hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,689 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
6065e29aba Fix performance issues related to a x-product between ActiveRecordModelInstantiation and MethodCall 2021-10-07 15:30:36 +01:00
Alex Ford
43a49689d7 reorganize ActiveRecord field access heuristics 2021-10-07 15:30:36 +01:00
Alex Ford
8f81eaa79c format 2021-10-07 15:30:36 +01:00
Alex Ford
b2434950d3 abstract away some ActiveRecord specific parts of XSS.qll 2021-10-07 15:30:36 +01:00
Alex Ford
6a32c0cde0 update XSS tests 2021-10-07 15:30:36 +01:00
Alex Ford
6dc3ce335b make rb/stored-xss track ActiveRecord db accesses 2021-10-07 15:30:36 +01:00
Alex Ford
f6dd6bb00c expand ActiveRecord modelling to cover how to access fields 2021-10-07 15:30:36 +01:00
Alex Ford
eb5f26ce06 duplicate DataFlow implementation 2021-10-07 15:30:36 +01:00
Alex Ford
a2084f813e rb/stored-xss structure and initial implementation (FileSystemReadAccess sources) 2021-10-07 15:30:36 +01:00
Chris Smowton
9a80ab31c4 Merge pull request #6567 from luchua-bc/java/sensitive_android_file_leak 
Java: CWE-200 - Query to detect exposure of sensitive information from android file intent
 2021-10-07 15:19:39 +01:00
Chris Smowton
39640efc9b Remove no-longer-needed TaintPreservingCallables and update test expectations 2021-10-07 14:33:39 +01:00
Anders Schack-Mulligen
2b88a2aa0c Dataflow: Fix qldoc: s/accesspath/access path/. 2021-10-07 14:46:24 +02:00
Anders Schack-Mulligen
f885751107 Java: Add change note. 2021-10-07 14:42:19 +02:00
Tom Hvitved
764a987b09 C#: Speedup GVN string concats by pulling ranges into separate predicates 2021-10-07 13:51:05 +02:00
haby0
538bf7c321 Update python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-07 19:44:25 +08:00
Anders Schack-Mulligen
fc69acee46 Java: Add test. 2021-10-07 13:28:02 +02:00
Nick Rolfe
253064144b Tweak alert wording. 
This reflects the fact that the query finds results where validation is
only disabled under certain conditions.
 2021-10-07 12:06:53 +01:00
Tom Hvitved
1c08592637 Merge pull request #329 from github/hvitved/dataflow/synth-return 
Data flow: Add a synthetic return node
 2021-10-07 13:06:39 +02:00
Chris Smowton
b7448d55ed Introduce TaintInheritingContent instead of using parts of DataFlowPrivate 2021-10-07 11:20:19 +01:00
Henry Mercer
4b069d41f6 Merge pull request #6818 from github/henrymercer/js/add-classify-files-to-library-pack 
JS: Move `ClassifyFiles.qll` to library pack
 2021-10-07 11:18:20 +01:00
Tom Hvitved
c540615223 HardcodedCredentials: Add test for default parameter values 2021-10-07 11:57:57 +02:00
CodeQL CI
a0dd3d9e75 Merge pull request #6815 from asgerf/js/adjust-security-severity-scores 
Approved by erik-krogh, esbena
 2021-10-07 02:36:19 -07:00
Sebastian Bauersfeld
f651bc3668 Adjust locations of results in JSP files. This is necessary due to known limitations in VSCode which cause locations with zero character indices to be mapped to invalid ranges. This is hopefully a temporary workaround until this problem has been properly addressed. 2021-10-07 12:45:21 +07:00
Dave Bartolomeo
d8d9073bc2 Merge pull request #6826 from github/aeisenberg/add-library 2021-10-06 20:18:39 -04:00
Andrew Eisenberg
e2b1f6ac50 Packaging: Add library flag to upgrades packs 
This flag was missing. It should be there. Otherwise, this
pack cannot be built.
 2021-10-06 14:29:55 -07:00
Nick Rolfe
ffda527da9 Tidy up 2021-10-06 18:07:29 +01:00
Dave Bartolomeo
0452512de2 Merge pull request #6820 from github/aeisenberg/gitignore 
Ignore .codeql folder
 2021-10-06 12:59:45 -04:00
Chris Smowton
f88c8a64a1 Copyedit 2021-10-06 17:37:21 +01:00
Chris Smowton
b33daa3d3a Update Intent model tests, and fix models where required 2021-10-06 17:09:47 +01:00
Chris Smowton
4be2347a30 Adapt to use the new shared Intent models 2021-10-06 16:15:18 +01:00
Henry Mercer
83cbc86f50 JS: Move ClassifyFiles.qll to library pack 
This allows us to use this library in packs that depend on the
`codeql/javascript-all` library pack.
 2021-10-06 16:08:06 +01:00
Andrew Eisenberg
c9c45808b4 Merge pull request #6819 from github/aeisenberg/javascript/fix-compile-errors 
Fixes compile errors by moving files
 2021-10-06 07:59:50 -07:00
Tom Hvitved
953821c443 Avoid potential tuple explosion in reverse type tracking 2021-10-06 15:21:43 +02:00
Tom Hvitved
fdf1cd38fd Data flow: Add a synthetic return node 2021-10-06 15:21:43 +02:00
Nick Rolfe
1ce458fa33 Add query to find HTTP requests that disable SSL validation 2021-10-06 14:06:09 +01:00
Chris Smowton
91d8b3da23 Sort Intent models 2021-10-06 12:30:40 +01:00
Chris Smowton
f24e310ace Update test expectation details 2021-10-06 12:25:23 +01:00
Chris Smowton
ffdfc0549a Update comment 2021-10-06 12:17:49 +01:00
luchua-bc
987bfa6ca7 Update condition check and qldoc 2021-10-06 12:17:49 +01:00
luchua-bc
8c2fddb297 Update the condition check and use DataFlow in the ql file 2021-10-06 12:17:49 +01:00
Chris Smowton
b0e652a3af Remove AsyncTask models 2021-10-06 12:17:49 +01:00
Chris Smowton
9e0cf5a2fd Update test expectations to include subpaths 2021-10-06 12:17:49 +01:00
Chris Smowton
3607d50994 Update remote flow source locations 2021-10-06 12:17:46 +01:00
luchua-bc
02bfa1ca57 Optimize the query 2021-10-06 12:16:04 +01:00
luchua-bc
0621e65827 Query to detect exposure of sensitive information from android file intent 2021-10-06 12:16:04 +01:00
Dave Bartolomeo
91b2ee2f10 Merge pull request #6822 from github/lgtm.com 
Make sure the lgtm.com branch is an ancestor of rc/3.3
 2021-10-06 06:58:13 -04:00
Geoffrey White
4c6f4ef14b Revert "C++: change note" and "C++: Exclusion rules for system macros" 
This reverts commit a055c86c4f.
This reverts commit 237a7d34b8.
 2021-10-06 10:21:19 +01:00
Harry Maclean
c50a6c180f Merge pull request #318 from github/hmac-open-query 
Add a query for uses of `Kernel.open` and `IO.read`
 2021-10-06 10:05:43 +01:00
Anders Schack-Mulligen
d0b307ecfb Merge pull request #6103 from atorralba/atorralba/promote-insecure-javamail 
Java: Promote Insecure JavaMail SSL Configuration from experimental
 2021-10-06 09:24:11 +02:00
Anders Schack-Mulligen
9505846088 Merge pull request #6821 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-10-06 09:06:14 +02:00