hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 15:33:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,692 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
8112d723e0 Merge branch 'main' into atorralba/spring-beans 2021-06-28 17:02:31 +02:00
Tony Torralba
393b95cbbe Remove 'magic' from tests 2021-06-28 17:01:34 +02:00
Tamas Vajk
006303420b Fix CSV framework coverage commenter workflow 2021-06-28 15:07:13 +02:00
Jorge
a5009efb4b Merge pull request #5 from RasmusWL/nosql-fixes 
Small NoSQL fixes
 2021-06-28 14:23:57 +02:00
Chris Smowton
ca4c519a2a Merge pull request #6170 from smowton/smowton/admin/cleanup-exec-tainted-query 
Change ID and description of cloned query
 2021-06-28 13:22:34 +01:00
jorgectf
1d432af498 Update .expected 2021-06-28 14:18:27 +02:00
jorgectf
1d4d8ab6e0 Fix tests 2021-06-28 14:16:52 +02:00
jorgectf
b9422518b3 Rephrase .qhelp 2021-06-28 14:00:00 +02:00
Felicity Chapman
c4047afc05 Add extra reference to docs.github.com 
Clarify the existing reference and add one for CodeQL code scanning using GitHub Actions.
 2021-06-28 12:30:49 +01:00
Felicity Chapman
b52b158c97 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-06-28 12:20:20 +01:00
Chris Smowton
3d69868297 Change ID and description of cloned query 
This should be cleaned up more effectively soon, but this suffices to fix the clashing-id problem.
 2021-06-28 12:18:59 +01:00
Rasmus Wriedt Larsen
318694ccc8 Python: Don't rely on d = d.getOutput() for Decoding 
Although it is for `json.loads` and the like.
 2021-06-28 13:17:45 +02:00
Rasmus Wriedt Larsen
59711424bd Python: Fix qhelp for NoSQL injection 2021-06-28 11:48:28 +02:00
Tamas Vajk
3b5856907f Add updated C# framework coverage report 2021-06-28 11:29:46 +02:00
Tamas Vajk
3170781d57 Rework timeseries report to iterate git history only once 2021-06-28 11:29:45 +02:00
Tamas Vajk
1ec1e1cfc8 Adjust framework coverage report generator to include all sources not just remote ones 2021-06-28 11:20:32 +02:00
Tamas Vajk
4524563923 Fix timeseries coverage report to handle multiple languages 2021-06-28 11:20:32 +02:00
Tamas Vajk
a90a86bcbf Fix flow from Element of Argument[0] for Int32.TryParse(ReadOnlySpan<Char>,... 2021-06-28 11:20:32 +02:00
Tamas Vajk
1d8b19e153 Adjust coverage report generator to allow multiple sink identifiers per CWE 2021-06-28 11:20:32 +02:00
Tamas Vajk
2a75989881 Migrate StringContent sink to CSV format 2021-06-28 11:20:32 +02:00
Tamas Vajk
5aba7142e8 C#: Add framework coverage report 2021-06-28 11:20:32 +02:00
Tamas Vajk
016e8fb2cf Adjust framework coverage jobs to cover C# 2021-06-28 11:20:32 +02:00
Tamas Vajk
b7a43dccd3 C#: Migrate System.Int32 flow summaries to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
a9ccd65fa9 C#: Migrate System.Web.HttpResponse sinks to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
45568d5b10 C#: Convert System.Console.Read* local flow source to CSV 2021-06-28 11:20:32 +02:00
Tamas Vajk
9606816c39 Fix missing summarizedCallable case 2021-06-28 11:20:32 +02:00
Cornelius Riemenschneider
a1c38b78a9 Merge pull request #6163 from adityasharad/lines-of-code-make-unique 
Ensure only one query per language is tagged `lines-of-code`
codeql-cli/v2.5.7 		2021-06-28 10:57:29 +02:00
Rasmus Wriedt Larsen
5477b2e0d5 Python: Minor refactoring cleanup 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
4a2c99a021 Python: Inline LDAPImproperAuth.qll 
Since having it inlined makes the query a bit easier to read. We
obviously need to share it if we want to share this predicate, but for
now that does not seem to be the case.
 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
b33f6a315c Python: Fix select for py/improper-ldap-auth 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
dfe16aae4c Python: Handle both positional and keyword args for LDAP bind 2021-06-28 10:46:13 +02:00
Tom Hvitved
4f8a103df2 C#: Add active preprocessor conditions as suffix in all TRAP .push instructions 2021-06-28 10:34:42 +02:00
ihsinme
6e7644f529 Update FindIncorrectlyUsedExceptions.ql 2021-06-27 22:27:41 +03:00
Aditya Sharad
61e6dcb56d Ensure only one query per language is tagged lines-of-code 
Some languages have multiple `summary` queries for lines of code,
representing different forms of counting (user written, total, etc).
When Code Scanning sees results from multiple such summary queries in a single run,
it will need to choose one as the primary LoC count to display in the UI.

