hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-14 19:46:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,708 Branches 162 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
85c13a1190 Make entries in RemoveWhenFullCoverage explicit 2021-02-09 16:34:25 +01:00
Geoffrey White
d475e55ec0 Update cpp/ql/test/README.md 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-02-09 15:20:03 +00:00
Geoffrey White
cc031118dd Update CONTRIBUTING.md 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-02-09 15:19:30 +00:00
yo-h
e5331a4735 Java: accept changes in expected output 2021-02-09 09:17:35 -05:00
yo-h
e194411cfa Java: fix javac errors in test code 2021-02-09 09:16:57 -05:00
luchua-bc
cb01613aa6 Exclude FP token patterns 2021-02-09 13:53:23 +00:00
Tamas Vajk
9854b95c30 Fix query performance 2021-02-09 14:45:22 +01:00
Alexander Eyers-Taylor
1c43505d30 Merge pull request #5121 from alexet/fix-js-jdoc 
Javascript Extractor: Update <tt> tages to <code>
 2021-02-09 13:07:19 +00:00
Arthur Baars
daa7bd7fd4 Move ReturningStmt::getValue implementation to internal library 2021-02-09 14:01:08 +01:00
Arthur Baars
e398837bdc Rename Statement to Stmt 2021-02-09 13:55:06 +01:00
Arthur Baars
bb89e134c4 Address comments 2021-02-09 13:54:46 +01:00
CodeQL CI
475d216f8e Merge pull request #5087 from erik-krogh/immutable 
Approved by asgerf
 2021-02-09 12:43:19 +00:00
Rasmus Wriedt Larsen
1d25184b32 Python: Add test for type-tracking through decorators 
In general, if there is _some_ decorator on a function, it might not be safe to
track content out of it (since the decorator could do anything), but in this
case, we can see what the decorator does, so we should be able to handle it (but
we don't right now).

By my understanding of how type-tracking works, if we track content through
`my_decorator`, then we would also track content to the result of
`unrelated_func()`, which I wanted to make sure our tests would catch.

I found out the core of the problem seems to come from our lack of being able to
track to the inner scope, and added an explicit test for that.
 2021-02-09 13:43:10 +01:00
Rasmus Wriedt Larsen
eb7e30d472 Python: Add test of django view handler with decorator 
Which we currently don't handle :(

Also added a bit more explanatory comments
 2021-02-09 13:25:12 +01:00
Geoffrey White
d1910a3f5c Update CONTRIBUTING.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-02-09 12:12:24 +00:00
alexet
8dd5a7e7c7 Javascript Extractor: Update <tt> tages to <code> 2021-02-09 12:10:09 +00:00
Remco Vermeulen
3818971b79 Add redirect sinks 
Both the familiy of `Accepted` and `Created` method set the location
header based on provided input. If this is untrusted input this can
result in an URL redirect attack.
 2021-02-09 13:09:02 +01:00
Tom Hvitved
32daf28b34 Rangify AstNode 2021-02-09 12:17:21 +01:00
Alexander Eyers-Taylor
bed10ad562 Merge pull request #5113 from github/alexet/fix-var-decls-spec 
Update the language specification to allow empty var_decls
 2021-02-09 11:08:23 +00:00
Rasmus Lerchedahl Petersen
e3002aa1bf Python: model for sys.exc_info 
made _easy_ by API graphs :D
 2021-02-09 11:39:44 +01:00
Rasmus Lerchedahl Petersen
0ea2f457a1 Python: type trackers for exceptions 2021-02-09 11:39:44 +01:00
Rasmus Lerchedahl Petersen
232d9b006a Python: Implement traceback module 
Just functions, not the classes for now
 2021-02-09 11:39:44 +01:00
Rasmus Lerchedahl Petersen
6a45f6e7e0 Python: Port StackTraceExposure query 
using empty concept implementation
 2021-02-09 11:12:44 +01:00
Rasmus Lerchedahl Petersen
77ae91c47d Python: Add concept ExceptionSource 2021-02-09 11:12:44 +01:00
CaptainFreak
503b339a1f remove hbs specific checks 2021-02-09 07:35:35 +05:30
Raul Garcia (MSFT)
f114ef1f06 Adding unit tests 2021-02-08 16:57:49 -08:00
Geoffrey White
8bf9fc6111 Consistent capitalisation. 2021-02-08 20:29:46 +00:00
Geoffrey White
07b263bb2f Typo. 2021-02-08 20:27:28 +00:00
Geoffrey White
bd255617d8 Three copies of a link is too much. 2021-02-08 20:25:35 +00:00
Geoffrey White
e1ca762bbc Fix layout. 2021-02-08 20:24:15 +00:00
Geoffrey White
65ea1a4631 Add hints / links about tests and documentation to CONTRIBUTING.md. 2021-02-08 20:04:10 +00:00
Geoffrey White
690b525192 Add a link to the C/C++ CodeQL Tests README.md from the Supported CodeQL queries and libraries doc. 2021-02-08 20:04:10 +00:00
Geoffrey White
74178a5e86 Call out the copied code issue for qhelp files again (more generally) in the Supported CodeQL queries and libraries doc. 2021-02-08 20:04:09 +00:00
Geoffrey White
cb16c64540 Call out the issue of copied code for C/C++ example code in the C/C++ CodeQL Tests README.md (where we talk about it for tests). 2021-02-08 19:58:36 +00:00
Alexander Eyers-Taylor
7583904046 Update the language specification to allow empty var_decls 
This is a degenerate form that is accepted in the compiler even if they don't make much sense. 

Fixes #5060
 2021-02-08 18:54:13 +00:00
Taus Brock-Nannestad
c59b5c98cb Python: Replace use of AttrNode with getMember 2021-02-08 19:14:11 +01:00
Arthur Baars
a752491c5f Add flow steps for loop 'return' values 2021-02-08 19:06:07 +01:00
Arthur Baars
adb88df638 Add flow steps for conditional and case expressions 2021-02-08 19:00:47 +01:00
Arthur Baars
c991d550cd AST: add Statement and ReturningStatement 2021-02-08 19:00:47 +01:00
Taus Brock-Nannestad
72a699e099 Python: Add CallCfgNode class and rewrite using that class 
I prefer this name to `CfgCallNode` as the latter will make
autocomplete more difficult.
 2021-02-08 16:55:18 +01:00
Asger Feldthaus
b278233a94 JS: Mention all versions of Angular are supported 2021-02-08 15:45:46 +00:00
Taus Brock-Nannestad
46eb3fd10a Python: Even more API::Node pushing. 2021-02-08 14:22:42 +01:00
Taus
c0c2aa69b3 Merge branch 'main' into python-port-flask-to-api-graphs 2021-02-08 14:17:25 +01:00
Taus Brock-Nannestad
2c4a477a4e Python: Support moduleImport("dotted.name") in API graphs 2021-02-08 14:08:34 +01:00
Taus
738d1bc3d4 Python: More use of API::Node 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-02-08 14:08:16 +01:00
haby0
97690b4eb7 Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-02-08 19:15:28 +08:00
Tamas Vajk
bd50ed975f Fix doc comment 2021-02-08 11:18:37 +01:00
CodeQL CI
8a2e063af7 Merge pull request #5107 from asgerf/js/json-in-script-tag 
Approved by erik-krogh
codeql-cli/v2.4.4 		2021-02-08 09:52:53 +00:00
Erik Krogh Kristensen
504db8739d fix typo in execa change-note file name 2021-02-08 10:00:26 +01:00
Erik Krogh Kristensen
8ca75e41d2 add change note 2021-02-08 09:59:45 +01:00