hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-27 20:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,697 Branches 161 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
39137510ba Merge pull request #3736 from rneatherway/exclude-cs-vulnerable-package 
Exclude dependency-based query from C# Code Scanning
 2020-06-22 17:27:23 +02:00
Geoffrey White
466f36c7e1 C++: Autoformat. 2020-06-22 16:04:32 +01:00
Rasmus Wriedt Larsen
d5895c16c8 Python: Changing signature in overriden method is not an error 
Rather, fulfiling the Liskov substitution principle is an opinionated
recommendation. Looking at `py/inheritance/incorrect-overridden-signature` and
`py/mixed-tuple-returns`, it seems very appropriate that this should have
`@severity recommendation`, and `@sub-severity high`.
 2020-06-22 16:58:52 +02:00
Rasmus Lerchedahl Petersen
e8289d6fa1 Python: add regression tests and organise tests 2020-06-22 16:36:19 +02:00
Asger Feldthaus
5cd2c7cdb2 JS: Reduce precision of js/unused-npm-dependency 2020-06-22 15:25:24 +01:00
Rasmus Lerchedahl Petersen
aa04a2a476 Python: sync dataflow files 2020-06-22 14:56:11 +02:00
Esben Sparre Andreasen
d4ad9a8bb2 Update change-notes/1.25/analysis-javascript.md 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-22 14:55:27 +02:00
Rasmus Lerchedahl Petersen
656c76558a Merge branch 'master' of github.com:github/codeql into SharedDataflow 
To sync dataflow files
 2020-06-22 14:55:04 +02:00
Esben Sparre Andreasen
9a0bbb31f4 Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" 
This reverts commit eca5e2df8a, reversing
changes made to 1548eca994.
 2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen
0a8d15ccc4 Revert "Merge pull request #3672 from esbena/js/server-crashing-route-handler" 
This reverts commit 243e3ad9e3, reversing
changes made to df79f2adc5.
 2020-06-22 14:45:35 +02:00
Esben Sparre Andreasen
3be094ea5b JS: polish js/incomplete-html-attribute-sanitization 2020-06-22 14:35:00 +02:00
Rasmus Lerchedahl Petersen
13bb971b05 Python: sort out some enclosing callable confusion 2020-06-22 14:26:25 +02:00
Jonas Jensen
5a5df4de26 Revert "Merge pull request #3419 from MathiasVP/flat-structs" 
There was unfortunately a semantic merge conflict between #3419 and
 #3587 that caused a performance regression on (at least) OpenJDK.

This reverts commit 982fb38807, reversing
changes made to b841cacb83.
 2020-06-22 14:09:06 +02:00
semmle-qlci
7a5aae7432 Merge pull request #3630 from erik-krogh/DevServer 
Approved by asgerf
 2020-06-22 12:59:13 +01:00
Asger F
56124b68a3 Update javascript/ql/src/Security/CWE-079/ExceptionXss.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-22 12:54:19 +01:00
Rasmus Wriedt Larsen
daa1b6fc79 Python: Fix grammar in QLDoc 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-06-22 13:41:03 +02:00
Rasmus Wriedt Larsen
287bc40264 Merge pull request #3743 from tausbn/python-fix-deprecated-terms 
Python: Fix a bunch of deprecated terms.
