hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-22 01:43:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,692 Branches 161 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
asgerf
5df8583056 JS: Mention isUserControlledObject 2021-04-21 11:40:27 +01:00
asgerf
ff73c0b247 JS: Add section with access paths to cheat sheet 2021-04-21 11:40:27 +01:00
Alex Ford
4e119cc085 consider empty files (no ruby tokens) to have 0 lines 2021-04-21 11:29:55 +01:00
Alex Ford
a8597025aa fixed logic for line counting 2021-04-21 11:29:09 +01:00
edvraa
0590522e4b a deserializer 2021-04-21 13:29:00 +03:00
edvraa
3ac5f7bb18 Move RemoteSource and LocalSource to UnsafeDeserialization.qll 2021-04-21 13:27:26 +03:00
edvraa
452ec8c43f comments 2021-04-21 13:12:53 +03:00
edvraa
13655b5d80 Add RegExUtils 2021-04-21 13:08:35 +03:00
asgerf
f611d06ed0 JS: Add getALocalUse to cheat sheet 2021-04-21 10:53:10 +01:00
Alex Ford
bcc1be05de use explicit this prefixes in FileSystem.qll 2021-04-21 10:51:28 +01:00
Alex Ford
85ecacd858 make helper predicates private 2021-04-21 10:50:00 +01:00
Alex Ford
9d117d10b8 drop MetricFile class 2021-04-21 10:45:42 +01:00
Alex Ford
c6b6a83501 extend FLines* tests 2021-04-21 10:42:53 +01:00
Rasmus Wriedt Larsen
08e86fdfe5 JS: Make CredentialsFunctionName use nameIndicatesSensitiveData 
Someone from JS team needs to verify that this is actually OK.
 2021-04-21 11:38:52 +02:00
Rasmus Wriedt Larsen
e977d6eb75 JS: Rewrite to use notSensitiveRegexp 2021-04-21 11:36:39 +02:00
Rasmus Wriedt Larsen
b9a1a1fd5c JS: Rewrite to use nameIndicatesSensitiveData 
I added this predicate mostly because it was nice with an easy shortcut for it,
but also since I spotted the `CredentialsFunctionName` not checking agaisnt the
regexps in `notSensitive`, which looked suspicious. So the main goal of adding
`nameIndicatesSensitiveData` is that you don't accidentially forget to ensure
that the name doesn't match against `notSensitve`.
 2021-04-21 11:36:38 +02:00
Rasmus Wriedt Larsen
b6f8e5057b JS: Rewrite to use SensitiveDataClassification::password (and like) 2021-04-21 11:36:17 +02:00
Alex Ford
a1c91e28da move FLines* tests to a common directory 2021-04-21 10:34:58 +01:00
Rasmus Wriedt Larsen
94fec5f8b7 JS: Rewrite to use SensitiveDataClassification 2021-04-21 11:34:02 +02:00
Rasmus Wriedt Larsen
0d08718f08 JS: Adapt SensitiveActions to use shared lib 
Although there are warnings for the new deprecated classes/predicates, the test
in javascript/ql/test/library-tests/SensitiveActions/ passes 👍
 2021-04-21 11:34:01 +02:00
Rasmus Wriedt Larsen
775ed41592 Python: Update SensitiveDataHeuristics with newer JS version 
which also prompted me to rewrite the QLDoc for `nameIndicatesSensitiveData`
 2021-04-21 11:34:01 +02:00
Rasmus Wriedt Larsen
16b62486e9 Python: Extract SensitiveDataHeuristics to be shared with JS 
Initially I had called `nameIndicatesSensitiveData` for `maybeSensitiveName`,
which made the relationship with `maybeSensitive` and `notSensitive` quite
strange -- and therefore I added the more informative `maybeSensitiveRegexp` and
`notSensitiveRegexp`.

