hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1526 Commits

Author SHA1 Message Date
amammad
20a3211d06 move sanitizers from sharedxss::sanitizer to EscapeFunction::Range, added proper inline tests 2023-12-06 16:19:34 +01:00
amammad
3e0ed0090f added BodyWriter Sink, added proper content-type header in tests to comply new changed xss strategy 2023-12-06 16:00:36 +01:00
amammad
d3099ff482 fix tests, move from SharedXss::Sink to Http::* classes 2023-12-06 15:52:50 +01:00
Anders Schack-Mulligen
67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
amammad
ffe2e398c9 fix tests, add support for Response.BodyWriter() Thanks to @owen-mc 2023-11-25 15:36:37 +01:00
amammad
accc09fd8c Lists of strings should be in alphabetical order. In a QLDoc, there should be a full stop at the end of each sentence. shorter model summary. change target from getACall() to getACall().getResult(.). better tests 2023-11-25 13:36:06 +01:00
Owen Mansel-Chan
6f9a70475d Merge pull request #14882 from owen-mc/go/minor-fixes 
Go: improve CallNode documentation
 2023-11-24 10:36:07 +00:00
Owen Mansel-Chan
25a2aef623 Update library name in change note 2023-11-23 13:42:21 +00:00
Owen Mansel-Chan
25d5104468 Change how we refer to a query in a change note 2023-11-23 13:22:05 +00:00
Owen Mansel-Chan
dd8fb29a65 Improve QLDocs of CallNode and MethodCallNode 
When a function is assigned to a variable and called through that
variable then we can't always tell it was a method.
 2023-11-22 16:32:10 +00:00
Kevin Stubbings
d7e2fbc11d Finish 2023-11-21 14:27:17 -08:00
Owen Mansel-Chan
b147bacd48 Merge branch 'main' into amammad-go-fastHttp 2023-11-21 21:36:11 +00:00
amammad
2ad59a5403 fix SSRF sinks 2023-11-21 18:46:35 +01:00
Owen Mansel-Chan
d26dc68baa Merge pull request #14798 from owen-mc/go/improve-value-flow-through-slice-exprs 
Go: model value flow with array content through slice expressions
 2023-11-21 11:50:08 +00:00
Kevin Stubbings
9958ad904c thesame 2023-11-20 23:40:55 -08:00
Kevin Stubbings
28288e0d23 basic2 2023-11-20 23:40:55 -08:00
Kevin Stubbings
3b78477406 Basics 2023-11-20 23:40:55 -08:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Owen Mansel-Chan
1ac3a9e8d3 Add change note 2023-11-15 15:12:58 +00:00
Owen Mansel-Chan
aaa8f9c41f Add read and store steps for SliceElementNode 2023-11-15 14:58:23 +00:00
Owen Mansel-Chan
2b897a9825 Add synthetic SliceElementNode 2023-11-15 14:58:21 +00:00
Owen Mansel-Chan
83d1fc33e1 Add change note 2023-11-14 23:16:32 +00:00
Owen Mansel-Chan
45faed057c Improve SliceExpr documentation 2023-11-14 11:25:16 +00:00
Owen Mansel-Chan
ed349f7d6b Improve value flow through arrays 2023-11-13 23:26:16 +00:00
Owen Mansel-Chan
359dcf37e9 Merge pull request #14649 from Kwstubbs/go-cors 
Go: Add Cors Gin Support
 2023-11-13 15:46:59 +00:00
amammad
c361caf0b0 fix tests for FileSystemAccess, add comments for adding some functions in future, remove old comments 2023-11-08 14:15:26 +01:00
Tom Hvitved
af7b295c59 Address review comments 2023-11-07 13:01:19 +01:00
Kevin Stubbings
57c645bd24 Added support for same struct and added new test 2023-11-05 22:34:35 -08:00
Kevin Stubbings
1f2e8d898d Address Feedback 2023-11-05 14:28:34 -08:00
amammad
88e75a6ec8 add flow summary instead of additional flow steps 2023-11-05 17:49:32 +03:30
amammad
23f7f9a24a fix some grammer mistakes, an unnecessary import, put blank like after go generate 2023-11-05 17:49:32 +03:30
amammad
e38cb0f36e fix a issue in fasthttp library, add SSRF inline queires 2023-11-05 17:49:32 +03:30
amammad
3bc24c3534 add inline tests for open redirect,xss, fix some issues in fasthttp.qll 2023-11-05 17:49:32 +03:30
amammad
29219922ac add inline tests for UntrustedFlowSource, and fix some not necessarily flow sources 2023-11-05 17:49:32 +03:30
amammad
defe964f3a update tests 2023-11-05 17:49:32 +03:30
amammad
1ff1c5cfe0 fix two bugs, make package path more neat 2023-11-05 17:49:32 +03:30
amammad
2048d8945b fix qldoc and tests 2023-11-05 17:49:32 +03:30
amammad
8aba71f678 upgrade tests 2023-11-05 17:49:32 +03:30
amammad
de391ffa4d fix qlDOC one missed mistake 2023-11-05 17:49:32 +03:30
amammad
b7ef215504 fix change notes 2023-11-05 17:49:32 +03:30
amammad
693539a604 fix qhelps 2023-11-05 17:49:32 +03:30
amammad
1fc7758dfb add change note 2023-11-05 17:49:32 +03:30
amammad
80e5fb81bc fix library-tests 2023-11-05 17:49:32 +03:30
amammad
2ee2ac383d fix some mistakes:( 2023-11-05 17:49:32 +03:30
amammad
377d1f55be add proper test cases 2023-11-05 17:49:32 +03:30
amammad
3226184547 add tests 2023-11-05 17:49:32 +03:30
amammad
cddd27c5f8 V1 2023-11-05 17:49:32 +03:30
Kevin Stubbings
3697ef72c4 Small changes 2023-10-31 12:23:18 -07:00
Kevin Stubbings
5cab25662c Address issues 2023-10-31 11:50:51 -07:00