hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 18:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,691 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
24000a50e6 Python: Fix bad join in py/redundant-assignment 
A minor thing, but still best avoided:
```
Tuple counts for RedundantAssignment::pyflakes_commented_line#bb/2@0477c7 after 14.2s:
160826   ~0%     {2} r1 = SCAN py_comments OUTPUT In.2, In.1
160826   ~0%     {3} r2 = JOIN r1 WITH project#Files::Location::hasLocationInfo_dispred#bfffff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2 'result'
160826   ~3%     {3} r3 = JOIN r2 WITH files_10#join_rhs ON FIRST 1 OUTPUT Lhs.2 'result', Lhs.1, Rhs.1 'file'
46672419 ~4%     {4} r4 = JOIN r3 WITH Files::Location::getStartLine_dispred#bf_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.2 'file', Lhs.1, Lhs.0 'result'
3951     ~0%     {4} r5 = JOIN r4 WITH Files::Location::getFile_dispred#bf ON FIRST 2 OUTPUT Lhs.2, Lhs.3 'result', Lhs.1 'file', toLower(Lhs.2)
0        ~0%     {4} r6 = SELECT r5 ON In.3 contains "pyflakes"
0        ~0%     {2} r7 = SCAN r6 OUTPUT In.2 'file', In.1 'result'
                return r7
```
 2021-11-09 20:31:44 +00:00
Geoffrey White
26e9adcc34 C++: Change note. 2021-11-09 19:39:21 +00:00
Geoffrey White
ef21d1b512 C++: Add a model for curl as well. 2021-11-09 19:32:43 +00:00
Geoffrey White
6388ac5f1d C++: Add tests. 2021-11-09 18:41:57 +00:00
Geoffrey White
d2b18d952d C++: Add qhelp. 2021-11-09 18:41:56 +00:00
Geoffrey White
bd1e708c5d C++: First version of cpp/non-https-url. 2021-11-09 18:33:49 +00:00
Rasmus Wriedt Larsen
985cd1ebdb Python: Port py/request-without-cert-validation to use API graphs 2021-11-09 16:37:50 +01:00
Rasmus Wriedt Larsen
59581690fd Python: Add py/request-without-cert-validation tests 2021-11-09 16:29:57 +01:00
Rasmus Wriedt Larsen
9710aeecbf Python/C#: Add CWE-1333 to redos queries 
As is already done in JS and Ruby.
 2021-11-09 16:10:38 +01:00
Anders Schack-Mulligen
1efe1e0d10 Java: Improve algorithm for subtyping of parameterized types. 2021-11-09 15:49:17 +01:00
Tom Hvitved
7178a98e45 Ruby: Rename pruneUseNode{Fwd,Rev} 2021-11-09 15:16:36 +01:00
Tom Hvitved
30251740e3 Ruby: Prune nodes before computing trackUseNode 2021-11-09 15:16:36 +01:00
Tom Hvitved
8195ebf4b3 Merge pull request #7059 from hvitved/ruby/basic-store-step-postupdate 
Ruby: Fix `basicStoreStep`
 2021-11-09 15:16:07 +01:00
Alex Ford
556cdbaa21 ruby: QL format 2021-11-09 14:09:11 +00:00
Alex Ford
37775407a9 ruby: drop a redundant bit of documentation 2021-11-09 14:07:00 +00:00
Alex Ford
340897f262 ruby: drop unnecessary variable 2021-11-09 14:06:21 +00:00
Alex Ford
a23750a9c7 ruby: inline some predicates 2021-11-09 14:06:21 +00:00
Benjamin Muskalla
40e47c0ea3 Merge pull request #7082 from bmuskalla/filterOutputStream 
Java: Model taint for `FilterOutputStream`
 2021-11-09 15:06:15 +01:00
Alex Ford
c65d1d9a50 ruby: CSRFProtectionDisabled.qhelp fixes 
Co-authored-by: Harry Maclean <hmac@github.com>
 2021-11-09 14:05:41 +00:00
Rasmus Wriedt Larsen
f70e4fea55 Python: Add interesting path-injection FP 2021-11-09 14:53:32 +01:00
Mathias Vorreiter Pedersen
10bca3544c C++: Change 'annotate_path_to_sink' so that you now annotate a ir-path with the previous node (instead of its source). This gives a better overview of the path. 2021-11-09 13:49:12 +00:00
Benjamin Muskalla
bfe2e2e0b9 Model taint for FilterOutputStream 2021-11-09 14:21:50 +01:00
Rasmus Wriedt Larsen
1e31416049 Merge pull request #7031 from yoff/python/taint-through-with 