Although I'm no longer using `maybeSensitiveName`, and I no longer have a strong
argument for making this name change, I still like it. If someone thinks this is
a terrible idea, I'm happy to change it though 👍
 2021-04-21 11:31:28 +02:00
Alex Ford
fcd46025fe update metadata for FLines* queries 2021-04-21 10:28:20 +01:00
Arthur Baars
abb37e212a Merge pull request #165 from github/aibaars/methods 
Implement method lookup
 2021-04-21 11:24:20 +02:00
Arthur Baars
549e5ab9d6 Revert "Rename Method -> MethodDeclaration" 
This reverts commit d361ef37af.
 2021-04-21 10:50:47 +02:00
Arthur Baars
1245674df8 Add missing @id properties 2021-04-21 10:50:47 +02:00
Tamas Vajk
2a6f979ce6 C# Add line of code metric query 2021-04-21 10:42:06 +02:00
Anders Schack-Mulligen
9362ae0687 Merge pull request #5422 from tamasvajk/feature/sink-migration-ldap 
Java: Migrate LDAP injection sinks to CSV format
 2021-04-21 10:05:28 +02:00
Rasmus Wriedt Larsen
63a2657aef Merge branch 'main' into inline-taint-tests 2021-04-21 10:02:55 +02:00
Tom Hvitved
7080b256fb Merge pull request #5715 from hvitved/csharp/ssa/perf-tweaks 
C#: A few minor SSA performance tweaks
 2021-04-21 09:59:12 +02:00
Tom Hvitved
def62e8c22 Merge pull request #5718 from hvitved/csharp/hardcoded-cred-remove-cp 
C#: Remove CP from `HardcodedCredentials::getCredentialSink`
 2021-04-21 09:58:56 +02:00
Tom Hvitved
1ed11b297b Merge pull request #5725 from hvitved/csharp/dataflow/performance 
C#: Various data-flow performance tweaks
 2021-04-21 09:46:15 +02:00
haby0
84f00c21df update IfConditionSink. 2021-04-21 15:38:41 +08:00
Dave Bartolomeo
1d0cb0407d Merge from main 2021-04-20 23:37:04 -04:00
Dave Bartolomeo
b9da6ce04a C++: Prepare for merge of smart pointer models 2021-04-20 23:12:05 -04:00
Dave Bartolomeo
a447b049fc C++: Impoved alias analysis of smart pointers 2021-04-20 19:42:06 -04:00
Dave Bartolomeo
63fe4fb317 C++: More general model for pointer flow 2021-04-20 19:41:15 -04:00
Dave Bartolomeo
078d2522d2 C++: Add missing shared_ptr<T> members 2021-04-20 19:40:36 -04:00
Dave Bartolomeo
45968efd28 C++: Add shared test headers to emulate standard library types 2021-04-20 18:21:50 -04:00
intrigus
231b07795c Java: Ignore results in test directories. 2021-04-20 23:25:13 +02:00
intrigus
fcaf5e7657 Java: Plural type name -> singular type name. 2021-04-20 23:09:44 +02:00
intrigus
3acec94773 Java: Fix typos. 2021-04-20 23:04:06 +02:00
intrigus
149c4491ce Java: Simplify qldoc. 2021-04-20 23:03:10 +02:00
intrigus
9e4fa90f6e Java: Refer to Java types in qldoc instead of ql types. 2021-04-20 23:02:18 +02:00
intrigus
26502881d7 Java: Consistently use this in charpred. 2021-04-20 22:56:58 +02:00
yoff
0c4181178d Update python/ql/src/semmle/python/frameworks/Stdlib.qll 
Co-authored-by: Taus <tausbn@github.com>
 2021-04-20 22:15:09 +02:00
yoff
ef0ea247c4 Merge pull request #5679 from tausbn/python-fix-bad-points-to-joins 
Python: Fix bad points-to joins
 2021-04-20 21:19:32 +02:00
Asger Feldthaus
02707f0777 JS: informational -> info 2021-04-20 19:51:16 +01:00
Dave Bartolomeo
5085e462b0 C++: Allow alias propagation to/from side effects (part 1) 2021-04-20 14:09:41 -04:00
Dave Bartolomeo
01a95316c2 C++: Add Instruction::getAParameterSideEffect(). 2021-04-20 14:03:48 -04:00