hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,697 Branches 161 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
aa3ae0f567 Remove calls to deprecated predicates 2020-12-04 13:28:14 +01:00
Jonas Jensen
9cf318b72c C++: Autoformat the new query 
Tweak whitespace, also in the alert message.
 2020-12-04 13:27:07 +01:00
Rasmus Wriedt Larsen
4ead118a31 Python: Add class based route handler in django tests 
Disabled CSRF middleware for now, since it blocked my debugging curl POST requests :(
 2020-12-04 13:27:01 +01:00
Tamas Vajk
d55fbc8a05 Add test cases for safe API calls 2020-12-04 13:26:53 +01:00
Tamas Vajk
24670160c2 Address code review findings 2020-12-04 13:26:53 +01:00
Tamas Vajk
cd5c1f06ee C#: Add queries to check untrusted data flow to external APIs 2020-12-04 13:26:53 +01:00
Tom Hvitved
9afce31e92 C#: Add one more CFG test for nested finally blocks 2020-12-04 13:26:00 +01:00
Jonas Jensen
bf88df8134 C++: CRLF -> LF line endings 2020-12-04 13:25:32 +01:00
Tom Hvitved
37f32f4014 C#: Improve join-order in DefaultToString.qll 2020-12-04 13:05:53 +01:00
Rasmus Wriedt Larsen
ffdbecfbb7 Python: Simplify getARouteHandler for Django 2020-12-04 11:29:52 +01:00
Arthur Baars
1d502cb40d Merge pull request #63 from github/aibaars/fix-warnings 
Fix warnings and make imports private
 2020-12-04 10:43:01 +01:00
CodeQL CI
0f5f0ed99e Merge pull request #4776 from asgerf/js/electron-openshell 
Approved by erik-krogh
 2020-12-04 09:12:44 +00:00
Asger F
22dbaf28ab Merge pull request #4709 from asgerf/js/typescript-4.1 
JS: Support for TypeScript 4.1
 2020-12-04 09:10:14 +00:00
Asger Feldthaus
f0516dd9e0 JS: Address review comments 2020-12-04 09:07:44 +00:00
Jonas Jensen
b4be72268d Merge pull request #4722 from rdmarsh2/rdmarsh2/cpp/range-analysis-overflow-perf 
C++: Filter out lower bounds on overflowing exprs
 2020-12-04 08:29:21 +01:00
ihsinme
69ed608a11 Update UnsignedDifferenceExpressionComparedZero.ql 2020-12-04 09:47:11 +03:00
Robert Marsh
b45f7846db C++: autoformat 2020-12-03 15:48:42 -08:00
Erik Krogh Kristensen
cc98c41dd6 revert marking repetitions with possibly empty body as forks 2020-12-03 20:08:07 +01:00
Geoffrey White
13d9d5dc45 C++: Use [,] more in general. 2020-12-03 18:50:43 +00:00
Arthur Baars
c1f1efb16b Merge pull request #62 from github/aibaars/update-grammar 
Update tree-sitter grammar
 2020-12-03 19:14:13 +01:00
Arthur Baars
22fd8908c5 Use private imports 
No need to have everyting re-export the entire AST
 2020-12-03 19:13:05 +01:00
Arthur Baars
582b00ef07 Fix warnings 2020-12-03 19:05:49 +01:00
Arthur Baars
dd3f94a3e2 Update tree-sitter grammar 2020-12-03 18:50:47 +01:00
Geoffrey White
2a4fba0ff9 C++: Use [,] more in models. 2020-12-03 17:27:31 +00:00
Nick Rolfe
b0227a7ee1 Merge pull request #60 from github/aibaars/osx-gnutar 
Workaround for broken cache on OSX
 2020-12-03 16:10:10 +00:00
Erik Krogh Kristensen
47488f86b5 update test 2020-12-03 16:58:08 +01:00
Erik Krogh Kristensen
3bad75dae5 better support for forms in js/xss-through-dom 2020-12-03 16:57:41 +01:00
Arthur Baars
c69f64fb4f Workaround for broken cache on OSX 2020-12-03 16:40:37 +01:00
Asger Feldthaus
