hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 06:01:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,690 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
befd1a7ccc C++: Rename security tests readme. 2021-09-13 14:06:22 +01:00
Chris Smowton
abdd3a5dbe Adjust Java tests that check for unpaired surrogate extraction 2021-09-13 14:02:05 +01:00
Erik Krogh Kristensen
05cc6bcf8a adjust regexp libraries to how unpaired surrogate are parsed now 2021-09-13 14:02:05 +01:00
Chris Smowton
f24d7c4212 Acknowledge new FPs due to the extractor using U+FFFD for unpaired surrogates 
These were already misinterpreted, but the ReDoS code ignored them as they previously appeared to be `?` characters.
 2021-09-13 14:02:05 +01:00
Chris Smowton
487ebdf173 Add test for Javascript literal with an unpaired surrogate character 2021-09-13 14:02:05 +01:00
Geoffrey White
ee7ccd7936 C++: Upgrade to path problem. 2021-09-13 13:52:12 +01:00
Anders Schack-Mulligen
89a6cdc711 Java: Add support for callback-based library models. 2021-09-13 14:49:28 +02:00
Ian Lynagh
3404bcf265 Merge pull request #6680 from github/igfoo/java_location 
Java: Use the standard URL format for Location.toString()
 2021-09-13 13:43:32 +01:00
Ian Lynagh
4fbb165dce Java: Use the standard URL format for Location.toString() 2021-09-13 12:53:50 +01:00
Harry Maclean
6f32401e5c Add unless x != test to barrier guards 
This tests that the following call to `foo bar` is guarded:

