hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 08:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,693 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
53f1d2342d Python: Small refactor of TaintTrackingPrivate 
Highlight why we need to import `DataFlowPrivate`
 2021-05-19 12:19:18 +02:00
Geoffrey White
aaae717328 Merge branch 'main' into weak_crypto 2021-05-19 11:19:08 +01:00
CodeQL CI
c793ac933a Merge pull request #5921 from erik-krogh/expressChain 
Approved by esbena
 2021-05-19 03:17:40 -07:00
Geoffrey White
e985204a62 C++: Add change note. 2021-05-19 11:14:23 +01:00
Rasmus Wriedt Larsen
3f5602c048 Python: Refactoring of TaintTrackingPrivate 
To use all the good new stuff 🎉
 2021-05-19 12:13:04 +02:00
Rasmus Wriedt Larsen
b02fb90807 Python: Add getObject(string attrName) to AttrRef 
Now that I got started adding small things that are nice, I've been
missing this one (that is available on an `AttrNode`).
 2021-05-19 12:11:49 +02:00
Rasmus Wriedt Larsen
9137f04bd3 Python: Add getPostUpdateNode to DataFlow::Node 
as discussed in https://github.com/github/codeql/pull/5864#discussion_r634675940
 2021-05-19 11:57:49 +02:00
Tony Torralba
1351516e9a Moved JNDI injection related files from experimental to standard 2021-05-19 11:32:51 +02:00
CodeQL CI
23e8092452 Merge pull request #5864 from RasmusWL/some-framework-modeling 
Approved by tausbn
 2021-05-19 02:31:06 -07:00
Tony Torralba
43d4575359 Add createParser as taint preserving callable 2021-05-19 11:20:54 +02:00
Geoffrey White
e66b5559a4 Merge pull request #5924 from MathiasVP/cleanup-modelFlow 
C++: Remove a disjunction from `modelFlow`
 2021-05-19 10:12:20 +01:00
Geoffrey White
99833f16e1 Merge pull request #5923 from MathiasVP/range-analysis-in-overflow-static 
C++: Add range analysis to `cpp/static-buffer-overflow`
 2021-05-19 10:12:02 +01:00
Rasmus Wriedt Larsen
904eacf9a2 Python: Use absolute import for PEP249 2021-05-19 11:10:06 +02:00
Mathias Vorreiter Pedersen
4d00513606 C++: Use the isParameterDerefOrQualifierObject predicate to remove a disjunction. 2021-05-19 10:47:04 +02:00
Tony Torralba
e58746508d Merge branch 'main' into atorralba/promote-ognl-injection 2021-05-19 10:41:08 +02:00
Mathias Vorreiter Pedersen
741eed93b2 C++: Replace minimum(any(...)) with a min aggregate. Also removed the min aggregate further down since it's no longer needed. 2021-05-19 09:03:05 +02:00
yoff
60da193620 Update python/ql/src/semmle/python/frameworks/Cryptodome.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-05-19 08:08:59 +02:00
Erik Krogh Kristensen
9a1f80aa93 accept updated test output for express test 2021-05-18 22:23:29 +02:00
Erik Krogh Kristensen
e9d2dd0b57 support the chaining methods on Express apps 2021-05-18 22:23:27 +02:00
Robert Marsh
db85a215ab C++: fix alias model for smart pointer setters 2021-05-18 13:16:22 -07:00
Robert Marsh
e590a7bc33 C++: Handle alias models for this/qualifiers 2021-05-18 13:15:38 -07:00
Evgenii Protsenko
af75d85b2e ClickHouseSQLInjection.qll : add tests 2021-05-18 22:49:11 +03:00
Tom Hvitved
c866f88410 CFG: Add missing propagatesAbnormal overrides 2021-05-18 20:39:46 +02:00
Tom Hvitved
9871698cee Add more CFG tests 2021-05-18 20:39:08 +02:00
Chris Smowton
0c970b5f1f Merge pull request #5802 from luchua-bc/java/rhino-injection 
Java: CWE-094 Rhino code injection
 2021-05-18 19:25:53 +01:00
Mathias Vorreiter Pedersen
6103aabdce C++: Add change-note. 2021-05-18 19:17:11 +02:00
luchua-bc
02aa9c6fc7 Optimize the sink and update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
d4323a4a54 Update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
9d392263a5 Refactor inconsistent method names 2021-05-18 16:12:23 +00:00
luchua-bc
2fa249a8eb Update method name and qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
2c1374bdcf Use inline implementation for ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
0ac8453398 Allow all arguments of methods in ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
e4699f7fa9 Optimize the query 2021-05-18 16:12:22 +00:00
luchua-bc
d664aa6d6a Include more scenarios and update qldoc 2021-05-18 16:12:22 +00:00
luchua-bc
852bcfb5c7 Refactor the ScriptEngine query and the Rhino code injection query into one 2021-05-18 16:12:22 +00:00
luchua-bc
b0b5338359 Rhino code injection 2021-05-18 16:12:22 +00:00
Mathias Vorreiter Pedersen
26c4a66dc4 C++: Add range analysis to fix FPs. 2021-05-18 17:54:30 +02:00
Mathias Vorreiter Pedersen
df9981de4f C++: Add testcases with false positives. 2021-05-18 17:53:20 +02:00
Ethan Palm
9deaace756 Merge pull request #5898 from ethanpalm/go-build-commands 
Docs: Document Go tracer support
 2021-05-18 11:49:31 -04:00
Ethan Palm
610e041e28 Add reviewer feedback 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2021-05-18 11:42:08 -04:00
Chris Smowton
4230869ee2 Merge pull request #5819 from luchua-bc/java/jpython-injection 
Java: CWE-094 Jython code injection
 2021-05-18 16:38:40 +01:00
Chris Smowton
71f540a755 Merge pull request #5844 from haby0/SpringRedirects 
[Java] CWE-601 Spring url redirection detect
 2021-05-18 16:37:40 +01:00
Geoffrey White
cdf261b54b C++: In fact it's just not good enough to get additional evidence from the declaring type. 2021-05-18 14:31:19 +01:00
Geoffrey White
88dc0861ac C++: Fix copy-paste error. 2021-05-18 14:27:31 +01:00
Geoffrey White
c7382ee06d C++: Repair for function call macros. 2021-05-18 14:27:08 +01:00
Geoffrey White
012840e602 C++: Add more test cases. 2021-05-18 14:26:12 +01:00
Geoffrey White
3d8513c1e0 C++: Add 'MAC' as additional evidence. 2021-05-18 13:24:51 +01:00
Geoffrey White
da83e9142b C++: Replace getAnExpandedElement with getAGeneratedElement as it's all we really need. 2021-05-18 13:23:49 +01:00
luchua-bc
2a0721b2ae Optimize the sink and update method name 2021-05-18 12:18:14 +00:00
CodeQL CI
1d120824ac Merge pull request #5920 from erik-krogh/clone 
Approved by esbena
 2021-05-18 05:13:57 -07:00