hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 17:03:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
8a0089a875 Merge pull request #2672 from geoffw0/qualifierflow 
CPP: Support taint flow in and out of qualifiers
 2020-01-23 13:17:17 +01:00
Anders Schack-Mulligen
0bbe571064 Update change-notes/1.24/analysis-java.md 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-23 13:13:51 +01:00
Geoffrey White
166be063a9 C++: Rename test of the now un-deprecated StackVariableReachability. 2020-01-23 11:06:24 +00:00
Geoffrey White
0c4eabca98 C++: Merge two tests of UnusedStaticFunctions from the library-tests into the existing test in query-test. 2020-01-23 11:05:47 +00:00
Geoffrey White
f40a37cae2 C++: Move a test from library-tests to query-tests. 2020-01-23 11:05:47 +00:00
Geoffrey White
fcdb20d1fc C++: Move the SuspiciousCallToStrncat test to the expected location. 2020-01-23 11:05:46 +00:00
Geoffrey White
f4f0f6d93e C++: Merge the StrncpyFlippedArgs tests. 2020-01-23 11:05:46 +00:00
Geoffrey White
3aa66f5aca C++: Merge the OverflowStatic tests. 2020-01-23 11:05:46 +00:00
Rasmus Wriedt Larsen
95f78e74d0 Merge pull request #2674 from tausbn/python-modernise-web-libraries 
Python: Modernise remaining web libraries.
 2020-01-23 12:01:02 +01:00
Geoffrey White
6743d6d6e5 C#: sync-indentical-files. 2020-01-23 10:22:36 +00:00
Anders Schack-Mulligen
fd141917c7 Java: Add change note. 2020-01-23 11:08:35 +01:00
Geoffrey White
ccf268d048 CPP: Autoformat. 2020-01-23 10:07:21 +00:00
Tom Hvitved
7e042da4f5 Merge pull request #2665 from calumgrant/cs/zipslip-alert 
C#: ZipSlip query reports alert at source
 2020-01-23 11:05:57 +01:00
Mathias Vorreiter Pedersen
77531294bf C++: Accepted output on tests 2020-01-23 10:20:10 +01:00
Mathias Vorreiter Pedersen
9412ec7f4f C++: Added union field flow for globals 2020-01-23 10:17:36 +01:00
Mathias Vorreiter Pedersen
256ae2fda6 C++: Add test demonstrating a flow not detected 2020-01-23 10:16:24 +01:00
Jonas Jensen
ceeb9ab718 Merge pull request #2622 from MathiasVP/implicit-function-declaration 
C++: Add 'implicit function declaration' query
 2020-01-23 09:23:44 +01:00
yo-h
9d70358ec4 Merge pull request #2640 from aschackmull/java/nullness-fp-tests 
Java: Document two FPs with unit tests.
 2020-01-22 16:28:30 -05:00
yo-h
9a939534c7 Merge pull request #2670 from aschackmull/java/remove-parityanalysis 
Java: Remove the deprecated ParityAnalysis.
 2020-01-22 16:22:34 -05:00
Grzegorz Golawski
bed6a9886f Query to detect LDAP injections in Java 
Autoformat
 2020-01-22 21:42:47 +01:00
Grzegorz Golawski
5596944926 Add check for disabled CSRF protection in Spring 
Fix help and correct formatting.
 2020-01-22 21:27:34 +01:00
James Fletcher
f1749b3990 Merge pull request #2654 from calumgrant/cs/null-dereference 
C#: Improvements to cs/dereferenced-value-may-be-null
 2020-01-22 20:15:20 +00:00
Geoffrey White
1867d58034 CPP: Allow flow to return value. 2020-01-22 16:25:40 +00:00
Geoffrey White
704bfe7184 CPP: Support taint flow from qualifiers. 2020-01-22 16:22:29 +00:00
Geoffrey White
e6daf3b7ee CPP: Support taint flow to qualifiers. 2020-01-22 16:16:31 +00:00
Jonas Jensen
7376daf16e C++: Some data flow through partial chi operands 2020-01-22 17:14:32 +01:00
Geoffrey White
974994ed49 CPP: Slight rearrange. 2020-01-22 16:11:51 +00:00
Geoffrey White
1a6f7febe7 CPP: Add tests of taint through qualifiers. 2020-01-22 16:11:13 +00:00
Jonas Jensen
adc557fd66 C++: Reformat a predicate 
This allows adding a multi-line case without the auto-formatting changes
becoming too disruptive.
 2020-01-22 16:50:25 +01:00
Jonas Jensen
3827411095 Merge branch 'dbartol/NoEscape' into HEAD 2020-01-22 16:21:24 +01:00
Asger Feldthaus
7e8fb1428e TS: Support tsconfig.json extending from ./node_modules 2020-01-22 15:03:03 +00:00
Taus Brock-Nannestad
0924a973de Python: Modernise remaining web libraries. 2020-01-22 15:27:29 +01:00
Calum Grant
a868456628 C#: Address review comments 2020-01-22 14:21:12 +00:00
Erik Krogh Kristensen
6345e9bde1 add change note 2020-01-22 15:14:10 +01:00
Erik Krogh Kristensen
b526a2ea0f implement a model of WebSocket and ws based on the EventEmitter model 2020-01-22 14:46:53 +01:00
semmle-qlci
007b0795ec Merge pull request #2636 from erik-krogh/NewSocketIO 
Approved by esbena
 2020-01-22 13:46:11 +00:00
Rasmus Wriedt Larsen
772538ff46 Python: Move tests of collection-taint to own dir 2020-01-22 14:24:50 +01:00
Rasmus Wriedt Larsen
df8be438bb Python: Show that list(tainted_string) works 2020-01-22 14:24:50 +01:00
Rasmus Wriedt Larsen
0da78f216a Python: Show that e, f, g = tainted_list doesn't work 2020-01-22 14:24:50 +01:00
Rasmus Wriedt Larsen
a55c13e61c Python: Improve tests for StringDictKind taint 
+ show we handle dict.values()
+ show we don't handle dict.items()
 2020-01-22 14:24:50 +01:00
Jonas Jensen
66914e52c6 C++: accept test changes 2020-01-22 14:08:05 +01:00
Jonas Jensen
5ae1e2c4e8 C++: Autoformat 2020-01-22 14:07:55 +01:00
Rasmus Wriedt Larsen
7d9f1f08ee Python: Autoformat 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
12bb05522a Python: Make py/weak-cryptographic-algorithm a path-problem 
and stop using deprecated hasFlow
 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
c5091f1ce7 Python: Make py/hardcoded-credentials a path-problem 
and stop using deprecated hasFlow
 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
96d5703f2c Python: Remove use of deprecated methods 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
e6425bb4cf Python: Add deprecated keyword to deprecated functions 2020-01-22 13:45:14 +01:00
Jonas Jensen
6cdca29aa6 C++: Flow through read side effects 
Until we have better tracking of indirections, these flow rules conflate
pointers and their contents.
 2020-01-22 13:27:10 +01:00
Jonas Jensen
c24bceddcd C++: Add ReadSideEffectInstruction to IR 
There was already a `WriteSideEffectInstruction` class that served as a
superclass for all the specific write side effects. This new class
serves the same purpose for read side effects.
 2020-01-22 13:27:10 +01:00
Jonas Jensen
2aaf41a0d8 C++: Test lack of flow through read side effect 2020-01-22 13:27:10 +01:00