    unless bar != "bar"
      foo bar
    end
 2021-09-13 11:58:17 +01:00
Anders Fugmann
9a35a699cb C++: Update tests 2021-09-13 12:10:58 +02:00
Chris Smowton
68ed3250e8 Merge pull request #6478 from smowton/smowton/feature/jax-rs-request-filters 
Java: Add sources for Jax-RS filters
 2021-09-13 10:59:17 +01:00
Geoffrey White
f58177f292 C++: Full dataflow version. 2021-09-13 10:53:09 +01:00
Felicity Chapman
1d76578202 Merge pull request #6659 from github/docs-311-update-version 
Update version numbers for LGTM Enterprise 1.28
lgtm/v1.28.0 		2021-09-13 10:26:52 +01:00
James Fletcher
c86311e879 Merge pull request #6502 from github/dataflow-tutorial 
Add data flow debugging guide to CodeQL docs
 2021-09-13 10:25:19 +01:00
Anders Fugmann
342b2df93f C++: zero or one byte sized arrays in unions are considered as having the length of the union its a member of 2021-09-13 11:25:04 +02:00
Anders Fugmann
3172d5727a C++: Relax constraints on Buffer::memberMayBeVarSize 2021-09-13 11:15:33 +02:00
yoff
d0563c80be Merge pull request #6665 from smowton/smowton/fix/python-redos-invalid-utf16 
ReDoS: fix unpaired surrogate test
 2021-09-13 11:14:45 +02:00
Anders Schack-Mulligen
2db039fb77 Merge pull request #6673 from Marcono1234/marcono1234/clone-method-models 
Java: Remove duplicate classes modeling Object.clone
 2021-09-13 11:13:14 +02:00
Anders Schack-Mulligen
dde07fd2ee Merge pull request #6672 from Marcono1234/marcono1234/functional-interfaces-test 
Java: Extend functional interfaces test
 2021-09-13 11:13:06 +02:00
Anders Fugmann
4ab9b81a9a C++: Add tests exposing some FP's for OverflowStatic query 2021-09-13 11:09:56 +02:00
Tom Hvitved
4628f880b4 Merge pull request #6489 from hvitved/csharp/files-folders-drop-columns 
C#: Drop redundant columns from `files` and `folders` relations
 2021-09-13 11:02:13 +02:00
Geoffrey White
e696eaaa2f C++: Fix false positives involving STDIN_FILENO. 2021-09-13 09:50:19 +01:00
Geoffrey White
3ba9e80635 C++: Support various functions / variants. 2021-09-13 09:50:03 +01:00
Geoffrey White
1707d67adb C++: Support 'send' as well. 2021-09-13 09:49:40 +01:00
Geoffrey White
29ad3bf7f8 C++: Test dataflow and other slightly more complex cases. 2021-09-13 09:49:25 +01:00
Anders Schack-Mulligen
31739cdae6 Merge pull request #6668 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-09-13 09:50:09 +02:00
Tom Hvitved
2730423ab2 C#: Upgrade script 2021-09-13 09:49:10 +02:00
Tom Hvitved
5d048a9518 C#: Drop redundant columns from files and folders relations 2021-09-13 09:49:09 +02:00
Tamás Vajk
cc1374b832 Merge pull request #6646 from tamasvajk/fix/csv-timeseries 
Fix CSV timeseries script to create DB with scheme from correct git SHA
 2021-09-13 09:41:56 +02:00
Tom Hvitved
0abfb00032 Merge pull request #6660 from hvitved/csharp/dotnet-exec-tracing-windows 
C#: Handle `dotnet exec csc.dll` compiler calls on Windows
 2021-09-13 09:07:50 +02:00
github-actions[bot]
26e8e89aca Add changed framework coverage reports 2021-09-13 00:08:00 +00:00
jorgectf
353c0a9ee7 Add missing comment 2021-09-12 20:44:04 +02:00
jorgectf
3cf28ad6ce Merge remote-tracking branch 'origin/main' into jorgectf/python/ldapinsecureauth 2021-09-12 20:36:25 +02:00
jorgectf
18b05bc56e Fix tests and add global option 2021-09-12 20:35:57 +02:00
jorgectf
54012eba23 Optimize getFullHostRegex 2021-09-12 20:13:08 +02:00
Philip Ginsbach
131d63c374 Merge pull request #6592 from github/ginsbach/instanceofDocs 
language reference entry for non-extending subtypes
 2021-09-12 15:21:41 +01:00
Marcono1234
d117593d72 Java: Remove duplicate classes modeling Object.clone 2021-09-12 02:05:57 +02:00
Marcono1234
5009ed618f Java: Extend functional interfaces test 2021-09-12 01:50:07 +02:00
Andrew Eisenberg
edbaceceb3 Merge pull request #6666 from github/aeisenberg/suites-fix 
Remove incorrect `suites` directive
 2021-09-10 14:15:10 -07:00
Ethan P
fb22931e2d add indirect build tracing content and example 2021-09-10 16:06:32 -04:00
CodeQL CI
e8fc3c8ead Merge pull request #5888 from erik-krogh/casting 
Approved by asgerf
 2021-09-10 09:11:39 -07:00
Andrew Eisenberg
9c0f18b88d Remove incorrect directive 
This directive should only be in the
pack.
 2021-09-10 08:57:37 -07:00
Harry Maclean
800e18349f Add != to StringConstCompare 
This means we treat != comparisons against strings as taint tracking guards:

    if foo != "A"
      foo         # still tainted
    else
      foo         # not tainted, because we know foo == "A"
    end
 2021-09-10 16:42:45 +01:00
Chris Smowton
95046b9bb1 Factor JaxRS models 2021-09-10 16:36:40 +01:00
Chris Smowton
451a46bf0e Add models for getLanguage, getMediaType 2021-09-10 16:36:38 +01:00
Chris Smowton
5e7a3ca2e6 Model UriInfo.relativize and resolve. 2021-09-10 16:36:37 +01:00
Chris Smowton
62ecab8432 Add change note 2021-09-10 16:36:36 +01:00
Chris Smowton
f1c3a11103 Add sources for Jax-RS filters 2021-09-10 16:36:34 +01:00
Harry Maclean
8f36b0d7fe Simplify guard in SQL injection tests 
We don't (yet) properly sanitize taint in cases like this

    foo = "A" unless foo == "B"

So for now, use a simpler guard in the SQL injection test.
We can resurrect the old, more idiomatic guard when we can support it.
 2021-09-10 16:27:57 +01:00