hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-13 11:06:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,711 Branches 162 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
intrigus
1eb2b75389 Java: Further reduce FPs, simply Flag2Guard flow 2021-01-11 13:42:08 +01:00
intrigus
b4692734b2 Java: Add QLDoc improve query message 2021-01-11 13:42:08 +01:00
intrigus-lgtm
f4b912cd8a Apply suggestions from doc review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:08 +01:00
intrigus
e11304a1ca Java: Autoformat 2021-01-11 13:42:08 +01:00
intrigus-lgtm
b8f3e64a0f Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:08 +01:00
intrigus
502e4c39f5 Java: Fix Qhelp 2021-01-11 13:42:08 +01:00
intrigus-lgtm
355cb6eeec Fix Qhelp format 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-01-11 13:42:07 +01:00
intrigus-lgtm
10fc2cf9f8 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-01-11 13:42:07 +01:00
intrigus
c88f07dde4 Java: Accept test output 2021-01-11 13:42:07 +01:00
intrigus
33b0ff28d8 Java: Update test 2021-01-11 13:42:07 +01:00
intrigus
9e2ef9bd74 Java: Filter results by feature flags. 
This ignores results that are guarded by a feature flag
that suggests an intentionally insecure feature.
Inspired by Go's `InsecureFeatureFlag.qll` and
`DisabledCertificateCheck.ql`.
 2021-01-11 13:42:07 +01:00
intrigus
a62a2e58dd Java: Improve QL-Doc 2021-01-11 13:42:07 +01:00
intrigus
d98b171998 Java: Make EnvTaintedMethod public + QL-Doc 2021-01-11 13:42:07 +01:00
intrigus
e021158b5f Java: Tighter model of HostnameVerifier#verify 
This more tightly models `HostnameVerifier#verify` previously it
was possible to accidentally match other methods called `verify`.
 2021-01-11 13:42:07 +01:00
intrigus
0a9df07df7 Apply suggestions from review. 2021-01-11 13:42:07 +01:00
intrigus
70b0703952 Java: Remove overlapping code 2021-01-11 13:42:07 +01:00
intrigus
3da1cb0879 Java: Add unsafe hostname verification query 2021-01-11 13:42:07 +01:00
intrigus
8df5d77398 Java: Model HostnameVerifier method 
Model `HostnameVerifier#setDefaultHostnameVerifier`
 2021-01-11 13:42:06 +01:00
Anders Schack-Mulligen
3a2dd8f1ed Merge pull request #4867 from RasmusWL/java-externalapis-taint-step 
Java: Fix taint-step handling for untrusted-data-external-api
 2021-01-11 13:36:59 +01:00
madneal
4e373aaf29 replace error with errors 2021-01-11 19:38:27 +08:00
Rasmus Wriedt Larsen
7d94bab75e Merge branch 'main' into django-request-handler-without-route 2021-01-11 12:24:41 +01:00
madneal
e0fc9bac08 add error for shotString 2021-01-11 19:15:22 +08:00
Rasmus Wriedt Larsen
828bb9a902 Python: Small refactor for request param modeling in Django 2021-01-11 11:29:54 +01:00
Esben Sparre Andreasen
580a24e982 JS: rewrite js/incomplete-multi-character-sanitization 2021-01-11 11:26:45 +01:00
Rasmus Wriedt Larsen
141b9adc4d Python: Minor refactoring 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-11 11:18:59 +01:00
Arthur Baars
03d407e50d Merge pull request #82 from github/more_exprs 
Add AST library for control expressions (conditionals and loops)
 2021-01-11 10:35:37 +01:00
Geoffrey White
cf1d1dc5c0 C++: Remove old tags. 2021-01-11 09:31:06 +00:00
Mathias Vorreiter Pedersen
46393c33ef C++: Fix bad join orders introduced in previous commit. 2021-01-11 09:19:58 +01:00
madneal
1e2487320c address #4932,fix for errors of Binding behavior 2021-01-09 21:38:25 +08:00
Mathias Vorreiter Pedersen
a00bd7ae02 C++: Respond to review comments. 2021-01-08 19:47:02 +01:00
Geoffrey White
70ce5fde75 C++: Improve metadata for GlobalNamespaceClasses.ql. 2021-01-08 18:27:06 +00:00
Geoffrey White
a6937beee3 Merge branch 'main' into sqltaint 2021-01-08 17:27:43 +00:00
Geoffrey White
7f0209f72e Merge branch 'main' into modelclasses 2021-01-08 17:11:25 +00:00
Shati Patel
b794fcb841 Merge pull request #4925 from shati-patel/fix-links 
Fix broken links in CodeQL documentation
 2021-01-08 16:35:15 +00:00
Shati Patel
53c46edc1c Address review comments 2021-01-08 15:20:40 +00:00
Rasmus Wriedt Larsen
00c253a710 Java: Don't ignore local taint steps (fixup) 2021-01-08 15:29:01 +01:00
luchua-bc
39103af718 Remove additional taint step 2021-01-08 13:02:57 +00:00
Nick Rolfe
6d7efab820 Add ConditionalLoop base class 2021-01-08 12:20:08 +00:00
Arthur Baars
c68f6a7f2e Merge pull request #84 from github/aibaars/codeql-threads 
Actions: apply CODEQL_THREADS to all steps
 2021-01-08 13:19:01 +01:00
Nick Rolfe
6465c90a16 Rename IfOrElsifExpr to IfExpr; remove child classes 2021-01-08 11:53:15 +00:00
Anders Schack-Mulligen
e5b4975450 Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs 
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
 2021-01-08 12:41:34 +01:00
Nick Rolfe
15785b4535 Add db base type for CaseExpr::Range 2021-01-08 11:31:43 +00:00
Tamás Vajk
136e5c93d1 Merge pull request #4672 from tamasvajk/feature/extract-anon-types 
C#: Extract anonymous types explicitly
 2021-01-08 11:54:37 +01:00
Arthur Baars
4ef4053385 Actions: apply CODEQL_THREADS to all steps 2021-01-08 10:25:25 +01:00
CodeQL CI
807fc94627 Merge pull request #4921 from erik-krogh/moreShellSan 
Approved by esbena
 2021-01-08 00:58:26 -08:00
Tamas Vajk
800fd94572 Add DB upgrade folder 2021-01-08 08:20:49 +01:00
Tamas Vajk
056dbe31d5 C#: Remove throw completion from StringLiteral 2021-01-08 08:14:08 +01:00
Erik Krogh Kristensen
6423c32990 Update javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-07 22:02:39 +01:00
Nick Rolfe
6efebf1e36 Merge remote-tracking branch 'origin/main' into more_exprs 2021-01-07 19:02:50 +00:00
Nick Rolfe
6c0804c1af Address feedback on CFG change 2021-01-07 19:02:37 +00:00