github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
26 856 коммитов 1 544 Ветки 132 Теги 502 MiB
Граф коммитов

26856 Коммитов

Автор SHA1 Сообщение Дата
Mathias Vorreiter Pedersen 6853f491f4
Merge pull request #6794 from geoffw0/impropnullfp 
C++: Improvements to cpp/improper-null-termination
 2021-10-12 14:47:02 +01:00
Tom Hvitved 10739b11ee
Merge pull request #6841 from hvitved/dataflow/incorrect-summary-chaining 
Data flow: Add tests for missing summary flow
 2021-10-12 15:44:21 +02:00
Rasmus Lerchedahl Petersen 6c108e43d9 Python: address review 2021-10-12 15:16:48 +02:00
Rasmus Lerchedahl Petersen cf92e1eee7 Python: move getStringArgIndex 2021-10-12 15:11:00 +02:00
Chris Smowton 83c6406167
Update javadoc 2021-10-12 13:51:02 +01:00
Tom Hvitved cc305ed766 Data flow: Sync 2021-10-12 14:37:33 +02:00
Tom Hvitved 296e268339
Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-10-12 14:28:32 +02:00
Chris Smowton 3c96e62be7 Remove duplicate declaration 2021-10-12 12:35:05 +01:00
Chris Smowton 8816aa1431 Improve Android stub fidelity to the point that all relevant tests work 
Note these still aren't entirely mechanically generated stubs matching the real Android 9.
 2021-10-12 12:35:05 +01:00
Chris Smowton 205b6fe6d7 Fix bad merge on Uri.java 2021-10-12 12:35:05 +01:00
Chris Smowton 5da392ebfe Introduce TaintInheritingContent 2021-10-12 12:35:05 +01:00
Chris Smowton 1afc03b9b5 Remove redundant import 2021-10-12 12:35:05 +01:00
Chris Smowton 9e0b112f05 Remove now-unnecessary models and tests 2021-10-12 12:35:05 +01:00
Chris Smowton 490168fb05 Fix comments 2021-10-12 12:35:05 +01:00
Chris Smowton 1dffbcd0bd Fix tests disrupted by re-modelling and stubbing Android 9: 
* Account for changed dataflow graph shape using external flow
* Account for BaseBundle only existing as of Android 5
* Properly implement Parcelable, which we previously got away with due to a partial stub
* Restore an Android 11 function that had been added to the Android 9 Context class (I won't get into enforcing the difference in this PR)
 2021-10-12 12:35:05 +01:00
Chris Smowton 81c0e66b1d Add change note and update qhelp 2021-10-12 12:35:05 +01:00
Chris Smowton fc0b18cf61 Add tests for Android flow steps 2021-10-12 12:35:05 +01:00
Chris Smowton cd2c9e9ca3 Add Gson support to unsafe deserialization query 2021-10-12 12:35:04 +01:00
Anders Schack-Mulligen 6b4ca31783
Merge pull request #6849 from Marcono1234/marcono1234/improvements 
Java: Serialization query improvements
 2021-10-12 13:30:45 +02:00
Shati Patel 1c3239972c
Merge pull request #6854 from shati-patel/packaging-beta-note 
Docs: Update beta note for packaging
 2021-10-12 10:33:59 +01:00
Taus 75c4d6a8a0
Merge pull request #6650 from yoff/python-dataflow/init-time 
Python: Import time dataflow
 2021-10-12 11:31:03 +02:00
Rasmus Lerchedahl Petersen 61008fd3d0 Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection 2021-10-12 11:28:12 +02:00
Rasmus Lerchedahl Petersen b093aaaf27 Python: switch to type tracking 
for tracking compiled regexes
 2021-10-12 11:23:27 +02:00
yoff 43f7eede0b
Merge pull request #6182 from haby0/python/LogInjection 
Python: CWE-117 Log injection
