hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 21:21:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,688 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Edoardo Pirovano
18020707b8 QL Language Spec: Trailing comma in set literal 2021-09-27 15:57:39 +01:00
Rasmus Lerchedahl Petersen
3c1206f873 Python: Model more awaiting construcs 
in API graphs.
Some unsatisfactory lack of understanding here.
 2021-09-27 16:41:01 +02:00
Tom Hvitved
5219b1a8b9 Merge pull request #310 from github/hvitved/more-instanceof 
More uses of `instanceof` in the external/internal AST layer
 2021-09-27 16:11:04 +02:00
Harry Maclean
ca1fc44f21 Model the HTTPClient http client 2021-09-27 14:44:25 +01:00
Harry Maclean
3a4ddc4b4e Model the HTTParty http client 
We currently model direct calls like

    HTTParty.get("http://example.com")

but we don't yet handle calls on other classes that have included the
`HTTParty` module, like

    class MyClient
      include HTTParty
    end
    MyClient.get("http://example.com")
 2021-09-27 14:44:04 +01:00
Tom Hvitved
8018c1525d Merge pull request #314 from github/hvitved/setter-method-call-base 
Strengthen the type of `SetterMethodCall`
 2021-09-27 15:29:07 +02:00
Nick Rolfe
79c2f09585 Merge pull request #302 from github/rm_tokeninfo_idx 
Remove unused columns from tokeninfo tables
 2021-09-27 14:19:38 +01:00
Nick Rolfe
b2c4daecd5 Merge pull request #303 from github/nickrolfe/node_kind_id 
Use integer comparisons instead of strings when scanning ERB files
 2021-09-27 14:18:10 +01:00
Rasmus Lerchedahl Petersen
f6311bf051 Python: model other awaiting constructs 2021-09-27 14:32:55 +02:00
Rasmus Lerchedahl Petersen
15b07bfcc0 Python: Model sql executions 2021-09-27 14:15:58 +02:00
Tom Hvitved
317303cdad Strengthen the type of SetterMethodCall 2021-09-27 14:05:28 +02:00
Anders Schack-Mulligen
cfa0d46b73 Merge pull request #6097 from atorralba/atorralba/promote-xslt-injection 
Java: Promote XSLT Injection from experimental
 2021-09-27 13:14:57 +02:00
Anders Schack-Mulligen
e027d514f1 Merge pull request #6037 from atorralba/atorralba/promote-spel-injection 
Java: Promote SpEL Injection query from experimental
 2021-09-27 13:13:35 +02:00
Tony Torralba
d5f675c2dc Fix unbound field 
Add tests for non-exported providers
 2021-09-27 12:58:28 +02:00
Arthur Baars
2a4747b27e Merge pull request #313 from github/hmac-remove-unicode-char 
Remove unicode character from doc string
 2021-09-27 12:57:21 +02:00
Harry Maclean
3e100bc2a9 Remove unicode character from doc string 
We require that all source code is in ASCII.
 2021-09-27 11:40:04 +01:00
Rasmus Wriedt Larsen
ded3088529 Python/JS: Recognize SHA-3 hash functions 
Official names are SHA3-224, SHA3-256, SHA3-384, SHA3-512 as per
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
 2021-09-27 12:08:40 +02:00
Tony Torralba
78c12dc505 Move to lib 2021-09-27 12:04:14 +02:00
Tony Torralba
ad08ccb50b Apply suggestion from code review 2021-09-27 12:00:21 +02:00
mc
95751fcc21 Update XsltInjection.qhelp 
Made a few minor tweaks during editorial review
 2021-09-27 12:00:21 +02:00
Tony Torralba
13417dbf14 Remove DataFlow references from XsltInjection.qll 2021-09-27 12:00:20 +02:00