By ensuring only one query per language has the `lines-of-code` tag,
in future we can teach Code Scanning to look for this particular tag
to identify the primary LoC count.

If a "lines of user code" query is available, use that.
Otherwise use the total "lines of code".

(It is completely fine for multiple queries to be tagged with `summary`.)
 2021-06-25 16:45:37 -07:00
Chris Smowton
8aa9cd52b5 Merge pull request #5811 from mogwailabs/insecureJmxRmiServerEnvironment 
Java: Add query - insecure environment configuration during JMX/RMI server init
 2021-06-25 22:09:20 +01:00
Timo Mueller
e5fa5325b5 Auto formatting .ql file 2021-06-25 22:31:29 +02:00
Timo Mueller
eb0a13f60f Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment 2021-06-25 22:29:43 +02:00
Chris Smowton
def4a23af2 Merge pull request #4879 from intrigus-lgtm/java/improve-trustmanager 
Java: Add/improve insecure trustmanager query
 2021-06-25 18:15:55 +01:00
Tom Hvitved
e624fb46f9 Merge pull request #6152 from hvitved/csharp/dataflow/csv-out-ref 2021-06-25 18:02:59 +02:00
Rasmus Wriedt Larsen
97571e0b4f Python: Add modeling of peewee 2021-06-25 17:50:59 +02:00
Rasmus Wriedt Larsen
1317ae298c Python: Rename cursor => Cursor in PEP249 
Notice that since this will be part of the same PR as 5cfc433, it is OK
to do this change without keeping `PEP249::cursor` for backwards
compatibility.
 2021-06-25 17:30:35 +02:00
Rasmus Wriedt Larsen
d8db83d081 Python: Add cursor::instance for PEP249 
For Peewee modeling I want to be able to define new cursor instances
just like I can do for connections.
 2021-06-25 17:29:32 +02:00
Rasmus Wriedt Larsen
6be0db2c22 Python: Improve QLDoc of PEP249 modeling 2021-06-25 17:24:28 +02:00
Rasmus Wriedt Larsen
5cfc43395b Python: Refactor PEP249 to encapsulate in module 
So global namespace doesn't contain `Connection` whenever `PEP249.qll`
is imported
 2021-06-25 17:15:12 +02:00
intrigus
5aa711a956 Accept test changes. 2021-06-25 17:04:36 +02:00
Owen Mansel-Chan
44f0411b7c Merge pull request #6138 from owen-mc/java/model/apache-commons-collections 
Model Apache commons collections MapUtils class and keyvalue package
 2021-06-25 15:53:03 +01:00
Anders Schack-Mulligen
a79356e316 Apply suggestions from code review 2021-06-25 16:47:26 +02:00
intrigus
be57aeccf2 Remove change-note. 2021-06-25 16:47:26 +02:00
intrigus
5106aec319 Fix test location. 2021-06-25 16:47:25 +02:00
intrigus
36575bb26f Move back to experimental......... 2021-06-25 16:47:25 +02:00