hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-15 14:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,690 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
87c0c60c22 don't report dummy authentication headers as hardcoded-crendentials 2021-08-02 22:56:14 +02:00
Erik Krogh Kristensen
f719e0ca1b remove nunjucks template URLs from the target-blank query 2021-08-02 22:46:59 +02:00
Ethan P
6a6993248d Add note to readme about CWE coverage tables 2021-08-02 13:34:26 -07:00
Nick Rolfe
f2af68f8cf Clean up script file locations 2021-08-02 18:21:50 +01:00
Arthur Baars
2c8b1fa6da Merge pull request #231 from github/aibaars/makefile 
Add makefile
 2021-08-02 18:31:16 +02:00
Arthur Baars
38f82ffc3c Update Makefile 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-08-02 18:01:59 +02:00
Benjamin Muskalla
60c7003667 Optimize return type check 2021-08-02 17:14:44 +02:00
Benjamin Muskalla
fda394858b Turn external API query into diagnostics query 
* Expose (partial) CSV model for the API
* Rework and simplify predicates
 2021-08-02 17:14:44 +02:00
Benjamin Muskalla
8595ae71f7 Simplify api coverage detection 
Fixes a bug that doesn't take super types into account
when computing the usage of a specific API.
 2021-08-02 17:14:44 +02:00
Benjamin Muskalla
3365634259 Expose csv parameter format predicate 2021-08-02 17:14:44 +02:00
Benjamin Muskalla
aab633eced Reformat 2021-08-02 17:14:43 +02:00
Benjamin Muskalla
2064915d3b Fold JDK API query into external API query 2021-08-02 17:14:43 +02:00
Benjamin Muskalla
0c04c9a2c2 Fix aggregation of jar usages 2021-08-02 17:14:43 +02:00
Benjamin Muskalla
722889e881 Make id unique 2021-08-02 17:14:42 +02:00
Benjamin Muskalla
d9285e78c0 Add query to collect external API calls 2021-08-02 17:14:42 +02:00
Benjamin Muskalla
07303ccbb3 Fix formatting 2021-08-02 17:14:42 +02:00
Benjamin Muskalla
b9f6b60c4d Introduce query to capture external libraries 2021-08-02 17:14:41 +02:00
Benjamin Muskalla
32f52ac30d Improve column names 2021-08-02 17:14:41 +02:00
Benjamin Muskalla
18e3763f90 Expose whether APIs are already supported 2021-08-02 17:14:41 +02:00
Benjamin Muskalla
9b6ae9029f Introduce query for capture JDK API usage 2021-08-02 17:14:40 +02:00
Chris Smowton
fad1622730 Merge pull request #5435 from haby0/DynamicallyLoadedClasses 
Java: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
 2021-08-02 16:04:30 +01:00
Alex Ford
403dee279d add Node#getALocalSource predicate 2021-08-02 15:56:36 +01:00
Alex Ford
56139ccf93 port some concepts to Concepts.qll 2021-08-02 15:56:36 +01:00
Arthur Baars
58a6f5a783 Address comments 2021-08-02 16:12:50 +02:00
Arthur Baars
730b6d8e6c Add makefile 2021-08-02 16:12:50 +02:00
Tony Torralba
08bdd1aa7a Merge branch 'main' into atorralba/promote-ognl-injection 2021-08-02 16:05:38 +02:00
Tony Torralba
8b50b3d00f Add jackson-core to test dependencies 2021-08-02 16:04:49 +02:00
Geoffrey White
904db788ec Merge branch 'main' into impropnull 2021-08-02 15:00:12 +01:00
Chris Smowton
09a873138d Add missing qldoc 2021-08-02 14:48:42 +01:00
Chris Smowton
170bb43393 Update java/ql/test/library-tests/frameworks/json-java/test.ql 
Remove unnecessary import

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-02 14:46:38 +01:00
Chris Smowton
8a78075d3d Remove redundant method taint flow specifications 2021-08-02 14:30:31 +01:00
Mathias Vorreiter Pedersen
bbbbeda7c3 Merge pull request #6385 from MathiasVP/more-FieldConfiguration-sources 
C++: Fix missing local flow in AST dataflow
 2021-08-02 15:22:07 +02:00
Anders Schack-Mulligen
53e6ddfeb6 Merge pull request #6001 from atorralba/atorralba/promote-mvel-injection 
Java: Promote MVEL injection query from experimental
 2021-08-02 14:40:26 +02:00
Tony Torralba
f4b78ef3bd Fix stubs 2021-08-02 14:12:05 +02:00
Tony Torralba
9b384d84cc Merge branch 'main' into atorralba/promote-ognl-injection 2021-08-02 14:06:45 +02:00
Tony Torralba
351a24558d Add tests for JacksonSerializability 
Upgraded jackson stubs to 2.12
 2021-08-02 14:03:30 +02:00
Tony Torralba
632ae747c7 Fix JacksonModel duplicate row 2021-08-02 12:53:30 +02:00
Anders Schack-Mulligen
3b676d432f Merge pull request #5900 from artem-smotrakov/unsafe-jackson-deserialization 
Java: Unsafe deserialization with Jackson
 2021-08-02 12:45:30 +02:00
Anders Schack-Mulligen
0a1c754de8 Merge pull request #6395 from github/bmuskalla/fixTypoInVariables 
Fix typo in variables documentation
 2021-08-02 12:30:14 +02:00
Benjamin Muskalla
d678cdc815 Update variables.rst 2021-08-02 12:07:09 +02:00
Arthur Baars
2f491a1924 Merge pull request #230 from github/redos-enable-tounicode 
enable unicode parsing in the ReDoS query
 2021-08-02 10:42:09 +02:00
Pavel Avgustinov
2be9f3e41e C#: Guard against virtual dispatch branching too much. 
We have observed databases where dispatch to highly overridden
virtual methots (like Enumerable.GetEnumerator) ends up branching
to many thousands of overrides, if there is not sufficient type
context to prune. This causes performance problems for analyses
that use dataflow.

As an immediate fix, this commit prevents branching to virtual
method overrides if this would result in branching to 1,000 or
more methods.
 2021-08-02 09:40:16 +01:00
Tom Hvitved
7a475eb0a2 C#: Fix CSV overrides logic 2021-08-02 10:35:21 +02:00
Tom Hvitved
df29538840 C#: Add test that exhibits bug in CSV overrides logic 2021-08-02 10:35:21 +02:00
Anders Schack-Mulligen
6c973b59ac Update java/ql/src/semmle/code/java/frameworks/Jackson.qll 2021-08-02 10:16:42 +02:00
Anders Schack-Mulligen
26881ec220 Merge pull request #6389 from github/yo-h-patch-1 
Java: update `frameworks.rst` with Jackson
 2021-08-02 10:07:02 +02:00
Tony Torralba
9fadb26325 Fix qhelp sample 2021-08-02 10:00:59 +02:00
Tony Torralba
4435853c8a Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-08-02 09:56:40 +02:00
Erik Krogh Kristensen
632ad518f0 enable unicode parsing in the ruby ReDoS query 2021-08-02 07:13:41 +00:00
ihsinme
375a60194b Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-01 16:44:54 +03:00