hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 01:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,693 Branches 161 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
277a6a020a diagnostics: use debug rather than hidden terminology, and leave gaps for other severities 2021-05-13 13:44:10 +01:00
Alex Ford
b2f2f786ac allow the WeakFilePermissions access predicate to return multiple values 2021-05-13 13:22:14 +01:00
Geoffrey White
e4d2c7cfc4 C++: Rewrite so that we look for additional evidence. 2021-05-13 13:19:39 +01:00
Niroshan Rajadurai
d9826c571a Update README.md 
Updates to point to GHAS Capabilities, and tighter wording on License terms
 2021-05-13 13:17:16 +01:00
Alex Ford
0d1c4a1290 document that the WeakFilePermissions access predicate should return at most one value 2021-05-13 13:06:45 +01:00
Alex Ford
89be8d8710 Apply suggestions from code review 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2021-05-13 12:59:16 +01:00
Geoffrey White
123889a671 C++: Fix 'triple DES' false positives. 2021-05-13 10:21:06 +01:00
haby0
02e415045f Delete RedirectBuilderFlowConfig 2021-05-13 15:48:15 +08:00
Geoffrey White
40cf29b625 C++: Rearrange the library. 2021-05-13 08:39:37 +01:00
haby0
effa2b162a Add spring url redirection detect 2021-05-13 09:55:37 +08:00
Taus
79cfe5aca2 Python: Limit py/use-of-input to Python 2 2021-05-12 21:23:16 +00:00
Taus
fad55b3635 Python: Reimplement py/use-of-input 2021-05-12 21:09:51 +00:00
Evgenii Protsenko
470e3eb089 [python] ClickHouseDriver.qll: add support for subclasses 2021-05-13 00:03:53 +03:00
Erik Krogh Kristensen
34fbafafde remove redundant "put" case 2021-05-12 22:34:44 +02:00
Evgenii Protsenko
2efa0ad105 [C++] Implement module ClickHouseDriver.qll 2021-05-12 22:36:24 +03:00
Taus
fe12e620dd Python: Avoid clobbering range in test 
This was an unwanted interaction between two unrelated tests, so I
switched to a different built-in in the second test. I also added a test
case that shows an unfortunate side effect of this more restricted
handling of built-ins.
 2021-05-12 18:42:10 +00:00
Geoffrey White
0450caa73d C++: Exclude array initializers. 2021-05-12 19:39:30 +01:00
Geoffrey White
52a88af6c1 C++: Exclude macro invocations in switch case expressions. 2021-05-12 19:33:18 +01:00
Geoffrey White
9404d0676d C++: Exclude macros that don't generate anything. 2021-05-12 19:28:08 +01:00
Geoffrey White
b6d5f7c315 C++: Fix FPs caused by substring regexp. 2021-05-12 19:23:49 +01:00
Geoffrey White
109fa4d38e C++: Add test cases for BrokenCryptoAlgorithm.ql. 2021-05-12 19:16:00 +01:00
Taus
ff2b6b9737 Python: Correctly locate stores to built-ins 2021-05-12 18:07:18 +00:00
Tom Hvitved
ff06e724b1 AST synthesis framework 2021-05-12 19:58:52 +02:00
luchua-bc
4d014717b6 Add a change note and reset the qhelp file 2021-05-12 15:50:40 +00:00
Alex Ford
acdbd9859e simplify ExtractionError class defn 2021-05-12 16:45:31 +01:00
Alex Ford
11376bc411 note that severity 3 corresponds to an error diagnostic level 2021-05-12 16:39:51 +01:00
Alex Ford
0dad1a4779 use a case-split for diagnostic severity levels 2021-05-12 16:38:37 +01:00
Tom Hvitved
ea1c7b51ef Add more operator assignment tests 2021-05-12 17:24:11 +02:00
Mathias Vorreiter Pedersen
7d26aca793 C++: Add change-note. 2021-05-12 16:34:23 +02:00
Erik Krogh Kristensen
e0f78dde56 make the axios error catch match the non-error case 2021-05-12 16:23:37 +02:00
Mathias Vorreiter Pedersen
e94dab70b5 C++: Add sanitizers to cpp/uncontrolled-arithmetic. 2021-05-12 15:44:09 +02:00
Jonathan Leitschuh
48b50f93c2 Update java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2021-05-12 08:58:01 -04:00
Taus
3d30efed11 Python: Add exec as a shared built-in 
This is _slightly_ wrong, since `exec` isn't a built-in function in
Python 2. It should be harmless, however, since `exec` is a keyword,
and so cannot be redefined anyway.
 2021-05-12 11:07:16 +00:00
Anders Schack-Mulligen
7974e3ad38 Merge pull request #5883 from zbazztian/consider-boxed-booleans-to-avoid-xxe-fps 
Consider boxed booleans to avoid false positives for XXE.ql
 2021-05-12 12:51:22 +02:00
Tony Torralba
09b40601a7 Consider ExpressionAccessor 2021-05-12 12:32:38 +02:00
Sebastian Bauersfeld
b05512a958 Add change notes. 2021-05-12 16:58:24 +07:00
Taus
5c7e73d485 Python: Add exception types 2021-05-12 09:53:09 +00:00
Sebastian Bauersfeld
bf4d88175c Consider boxed booleans to avoid false positives for XXE.ql 2021-05-12 16:40:00 +07:00
Geoffrey White
8f152b7380 Merge pull request #5877 from MathiasVP/detect-more-abs-in-overflow-library 
C++: Detect more uses of `abs`
 2021-05-12 10:02:12 +01:00
Tom Hvitved
fc121e1cbd Merge pull request #5865 from tamasvajk/feature/remove-base-class-dependency-id 
C#: Remove base class from type IDs in trap files
 2021-05-12 10:30:31 +02:00
Taus
07a70af344 Python: Limit set of globals that may be built-ins 
I am very tempted to leave out the constants, or at the very least
`False`, `True`, and `None`, as these have _many_ occurrences in the
average codebase, and are not terribly useful at the API-graph level.

If we really do want to capture "nodes that refer to such and such
constant", then I think a better solution would be to create classes
extending `DataFlow::Node` to facilitate this.
 2021-05-12 08:19:35 +00:00
Tom Hvitved
961467e06e C#: Always pass /p:UseSharedCompilation=false to dotnet build in auto builder 2021-05-12 10:15:04 +02:00
Anders Schack-Mulligen
a247ae4357 Merge pull request #5843 from JLLeitschuh/feat/JLL/improve_kryo_support 
[Java] Fix Kryo FP & Kryo 5 Support
 2021-05-12 09:52:24 +02:00
Anders Schack-Mulligen
74ae2e0857 Merge pull request #5773 from hvitved/dataflow/aggressive-caching 
Data flow: Cache most language-dependent predicates
 2021-05-12 09:41:55 +02:00
haby0
12f47bcf24 Add UnsafeDeserialization 2021-05-12 12:37:16 +08:00
thank_you
3e25b14a68 Update NoSQLInjection.expected 2021-05-11 20:07:09 -04:00
Alex Ford
0016146e11 limit summary queries to files from within the source directory 2021-05-11 21:07:08 +01:00
Tamas Vajk
8e371fd05a Adjust expected IR test file 2021-05-11 21:54:05 +02:00
Alex Ford
49d9bb798c revamp the diagnostics tests 2021-05-11 19:53:00 +01:00
Alex Ford
9b115129fe move diagnostics queries to match other languages more closely 2021-05-11 19:53:00 +01:00