hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 17:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,692 Branches 161 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
824c243268 C#: Add change note 2021-04-26 10:50:17 +02:00
Mathias Vorreiter Pedersen
772d5eacca C++: Add change note. 2021-04-26 09:55:32 +02:00
Erik Krogh Kristensen
4e8ae77b6f cache more predicates 2021-04-26 08:57:20 +02:00
ihsinme
98f7f70814 Add files via upload 2021-04-25 22:35:40 +03:00
ihsinme
50c63a88c3 Add files via upload 2021-04-25 22:34:41 +03:00
ihsinme
c1d125b378 Add files via upload 2021-04-25 22:25:17 +03:00
ihsinme
f2b2300da9 Add files via upload 2021-04-25 22:23:31 +03:00
intrigus
b1a3633495 Java: Remove redundant condition + docs. 2021-04-23 22:06:04 +02:00
Rasmus Lerchedahl Petersen
7cc97836a9 Python: More cleanup from reviewer suggestions 2021-04-23 20:26:13 +02:00
Chris Smowton
78b9682a4e Fix dead links in JS externs too 2021-04-23 15:46:48 +01:00
Tamás Vajk
a7030c7fed Merge pull request #5308 from tamasvajk/feature/flow-sources-sinks 
C#: Add Console.Read* to local flow sources
codeql-cli/v2.5.3 codeql-cli/v2.5.4 		2021-04-23 16:36:16 +02:00
Tamás Vajk
c3058f4744 Merge pull request #5749 from tamasvajk/feature/fix-fromsource 
C#: Adjust 'fromSource' to hold only on files passed to the compiler as a source file
 2021-04-23 16:35:40 +02:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Tom Hvitved
004450b201 C#: Add missing StringBuilder flow summaries 2021-04-23 16:17:49 +02:00
Mathias Vorreiter Pedersen
86822f6c61 C++: Exclude pointer results from cpp/integer-overflow-tainted. 2021-04-23 16:01:53 +02:00
Mathias Vorreiter Pedersen
3cf4f1f956 C++: Accept test changes. 2021-04-23 16:00:23 +02:00
Shati Patel
6f2103f312 Merge pull request #5722 from github/tamasvajk-patch-1 
C#: Add Dapper to supported frameworks
 2021-04-23 14:32:22 +01:00
Jonas Jensen
9b5bb95766 Merge pull request #5696 from jbj/reapply-inconsistency-workaround 
Revert "Revert "C++: Work around extractor issue CPP-383""
 2021-04-23 14:49:32 +02:00
Asger Feldthaus
0da0670a79 JS: Add Nest.js to list of supported framworks 2021-04-23 13:15:35 +01:00
Asger Feldthaus
71e3041370 JS: Fewer spurious reflected xss sinks 2021-04-23 13:15:35 +01:00
Asger Feldthaus
4f53a1ab40 JS: Cache ClassNode::Range 2021-04-23 13:15:35 +01:00
Asger Feldthaus
d0b8b32345 JS: Add change notes 2021-04-23 13:15:35 +01:00
Asger Feldthaus
671e968936 JS: Model NestJS 2021-04-23 13:15:35 +01:00
Anders Schack-Mulligen
bc8c55836a Merge pull request #5743 from aschackmull/java/flow-summary-tweaks 
Java/C#: Move a couple of flow summary tweaks to the shared implementation.
 2021-04-23 13:46:04 +02:00
Tamas Vajk
1b4c3c7415 Fix code review findings 2021-04-23 13:44:34 +02:00
Tamás Vajk
819be43ce7 Fix alphabetical order of supported frameworks 2021-04-23 13:41:59 +02:00
Tamas Vajk
b4bd7af9c8 Add change note 2021-04-23 13:40:12 +02:00
Tamas Vajk
e3f10c0e32 Cleanup DiagnosticError classes 2021-04-23 13:37:42 +02:00
Rasmus Wriedt Larsen
deb3db3f95 Python: Add non-alert data for extractor diagnostics 
This is basically just a port of the C++/JS queries added in:

- https://github.com/github/codeql/pull/5414 (C++)
- https://github.com/github/codeql/pull/5656 (JS)

SyntaxError should capture all errors we have information about. At least in
`python/ql/src/semmlecode.python.dbscheme` the only match for `error` is
`py_syntax_error_versioned` (which `SyntaxError` is based on).
 2021-04-23 13:29:44 +02:00
Rasmus Wriedt Larsen
354dee1b09 Python: Add non-alert data for lines of code 
`py/summary/lines-of-code` is just a port of the C++/JS queries added in:

- https://github.com/github/codeql/pull/5271 (C++)
- https://github.com/github/codeql/pull/5304 (JS)

We are the first to implement the `lines-of-user-code` query, so nothing to
compare with in other languages -- but it makes a lot of sense to do for Python 👍
 2021-04-23 13:22:18 +02:00
Asger Feldthaus
109d1ad27f JS: Model fs.promises 2021-04-23 11:59:48 +01:00
Asger Feldthaus
822d4525af JS: Drive-by change in LogInjection 2021-04-23 11:59:48 +01:00
Asger Feldthaus
ad12f383d9 JS: Reduce reliance on RouteHandler in Express model 2021-04-23 11:59:48 +01:00
Tamás Vajk
43dc9bbc94 Merge pull request #5744 from tamasvajk/feature/java-loc 
Java: Introduce LoC summary metric query
 2021-04-23 11:39:42 +02:00
Mathias Vorreiter Pedersen
e6077127be C++: Only unary and binary arithmetic operations and left shifts are now 
reported as overflowing when we cannot analyze them.
 2021-04-23 11:13:34 +02:00
Tom Hvitved
956507b5fa C#: Add guards stress test 2021-04-23 10:25:31 +02:00
yoff
1954c0ba84 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-04-23 10:20:18 +02:00
Tom Hvitved
4c597dd467 C#: Improve performance of guards library 2021-04-23 10:09:43 +02:00
Jonas Jensen
6de5b3021e C++: Replace Jira ticket reference with GH issue 2021-04-23 09:58:39 +02:00
Jonas Jensen
6e059ea002 C++: Remove reference to obsolete issue CPP-383 2021-04-23 09:58:15 +02:00
Shati Patel
96a4d91a6c Merge pull request #5731 from shati-patel/docs/unbind-pragmas 
Docs: New "directional binding" pragmas
 2021-04-23 08:37:02 +01:00
intrigus
98dcd4e52b Java: Tighten definition of sink. 2021-04-23 00:14:48 +02:00
CodeQL CI
635fb4c25a Merge pull request #5685 from erik-krogh/markdownIt 
Approved by asgerf
 2021-04-22 14:55:31 -07:00
intrigus
a385b30c29 Java: Factor common expr into class. 2021-04-22 23:51:27 +02:00
intrigus-lgtm
958e2fab05 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-22 23:36:17 +02:00
Dave Bartolomeo
3b04bedee0 Stub out additional bits of Alias model for C# 2021-04-22 17:19:00 -04:00
Dave Bartolomeo
5d0a4cae90 C++: Add {AllAliased} side effects for smart pointers 
Smart pointer constructors, assignments, and `reset()` can actually have fairly large side effects, especially with custom deleters, destructors for objects being destroyed, and so on. I've re-introduced `{AllAliased}` side effects for these functions. There was no immediate effect on analysis results.
 2021-04-22 16:51:36 -04:00
Taus
3e4ff9e472 Merge pull request #5742 from RasmusWL/django-3.2 
Python: Add support for new features in Django 3.2
 2021-04-22 17:39:02 +02:00
Rasmus Wriedt Larsen
f9383a31bf Python: Fix BrokenCryptoAlgorithm.qhelp 2021-04-22 15:58:28 +02:00
Rasmus Wriedt Larsen
222c087e8c Python: Remove type-tracking performance workaround 
Since we shouldn't need it anymore (yay)
 2021-04-22 15:31:49 +02:00