hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-13 13:41:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,690 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Edoardo Pirovano
b960857fc2 Merge pull request #6722 from edoardopirovano/update-analyze-docs 
Update documentation to reflect changes to `database analyze`
 2021-09-22 08:29:45 +01:00
yoff
65d3373ad3 Merge pull request #6727 from RasmusWL/fix-sqlalchemy-query 
Python: Merge SQLAlchemy TextClause injection into `py/sql-injection`
 2021-09-22 09:29:28 +02:00
Tom Hvitved
a37737d065 Replace string kind with boolean preservesValue 2021-09-22 09:28:55 +02:00
Robert Marsh
3108817717 C++: Add additional functions to the SQL models 2021-09-21 17:34:01 -07:00
Robert Marsh
d6fd83dd6c C++: move resolveCall to its own file for perf 
This avoids a performance issue in DataFlowImpl::localFlowStep when the
DataFlow::Configuration subclasses in DefaultTaintTracking are active
in the same query as other Configuration
subclasses.
ResolveCall.qll is kept internal for the moment.
 2021-09-21 16:32:09 -07:00
Tom Hvitved
888183f26d Desugar array literals to ::Array.[] 2021-09-21 21:27:29 +02:00
Rasmus Wriedt Larsen
d44f279339 Python: Fix .qhelp 2021-09-21 20:35:03 +02:00
Rasmus Wriedt Larsen
a83bb39d0f Python: Merge SQLAlchemy TextClause injection into py/sql-injection 
As discussed in a meeting today, this will end up presenting an query
suite that's easier to use for customers.

Since https://github.com/github/codeql/pull/6589 has JUST been merged,
if we get this change in fast enough, no end-user will ever have run
`py/sqlalchemy-textclause-injection` as part of LGTM.com or Code
Scanning.
 2021-09-21 20:21:42 +02:00
Alex Ford
70c2be8ca3 Files library tests 2021-09-21 19:08:03 +01:00
Alex Ford
05a04f4835 Files.qll library implementation 2021-09-21 19:07:55 +01:00
Alex Ford
6315621b16 use instanceof extensions for some filesystem concepts 2021-09-21 19:02:11 +01:00
Alex Ford
d1f2258d45 revamp weak file permissions query 2021-09-21 19:02:11 +01:00
Alex Ford
25300cb2b4 start modelling some file access concepts 2021-09-21 19:02:11 +01:00
ihsinme
88a257fcdc Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-09-21 20:32:08 +03:00
Robert Marsh
d62f76afa6 Merge pull request #6133 from MathiasVP/promote-sql-pqxx 
C++: Promote `cpp/sql-injection-via-pqxx` out of experimental
 2021-09-21 10:13:57 -07:00
Robert Marsh
97c2917c16 Merge pull request #6409 from JordyZomer/main 
cpp: Add query to detect unsigned integer to signed integer conversio…
 2021-09-21 09:57:44 -07:00
Joe Farebrother
3cd675bfff Manually fill in most of the remaining support method calls 2021-09-21 17:56:18 +01:00
Mathias Vorreiter Pedersen
478093aa89 Update cpp/ql/lib/semmle/code/cpp/models/interfaces/Sql.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-09-21 17:51:24 +01:00
Emile El-Qawas
dcae1c5c04 DateFormatThreadUnsafe - Remove requirements for final and access modifiers 2021-09-21 16:50:48 +01:00
Joe Farebrother
6e9bee1be7 Add missing models 2021-09-21 16:32:49 +01:00
Joe Farebrother
25d6e00b1a Implement gen methods for MapDifference 2021-09-21 16:30:12 +01:00
Joe Farebrother
a47897bdf9 Implement Table gen methods 2021-09-21 15:29:06 +01:00
Anders Schack-Mulligen
2c41de6648 Merge pull request #6720 from aschackmull/java/isunreachableincall-joinorder 
Java: Fix join-order in isUnreachableInCall.
