hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-01 07:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,684 Branches 159 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
c87fb4df53 Swift: remove now unused ql.Property.params 2022-05-05 12:01:13 +02:00
Mathias Vorreiter Pedersen
6f9752ead1 Merge pull request #9019 from geoffw0/xxe4 
C++: More XXE Tests
 2022-05-05 10:59:40 +01:00
Michael Nebel
e416a0629a C#: Add isAutoGenerated predicate to SummarizedCallable. 2022-05-05 11:54:04 +02:00
Paolo Tranquilli
9798d8ba26 Swift: add ?* modifier to schema specification 
This indicates a list of optional entries. This is different than
simply repeatind entries because of the indexing.
 2022-05-05 11:50:12 +02:00
yoff
0c7184952b Merge pull request #9023 from RasmusWL/positional-docs 
Python: Clarify `getArg` is about positional arguments
 2022-05-05 11:28:17 +02:00
Arthur Baars
25d9ffd18c Merge pull request #9033 from github/aibaars/atm-label 
JS: exclude ATM folder from labeler
 2022-05-05 10:53:39 +02:00
Michael Nebel
13f142f143 C#: Convert xml injection query to a path problem. 2022-05-05 10:43:23 +02:00
Jonas Jensen
d747c6eaa9 Merge pull request #8930 from jbj/lower-case-variables-spec 
QL language reference: variables must be lowerId
 2022-05-05 10:02:16 +02:00
Paolo Tranquilli
c2d3aac349 Swift: fix no functools.cache in python 3.8 2022-05-05 09:48:07 +02:00
Michael Nebel
21eb5a1db5 Merge pull request #8894 from michaelnebel/csharp/upgrade-dotnet 
C#: Upgrade dotnet to 6.0.202.
 2022-05-05 09:42:23 +02:00
Erik Krogh Kristensen
bf6663ab12 run the autoformatter 2022-05-05 09:16:27 +02:00
Tom Hvitved
66a9759329 Merge pull request #8870 from hvitved/dataflow/expect-content 
Data flow: Introduce `expectsContent`
 2022-05-05 09:01:40 +02:00
luchua-bc
937ab417b1 Query to detect hardcoded JWT secret keys 2022-05-04 23:09:48 +00:00
Daniel Santos
33e85f8db8 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-04 11:43:56 -05:00
Paolo Tranquilli
d5d1eb717d Swift: add structured C++ generated classes 
This adds `cppgen`, creating structured C++ classes mirroring QL classes
out of `schema.yml`.

An example of generated code at the time of this commit can be found
[in this gist][1].

