hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,690 Branches 160 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
b17f844f35 python: New generated files 2022-01-19 13:36:32 +01:00
Geoffrey White
974a8b1a9a C++: Add a test case. 2022-01-19 12:33:21 +00:00
Henry Mercer
d467725ccd JS: Bump ML-powered query packs to v0.0.5 2022-01-19 12:08:33 +00:00
Michael Nebel
3df30545d3 Merge pull request #7628 from michaelnebel/csharp/issue-7609 
C#: Fix false positive alert for shadowing on record types.
 2022-01-19 12:24:57 +01:00
Tom Hvitved
71ddd00a6c C#: Workaround Roslyn bug in INamedTypeSymbol.TupleElements 2022-01-19 11:33:03 +01:00
Michael Nebel
edafdc8fde C#: Added change note. 2022-01-19 11:04:53 +01:00
Michael Nebel
194da454b1 C#: Add record deconstruct method as an exception from the bad practice rule. 2022-01-19 11:04:53 +01:00
Michael Nebel
2eea6ca5fd C#: Example record type with autogenerated Deconstruct method. 2022-01-19 11:04:53 +01:00
Mathias Vorreiter Pedersen
bdfde88e99 Merge pull request #7630 from JarLob/patch-2 
C++: Reduce FPs in IncorrectPrivilegeAssignment.ql
 2022-01-19 09:49:43 +00:00
Erik Krogh Kristensen
ef2eacebce add a js/empty-password-in-configuration-file query 2022-01-19 10:48:45 +01:00
Michael Nebel
55f787bcae Merge pull request #7605 from michaelnebel/csharp/record-struct 
C#: Support for record structs
 2022-01-19 10:39:52 +01:00
Harry Maclean
994fcf54b5 Merge pull request #7126 from jeffgran/jg/graphql-ruby 
Ruby: Add support for GraphQL
 2022-01-19 22:19:30 +13:00
Erik Krogh Kristensen
b7a0b8765e add js/http-dependency query 2022-01-19 10:05:39 +01:00
Harry Maclean
08d48b9375 Add top-level doc comment to GraphQL.qll 2022-01-19 21:42:46 +13:00
Tony Torralba
b2c7175ac5 Merge pull request #7641 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-19 09:34:01 +01:00
Tom Hvitved
f02aeafef1 Ruby: Move regex/non-regex split into TAstNode to convey disjointness 2022-01-19 09:22:01 +01:00
github-actions[bot]
f7240be136 Add changed framework coverage reports 2022-01-19 00:09:52 +00:00
Jaroslav Lobačevski
a1b0315d90 Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 2022-01-19 00:52:10 +01:00
Andrew Eisenberg
01b5881de6 Docs: Remove reference to checking out main branch 
We are no longer including information about how to check out
github/codeql, so this paragraph doesn't fit any more.
 2022-01-18 15:48:33 -08:00
Andrew Eisenberg
0cd6556964 Docs: Update analyzing databases docs 
Add more information about running packs. Include the `--download` flag.
 2022-01-18 15:03:08 -08:00
Andrew Eisenberg
7fcf567eda Docs: Simplify getting started docs 
It is no longer necessary to check out a version of `github/codeql` as
a sibling directory to the distribution. Instead, users can download
the required packs as needed. using the `pack download` command or
the `--download` option for `codeql database analyze`.
 2022-01-18 15:03:08 -08:00
Harry Maclean
4f7f92490a Distinguish regex components from strings 
Create a set of classes for components of regex literals,
separate from those of string literals. This allows us to special-case
components of free-spacing regexes (ones with the /x flag) to not have a
`getValueText()`.

This in turn is useful because our regex parser can't handle free-spacing
regexes, so excluding them ensures that we don't generate erroneous
ReDoS alerts.
