hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 04:56:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,714 Branches 162 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
40acb95105 Merge pull request #5397 from erik-krogh/globalSanitizer 
Approved by asgerf
 2021-03-16 05:37:32 -07:00
Erik Krogh Kristensen
3640bbd466 add test for IncompleteHtmlAttributeSanitization 2021-03-16 13:25:27 +01:00
Erik Krogh Kristensen
1bf259beef support another String.prototype.replace pattern 2021-03-16 13:25:13 +01:00
Cornelius Riemenschneider
755fec466f Apply suggestions from code review 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-03-16 13:21:57 +01:00
Tom Hvitved
e1e4016a5c C#: Fix missing delegate flow 2021-03-16 13:16:23 +01:00
Tom Hvitved
29c6d22163 C#: Add test exposing missing delegate flow 2021-03-16 13:16:23 +01:00
Tom Hvitved
25adcfc39d C#: Fix missing phi flow 2021-03-16 13:16:23 +01:00
Tom Hvitved
e092b31791 C#: Add test exposing missing phi flow 2021-03-16 13:16:23 +01:00
Tom Hvitved
7eaf02a0bf Make external AstNode an IPA type 2021-03-16 12:50:20 +01:00
Tamas Vajk
d02fba8c37 Java: adjust wrapped constructor calls 2021-03-16 12:42:41 +01:00
Rasmus Lerchedahl Petersen
cf791e8164 Python: Describe Concepts and Attributes 2021-03-16 12:31:47 +01:00
Tamas Vajk
e3534d1635 Java: cover wrapped constructor taint flow 2021-03-16 12:10:28 +01:00
Tamas Vajk
af0dff8c6f Java: migrate constructor flow taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
f9a207dd9f Java: migrate 'arg to arg' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
7e1534a6cd Java: migrate 'arg to return' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
5cdbde2686 Java: migrate 'qualifier to return' taint steps to CSV 2021-03-16 12:10:28 +01:00
Tamas Vajk
40126563ef Java: migrate 'qualifier to arg' taint steps to CSV 2021-03-16 12:10:28 +01:00
CodeQL CI
c08230ce1e Merge pull request #5378 from asgerf/js/meta-problem-queries 
Approved by esbena
 2021-03-16 03:58:12 -07:00
Cornelius Riemenschneider
2e8e04f73e C++: Move FailedExtractions.ql to FailedCompilations.ql. 2021-03-16 10:48:04 +00:00
Tamás Vajk
24140195d6 Merge pull request #5242 from tamasvajk/feature/tuple-df 
C#: Add tuple dataflow
 2021-03-16 11:45:11 +01:00
Tamás Vajk
8d6b8359eb Merge pull request #5316 from tamasvajk/feature/roslyn3.9 
C#: Upgrade Roslyn dependencies to 3.9
 2021-03-16 11:44:42 +01:00
Anders Schack-Mulligen
2d8d967060 Dataflow: Address review comment. 2021-03-16 11:07:33 +01:00
Cornelius Riemenschneider
fa3ac30894 C++: Update query to latest spec. 2021-03-16 09:56:38 +00:00
Chris Smowton
6d108c0fa7 Improve docstring for composedValueAndTaintModelStep 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-03-16 09:00:35 +00:00
Chris Smowton
915a19fb9d Improve naming; eliminate some harmless extra results 
Adding `src != valueSource` should have no effect as the introduced edge would already exist, but could reduce workload downstream.
 2021-03-16 08:57:14 +00:00
Chris Smowton
516122aa74 Add taint-preserving edges where a call also has a value-preserving edge 
For example, for a fluent method that returns `this`, we take a tainting edge from argX to either `this` or the return value to also taint the other.
 2021-03-16 08:45:24 +00:00
CodeQL CI
86b933a0e0 Merge pull request #5354 from yoff/doc-fix-typo-csharp-dataflow 
Approved by hvitved
 2021-03-15 23:52:38 -07:00
Jaroslav Lobačevski
8445ec6c17 Update javascript/ql/src/experimental/semmle/javascript/Actions.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-15 19:15:10 +02:00
yoff
14dd708abc Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-15 17:56:50 +01:00
Jaroslav Lobačevski
87ea442a78 qhelp 2021-03-15 18:47:45 +02:00
Rasmus Lerchedahl Petersen
6fff746b16 Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol 2021-03-15 17:37:28 +01:00
Rasmus Lerchedahl Petersen
9a96230523 Python: Add changenote 2021-03-15 17:35:30 +01:00
Jaroslav Lobačevski
de6ed1dcb9 File rename 2021-03-15 18:34:10 +02:00
Rasmus Lerchedahl Petersen
514a69c47a Python: Support ssl.PROTOCOL_TLS_SERVER 
and `ssl.PROTOCOL_TLS_CLIENT`
 2021-03-15 17:30:01 +01:00
Rasmus Lerchedahl Petersen
87f3ba2684 Python: add tests for ssl.PROTOCOL_TLS_SERVER 
and `ssl.PROTOCOL_TLS_CLIENT`
 2021-03-15 17:24:39 +01:00
Jaroslav Lobačevski
a823baabfb Ranamed to CWE-094 2021-03-15 18:24:08 +02:00
Rasmus Lerchedahl Petersen
731f4559b4 Python: update test expectations 2021-03-15 17:23:58 +01:00
Jaroslav Lobačevski
16ca2314e4 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-15 18:14:20 +02:00
Rasmus Lerchedahl Petersen
4094b18407 Python: Clean up tests 2021-03-15 16:28:08 +01:00
Anders Schack-Mulligen
45c9428668 Merge pull request #5337 from smowton/smowton/feature/commons-lang-random-sources 
Java: Add support for Commons-Lang's RandomUtils
 2021-03-15 16:21:01 +01:00
Anders Schack-Mulligen
d1f30d9164 Java: Autoformat. 2021-03-15 15:28:04 +01:00
Anders Schack-Mulligen
662e17ff85 Java: Bugfix dispatch to lambda in call context. 2021-03-15 15:09:03 +01:00
CodeQL CI
9268050eb8 Merge pull request #5369 from erik-krogh/tempObjInj 
Approved by asgerf
 2021-03-15 05:23:55 -07:00
CodeQL CI
a9c292e265 Merge pull request #5391 from erik-krogh/additionalXss 
Approved by asgerf
 2021-03-15 04:50:54 -07:00
Erik Krogh Kristensen
b039267b76 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-15 12:39:56 +01:00
Cornelius Riemenschneider
f75b969ffc C++: Only include sum of LoC in the new non-alert summary queries for now. 2021-03-15 11:32:10 +00:00
Arthur Baars
c672169621 Merge pull request #155 from github/aibaars/order-ast-test 
AST: order edges by target node
 2021-03-15 10:43:34 +01:00
Arthur Baars
d54db292f7 Move semmle.order property to printAst.qll 2021-03-15 10:33:10 +01:00
Mathias Vorreiter Pedersen
0ffb80e3b1 Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-15 09:42:32 +01:00
Anders Schack-Mulligen
e37ba75599 Merge pull request #5401 from Marcono1234/patch-2 
Add missing quote in documentation
 2021-03-15 09:17:29 +01:00