 2021-10-12 10:54:45 +02:00
yoff c007c9460c
Merge pull request #6843 from RasmusWL/dataflow-bool-expr 
Python: Add data-flow for `x or y` and `x and y`
 2021-10-12 10:40:54 +02:00
Rasmus Lerchedahl Petersen f34d1ee997 Python: Update test expectation following rename 2021-10-12 10:36:18 +02:00
Tom Hvitved 97bbb12e06
Merge pull request #6838 from hvitved/csharp/enumerate-files-dir-not-found 
C#: Make `GetCSharpArgsLogs` robust against log directory not existing
 2021-10-12 10:00:27 +02:00
haby0 d52f95d24d Auto Formatting 2021-10-12 09:36:44 +08:00
Mathias Vorreiter Pedersen df8c399efb
Merge pull request #6710 from ihsinme/ihsinme-patch-70 
CPP: Add query for CWE-1041 Use of Redundant Code
 2021-10-11 17:17:01 +01:00
ihsinme 4334acb6f2
Update FindWrapperFunctions.qhelp 2021-10-11 18:40:03 +03:00
Tony Torralba a8aa8e3bb4 Use InlineExpectationsTest directly 2021-10-11 16:38:20 +02:00
yoff 0629ce00de
Merge pull request #6214 from haby0/python/ClientSuppliedIpUsedInSecurityCheck 
[Python] CWE-348:  Client supplied ip used in security check
 2021-10-11 16:38:04 +02:00
Geoffrey White ac6acfb660 C++: Use data flow. 2021-10-11 15:36:00 +01:00
Owen Mansel-Chan 058a04f756
Merge pull request #6795 from owen-mc/inline-expectation-test-trivial-change 
Change class name in InlineExpectationTest to avoid clash
 2021-10-11 15:35:17 +01:00
shati-patel c7fbddce54
Docs: Update beta note for packaging 2021-10-11 15:02:25 +01:00
Marcono1234 ba0dbd5871 Java: Improve IncorrectSerializableMethods.ql; address review comments 2021-10-11 14:29:10 +02:00
Rasmus Lerchedahl Petersen 19f6cc00c8 Python: rewrite import time test 2021-10-11 14:28:25 +02:00
yoff 5aee715931
Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-11 13:00:21 +02:00
Tom Hvitved 68ea3e7b49 Data flow: Add debugging predicates for rendering data flow graphs for summarized callables 2021-10-11 11:29:08 +02:00
Tom Hvitved d5955f1ae1 Java: Add test for missing summary flow 2021-10-11 11:29:08 +02:00
Tom Hvitved 30bf2aade4 C#: Add test for missing summary flow 2021-10-11 11:29:08 +02:00
Tom Hvitved 61973c399e C#: Make `GetCSharpArgsLogs` robust against log directory not existing 2021-10-11 11:28:49 +02:00
Tom Hvitved c75e2d306d
Merge pull request #6852 from hvitved/csharp/interpret-element0-bad-magic 
C#: Avoid bad magic in `interpretElement0`
 2021-10-11 11:27:35 +02:00
haby0 c2d0fcfbe6
Update python/ql/test/experimental/query-tests/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-11 16:46:02 +08:00
haby0 29ddc76e2f
Update python/ql/test/experimental/query-tests/Security/CWE-117/LogInjection.expected 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-11 16:43:30 +08:00
Rasmus Wriedt Larsen 8444388ec7 Python: Update `.expected` 2021-10-11 09:48:56 +02:00
Rasmus Wriedt Larsen 1552c108b0
Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-11 09:34:15 +02:00
Tom Hvitved b05d76a131 C#: Avoid bad magic in `interpretElement0` 2021-10-11 09:30:52 +02:00
Tony Torralba 0919746f1a
Merge pull request #6844 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-10-11 09:25:46 +02:00
github-actions[bot] ea0a0522a7 Add changed framework coverage reports 2021-10-11 00:08:32 +00:00