hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-27 20:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,697 Branches 161 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
03b26f7ebe Python: Remove excessive type pruning 2020-06-18 13:58:47 +02:00
Esben Sparre Andreasen
ab01dda559 JS: another qhelp fixup 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
c9f60d4c97 JS: add lodash sinks for js/resource-exhaustion 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
96160a6334 JS: fixup qhelp 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
3f67e90374 JS: rename query, support timeouts, add documentation, add to suite 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
d9d8eb4805 JS: avoid type inference in the taint steps (just a nice to have) 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
fa4e8914e6 JS: fixups 2020-06-18 13:00:45 +02:00
Esben Sparre Andreasen
7b97fd07a8 JS: add query js/memory-exhaustion 2020-06-18 13:00:45 +02:00
Robin Neatherway
17d36cf363 Exclude dependency-based query from C# Code Scanning 
This query overlaps with tools such as dependabot.
 2020-06-18 11:29:15 +01:00
Esben Sparre Andreasen
44aa182d0d Update change-notes/1.25/analysis-javascript.md 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-18 10:14:16 +02:00
Esben Sparre Andreasen
5e31f3a34e JS: polish js/disabling-certificate-validation 2020-06-18 09:07:08 +02:00
Rasmus Lerchedahl Petersen
1562f5c69a Python: General comment on dataflow 
between SSA variables and control flow nodes
 2020-06-18 07:52:29 +02:00
Rasmus Lerchedahl Petersen
d283919b92 Python: implemented ParameterNode, updated test 2020-06-18 07:45:16 +02:00
ubuntu
41c029567f Add CodeQL query to detect Log Injection in JS code 2020-06-17 21:16:24 +02:00
Erik Krogh Kristensen
27a20b263e Merge branch 'https-fix' of github.com:erik-krogh/ql into https-fix 2020-06-17 21:06:21 +02:00
Erik Krogh Kristensen
7a1c161e9e Merge branch 'js-team-sprint' into https-fix 2020-06-17 21:04:44 +02:00
Erik Krogh Kristensen
218338b4f1 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-17 21:04:00 +02:00
Erik Krogh Kristensen
73f26956a6 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-17 21:03:09 +02:00
Rasmus Lerchedahl Petersen
c20219c2b9 Python: more local flow and more tests 2020-06-17 20:48:06 +02:00
Geoffrey White
35487ff109 Merge branch 'master' into stringtest 2020-06-17 19:00:26 +01:00
Erik Krogh Kristensen
bdda587247 Merge branch 'js-team-sprint' into build-leaks 2020-06-17 19:51:30 +02:00
ubuntu
c490cfdfa5 Create another branch 2020-06-17 19:51:14 +02:00
Erik Krogh Kristensen
6d6f29eb85 Merge pull request #3726 from erik-krogh/bad-code-polish 
JS: Bad code polish
 2020-06-17 19:45:37 +02:00
ubuntu
4ccfdef71d Add CodeQL query to detect Log Injection in JS code 2020-06-17 19:44:58 +02:00
Geoffrey White
174fdadbf5 Merge branch 'master' into stringtest 2020-06-17 18:24:30 +01:00
Rasmus Lerchedahl Petersen
ce57a28c8f Python: Use CallableValue and improve tests 2020-06-17 19:12:10 +02:00
Geoffrey White
03c6d7a7e5 Merge pull request #3654 from jbj/controlsBlock-perf 
C++: Speed up IRGuardCondition::controlsBlock
 2020-06-17 17:53:10 +01:00
Rasmus Lerchedahl Petersen
f24dc69e1d Python: add flow from ArgumentNodes 2020-06-17 18:36:50 +02:00
Rasmus Lerchedahl Petersen
a45b5a7d3c Python: Implemented return node 
but I think they receive no flow
 2020-06-17 17:41:43 +02:00
Tom Hvitved
ad56f17246 Merge pull request #2 from aschackmull/dataflow/content-type-tracking 
Dataflow: Record content types
 2020-06-17 17:26:04 +02:00
Erik Krogh Kristensen
a465fef7aa shorten sentence in qhelp 2020-06-17 17:24:18 +02:00
Anders Schack-Mulligen
74eab3cbc0 Dataflow: Fix qltest. 2020-06-17 17:23:35 +02:00
Erik Krogh Kristensen
7aa911b9f4 add reference to cwe-116 in change-note 2020-06-17 17:20:46 +02:00
Erik Krogh Kristensen
abd9aab109 code-injection -> code injection 2020-06-17 17:20:46 +02:00
Erik Krogh Kristensen
45e2b94eb5 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-17 17:19:44 +02:00
Erik Krogh Kristensen
69888f90c6 add dot after bullet-point 2020-06-17 17:15:39 +02:00
Anders Schack-Mulligen
cedfaf6aaf Dataflow: autoformat 2020-06-17 17:09:55 +02:00
Anders Schack-Mulligen
543ab71dfe Dataflow: minor review fixes. 2020-06-17 17:03:22 +02:00
Rasmus Lerchedahl Petersen
25d624d64b Python: Implement parameter nodes 2020-06-17 16:59:19 +02:00
Geoffrey White
33fab08975 C++: Autoformat. 2020-06-17 15:53:05 +01:00
Dave Bartolomeo
687d6d2643 C++: Replace TRawInstruction() calls 
Replace most direct calls to `TRawInstruction()` with calls to `getInstructionTranslatedElement()` and `getInstructionTag()`, matching existing practice. One tiny RA diff in an inconsequential join order in `getInstructionVariable`.
 2020-06-17 10:52:32 -04:00
Geoffrey White
833f5b0cf3 C++: Add flow through assignment operators. 2020-06-17 15:47:37 +01:00
Geoffrey White
b9a65581ce C++: Some constructors should have dataflow instead of taint. 2020-06-17 15:47:37 +01:00
Geoffrey White
031c9b98f1 C++: General taint flow through constructors. 2020-06-17 15:47:37 +01:00
Geoffrey White
30151c99d7 C++: Remove the std::string Constructor model. 2020-06-17 15:43:58 +01:00
Rasmus Lerchedahl Petersen
8e51b2fed8 Python: refactor test for global flow 2020-06-17 16:43:11 +02:00
Geoffrey White
d565cfc58e C++: Add a test of default constructors etc. 2020-06-17 15:41:36 +01:00
Geoffrey White
c196ea24b2 C++: Add taint tests of class constructors and assignment. 2020-06-17 15:41:00 +01:00
Geoffrey White
ea9e9a7a26 C++: Add taint tests of std::string constructors and assignment. 2020-06-17 15:41:00 +01:00
Dave Bartolomeo
c1016743a5 C++: Remove instructionOrigin() 
This noopt predicate is no longer necessary. It's equivalent to `instruction = TRawInstruction(element, tag)`, which is already materialized and has a more favorable column order anyway.
 2020-06-17 10:25:59 -04:00