hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 01:01:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,689 Branches 159 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
2f4a22c86c Merge pull request #6112 from jorgectf/jorgectf/python/deserialization 
Python: Port and extend XXE modeling
 2022-03-14 11:59:28 +01:00
Erik Krogh Kristensen
8515a70fe6 JS: fix all ql/no-upper-case-variables 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
02127b40cd PY: fix all ql/no-upper-case-variables 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
83f26eb833 rename all upper-case variables to start with a lower-case letter 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
4f0d4ecf6e QL: add no-uppercase-variables query 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
7d6700a943 Merge branch 'main' into depMore 2022-03-14 11:49:18 +01:00
Erik Krogh Kristensen
c06336480c add change note 2022-03-14 11:41:53 +01:00
Erik Krogh Kristensen
bbb2847ec1 Merge pull request #8323 from erik-krogh/acronyms 
Enforcing consistent casing of acronyms
 2022-03-14 11:38:25 +01:00
Jeroen Ketema
c832b21fbe Add change notes for changes to the taint tracking library 2022-03-14 10:38:48 +01:00
Erik Krogh Kristensen
6d66ea4253 also deprecate the definitionReaches predicate, it was only used in a test 2022-03-14 10:14:15 +01:00
Erik Krogh Kristensen
54760081dc add pointers to the qldoc of deprecated predicates 2022-03-14 10:10:38 +01:00
Alex Ford
6eca036b44 Ruby: Add qldoc for Cryptography module (from python version) 2022-03-14 08:57:13 +00:00
Tony Torralba
1f4f4207b5 Add missing security-severity scores 2022-03-14 09:50:14 +01:00
Tom Hvitved
06b8f74644 C#: Avoid combinatorial explosion in structural comparison library 
In cases where the target of a call/access has multiple values (which is a DB
inconsistency), the GVN construction underlying the structural comparision library
may run into a combinatorial explosion. This change excludes such expressions from
the GVN construction.
 2022-03-14 09:07:45 +01:00
ihsinme
62381d0762 Update test.cpp 2022-03-14 09:36:28 +03:00
ihsinme
de92356c88 Update InsecureTemporaryFile.expected 2022-03-14 09:35:03 +03:00
ihsinme
1db759cc4d Update InsecureTemporaryFile.ql 2022-03-14 09:33:08 +03:00
4B5F5F4B
597603a3a6 Create cve-2017-5123.ql 
Add query to detect CVE-2017-5123
 2022-03-14 09:44:30 +08:00
4B5F5F4B
4030561eb7 Delete CVE 2022-03-14 09:43:04 +08:00
4B5F5F4B
880c12bd34 Create CVE 2022-03-14 09:42:40 +08:00
Erik Krogh Kristensen
8f86b067e7 deprecate the unused localTaintStep and stringStep predicates 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
cc231fef4c deprecate some unused predicate in DefUse.qll 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
c0a63beec1 deprecate unused document predicates in DOM.qll 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
5e52a71091 remove test .qll files that weren't imported 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
4fc85a791d deprecate DefiningIdentifier, it was not used in any query 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
9cf0a94e4d use some Sanitizer classes that were unused in the query code 2022-03-13 23:54:53 +01:00
Alex Ford
fc232ce55f Ruby: changenote for rb/weak-cryptographic-algorithm 2022-03-13 21:25:28 +00:00
Alex Ford
94d5f3bb1f Ruby: Add rb/weak-cryptographic-algorithm query 2022-03-13 21:25:28 +00:00
Alex Ford
40b87e6df7 Ruby: tests for rb/weak-cryptographic-algorithm 2022-03-13 21:25:24 +00:00
Alex Ford
446141ada3 Ruby: qhelp for rb/weak-cryptographic-algorithm 2022-03-13 21:25:12 +00:00
Alex Ford
4234cfeeec Ruby: model CipherOperations for OpenSSL 2022-03-13 21:21:52 +00:00
Alex Ford
489391eb4c Ruby: add CryptographicOperation concept 2022-03-13 21:21:52 +00:00
Dave Bartolomeo
afa3399e27 Zero diffs between Java AST and Semantic range analysis 2022-03-13 13:38:21 -04:00
jorgectf
ded9663f2b Finish taint steps 2022-03-13 13:59:03 +01:00
Dave Bartolomeo
8b4d6a26ef Performance improvements for semantic layer construction 2022-03-12 11:28:12 -05:00
p0wn4j
ee67d27b56 Java: Add JDBC connection SSRF sinks 2022-03-12 16:35:32 +04:00
Arthur Baars
f59f36b863 Use RUNNER_TEMP instead of runner.temp 2022-03-11 21:13:41 +01:00
Joe Farebrother
b924de631f Add change note, minor docs improvement 2022-03-11 17:58:52 +00:00
Ahmed Farid
3c9de6f488 Update Zip.qll 2022-03-11 18:50:37 +01:00
Joe Farebrother
594d51e84d Exclude constants 2022-03-11 17:45:42 +00:00
Joe Farebrother
06f2c03828 Add tests 2022-03-11 17:44:52 +00:00
Arthur Baars
7da0889813 Update check-qldoc.yml 2022-03-11 17:45:23 +01:00
Arthur Baars
e1f9eca272 Update check-qldoc.yml 2022-03-11 17:44:55 +01:00
Jonathan Leitschuh
50ff2c2c68 Code cleanup from code review 2022-03-11 11:44:15 -05:00
Robert Marsh
5c04516179 Merge pull request #8390 from redsun82/remove-unique-from-uuid 
C++: Remove uniqueness constraint from uuid
 2022-03-11 11:08:34 -05:00
Alex Ford
808cc9cf35 Merge pull request #8396 from alexrford/ruby/charpred-only-field 
Ruby: resolve `ql/field-only-used-in-charpred` alerts
 2022-03-11 15:48:05 +00:00
Erik Krogh Kristensen
fa37ece593 Merge pull request #8408 from erik-krogh/pathProblem 
QL: make a query checking for `edges` relation in a path-problem query
 2022-03-11 16:27:46 +01:00
Erik Krogh Kristensen
14e0d387e7 add a ql/path-problem-query query 2022-03-11 16:06:27 +01:00
Alex Ford
757aa294aa Update ruby/ql/lib/codeql/ruby/ast/internal/Scope.qll 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-11 14:53:02 +00:00
Tony Torralba
c49d19eb0f Merge pull request #8407 from smowton/smowton/admin/revert-8325 
Java: Revert #8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue
 2022-03-11 14:55:10 +01:00