hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 16:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,689 Branches 159 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ahmed532009
aa488e532f Update csrfComparison.java 2022-02-25 17:33:07 +00:00
Chris Smowton
333130b2a4 Abbreviate isSink 2022-02-25 17:33:07 +00:00
Chris Smowton
80a2b388bf Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:07 +00:00
ahmed532009
fa81f43694 Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
39e07cbc9c Update and rename UnsafecsrfComparison.java to csrfComparison.java 2022-02-25 17:33:06 +00:00
ahmed532009
c6c67b907b Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
98b06d35af Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:06 +00:00
ahmed532009
bf95e59b24 Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
ab6a7bb3d8 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:06 +00:00
root
49feeb1c36 Timing attacks while comparing the headers value 2022-02-25 17:33:06 +00:00
Alexander Eyers-Taylor
6b9ccd6e91 QLSpec: Apply suggestions from code review 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2022-02-25 15:34:43 +00:00
Rasmus Wriedt Larsen
f988e1f0d8 Python: Improve field-flow by removing import * 
Since that apparently impacts call graph resolution with points-to :O

Also interesting that global flow was only not working for those cases
because of the tricky ifs... still need to 100% figure out how those ifs
are messing up the analysis :|
 2022-02-25 16:01:08 +01:00
Rasmus Wriedt Larsen
999af15bd5 Python: Show unresolved calls for field-flow tests 2022-02-25 15:58:07 +01:00
Taus
622b32692b Python: Prevent magic/inlining in getCase 
This is a simplified version of
https://github.com/github/codeql/pull/8028
consisting of just the `nomagic` fix.
 2022-02-25 14:32:59 +00:00
yoff
8b926f6859 Merge pull request #7873 from RasmusWL/fix-attribute-taint 
Python: Fix attribute taint
 2022-02-25 15:02:24 +01:00
Rasmus Wriedt Larsen
2d0034c40d Python: Replicate global field-flow failures 2022-02-25 14:14:00 +01:00
Asger F
a8bfebaeb6 Merge pull request #8149 from asgerf/shared/use-shared-access-path-syntax 
Shared: use shared access path syntax to parse arguments in CSV rows
 2022-02-25 14:04:18 +01:00
CodeQL CI
0f125d1e8a Merge pull request #8234 from asgerf/ruby/meta-queries 
Approved by nickrolfe
 2022-02-25 12:46:15 +00:00
Rasmus Wriedt Larsen
faaa63a73c Python: Ensure no cross-talk in global tests 
By giving all variables unique names

I also added a comment with the function name from the normal tests, so
its' easily visible what these tests are testing
 2022-02-25 13:41:51 +01:00
Rasmus Wriedt Larsen
0642610ee9 Python: Global flow works when in own file??? 
This is very suspicious
 2022-02-25 13:36:00 +01:00
Rasmus Wriedt Larsen
d83a9ef8d3 Python: Fix global field-flow for validTest.py 2022-02-25 13:35:43 +01:00
yoff
e1c2f46092 Merge pull request #8200 from RasmusWL/debug-partial-flow-snippet 
Python: Add `debug partial flow` snippet
 2022-02-25 12:41:12 +01:00
Arthur Baars
9d9abaf1f9 Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-02-25 12:27:20 +01:00
Pierre
f047707ef3 Merge pull request #8251 from github/turbo-java-17-python-310 
Update supported Java and Python versions
 2022-02-25 12:19:01 +01:00
Chris Smowton
011248e686 Merge pull request #7774 from smowton/smowton/admin/test-annotation-inheritence 
Add test checking that inheritence is noticed even with annotations present
 2022-02-25 11:15:21 +00:00
Rasmus Wriedt Larsen
49dbb8cae7 Docs: Mention hasPartialFlowRev and performance problem 
The things that I mentioned in https://github.com/github/codeql/pull/6502#issuecomment-901087620 that never got into the document 😳
 2022-02-25 11:22:20 +01:00
Pierre
9e27675554 Update supported Java and Python versions 2022-02-25 11:12:01 +01:00
Mathias Vorreiter Pedersen
dfd30e46b0 Merge pull request #8227 from geoffw0/319improve 
C++: Promote cpp/non-https-url
 2022-02-25 08:48:44 +00:00
ihsinme
ffdca61f9a Add files via upload 2022-02-25 11:20:23 +03:00
ihsinme
74f8145970 Add files via upload 2022-02-25 11:18:38 +03:00
ihsinme
0c8a07218c Add files via upload 2022-02-25 11:16:05 +03:00
ihsinme
bddb5fd9f9 Add files via upload 2022-02-25 11:14:20 +03:00
ihsinme
3d1f4d5499 Merge pull request #1 from github/main 
up to head
 2022-02-25 11:04:55 +03:00
Robert Marsh
a60fe9f4b8 C++: exclude 0 earlier in InsufficientKeySize 2022-02-24 14:26:37 -05:00
Tamás Vajk
17fbbdba34 Merge pull request #8233 from github/release-prep/2.8.2 
Release preparation for version 2.8.2
codeql-cli/v2.8.2 		2022-02-24 20:07:55 +01:00
Chris Smowton
b1c98ae3c2 Add further test directly examining signature of method with problematic parameter types 2022-02-24 17:39:11 +00:00
Chris Smowton
379f2438a6 Add test checking that inheritence is noticed even with annotations present 2022-02-24 17:39:11 +00:00
Geoffrey White
899ae90ba4 C++: Add GVN. 2022-02-24 17:22:37 +00:00
Mathias Vorreiter Pedersen
ab3cad749c Merge pull request #8173 from MathiasVP/add-using-expired-stack-address-query 
C++: Add another `CWE-825` query
 2022-02-24 17:18:35 +00:00
Geoffrey White
0bb9a95563 C++: Extend tests. 2022-02-24 17:15:29 +00:00
Tom Bolton
8dfc0d25d1 Merge pull request #8232 from github/tombolton/use-updated-counting-query 
Add new xss queries to result counting query
 2022-02-24 16:38:53 +00:00
Jeroen Ketema
0c788d7352 C++: Remove redundant empty line 2022-02-24 17:31:10 +01:00
Jeroen Ketema
b933a58215 C++: Replace Deprecated Queries by Deprecated Classes 
This is more accurate for the only change in the list.
 2022-02-24 16:48:23 +01:00
Michael Nebel
3e898a1b09 C#: Use generic TryParse method instead. 2022-02-24 16:18:42 +01:00
Tamas Vajk
0d16a7e38d Fix formatting of C# change logs 2022-02-24 16:06:54 +01:00
github-actions[bot]
20fe22c8c8 Release preparation for version 2.8.2 2022-02-24 14:57:08 +00:00
Rasmus Wriedt Larsen
abe4d8da62 Python: Accept global field-flow inconsistencies 
Yikes
 2022-02-24 15:07:18 +01:00
Rasmus Wriedt Larsen
94d23f3817 Python: Also do all field-flow tests in global scope 
Notice that these tests don't pass, to show how they differ in the next
commit!
 2022-02-24 15:06:40 +01:00
Erik Krogh Kristensen
844815a032 Merge pull request #8231 from erik-krogh/fix-ql-for-ql-in-ql-for-ql 
QL: fix ql-for-ql errors inside ql-for-ql
 2022-02-24 15:01:45 +01:00
Erik Krogh Kristensen
ea1503ce2c fix ql-for-ql errors inside ql-for-ql 2022-02-24 14:41:27 +01:00