 2020-06-22 13:36:06 +02:00
semmle-qlci
7f29465f35 Merge pull request #3752 from erik-krogh/limitStr 
Approved by asgerf
 2020-06-22 12:31:49 +01:00
toufik-airane
4853b8a281 Try to finish the PR 
- Add help documentation
- Empty qll file
- rename examples
 2020-06-22 13:26:13 +02:00
semmle-qlci
e06a54c33d Merge pull request #3494 from hvitved/dataflow/partial-flow-access-path-limit 
Approved by aschackmull
 2020-06-22 12:09:00 +01:00
James Fletcher
5ebaa1d303 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-06-22 12:07:42 +01:00
Rasmus Lerchedahl Petersen
8d564e06d7 Python: sync data flow files 2020-06-22 12:16:11 +02:00
Geoffrey White
104298e09a Merge branch 'master' into models5 2020-06-22 10:59:15 +01:00
Asger Feldthaus
1edb2a1892 JS: Rephrase XSS queries that use exception/dom text as source 2020-06-22 10:44:46 +01:00
Calum Grant
f2f020fa51 Merge pull request #3610 from hvitved/csharp/dataflow/call-sensitivity 
C#: Add call-sensitivity to data-flow call resolution
 2020-06-22 10:36:45 +01:00
Rasmus Lerchedahl Petersen
94a828aca2 Merge branch 'master' of github.com:github/codeql into SharedDataflow 
To avoid CodeScan check failing
 2020-06-22 11:29:00 +02:00
Rasmus Lerchedahl Petersen
b65e6fba9e Python: attempt at capturing maximal flows 
(this is what used to be "all flows")
 2020-06-22 11:28:28 +02:00
Esben Sparre Andreasen
0654823b97 Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen
f1dad0d6e0 Update DisablingCertificateValidation.qhelp 2020-06-22 11:24:33 +02:00
Esben Sparre Andreasen
3e898487e8 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-22 11:23:40 +02:00
Rasmus Lerchedahl Petersen
cc8367bff2 Python: update readme with lessons learned 2020-06-22 11:22:32 +02:00
Anders Schack-Mulligen
71665a02fa Merge pull request #3737 from Marcono1234/patch-1 
Simplify NoAssignInBooleanExprs.ql
 2020-06-22 10:46:00 +02:00
Erik Krogh Kristensen
8d1b080d78 limit size of getStringValue 2020-06-22 10:29:53 +02:00
Tom Hvitved
72e6c9c2b1 Data flow: Use accessPathLimit() in partial flow as well 2020-06-22 10:08:51 +02:00
Rasmus Lerchedahl Petersen
47819bbcda Python: obtain remaining expected flows 
- implement encosing callable for more nodes
 - implement extra flow for ESSA global variables
 2020-06-22 07:36:09 +02:00
Porcupiney Hairs
a519132407 add support for libxml2 2020-06-22 02:01:07 +05:30
toufik-airane
7166d5422e add test file for CWE-347 
Add a test file for CWE-347.
The HS256 algorithm is safe, but the none algorithm is unsafe.
 2020-06-20 17:10:35 +02:00
toufik-airane
8a2a33459a Merge branch 'master' of github.com:toufik-airane/codeql 2020-06-20 16:56:27 +02:00
toufik-airane
b0aaca0e1c JWT Missing Secret Or Public Key Verification 
Add an experimental CodeQL query.
 2020-06-20 16:54:41 +02:00
Taus Brock-Nannestad
5d5f1b487b Merge branch 'master' into python-fix-deprecated-terms 2020-06-19 21:59:17 +02:00
Asger F
eca5e2df8a Merge pull request #3702 from esbena/js/memory-exhaustion 
JS: add query js/memory-exhaustion
 2020-06-19 20:35:57 +01:00
Jonas Jensen
ac89559b20 Merge pull request #3744 from github/p0-patch-1 
Fix typo in cpp-security-extended.qls
 2020-06-19 21:19:20 +02:00
Pavel Avgustinov
00f1e57d0c Update cpp-security-extended.qls 2020-06-19 20:16:24 +01:00
Jonas Jensen
81d8dc15cd Merge pull request #3693 from geoffw0/stringtest 
C++: Add tests of char* -> std::string -> char* conversions.
 2020-06-19 21:12:33 +02:00
Taus Brock-Nannestad
410f4781b3 Python: Fix one last reference. 
This one got lost in the big renaming somehow.
 2020-06-19 20:15:01 +02:00
semmle-qlci
1548eca994 Merge pull request #3689 from erik-krogh/https-fix 
Approved by mchammer01
 2020-06-19 17:00:11 +01:00
Tom Hvitved
573d55a160 Merge pull request #3740 from github/codeql-analysis-yml 
Enable code scanning
 2020-06-19 17:57:52 +02:00
Taus Brock-Nannestad
48e3e9c0b4 Python: Do all the renames. 2020-06-19 17:02:47 +02:00
james
f02b54fcd2 docs: add more detailed qldoc style guide 2020-06-19 15:59:22 +01:00
Taus Brock-Nannestad
06d6913a20 Python: Change "sanity" to "consistency". 2020-06-19 16:55:59 +02:00