hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 08:41:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,687 Branches 159 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
6b14c1d6b9 Merge branch 'main' into jorgectf/python/deserialization 2022-03-08 11:15:03 +01:00
Rasmus Wriedt Larsen
cbe3964a87 Merge pull request #8275 from haby0/py/add-ssrf-sinks 
Python: Add Server-side Request Forgery sinks
 2022-03-08 11:06:52 +01:00
Tom Hvitved
3bc8d0878f Ruby: Add regex consistency queries 2022-03-08 10:10:14 +01:00
Tom Hvitved
6d4eecff14 Ruby: Fix regex parsing of /[|]/ 2022-03-08 09:52:06 +01:00
Tom Hvitved
a7442b7a2b Ruby: Add regex test case for /[|]/ 2022-03-08 09:51:39 +01:00
ihsinme
8335778e20 Update ImproperCheckReturnValueScanf.qhelp 2022-03-08 07:45:07 +03:00
ihsinme
c0c7748c5e Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-08 07:42:35 +03:00
Jonathan Leitschuh
2e8b5f743b [Java] Add CompileTimeConstantExpr.getStringified method 
Removes CharacterLiteral from CompileTimeConstantExpr.getStringValue

Resolves:
 - https://github.com/github/codeql/pull/8325#issuecomment-1060470279
 - https://github.com/github/codeql/pull/8325#issuecomment-1060587205
 2022-03-07 20:11:38 -05:00
Jonathan Leitschuh
a21992ade9 Minor refactoring to improve tests and documentation 2022-03-07 18:40:53 -05:00
Jonathan Leitschuh
5b651f29d8 Fix insufficient tests and add documentation 2022-03-07 16:39:40 -05:00
Taus
5a8ba6a7af Python: Fix use of singleton set 2022-03-07 18:59:49 +00:00
Taus
d2603884ca Python: Fix a bunch of class QLDoc 2022-03-07 18:59:49 +00:00
Taus
af7f532212 Python: Fix up a bunch of function QLDoc 2022-03-07 18:59:49 +00:00
Geoffrey White
c793699562 C++: Change note. 2022-03-07 17:41:00 +00:00
Geoffrey White
fc6f42296a C++: Upgrade cpp/system-data-exposure. 2022-03-07 17:39:04 +00:00
Jonathan Leitschuh
b282c7f1b9 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-03-07 11:31:32 -05:00
Tom Hvitved
6aad8d6897 Merge pull request #8302 from aibaars/type-tracking-smallstep 
Ruby: TypeTracker: add smallstep for functions that return their arguments
 2022-03-07 17:26:45 +01:00
Arthur Baars
ce50f35dda Python: switch to shared implementation of IncompleteHostnameRegExp.ql 2022-03-07 16:10:08 +01:00
Arthur Baars
bb348116ab JavaScript: update expected output 2022-03-07 16:10:08 +01:00
Arthur Baars
98f56f4d60 Js/Ruby: Share IncompleteHostnameRegExp.ql 2022-03-07 16:10:08 +01:00
Arthur Baars
097c661362 Ruby: drop results that cannot be found yet from IncompleteHostnameRegExp.expected 2022-03-07 16:10:08 +01:00
Arthur Baars
9e8930c192 Ruby: IncompleteHostnameRegExp.ql 2022-03-07 16:10:08 +01:00
Arthur Baars
832c9c4b0b Ruby: copy IncompleteHostnameRegExp files from JavaScript 2022-03-07 16:10:07 +01:00
Arthur Baars
602538d1c1 Ruby: add RegExpPatterns module 2022-03-07 16:09:12 +01:00
Mathias Vorreiter Pedersen
c7d624d314 Merge pull request #8247 from ihsinme/ihsinme-patch-80 
CPP: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
 2022-03-07 11:00:29 +00:00
Geoffrey White
e7dca435a9 Merge pull request #6950 from ihsinme/ihsinme-patch-078 
CPP: Add query for CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
 2022-03-07 10:55:29 +00:00
Arthur Baars
