hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1526 Commits

Author SHA1 Message Date
github-actions[bot]
c14ba0e4bd Release preparation for version 2.18.2 2024-08-06 12:46:15 +00:00
Owen Mansel-Chan
572c773345 Change provenance for MaD models that use package grouping 2024-08-06 13:13:39 +01:00
Owen Mansel-Chan
b95189d132 Merge branch 'main' into go/gokogiri/update-import-paths 2024-08-01 16:30:52 +01:00
Owen Mansel-Chan
c75db669ed Add import path for gokogiri 2024-08-01 15:21:24 +01:00
Owen Mansel-Chan
62adb31ca6 Add more import paths for xmlpath 2024-08-01 14:52:19 +01:00
Owen Mansel-Chan
9d866192a6 Add paths from QL models to MaD models 2024-08-01 14:52:18 +01:00
Owen Mansel-Chan
e4cd29efc6 Fix missing go-jose package path 2024-07-31 11:09:53 +01:00
Owen Mansel-Chan
9cb01d4573 Merge branch 'main' into go/mad/convert-sinks 2024-07-30 08:03:18 +01:00
Owen Mansel-Chan
a6cb511ed7 Convert XPath injection sinks to MaD 2024-07-25 12:56:06 +01:00
Owen Mansel-Chan
78b66abad3 Convert existing credentials sinks to MaD 
I checked that the tests failed when I removed the classes and passed
again when I add the MaD models.
 2024-07-25 12:53:16 +01:00
Owen Mansel-Chan
93c9910e6f Convert go/request-forgery sinks to MaD 2024-07-25 12:53:15 +01:00
Owen Mansel-Chan
f7d681516a Allow MaD sinks for go/request-forgery 
Request forgery sinks which have `getRequest` different from the sink
itself cannot be modeled using models-as-data.
 2024-07-25 12:53:14 +01:00
Anders Schack-Mulligen
7a48fe1102 Dataflow: Replace ppReprType with DataFlowType.toString. 2024-07-25 13:08:47 +02:00
github-actions[bot]
49cc8f8ff8 Post-release preparation for codeql-cli-2.18.1 2024-07-22 22:00:48 +00:00
github-actions[bot]
368bcb684a Release preparation for version 2.18.1 2024-07-22 21:30:50 +00:00
Chuan-kai Lin
23320b6e5e Revert "Release preparation for version 2.18.1" 2024-07-22 13:22:49 -07:00
github-actions[bot]
55935fc123 Release preparation for version 2.18.1 2024-07-22 14:56:15 +00:00
Michael Nebel
2796597d1a Code quality improvements. 2024-07-19 09:36:17 +02:00
Michael Nebel
ca4bd0c606 C#/Java/Go: Neutrals are split into seperate classes. 2024-07-18 16:29:38 +02:00
Owen Mansel-Chan
fc17b905f0 Convert WebSocketReaderAsSource to MaD 2024-07-18 10:53:13 +01:00
Owen Mansel-Chan
6b52cd4957 Do not use "request" threat model kind 
It is not supported yet.
 2024-07-17 12:12:00 +01:00
Owen Mansel-Chan
cfdd48711b Convert Fasthttp::RequestHeader::RemoteFlowSource to MaD 2024-07-17 12:11:59 +01:00
Owen Mansel-Chan
abeca3d9f9 Convert Fasthttp::RequestCtx::RemoteFlowSource to MaD 2024-07-17 12:11:58 +01:00
Owen Mansel-Chan
729069e3d9 Convert Fasthttp::Request::RemoteFlowSource to MaD 2024-07-17 12:11:57 +01:00
Owen Mansel-Chan
c3169d258f Convert Fasthttp::Args::RemoteFlowSource to MaD 2024-07-17 12:11:57 +01:00
Owen Mansel-Chan
5a00b5ec96 Convert Fasthttp::URI::RemoteFlowSource to MaD 2024-07-17 12:11:56 +01:00
Owen Mansel-Chan
4c3220ea9d Use package grouping in models for gocb 2024-07-17 10:36:38 +01:00
Owen Mansel-Chan
4b2075bfb1 Split models for separate protobuf packages into separate files 2024-07-17 10:36:37 +01:00
Owen Mansel-Chan
aa0749e4ba Use package grouping for go-jose/jwt models 2024-07-17 10:36:37 +01:00
Owen Mansel-Chan
e6c7e1a0bc Merge pull request #16990 from owen-mc/go/change-string-prefix-check 
Go: Change string prefix check
 2024-07-17 09:57:45 +01:00
Owen Mansel-Chan
535b4ea986 Convert net/http UserControlledRequestField sources to MaD 2024-07-16 16:53:02 +01:00
Owen Mansel-Chan
873fd6646b Convert Revel::UserControlledRequestMethod sources to MaD 2024-07-16 16:53:01 +01:00
Owen Mansel-Chan
034f2d4221 Convert Revel field read sources to MaD 2024-07-16 16:53:01 +01:00
Owen Mansel-Chan
2da1de7b13 Use packageGrouping in Revel models 2024-07-16 16:53:00 +01:00
Owen Mansel-Chan
8647f69720 Change string prefix check 
This avoids putting all the prefixes in the string pool.
 2024-07-16 15:56:28 +01:00
Owen Mansel-Chan
ca06589386 Make comments clearer 2024-07-16 12:14:21 +01:00
Owen Mansel-Chan
124567caa4 Convert Mux::RequestVars to MaD 2024-07-16 11:18:19 +01:00
Owen Mansel-Chan
b3744ef230 Sort Gin source models 2024-07-16 11:18:18 +01:00
Owen Mansel-Chan
061c187a8e Convert GithubComGinGonicGinContextBindSource to MaD 2024-07-16 11:18:18 +01:00
Owen Mansel-Chan
ef833de123 Convert GithubComGinGonicGinContextSource to MaD 2024-07-16 11:18:17 +01:00
Owen Mansel-Chan
06a2a40f50 Convert GoRestfulReadEntitySource to MaD 2024-07-16 11:18:16 +01:00
Owen Mansel-Chan
7bfa4c1947 Convert GoRestfulSource to MaD 2024-07-16 11:18:14 +01:00
Anders Schack-Mulligen
0fb27fb6fc Merge pull request #16979 from aschackmull/dataflow/internsets 
Dataflow: Replace MakeSets with QlBuiltins::InternSets.
 2024-07-16 10:47:07 +02:00
Anders Schack-Mulligen
da5abc8321 Dataflow: Replace MakeSets with QlBuiltins::InternSets. 2024-07-15 13:35:57 +02:00
Owen Mansel-Chan
99ed3c2ac1 Convert ElazarlGoproxy::UserControlledRequestData to MaD 2024-07-14 14:28:48 +01:00
Owen Mansel-Chan
2ec64a9ca8 Convert EchoContextBinder to MaD 2024-07-14 14:28:47 +01:00
Owen Mansel-Chan
3fc598dbe9 Convert EchoContextSource to MaD 2024-07-14 14:28:46 +01:00
Owen Mansel-Chan
5b38d51f62 Convert Chi::UserControlledMethod to MaD 2024-07-14 14:28:46 +01:00
Owen Mansel-Chan
3bd4a203bb Convert Chi::UserControlledFunction to MaD 2024-07-14 14:28:44 +01:00
Owen Mansel-Chan
2c7fbda2ec Accept review suggestion for QLDoc 2024-07-10 16:48:11 +01:00