 2022-01-19 11:23:40 +13:00
Jaroslav Lobačevski
3fa2516898 Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 2022-01-18 21:47:55 +01:00
Jaroslav Lobačevski
d1c89562b8 Apply suggestions from code review 2022-01-18 21:45:13 +01:00
Chris Smowton
84097468cc Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch 
Java: CWE-552 Query to detect unsafe request dispatcher usage
 2022-01-18 18:19:20 +00:00
Henry Mercer
63672ca394 Merge pull request #7616 from github/henrymercer/js-atm-add-query-help 
JS: Add query help for ML-powered queries
 2022-01-18 18:11:53 +00:00
Chris Smowton
1e32514600 Avoid using this for a non-extending supertype, and remove needless casts 2022-01-18 17:20:40 +00:00
Benjamin Muskalla
9e91b805d6 Sort Lang3 models 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
e6800c877c Merge Lang3 rows 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
736e68820c Split out Lang3 models 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
67b60dcf78 Sort Lang2 rows 2022-01-18 18:10:36 +01:00
Benjamin Muskalla
82bda6d573 Merge Lang2 summary models 2022-01-18 18:10:36 +01:00
Benjamin Muskalla
8eb6743586 Split out Lang2 rows 2022-01-18 18:10:33 +01:00
Chris Smowton
d744cf9053 Clean up guard logic: 
* Always sanitize after the second guard, not the first
* Only check basic-block dominance in one place
* One BarrierGuard extension per final guard
 2022-01-18 17:10:06 +00:00
Chris Smowton
748008ad51 Remove dangling reference to UnsafeRequestPath.java 2022-01-18 17:08:38 +00:00
luchua-bc
a3d65a8ed0 Update recommendation in qldoc and make examples more comprehendible 2022-01-18 17:01:26 +00:00
Geoffrey White
982fb8f73a C++: Add change note. 2022-01-18 16:38:44 +00:00
Robert Marsh
024bd27485 Merge pull request #7578 from MathiasVP/store-dest-should-not-be-use 
C++: Store destinations should not be uses for dataflow SSA
 2022-01-18 11:36:15 -05:00
Jeff Gran
47697f59c1 Ruby: Add classes for detecting user input from graphql-ruby 2022-01-18 09:13:58 -07:00
CodeQL CI
1912c56f82 Merge pull request #7631 from RasmusWL/sqlalchemy-scoped-session 
Approved by tausbn
 2022-01-18 14:31:49 +00:00
Rasmus Wriedt Larsen
95e935e9c1 Python: Support SQLAlchemy scoped_session 2022-01-18 14:34:31 +01:00
Erik Krogh Kristensen
30d896bdbb QL: make the alert-message more precise when the type-cast is also redundant 2022-01-18 14:25:43 +01:00
Jaroslav Lobačevski
92f5a5f893 Reduce FPs in IncorrectPrivilegeAssignment.ql 
Implements suggestions from https://github.com/github/codeql/pull/6949#issuecomment-976482965
 2022-01-18 13:43:17 +01:00
Erik Krogh Kristensen
14d2f5fe02 QL: add a new ql/could-be-cast query 2022-01-18 13:37:32 +01:00
Erik Krogh Kristensen
a1f4c85dea QL: update expected output for the printAst test 2022-01-18 13:37:04 +01:00
Erik Krogh Kristensen
1ec868eeae QL: various improvements to Ast.qll 2022-01-18 13:23:33 +01:00
Erik Krogh Kristensen
95ae113994 QL: downgrade redundant-inline-cast to a warning query 2022-01-18 13:22:01 +01:00
Erik Krogh Kristensen
ea7945bac1 QL: show recommendation queries by default, and remove the MissingQLDoc query 2022-01-18 13:21:07 +01:00
Henry Mercer
be0c26f83d Merge pull request #7617 from github/henrymercer/js-atm-update-alert-messages 
JS: Update alert messages for ML-powered queries
 2022-01-18 11:37:02 +00:00
Mathias Vorreiter Pedersen
cb0cc8d859 Merge pull request #7625 from geoffw0/nullterm4 
C++: Fix some code duplication.
 2022-01-18 11:18:06 +00:00