codeql

mirror of https://github.com/github/codeql.git synced 2026-02-07 10:41:06 +01:00

Author	SHA1	Message	Date
CodeQL CI	c8b8a2874f	Merge pull request #7119 from github/max-schaefer/api-graphs-property-copies Approved by asgerf	2021-11-15 04:09:16 -08:00
Benjamin Muskalla	dc022430ee	Remove superflous instanceof	2021-11-15 13:07:02 +01:00
Benjamin Muskalla	412bd32f45	Move more predicates into configuration	2021-11-15 13:04:23 +01:00
Benjamin Muskalla	b84c03672d	Prefer types to TargetAPI	2021-11-15 12:43:46 +01:00
Benjamin Muskalla	bca6cecd1c	Remove basic support for lambda flow	2021-11-15 12:38:30 +01:00
Taus	c17560f948	Merge pull request #7096 from tausbn/python-fix-more-bad-joins Python: Fix a bunch of performance issues	2021-11-15 12:10:27 +01:00
Benjamin Muskalla	78e3906ea7	Exclude more JDK internals	2021-11-15 11:58:10 +01:00
Tom Hvitved	723ac818d9	Shared CFG: Update `breakInvariant4` consistency test	2021-11-15 11:43:49 +01:00
Mathias Vorreiter Pedersen	c2e057def9	Merge pull request #7094 from geoffw0/non-https-url C++: New query 'Failure to use HTTPS URLs'	2021-11-15 10:00:19 +00:00
Tom Hvitved	d323b3b17d	Merge pull request #7123 from hvitved/ruby/definitions-perf Ruby: Fix performance problem in `Definitions.ql`	2021-11-15 10:58:03 +01:00
Benjamin Muskalla	cce3780481	Restrict param2return value features	2021-11-15 09:57:23 +01:00
ihsinme	f102fa1d33	Update IncorrectPrivilegeAssignment.ql	2021-11-14 12:17:01 +03:00
ihsinme	e383e44d36	Update IncorrectPrivilegeAssignment.ql	2021-11-14 11:57:40 +03:00
ihsinme	ea1d18ed60	Update IncorrectPrivilegeAssignment.cpp	2021-11-14 11:36:06 +03:00
ihsinme	99740876cb	Add files via upload	2021-11-14 11:28:27 +03:00
Erik Krogh Kristensen	f0c5a80d1a	apply the explicit this patch to new code	2021-11-13 21:03:54 +01:00
Erik Krogh Kristensen	0ff36cd083	Merge branch 'main' into explicit-this	2021-11-13 21:01:25 +01:00
Tom Hvitved	b5d37ae0fe	C#: Update CFG consistency checks	2021-11-12 17:07:37 +01:00
Tom Hvitved	d1a09b62d3	Address review comments	2021-11-12 16:31:00 +01:00
Erik Krogh Kristensen	eef7709982	Merge pull request #7057 from erik-krogh/cwe598 JS: add js/sensitive-get-query query	2021-11-12 16:03:21 +01:00
yoff	5beb681580	Merge pull request #7087 from RasmusWL/path-injection-fp Python: Add interesting path-injection FP	2021-11-12 15:20:19 +01:00
Tom Hvitved	3471e757f2	Ruby: Fix performance problem in `Definitions.ql`	2021-11-12 14:35:16 +01:00
yoff	9f614b1d98	Merge pull request #7016 from RasmusWL/django-rest-framework Python: Model Django REST framework	2021-11-12 14:27:56 +01:00
Rasmus Wriedt Larsen	b11d11c0c9	Python: Add change-note	2021-11-12 14:27:01 +01:00
Tom Hvitved	19e6da517b	Ruby: Fix bad join-order in `resolveConstant` ``` [2021-11-09 11:35:47] (99s) Starting to evaluate predicate Module::Cached::resolveConstant#ff#antijoin_rhs/3@f6dcd6 [2021-11-09 11:35:58] (111s) Tuple counts for Module::Cached::resolveConstant#ff#antijoin_rhs/3@f6dcd6 after 11.5s: 165960683 ~0% {4} r1 = JOIN Module::Cached::resolveConstant#ff#shared WITH Module::constantDefinition0#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg1', Lhs.0 'arg0', Lhs.2 'arg2' 0 ~0% {3} r2 = JOIN r1 WITH Module::ClassDeclaration::getSuperclassExpr_dispred#ff ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.1 'arg1', Lhs.3 'arg2' 0 ~0% {3} r3 = JOIN r1 WITH Constant::ConstantAccess::getScopeExpr_dispred#ff ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.1 'arg1', Lhs.3 'arg2' 0 ~0% {3} r4 = r2 UNION r3 return r4 ```	2021-11-12 14:08:11 +01:00