 2021-09-21 16:07:42 +02:00
Anders Schack-Mulligen
dd1bed02e8 Merge pull request #6721 from aschackmull/dataflow/subpaths01-joinorder 
Dataflow: Fix join-order in subpaths01
 2021-09-21 16:05:41 +02:00
Mathias Vorreiter Pedersen
bd5edc7ae5 Respond to review comments. 2021-09-21 14:29:26 +01:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
Mathias Vorreiter Pedersen
dfe932d053 Add missing conjunct in PostgreSqlEscapeFunction's 'escapesSqlArgument' predicate. 2021-09-21 12:14:45 +01:00
Nick Rolfe
dd31473dff Merge pull request #301 from github/fix_source_archive 
Fix filenames in source archives
 2021-09-21 11:37:02 +01:00
Erik Krogh Kristensen
fd64ff9ef1 don't give group numbers to non-capturing groups 2021-09-21 12:15:27 +02:00
Erik Krogh Kristensen
c40ffab093 make isStartState public in ReDoSUtil 2021-09-21 12:14:21 +02:00
Erik Krogh Kristensen
672e4a3d72 cache TopLevel::isMinified 2021-09-21 12:13:37 +02:00
Erik Krogh Kristensen
60993214d5 cache isInterpretedAsRegExp 2021-09-21 12:13:37 +02:00
Erik Krogh Kristensen
01e345c2cc implement RegExpWordBoundary in RegexTreeView 2021-09-21 12:13:37 +02:00
Erik Krogh Kristensen
8535e6f281 use toUnicode in RegexTreeView 2021-09-21 12:13:37 +02:00
Tony Torralba
99881db8bd Add stubs 2021-09-21 12:10:05 +02:00
Tony Torralba
0c1f3ed0b3 Add tests for ContentProvider sources 2021-09-21 12:09:47 +02:00
Tony Torralba
a811ab3aff Add ContentProvider sources 2021-09-21 12:09:28 +02:00
Jonas Jensen
a055c86c4f C++: change note 2021-09-21 11:58:04 +02:00
Nick Rolfe
d60410e6b8 Use integer comparisons instead of strings when scanning ERB files 2021-09-21 10:50:04 +01:00
Jonas Jensen
237a7d34b8 C++: Exclusion rules for system macros 
Unwanted results were reported for our JPL Rule 24 queries. Including
system headers with complex macros could lead to unpredictable alerts
from these rules.
 2021-09-21 11:31:13 +02:00
Edoardo Pirovano
5a28a796af Update documentation to reflect changes to database analyze 2021-09-21 10:16:12 +01:00
Tom Hvitved
cdc359527a Resolve semantic conflicts after rebase 2021-09-21 11:14:11 +02:00
yoff
4adb0c75bd Merge pull request #6589 from RasmusWL/promote-sqlalchemy 
Python: Promote modeling of SQLAlchemy
 2021-09-21 11:08:41 +02:00
Tom Hvitved
564c76c41f Address review comments 2021-09-21 11:04:53 +02:00
Tom Hvitved
08dc6d79ef Add support for flow summaries 2021-09-21 11:04:53 +02:00
Rasmus Wriedt Larsen
4a16be2cba Merge pull request #6557 from yoff/python/port-modification-of-default-value 
Python: port modification of default value
 2021-09-21 10:12:12 +02:00
Rasmus Wriedt Larsen
f8e6ba633a Python: Fix .expected for new subpaths query predicate 2021-09-21 09:40:13 +02:00
Rasmus Wriedt Larsen
c7c8e2f3e3 Merge branch 'main' into promote-sqlalchemy 2021-09-21 09:36:07 +02:00
Nick Rolfe
3201f30098 Update dbscheme stats 2021-09-20 23:13:38 +01:00
Nick Rolfe
e97adff21d Add upgrade script to remove unused tokeninfo columns 2021-09-20 22:42:13 +01:00