hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-13 21:51:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,690 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Harry Maclean
4ecc78effc Kernel#system -> Kernel.system 2021-09-17 17:02:17 +01:00
Harry Maclean
8f65d78cb5 Add Shellwords.escape as CLI injection sanitizer 2021-09-17 17:02:17 +01:00
Harry Maclean
fe8fc0697b Add qhelp for CLI Injection query 2021-09-17 17:02:17 +01:00
Harry Maclean
4a0d7c528a Add top-level CLI injection query and tests 2021-09-17 17:02:17 +01:00
Harry Maclean
8440fe2ba9 Add CommandInjection dataflow config 2021-09-17 17:02:17 +01:00
Harry Maclean
a8f0bce1d1 Add SystemCommandExecution concept 
A SystemCommandExecution is a method call or builtin that executes a
system command, either directly or via a subshell.
 2021-09-17 17:02:17 +01:00
Joe Farebrother
3ef09da1df Add models for more of methods; update stubs 2021-09-17 16:57:49 +01:00
Nick Rolfe
3c05101961 Merge pull request #290 from github/extract_gemfile 
Automatically extract Gemfiles
 2021-09-17 16:42:30 +01:00
Nick Rolfe
3d23575a38 Merge pull request #292 from github/regexp_slash_az 
Don't parse `\A` and `\Z` as `RegExpConstant`
 2021-09-17 16:42:13 +01:00
Daniel Santos
9e41f43ee2 Fix: android.util.Log is final. No inheritance handling is needed. 2021-09-17 10:15:48 -05:00
Geoffrey White
e7c82d7370 C++: Accept subpaths in tests. 2021-09-17 16:14:24 +01:00
Geoffrey White
24668b2281 Merge branch 'main' into cwe139 2021-09-17 16:04:51 +01:00
Geoffrey White
51243454c8 C++: Change note. 2021-09-17 15:10:55 +01:00
Anders Schack-Mulligen
2cbad4aed6 Merge pull request #6600 from atorralba/atorralba/fix-conditionalbypass 
Java: Fix performance of the query User-controlled bypass of sensitive method
 2021-09-17 16:07:39 +02:00
Geoffrey White
90bc138049 CPP: Fix QLDoc comments. 2021-09-17 14:12:04 +01:00
Tamás Vajk
3247794e2f Merge pull request #6196 from tamasvajk/feature/sql-sinks 
C#: Migrate SQL sinks to CSV format
 2021-09-17 14:36:57 +02:00
Joe Farebrother
e946f49b64 [Test gen] Gen methods for Set and Iterator 2021-09-17 11:22:50 +01:00
Joe Farebrother
0bff1b4afb Implement get methods 2021-09-17 11:08:09 +01:00
haby0
99167539fb Modify sinks 2021-09-17 17:29:40 +08:00
Geoffrey White
a3de94e868 C++: Assign precision and severity; medium for now, since there are FPs in SAMATE Juliet. 2021-09-17 10:05:06 +01:00
Tamas Vajk
8232698254 C#: Migrate SQL sinks to CSV format 2021-09-17 10:21:31 +02:00
Tamás Vajk
6a78aa7840 Merge pull request #6461 from tamasvajk/feature/service-stack 
C#: Add ServiceStack support
 2021-09-17 10:16:20 +02:00
Felicity Chapman
7383988988 Merge pull request #6701 from github/docs-4908-training-note-links 
Update links in training notes to use CodeQL microsite
 2021-09-17 09:00:36 +01:00
james
e906ded0d1 remove java class 2021-09-17 08:48:26 +01:00
Daniel Santos
032a7e71fe Update Logging.qll 
Simplified using a set-literal as suggested by @intrigus-lgtm
 2021-09-16 13:03:26 -05:00
Ethan Palm
b73a2f7d56 Merge pull request #6667 from ethanpalm/indirect-build-tracing-docs 
Add indirect build tracing docs
codeql-cli/v2.6.2 		2021-09-16 12:36:56 -04:00
Ethan P
4d7aa5c945 Update example note 2021-09-16 09:29:35 -07:00
Daniel Santos
af8b2b6d9c Fix Android logging signature in java/ql/src/experimental/semmle/code/java/Logging.qll 2021-09-16 11:24:06 -05:00
ihsinme
b6bcf9fa44 Add files via upload 2021-09-16 19:18:19 +03:00
ihsinme
b393c6a285 Add files via upload 2021-09-16 19:16:54 +03:00
james
c36292bfd0 a few more links 2021-09-16 17:03:29 +01:00
Anders Schack-Mulligen
a67db45454 Merge pull request #6612 from Marcono1234/marcono1234/literal-getLiteral-usage 
Java: Replace incorrect usage of `Literal.getLiteral()`
 2021-09-16 17:00:32 +02:00
Rasmus Lerchedahl Petersen
64685f31dc Python: Add missing qldoc 
Also do some general cleanup
How was this allowed comitted in the first place?
 2021-09-16 16:51:43 +02:00
Joe Farebrother
1111afc031 Update tests for new support methods; fix bad model 2021-09-16 15:23:03 +01:00
Joe Farebrother
54dbd7c0bd [Test gen] Add more support method implementations 2021-09-16 15:23:03 +01:00
Joe Farebrother
ef5bf87672 [Test gen] Distinguish default support methods 2021-09-16 15:23:03 +01:00
Joe Farebrother
eb45e67784 Generate tests for modified models 2021-09-16 15:23:02 +01:00
Joe Farebrother
1eacbd88b8 Fix up some incorrect models; simplify/remove some redundand ones 2021-09-16 15:23:02 +01:00
Joe Farebrother
a89bd32eb0 Factor out content manipulating methods from tests to a separate file 2021-09-16 15:23:02 +01:00
Joe Farebrother
56a2dc632b Move tests around and remove files used for generating tests 2021-09-16 15:23:02 +01:00
Joe Farebrother
7dded52de2 Add change note 2021-09-16 15:23:02 +01:00
Joe Farebrother
8425a94729 Mark failing tests as missing 
I'm not sure why these tests don't work.
 2021-09-16 15:23:02 +01:00
Joe Farebrother
7bf55fbc49 Update stubs to not include package protected members 2021-09-16 15:23:02 +01:00
Joe Farebrother
39349f3763 Fix failing test 2021-09-16 15:23:02 +01:00
Joe Farebrother
60c6158152 Fill in implementations of getters for synthetic fields 2021-09-16 15:23:01 +01:00
Joe Farebrother
225e70a8d0 Fill in implementations fo getMapKey/Value 2021-09-16 15:23:01 +01:00
Joe Farebrother
338a6f2114 Fill in implementations for getElement 2021-09-16 15:23:01 +01:00
Joe Farebrother
cd7c7c3152 Implement array getters/constructors in generated tests 2021-09-16 15:23:01 +01:00
Joe Farebrother
84748cda76 Increase field flow branch limit. 
I'm a little concerned that this appears to be necassary for tests; as it may mean that results involving these flow steps may not be found in real-world projects.
 2021-09-16 15:23:01 +01:00
Joe Farebrother
f94a61cc8a Remove unneeded rows 2021-09-16 15:23:01 +01:00