Tom Hvitved	9ee1c49bac	C#: Replace `localFlow` with `localFlowStep` in recursive predicate	2021-11-12 14:04:38 +01:00
Rasmus Wriedt Larsen	491f72bb2a	Python: Adjust generated code to be more familiar	2021-11-12 13:30:03 +01:00
Rasmus Wriedt Larsen	de69e4c645	Python: Expand on SubclassFinder implementation note	2021-11-12 13:29:03 +01:00
Rasmus Wriedt Larsen	f7b53321b9	Python: Remove copy-pasted comment	2021-11-12 13:19:20 +01:00
Tom Hvitved	67ebebbaeb	C#: Add consistency queries	2021-11-12 13:10:46 +01:00
Taus	55ea715ce9	Merge pull request #7033 from RasmusWL/flask-admin	2021-11-12 12:18:56 +01:00
Nick Rolfe	9034d74663	Ruby: add file-level qldoc	2021-11-12 11:12:27 +00:00
Rasmus Wriedt Larsen	860b1a5cc3	Python: Other minor QLDoc adjustment	2021-11-12 11:46:45 +01:00
Erik Krogh Kristensen	80919e39a2	Merge branch 'main' into extractBigReg	2021-11-12 11:45:49 +01:00
Rasmus Wriedt Larsen	99081ea7e0	Python: Minor adjustment in QLDoc	2021-11-12 11:42:36 +01:00
Rasmus Wriedt Larsen	5e4b866f2b	Python: Model `rest_framework.exceptions.APIException`	2021-11-12 11:37:54 +01:00
Rasmus Wriedt Larsen	62e58b534c	Python: SubclassFinder: reorder + comment	2021-11-12 11:11:13 +01:00
Rasmus Wriedt Larsen	f48ecb1dc8	Python: Apply suggestions from code review Co-authored-by: yoff <lerchedahl@gmail.com>	2021-11-12 10:57:56 +01:00
Benjamin Muskalla	a0b7f267ff	Only capture taint from own fields Also exclude `Charset` as relevant taint-carrying type. This is generally what we want to lets us avoid tracking arguments that lead to FP.	2021-11-12 10:15:15 +01:00
Benjamin Muskalla	0234e77d2f	Let sink node be pluggable in any call context	2021-11-12 09:43:05 +01:00
Benjamin Muskalla	b8809a20d8	Support propagating taint of inner object	2021-11-12 09:39:59 +01:00
Tom Hvitved	b5cf4c2f82	Merge pull request #7111 from michaelnebel/csharp-move-printast Csharp move PrintAst query to test directory.	2021-11-12 09:19:13 +01:00
Rasmus Wriedt Larsen	06cae3dac2	Merge pull request #7104 from yoff/python/model-aiomysql Python: model aiomysql	2021-11-11 16:58:01 +01:00
Tom Hvitved	004144bbef	Merge pull request #7028 from hvitved/ruby/api-graphs-prune Ruby: Prune nodes before computing `trackUseNode`	2021-11-11 15:57:21 +01:00
Michael Nebel	9ea320c53c	Update all PrintAst.qlref to point to new location of PrintAst.ql	2021-11-11 15:19:15 +01:00
Mathias Vorreiter Pedersen	982de28b89	Update cpp/ql/lib/semmle/code/cpp/commons/Printf.qll Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2021-11-11 13:19:13 +00:00
Erik Krogh Kristensen	e09c12430d	Merge pull request #7105 from erik-krogh/flagJqueryUI JS: have the aliasPropertyPresenceStep step over extend calls	2021-11-11 14:05:11 +01:00
Erik Krogh Kristensen	b639a8d183	update ruby example Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-11-11 14:04:38 +01:00
CodeQL CI	34cc61e51f	Merge pull request #7083 from asgerf/js/type-track-object-literals-with-methods Approved by erik-krogh	2021-11-11 04:35:55 -08:00
Michael Nebel	5a4557f588	Move PrintAst.ql and update import statement	2021-11-11 13:27:12 +01:00

... 73 74 75 76 77 ...

33872 Commits