparison terms
 2020-01-30 08:47:50 +01:00
Robert Marsh
71d87be773 C++: add flow through partial loads in DTT 2020-01-29 17:51:42 -08:00
Dave Bartolomeo
790cbf0d6b C#: Fix bad merge 2020-01-29 17:32:15 -07:00
Dave Bartolomeo
6249446ba0 Merge remote-tracking branch 'upstream/master' into dbartol/Indirections 2020-01-29 17:29:44 -07:00