[1]: https://gist.github.com/redsun82/57304ddb487a8aa40eaa0caa695048fa

Closes https://github.com/github/codeql-c-team/issues/863
 2022-05-04 18:20:25 +02:00
Paolo Tranquilli
10c5c8e71f Swift: add trapgen unit tests 
Closes: https://github.com/github/codeql-c-team/issues/981
 2022-05-04 18:20:06 +02:00
Tom Hvitved
8e33653d25 Merge pull request #9017 from hvitved/dataflow/subpaths-perf 
Data flow: Speedup `subpaths` predicate
 2022-05-04 16:37:52 +02:00
Erik Krogh Kristensen
0d8bef7e92 Merge pull request #6736 from erik-krogh/polyReplace 
JS: track flow through string replace calls that just replace single chars for js/polynomial-redos
 2022-05-04 16:30:20 +02:00
Erik Krogh Kristensen
8425eaf919 Merge pull request #8549 from erik-krogh/unreachableJoin 
JS: fix bad join in js/unreachable-method-overloads
 2022-05-04 16:28:06 +02:00
Erik Krogh Kristensen
b4d4b51bc7 Merge pull request #8147 from erik-krogh/cacheReg 
JS: cache RegExpCreationNode::getAReference
 2022-05-04 16:25:25 +02:00
Arthur Baars
c7b2da5e39 JS: exclude ATM folder from labeler 2022-05-04 16:16:19 +02:00
Rasmus Wriedt Larsen
7bd7bedb1b Ruby: Simplify isLocalSourceNode implementation 
The need for `SynthReturnNode` goes away if we don't restrict the nodes
that can't be reached from another entry definition or expression to be
`ExprNode`s
 2022-05-04 16:12:20 +02:00
Nick Rolfe
5f59e96fa9 Merge pull request #8975 from github/nickrolfe/flow_summary_joins 2022-05-04 14:24:45 +01:00
Tom Hvitved
9cb63c0a5e Data flow: Sync files 2022-05-04 14:49:26 +02:00
Tom Hvitved
7f7742216c Address review comment 
This reverts commit 2b4fde74bb.
 2022-05-04 14:49:03 +02:00
Nick Rolfe
276f8d40f9 Ruby: add comments to address review feedback 2022-05-04 12:07:46 +01:00
Mathias Vorreiter Pedersen
f499f8e946 Merge pull request #9029 from redsun82/swift-codeowners 
Swift: set @github/codeql-c as owner
 2022-05-04 11:34:51 +01:00
Tony Torralba
2d3b15f936 Add more taint models 2022-05-04 12:32:59 +02:00
Michael Nebel
5f1a176a02 Java: Sync CaptureModels implementation to only allow at most two reads and two stores. 2022-05-04 12:29:57 +02:00
Michael Nebel
a488d6b80c C#: Add an initial flow state to the model generator. 2022-05-04 12:27:34 +02:00
Tony Torralba
8601137602 Fix bad join order by moving WebViewRef::getAnAccess from callsites into predicates 2022-05-04 11:58:47 +02:00
Tony Torralba
3b1210eacb Update java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:31 +02:00
Tony Torralba
192017635a Update java/ql/src/change-notes/2022-03-24-unsafe-android-access-improvements.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:31 +02:00
Tony Torralba
49259a6575 Remove everything related to WebView CSV models 
This reverts commit c6c72eb.
 2022-05-04 10:53:31 +02:00
Tony Torralba
dce11f3984 Removed unnecessary imports 2022-05-04 10:53:30 +02:00
Tony Torralba
f5e72e6e33 Remove getUnderlyingExpr 2022-05-04 10:53:30 +02:00
Tony Torralba
7ba5a032ce Add tests and stubs for the new sources and flow steps 2022-05-04 10:53:30 +02:00
Tony Torralba
b678467e9d Move things around 2022-05-04 10:53:30 +02:00
Tony Torralba
d68311e26d Consider implicit this accesses in WebViewRef 2022-05-04 10:53:30 +02:00
Tony Torralba
51dfebf4c9 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:29 +02:00
Tony Torralba
b9859fe165 Add change note 2022-05-04 10:53:29 +02:00
Tony Torralba
91bdb4299f Improvements to UnsafeAndroidAccess 2022-05-04 10:53:29 +02:00
Tony Torralba
b876431950 Merge pull request #8706 from luchua-bc/java/unsafe-get-resource 
Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications
 2022-05-04 10:12:28 +02:00
Tom Hvitved
74e99302d6 Address review comments 2022-05-04 09:57:59 +02:00
Tom Hvitved
ac3bfa1788 Data flow: Mention expectsContent in dataflow.md 2022-05-04 09:57:59 +02:00
Tom Hvitved
da72ba46d4 Data flow: Add stub expectsContent for all languages 2022-05-04 09:57:59 +02:00
Tom Hvitved
6e2e8440eb Data flow: Sync files 2022-05-04 09:57:59 +02:00
Tom Hvitved
a50f18ab50 Data flow: Introduce expectsContent 2022-05-04 09:57:58 +02:00
bananabr
2e2d4c6e1f updated tests to consider document.getSelection() 2022-05-03 21:03:35 -05:00
Daniel Santos
880e3e1885 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-03 11:38:32 -05:00