hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,690 Branches 160 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
64f19637d4 Address review comments 2022-01-24 13:33:18 +01:00
Erik Krogh Kristensen
823cadecd5 add CWE-219 to js/exposure-of-private-files 2022-01-24 13:22:06 +01:00
Edoardo Pirovano
413c0a8f4f Merge pull request #7673 from github/post-release-prep/codeql-cli-2.7.6 
Post-release preparation for codeql-cli-2.7.6
lgtm/v1.30.0 		2022-01-24 11:59:51 +00:00
Mathias Vorreiter Pedersen
7db66055e5 C++: Add change note. 2022-01-24 11:57:25 +00:00
Mathias Vorreiter Pedersen
08379df613 C++: Add 'security' tag to 'cpp/return-stack-allocated-memory'. 2022-01-24 11:43:38 +00:00
Geoffrey White
4c99d39acf Merge pull request #7701 from MathiasVP/remove-intentional-get-stack-pointer 
C++: Remove FPs from `cpp/return-stack-allocated-memory`
 2022-01-24 11:39:10 +00:00
Geoffrey White
588447d596 C++: Fix up isParameterDeref. 2022-01-24 11:06:24 +00:00
Arthur Baars
78b4d7cbb5 Ruby: remove redundant cast 2022-01-24 11:27:31 +01:00
Arthur Baars
0cef887683 Ruby: address comments 2022-01-24 11:27:26 +01:00
Geoffrey White
683f909f7a Merge pull request #7704 from geoffw0/clrtxt4 
C++: Another improvement to cpp/cleartext-transmission
 2022-01-24 10:11:11 +00:00
Erik Krogh Kristensen
ab1bc685bb add CWE-80 to queries that detect bad HTML sanitizers 2022-01-24 11:01:17 +01:00
Stephan Brandauer
02db472209 consistent notation 2022-01-24 10:58:06 +01:00
Anders Schack-Mulligen
7af6dc7164 Merge pull request #7702 from atorralba/atorralba/fix-jndi-injection-sinks 
Java: Remove some JNDI Injection sinks
 2022-01-24 10:53:58 +01:00
Stephan Brandauer
8be58fe01e Fix comment to avoid summarizing implementation 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2022-01-24 10:47:28 +01:00
Arthur Baars
5df1f7a0c3 Ruby: use CfgNodes classes to implement case value to pattern variable taint steps 2022-01-24 10:31:08 +01:00
Arthur Baars
7d7e9ba9e1 Ruby: add CasePattern classes to CfgNodes 2022-01-24 10:31:08 +01:00
Arthur Baars
e9a01f9e8f Ruby: fix test case 2022-01-24 10:31:08 +01:00
Arthur Baars
634c8cd060 Ruby: Generalize CfgNodes::ChildMapping 2022-01-24 10:31:08 +01:00
Arthur Baars
fcec8a8388 Address comments 2022-01-24 10:31:08 +01:00
Arthur Baars
ab4935fe68 Ruby: fix some alerts 2022-01-24 10:31:08 +01:00
Arthur Baars
7630b277b8 Ruby: update AST and CFG test data 2022-01-24 10:31:08 +01:00
Arthur Baars
26a0167d6d Ruby: add taint step test for hash patterns 2022-01-24 10:31:06 +01:00
Arthur Baars
49c452239e Ruby: add taint steps from case value to variables in patterns 2022-01-24 10:10:22 +01:00
Arthur Baars
77a3e4bd61 Ruby: CFG: fix completion of AsPattern variable 2022-01-24 10:10:22 +01:00
Stephan Brandauer
b277731312 add a predicate to recognize path arguments in calls to the fs-extra lib 2022-01-24 09:40:22 +01:00
Tony Torralba
908b7c43f2 Fix stubs 2022-01-24 09:34:43 +01:00
Anders Schack-Mulligen
9bd2ac96ea Merge pull request #7705 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-24 09:14:35 +01:00
Anders Schack-Mulligen
b4bf7a1561 Merge pull request #7698 from aschackmull/java/bitwise-assignop-guards 
Java: Add support for bitwise compound assignments in Guards.
 2022-01-24 09:11:53 +01:00
github-actions[bot]
020970ff4c Add changed framework coverage reports 2022-01-24 00:09:45 +00:00
Harry Maclean
8419daad03 Ruby: Add subclassing support to API Graphs 
Given the code

    class A; end
    class B < A; end
    class C < A; end

You can find uses of B and C with the expression

    API::getTopLevelMember("A").getASubclass()
 2022-01-24 12:21:39 +13:00
luchua-bc
27043a09b3 File path injection with the JFinal framework 2022-01-23 18:07:48 +00:00
Andrew Eisenberg
aee9eb5203 Apply docs fixes 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2022-01-21 11:35:15 -08:00
Aditya Sharad
67e3f5edbc Merge pull request #7685 from adityasharad/merge/3.3-3.4 
Merge rc/3.3 into rc/3.4
 2022-01-21 10:49:19 -08:00
Tom Hvitved
85e1cda81b Ruby: Distinguish symbols from strings in ConstantValue 2022-01-21 19:16:12 +01:00
Harry Maclean
8e40899dfd Merge pull request #7419 from github/hmac/const-get 2022-01-22 07:01:09 +13:00
Harry Maclean
2fa18801aa Merge pull request #7665 from github/hmac/barrier-guard-array-const 2022-01-22 06:59:51 +13:00
Geoffrey White
4326e6f706 C++: Split 'gets' model and make it a local source. 2022-01-21 17:29:49 +00:00
Geoffrey White
79735f5ac5 C++: Add test case. 2022-01-21 17:29:48 +00:00
Tony Torralba
78d7e538a5 Remove some JNDI Injection sinks 
Add tests and stubs
 2022-01-21 17:47:15 +01:00
Henry Mercer
c41de33156 Merge pull request #7700 from github/henrymercer/js-atm-fix-xss-results-pattern 
JS: Fix copy/paste error in XSS ML-powered queries results patterns
 2022-01-21 16:18:33 +00:00
Geoffrey White
0b98397e9b C++: Catch another encryption clue. 2022-01-21 16:16:16 +00:00
Geoffrey White
97447d0b3a C++: Expand tests. 2022-01-21 16:16:15 +00:00
Tony Torralba
4df0f399cd Move ContentProvider models to the appropriate file 2022-01-21 16:55:43 +01:00
Tony Torralba
c6dd7ddf7a Fix stub 2022-01-21 16:55:43 +01:00
Tony Torralba
4f253590f1 Fix method name in LocalDatabaseOpenMethodAccess 2022-01-21 16:55:43 +01:00
Tony Torralba
652a1d2dc2 Fix wrongly resolved rebase conflicts 2022-01-21 16:55:43 +01:00
Tony Torralba
5cf664411b Remove unneeded nonSuspicious values 2022-01-21 16:55:43 +01:00
Tony Torralba
baa1f71a53 Add QLDoc 2022-01-21 16:55:43 +01:00
Tony Torralba
4e4f619ae4 Update java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-21 16:55:43 +01:00
Tony Torralba
c5ed5fcaac Apply suggestions from code review 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-21 16:55:42 +01:00