Python: Taint through `async with`
 2021-11-09 14:08:07 +01:00
Alex Ford
c708b6b76f Merge pull request #7077 from github/ruby/downgrade-hardcoded-credentials 
Ruby: Downgrade `rb/hardcoded-credentials` precision from high to medium
 2021-11-09 12:08:10 +00:00
Rasmus Lerchedahl Petersen
ac5a46f24f Python: split test as suggested in review 2021-11-09 13:04:52 +01:00
yoff
5f4aad40c1 Update python/ql/test/experimental/meta/InlineTaintTest.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-09 13:00:35 +01:00
Rasmus Lerchedahl Petersen
aa1541a5c3 Python: add changenote 2021-11-09 12:57:36 +01:00
Rasmus Lerchedahl Petersen
a58c47b07b Python: model aiopg.sa 2021-11-09 12:49:57 +01:00
Rasmus Lerchedahl Petersen
f53314019a Python: test aiopg.sa 2021-11-09 12:42:03 +01:00
CodeQL CI
d9d304fc13 Merge pull request #7076 from asgerf/js/tainted-path-regexp-guard2 
Approved by erik-krogh
 2021-11-09 03:40:37 -08:00
Rasmus Lerchedahl Petersen
cd332a75fc Python: model aiopg 2021-11-09 12:32:21 +01:00
Erik Krogh Kristensen
56a7c8b163 fix typo in change note 
Co-authored-by: Asger F <asgerf@github.com>
 2021-11-09 12:06:29 +01:00
Asger F
4b82840e9d Revert "JS: Skip files with unsupported file encoding" codeql-cli/v2.7.1 2021-11-09 10:57:01 +00:00
Rasmus Lerchedahl Petersen
cb8f1b4593 Python: Add tests for aiopg 2021-11-09 11:49:31 +01:00
Geoffrey White
d9e02e83fe Merge pull request #6825 from MathiasVP/use-shared-ssa-in-ir-dataflow 
C++: Redesign IR dataflow using the shared SSA library
 2021-11-09 10:19:50 +00:00
James Fletcher
1bacce487e Merge pull request #7056 from jf205/sarif-query-help 
Add new option to database analyze tutorial
 2021-11-09 10:19:29 +00:00
CodeQL CI
954fd8d6f7 Merge pull request #7081 from github/revert-6924-js/skip-files-with-unsupported-encoding 
Approved by esbena
 2021-11-09 02:18:16 -08:00
Erik Krogh Kristensen
8727060ca7 add comment about modes of operation 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-09 11:15:12 +01:00
Asger Feldthaus
87aa39cef2 JS: Limited tracking of object literals with methods 2021-11-09 11:06:41 +01:00
Asger F
0c6680b2c0 Revert "JS: Skip files with unsupported file encoding" 2021-11-09 09:07:54 +00:00
ihsinme
55fe01018f Update InsecureTemporaryFile.ql 2021-11-09 09:33:33 +03:00
ihsinme
8ddfea1dee Update cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-11-09 09:20:39 +03:00
Asger Feldthaus
f14f9449ee JS: Use getAMatchedString instead of getConstantString 2021-11-08 15:35:35 +01:00
Asger Feldthaus
b3e64f1669 JS: Add test 2021-11-08 15:32:43 +01:00
Erik Krogh Kristensen
330c2c42b5 Merge pull request #7075 from erik-krogh/cwe297 
JS: add cwe-297 to `js/disabling-certificate-validation`
 2021-11-08 14:35:58 +01:00
Erik Krogh Kristensen
5cafb86c88 Merge pull request #7074 from erik-krogh/cwe942 
JS: add cwe-942 to `js/cors-misconfiguration-for-credentials`
 2021-11-08 14:35:53 +01:00
Rasmus Lerchedahl Petersen
3f4c2ba24e Python: Support debugging inline taint tests 
The module `Conf` is created so that it can be imported
without importing the query predicates from the same file.
 2021-11-08 14:08:11 +01:00
Anders Schack-Mulligen
1e0eb2f6e4 Merge pull request #7072 from aschackmull/java/nomagic-synchsetunsynchget 
Java: Fix bad magic in SynchSetUnsynchGet.
 2021-11-08 13:48:22 +01:00
Alex Ford
2581efc18a ruby: downgrade rb/hardcoded-credentials precision from high to medium 2021-11-08 12:32:38 +00:00
Erik Krogh Kristensen
a2175a3207 add cwe-297 to js/disabling-certificate-validation 2021-11-08 13:26:53 +01:00