200a965fda Update expected output 2022-03-07 11:51:54 +01:00
Arthur Baars
95027e746c Ruby: TypeTracker: add smallstep for functions that return their arguments 2022-03-07 11:51:54 +01:00
Tom Hvitved
9c4c35141a Ruby: Update type tracker test 2022-03-07 11:51:54 +01:00
Tom Hvitved
64b458b166 Merge pull request #8319 from hvitved/csharp/recursive-qltest-extraction-change-note 
C#: Add change note about recursive `codeql test run` extraction
 2022-03-07 11:43:11 +01:00
Tom Hvitved
c1db0a9429 Merge pull request #8317 from hvitved/typetracker/jump-step 
Ruby/Python: Clear call contexts after jump steps in type tracking
 2022-03-07 11:38:51 +01:00
Tom Bolton
173f45f316 Merge pull request #8334 from github/tombolton/add-mapping-query 
JS: Add query that maps queries to sink type
 2022-03-07 10:35:37 +00:00
Mathias Vorreiter Pedersen
027c8247ae Merge pull request #8310 from jketema/update-stats 
C++: Update the DB scheme stats file
 2022-03-07 09:11:53 +00:00
Tony Torralba
08ce128d64 Merge pull request #8325 from JLLeitschuh/feat/JLL/improve_compile_time_constant 
[Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue
 2022-03-07 09:32:59 +01:00
haby0
7e6666bc63 Merge branch 'main' into py/add-ssrf-sinks 2022-03-07 12:09:14 +08:00
Erik Krogh Kristensen
9c759a987e QL: add query detecting ordering by a constant 2022-03-06 17:02:19 +01:00
Alex Ford
98dbe3aaf3 Ruby: make ActiveRecord Persistence::ModifyAndSaveCall private 2022-03-05 18:22:32 +00:00
Jonathan Leitschuh
523ddb79f3 Cleanup after code review feedback 2022-03-04 15:35:01 -05:00
Jonathan Leitschuh
5243fe3dbf Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-03-04 15:30:52 -05:00
Tiferet Gazit
bbc712fdb3 Merge pull request #8297 from erik-krogh/atmPerf 
JS: Fix ATM timeout on NodeJS
 2022-03-04 10:41:35 -08:00
Alex Ford
8fed9f9aa0 Ruby: ActiveRecord - match OrmWriteAccesses for assignements to the assignment node rather than the setter call 2022-03-04 17:24:24 +00:00
Mathias Vorreiter Pedersen
624795cbbf Merge pull request #8059 from rdmarsh2/rdmarsh2/cpp/insufficient-key-strength 
C++: new query for insufficient key strength
 2022-03-04 17:11:44 +00:00
Robert Marsh
280fdbfc1b C++: accept test output from perf improvement 
The last commit removed some source nodes from the dataflow graph, which
changed the test expectations slightly. No result changes occurred.
 2022-03-04 11:39:10 -05:00
Jorge
5552834e0f Merge pull request #9 from RasmusWL/WIP 
Rasmus' rewrite of https://github.com/github/codeql/pull/6112

See https://github.com/github/codeql/pull/6112#pullrequestreview-898959413
 2022-03-04 17:18:54 +01:00
Taus
b35718e0d5 Python: Remove uses of getAQlClass 2022-03-04 15:39:27 +00:00
Jonathan Leitschuh
38897f2ec1 Fixup tests from code review changes 2022-03-04 09:33:51 -05:00
Jonathan Leitschuh
17b6e66814 Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-03-04 09:29:57 -05:00
ihsinme
5c801392d1 Merge pull request #2 from geoffw0/fix_tests 
Fix tests.
 2022-03-04 15:41:41 +03:00
Arthur Baars
71e393c6e1 Merge pull request #8330 from aibaars/cache-regExpSource 
Ruby: cache regExpSource/1 instead of isInterpretedAsRegExp
 2022-03-04 13:38:11 +01:00
Taus
095f27f294 Python: Remove deprecated annotations 2022-03-04 12:30:26 +00:00