20d9848f07 JS: Add test case 2020-12-03 15:08:43 +00:00
Asger Feldthaus
68d2bc861d JS: Update test expectations 2020-12-03 15:01:50 +00:00
Asger Feldthaus
e66a49bea6 JS: Change note 2020-12-03 13:58:40 +00:00
Asger Feldthaus
ec6b8d6d3a JS: Remove old workaround for template literals in import 2020-12-03 13:58:40 +00:00
Asger Feldthaus
757398f5fd JS: Add upgrade script and stats 2020-12-03 13:58:39 +00:00
Asger Feldthaus
3b3052d792 JS: Autoformat 2020-12-03 13:58:39 +00:00
Asger Feldthaus
5676891e44 JS: Add TemplateLiteralTypeExpr 2020-12-03 13:58:39 +00:00
Asger Feldthaus
9da5c5cc70 JS: Update to TypeScript 4.1.2 2020-12-03 13:58:39 +00:00
Asger F
254072dd6d Merge pull request #4546 from toufik-airane/main 
JS: Add ElectronShellOpenExternalSink class for Electron framework security
 2020-12-03 13:20:46 +00:00
Rasmus Wriedt Larsen
a9ce067e15 Python: Add examples of Path Injection FPs seen 
Not quite sure how to deal with these cases of safe if UNIX-only, otherwise not
safe.

If/when we actually try to deal with these, we also need to figure that
out. We _could_ split this queyr into 3: (1) for path injection on any
platform, (2) path injection on windows, (3) path injection on UNIX. Then
UNIX-only projects could disable the path-injection on windows query. -- that's
my best idea, if you have better ideas, DO tell 👍
 2020-12-03 13:41:55 +01:00
Rasmus Wriedt Larsen
e8f63311ac Python: Model abspath and realpath (for Path Injection) 2020-12-03 13:41:54 +01:00
Rasmus Wriedt Larsen
bd5cf80352 Python: Add Path Injection tests for realpath and abspath 
Not supported currently
 2020-12-03 13:41:53 +01:00
Rasmus Wriedt Larsen
e53ed478ab Python: Highlight os.path.join behavior with absolute paths 2020-12-03 13:41:52 +01:00
Rasmus Wriedt Larsen
4d9f24a24c Python: Rewrite path injection tests 
To match how you would normally structure your application code. In itself not
that important, but makes it easier to add more tests :)
 2020-12-03 13:41:26 +01:00
Tamás Vajk
3eb55ddc0b Merge pull request #4704 from tamasvajk/feature/stats2 
C#: Update DB stats file
 2020-12-03 13:13:43 +01:00
Mathias Vorreiter Pedersen
1142a79ad5 Merge pull request #4766 from criemen/cleanup-flow-tests 
C++: Cleanup data/taint flow tests
 2020-12-03 10:10:39 +01:00
CodeQL CI
edbbc846d0 Merge pull request #4753 from max-schaefer/js/more-nosql-query-args 
Approved by asgerf, mchammer01
 2020-12-03 08:46:47 +00:00
Tamás Vajk
04bacf4347 Merge pull request #4760 from tamasvajk/feature/cil-debug-build 
C#: Fix CIL trap file writing in debug mode
 2020-12-02 22:08:22 +01:00
Nick Rolfe
492f7d1987 Merge pull request #59 from github/bump_ts 
Bump to latest tree-sitter-ruby revision
 2020-12-02 20:04:12 +00:00
Aditya Sharad
2484941330 Merge pull request #4770 from github/adityasharad/rc/pin-sphinx-version 
Actions: Pin to fixed version of Sphinx Action
 2020-12-02 10:41:36 -08:00
Aditya Sharad
771425e860 Actions: Run query help workflow on PRs that modify it 2020-12-02 10:00:55 -08:00
Aditya Sharad
38ab87e5b1 Actions: Pin to fixed version of Sphinx Action 
Better for security to fix the commit SHA of the external Action, rather than specifying a branch or tag.
 2020-12-02 09:56:25 -08:00