hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 15:33:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,692 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
intrigus
fe923facc8 Java: Move comments to separate lines. 
Move comments to separate lines to improve
the rendering in the finished query help.
 2021-06-25 16:47:25 +02:00
intrigus-lgtm
f527df73d5 Apply suggestions from code review. 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-06-25 16:47:25 +02:00
intrigus
f0d4b1d2b0 Java: Add change-note. 2021-06-25 16:47:25 +02:00
intrigus
6bfdf8d148 Java: Fix qhelp errors. 2021-06-25 16:47:24 +02:00
intrigus
dc0b06a735 Java: Factor out SecurityFlag library. 2021-06-25 16:47:24 +02:00
intrigus-lgtm
51fdcf86c8 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-25 16:47:24 +02:00
intrigus
6f217d37da Java: Apply suggestions from review. 2021-06-25 16:47:24 +02:00
intrigus
4a00670b68 Java: Reduce long comment. 2021-06-25 16:47:24 +02:00
intrigus
45cec3df1c Java: Use this consistently in QL classes. 2021-06-25 16:47:24 +02:00
intrigus
0c1ce74135 Java: Switch from tabs to spaces. 2021-06-25 16:47:24 +02:00
intrigus
281e0859d1 Java: Accept test changes. 2021-06-25 16:47:23 +02:00
intrigus
6413af4fbe Java: Expand tests. 2021-06-25 16:47:23 +02:00
intrigus
484533c659 Java: Flag "intentionally" unsafe methods in tests. 
Previously intentionally unsafe methods such as `disableCertificate`
would be ignored by this query. But now they will also be flagged
as it is hard to guess intentions...
Adjust the tests to account for this change.
 2021-06-25 16:47:23 +02:00
intrigus
7023793af4 Java: Fix compilation errors in test. 2021-06-25 16:47:23 +02:00
intrigus
6d09db6fd6 Java: Explicitly list custom flow steps. 2021-06-25 16:47:23 +02:00
intrigus
e4775e0fae Java: Remove "intention-guessing" sanitizer & simplify. 
This removes the sanitizer part that classified some results as FP
if the results were in methods with certain names, like
`disableVerification()`. I now think that it's a bad idea to filter
based on the method name.
The custom flow steps in `flagFlowStep` are now listed explicitly.
Simplified check whether a method throws an exception.
 2021-06-25 16:47:23 +02:00
intrigus
8a7f6b72e9 Java: Apply suggestions for QHelp 2021-06-25 16:47:23 +02:00
intrigus
d37d922e8f Java: Fix Typos 2021-06-25 16:47:22 +02:00
intrigus-lgtm
030c286902 Java: Use machine-in-the-middle consistently 2021-06-25 16:47:22 +02:00
intrigus-lgtm
f52e438f3e Java: Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-06-25 16:47:22 +02:00
intrigus
592fd1e8ca Java: Accept test changes 2021-06-25 16:47:22 +02:00
intrigus
1b96d0ac54 Java: Remove overlapping code 2021-06-25 16:47:22 +02:00
intrigus
87554a78d4 Java: Add insecure trust manager query. 2021-06-25 16:47:22 +02:00
Timo Müller
8daa398af6 Update InsecureRmiJmxEnvironmentConfiguration.ql 2021-06-25 16:12:37 +02:00
Timo Mueller
b969b9b5e7 Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment 2021-06-25 16:11:47 +02:00
Timo Mueller
72ef4983db Fixed wrong match for symbolic constant 2021-06-25 16:11:37 +02:00
Timo Müller
328b69f46c Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql 2021-06-25 16:10:20 +02:00
Rasmus Wriedt Larsen
c476c89de5 Python: Add tests for peewee 2021-06-25 16:08:57 +02:00
Nick Rolfe
ba7021086b Merge remote-tracking branch 'origin/main' into regex 2021-06-25 15:00:26 +01:00
Owen Mansel-Chan
bad32716e8 Import Apache Collections models in ExternalFlow 2021-06-25 14:51:09 +01:00
Timo Müller
d1a4f57342 Added chapter about generating qhelp files locally 2021-06-25 15:48:27 +02:00
Timo Mueller
5aeeb3a801 Fixed and validated qhelp 2021-06-25 15:37:47 +02:00
Owen Mansel-Chan
044ecc51e5 Manually improve tests #2 2021-06-25 13:51:18 +01:00
Mathias Vorreiter Pedersen
794d96e52c C++: Use call context information to perform function-pointer resolution. 2021-06-25 14:45:56 +02:00
Rasmus Wriedt Larsen
9573048ee8 Python: Port py/clear-text-logging-sensitive-data 2021-06-25 14:35:31 +02:00
Rasmus Wriedt Larsen
68cfeb0b5c Python: Model logging from the logging module 2021-06-25 14:26:35 +02:00
Rasmus Wriedt Larsen
c05e375401 Python: Fix indentation of hashlib modeling 2021-06-25 14:26:35 +02:00
Rasmus Wriedt Larsen
36c9ceb13b Python: Add Logging concept 2021-06-25 14:26:35 +02:00
Rasmus Wriedt Larsen
a7eb1b3a12 Python: Minor QLDoc fixup 2021-06-25 14:26:35 +02:00
Owen Mansel-Chan
e2803800dc Add change note 2021-06-25 12:55:09 +01:00
Nick Rolfe
bee94757dd Add query test for ReDoS.ql, ported from JS 2021-06-25 12:51:35 +01:00
Nick Rolfe
6142029fdc Recognise \t as not escaping t 2021-06-25 12:46:25 +01:00
Nick Rolfe
a77e7761fd Make \h and \H character class escapes 2021-06-25 12:27:39 +01:00
Nick Rolfe
a5dff79e51 Fix locations of regexp nodes in AST viewer 2021-06-25 12:00:38 +01:00
Owen Mansel-Chan
2fd4c9f1b9 Manually improve tests 2021-06-25 11:17:11 +01:00
Owen Mansel-Chan
1bb33bca33 Add Apache Commons Collections to coverage reports 2021-06-25 11:17:10 +01:00
Owen Mansel-Chan
eb469c0811 Duplicate models for old package name 
The package name was org.apache.commons.collection until release 4.0.
 2021-06-25 11:17:09 +01:00
Owen Mansel-Chan
2e670c4050 Manually update automatically generated stubs 2021-06-25 11:17:08 +01:00
Owen Mansel-Chan
acc43fcaca Add options file 2021-06-25 11:17:07 +01:00
Owen Mansel-Chan
5feee9cc17 Add automatically-generated stubs 2021-06-25 11:17:06 +01:00