hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 01:01:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,689 Branches 159 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
a9062cc047 merge hasDominatingWrite and hasDominatingAssignment 2022-03-02 11:30:05 +01:00
Mathias Vorreiter Pedersen
3681a1b736 Merge pull request #7933 from geoffw0/cwe497 
C++: Improve cpp/system-data-exposure
 2022-03-02 10:18:01 +00:00
Mathias Vorreiter Pedersen
71cd507f89 Merge pull request #8298 from MathiasVP/filter-bad-conversions-in-cpp-gvn 
C++: Fix `GVN` performance on more invalid IR
 2022-03-02 10:14:19 +00:00
Michael Nebel
53b2eac8c5 C#: Remove (symmetric) duplicates from the test output. 2022-03-02 09:44:51 +01:00
Michael Nebel
38f04e5585 C#: Flatten the the Gvn type. 2022-03-02 09:44:51 +01:00
Michael Nebel
6b4dea780f C#: Introduce caching of the Gvn related types and the toGvn predicate. 2022-03-02 09:44:51 +01:00
Michael Nebel
796a18043b C#: Add testcase for GVN printing. 2022-03-02 09:44:51 +01:00
Michael Nebel
7e25b141ca C#: Add test cases for finding structurally equivalent control flow elements. 2022-03-02 09:44:51 +01:00
Michael Nebel
52952e98bf C#: Example source code with structurally same expressions and statements. 2022-03-02 09:44:51 +01:00
Michael Nebel
4499551ca4 C#: Add a verbatim copy of the structural comparison for internal use only. 2022-03-02 09:44:51 +01:00
Michael Nebel
16270cf57f C#: Add configuration class to allow defining a candidate pairs of control flow predicates, where we want to look for structural equality. 2022-03-02 09:44:51 +01:00
Michael Nebel
87cb92a434 C#: Add predicates for restricting the Gvn type and the relation between control flow elements and global value numbers. 2022-03-02 09:44:51 +01:00
Michael Nebel
8bd12b23e2 C#: Add type(s) for representing global value numbers. 2022-03-02 09:44:51 +01:00
Michael Nebel
cc5d56547c C#: Add type Global value number kinds for control flow elements. 2022-03-02 09:44:51 +01:00
Michael Nebel
8179e247bf C#: Delete the existing structural comparison implementation. 2022-03-02 09:44:51 +01:00
ihsinme
9e76260f1d Update DangerousUseOfTransformationAfterOperation.ql 2022-03-02 10:38:57 +03:00
ihsinme
f5267ba8c6 Update DangerousUseOfTransformationAfterOperation.qhelp 2022-03-02 10:24:40 +03:00
Harry Maclean
37dac186a8 Ruby: String.try_convert isn't value-preserving 
`String.try_convert` can convert arbitrary objects to strings, which
obviously isn't value-preserving.
 2022-03-02 13:31:59 +13:00
Arthur Baars
169f65526e Merge pull request #8292 from aibaars/api-graphs-private 
Ruby: ApiGraphs: use private imports
 2022-03-02 00:35:46 +01:00
Taus
8460ab4f31 Merge pull request #7549 from hvitved/python/points-to-perf 2022-03-01 23:05:10 +01:00
Mathias Vorreiter Pedersen
155502cfdb C#/C++: Sync identical files. 2022-03-01 16:56:49 +00:00
Mathias Vorreiter Pedersen
4acae4a2d1 C++: Remove redundant conjunct. 2022-03-01 16:56:25 +00:00
Geoffrey White
2962b125af Merge branch 'main' into cwe497 2022-03-01 16:19:28 +00:00
Paolo Tranquilli
c81f2661a3 Merge pull request #8300 from redsun82/check-qhelp 
check-qhelp: call super init in IncludeHandler
 2022-03-01 17:07:28 +01:00
Paolo Tranquilli
ef4d1de9c3 check-qhelp: call super init in IncludeHandler 
`xml.sax.ContentHandler` has a non-trivial `__init__`. While this is
probably harmless, it does not hurt to fix this.
 2022-03-01 16:50:55 +01:00
Rasmus Wriedt Larsen
518e2aeebf Merge branch 'main' into jorgectf/python/deserialization 2022-03-01 16:47:13 +01:00
Rasmus Lerchedahl Petersen
f55d7d627e python: model XPathEvaluator 2022-03-01 14:40:13 +01:00
Rasmus Lerchedahl Petersen
3bb17be389 python: add concept and library tests 2022-03-01 14:39:28 +01:00
ihsinme
a6654fce4a Update ImproperCheckReturnValueScanf.ql 2022-03-01 16:37:29 +03:00
ihsinme
e9fefab9b1 Update test.cpp 2022-03-01 16:36:24 +03:00
ihsinme
bfec3c5e6e Update ImproperCheckReturnValueScanf.expected 2022-03-01 16:35:31 +03:00
Tom Hvitved
92fa0071bd Update python/ql/lib/semmle/python/pointsto/MRO.qll 
Co-authored-by: Taus <tausbn@github.com>
 2022-03-01 14:16:49 +01:00
Asger Feldthaus
df379809df Ruby: support CSV rows of form ;any;Method[foo] 2022-03-01 14:08:21 +01:00
Asger Feldthaus
05ea33033b Ruby: add test for API::EntryPoint 2022-03-01 14:08:21 +01:00
Asger Feldthaus
bf83400bd2 Ruby: port API::EntryPoint from JS 2022-03-01 14:08:21 +01:00
Asger Feldthaus
e10e3b9466 Ruby: convert ActiveStorage::Filename model to MaD 2022-03-01 14:08:21 +01:00
Asger Feldthaus
e6a3747656 Ruby: add test for ActiveStorage.Filename.new 2022-03-01 14:08:21 +01:00
Asger Feldthaus
70c083fa64 Ruby: convert Regexp.escape model to MaD 2022-03-01 14:08:21 +01:00
Asger Feldthaus
cbd044a768 Ruby: add a code injection test for flwo through Regexp.escape 2022-03-01 14:08:21 +01:00
Asger Feldthaus
63e7c16d6b Ruby: add test with sinks and type-defs 2022-03-01 14:08:20 +01:00
Asger Feldthaus
388949f12e Ruby: support WithBlock and WithoutBlock 2022-03-01 14:08:20 +01:00
Asger Feldthaus
d6bc9c259e Ruby: add simple test case 2022-03-01 14:08:20 +01:00
Asger Feldthaus
d808bdc028 JS: Sync ApiGraphModels.qll 2022-03-01 14:08:20 +01:00
Asger Feldthaus
a33e89279d Ruby: instantiate ApiGraphModels library in Ruby 2022-03-01 14:08:20 +01:00
Arthur Baars
ea8187c771 Ruby: .github/workflows/ruby-qltest.yml: turn off fail-fast 2022-03-01 13:30:56 +01:00
Arthur Baars
b2745d44f2 Ruby: update ReDoS.expected 2022-03-01 13:30:56 +01:00
Arthur Baars
61fa3ba314 Add change note 2022-03-01 13:30:56 +01:00
Arthur Baars
a51f17e0ed Ruby: introduce RegExpPatternSource 2022-03-01 13:30:51 +01:00
Arthur Baars
1240c11c4b Ruby: parse some string literals as regex 
In addition to regex literals, also parse normal string literals
as regular expressions if they somehow "flow" into a method call
that is known to interpret string values as regular expressions.
 2022-03-01 13:26:51 +01:00
Geoffrey White
5402b02fd7 Merge branch 'main' into cwe497 2022-03-01 11:58:24 +00:00