Tony Torralba
ff21662b23 Refactor XsltInjection.qll 2021-09-27 12:00:18 +02:00
Tony Torralba
6967b06dee Decouple XsltInjection.qll to reuse the taint tracking configuration 2021-09-27 11:59:51 +02:00
Tony Torralba
fc58ada92e Add change note 2021-09-27 11:58:20 +02:00
Tony Torralba
108118afa3 Use InlineExpectationsTest 2021-09-27 11:58:18 +02:00
Tony Torralba
d8bb5273e7 Refactor to use CSV sink models 2021-09-27 11:57:58 +02:00
Tony Torralba
c792567904 Move from experimental 2021-09-27 11:57:53 +02:00
Tony Torralba
6d9a88d1c8 Move to lib 2021-09-27 11:43:46 +02:00
mc
3520fed752 Update SpelInjection.qhelp 2021-09-27 11:40:51 +02:00
Tony Torralba
d10dbbdd9d Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-09-27 11:40:51 +02:00
Tony Torralba
6bf1e87bbe Remove CSV sinks; make imports private 2021-09-27 11:40:47 +02:00
Tony Torralba
91f46624b6 Refactor SpelInjection.qll 2021-09-27 11:40:26 +02:00
Tony Torralba
94f32d2985 Decouple SpelInjection.qll to reuse the taint tracking configuration 2021-09-27 11:39:30 +02:00
Tony Torralba
569426b04e Consider subtypes of Expression and ExpressionParser 
Add parseRaw as additional taint step
 2021-09-27 11:38:12 +02:00
Tony Torralba
b0852f6c16 Add change note 2021-09-27 11:37:46 +02:00
Tony Torralba
b985ddb868 Use InlineExpectationsTest 2021-09-27 11:37:41 +02:00
Tony Torralba
079769ed2e Refactored SpelInjection.qll to use CSV sink models 2021-09-27 11:36:56 +02:00
Tony Torralba
fc6af0476f Moved from experimental 2021-09-27 11:36:48 +02:00
Anders Fugmann
03bd7d7f96 C++: Update test results from OverflowStatic 2021-09-27 11:23:08 +02:00
Anders Schack-Mulligen
92ffd8c465 Merge pull request #6749 from aschackmull/java/istextblock 
Java: Add StringLiteral.isTextBlock().
 2021-09-27 10:54:31 +02:00
Jonas Jensen
b0836a620c Merge pull request #6757 from geoffw0/impropnulltest2 
C++: Small improvement to cpp/improper-null-termination
 2021-09-27 10:52:49 +02:00
Jonas Jensen
06b36f742e Merge pull request #6745 from andersfugmann/handle_overflow_for_upperbound 
C++: Handle overflow for upperbound
codeql-cli/v2.6.3 		2021-09-27 10:32:49 +02:00
James Fletcher
c977cfe40a Merge pull request #6754 from github/update-link 
Update one more link in the QL training content
 2021-09-27 08:33:42 +01:00
Anders Fugmann
e0921ac983 C++: Increase precision of cpp/static-buffer-overflow to high 2021-09-27 09:06:36 +02:00
luchua-bc
5264936fc3 Correct the run method and add Math.min check 2021-09-24 21:00:53 +00:00
Geoffrey White
7e7dfe2cc4 C++: Understand format arguments. 2021-09-24 19:25:43 +01:00
Geoffrey White
91a8b9fdd9 C++: Add suggested test (and a good variant). 2021-09-24 18:34:28 +01:00
Nick Rolfe
175958b9be Consider Oj.load a sink for unsafe deserialization 
Unless a known-safe mode is used, either by setting the default options,
or by explicitly passing a mode in the options hash argument.
 2021-09-24 17:43:22 +01:00
Alexander Eyers-Taylor
8debae1a3b Merge pull request #6753 from github/aibaars/fix-typo 
Fix typo in language spec
 2021-09-24 17:21:14 +01:00
Rasmus Wriedt Larsen
547cbb6322 Merge pull request #6331 from porcupineyhairs/pythonXpath 
Python : Improve Xpath Injection Query
 2021-09-24 18:11:08 +02:00