hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

729 Commits

Author SHA1 Message Date
Simon Friis Vindum
86eb949673 Merge pull request #20902 from paldepind/rust/xss-query 
Rust: Add new query for XSS vulnerabilities
 2025-11-28 09:09:14 +01:00
Simon Friis Vindum
7278bc75ca Rust: Remove unused function in XSS tests 2025-11-26 08:57:47 +01:00
Simon Friis Vindum
9ae4c14ffb Rust: Address PR feedback 2025-11-25 14:20:17 +01:00
Geoffrey White
1c2d8bb70e Merge pull request #20851 from geoffw0/access-invalid-pointer-fp 
Rust: Improve rust/access-invalid-pointer
 2025-11-25 09:49:07 +00:00
Simon Friis Vindum
9e2bf76a7f Rust: Add XSS sinks for Actix and Warp 2025-11-24 15:46:25 +01:00
Simon Friis Vindum
ae9c753371 Rust: Add XSS query 2025-11-24 15:46:24 +01:00
Simon Friis Vindum
0f4561efc3 Rust: Add XSS examples 2025-11-24 15:46:23 +01:00
Geoffrey White
993154ed57 Rust: Avoid duplicating sinks. 2025-11-21 19:34:16 +00:00
Geoffrey White
0ea28b4026 Rust: Test .expected changes. 2025-11-21 18:57:06 +00:00
Geoffrey White
80615056c0 Merge remote-tracking branch 'upstream/main' into cert-checks 2025-11-21 18:40:40 +00:00
Geoffrey White
03fc4cb0aa Merge remote-tracking branch 'upstream/main' into access-invalid-pointer-fp 2025-11-21 17:39:56 +00:00
Geoffrey White
9db1722060 Rust: Accept consistency check changes. 2025-11-21 17:35:34 +00:00
Geoffrey White
ace7a77fd6 Rust: Switch to MaD models. 2025-11-21 16:27:52 +00:00
Geoffrey White
785754ec65 Rust: Switch the query to taint flow, since some taint summaries are relevant now. 2025-11-21 15:02:29 +00:00
Geoffrey White
aca7877be2 Rust: Add some missing path / file metadata models. 2025-11-21 15:02:25 +00:00
Geoffrey White
2da0814f65 Rust: Add test case involving taint. 2025-11-21 14:39:15 +00:00
Geoffrey White
41a6bf079d Rust: Add barrier for null pointer checks to the query. 2025-11-17 15:00:22 +00:00
Geoffrey White
d804229158 Rust: Add missing model. 2025-11-17 14:41:14 +00:00
Geoffrey White
6c3566ab52 Rust: It turns out we need test cases for immutable pointers as well. 2025-11-17 14:32:57 +00:00
Tom Hvitved
8455663255 Rust: Speedup AccessAfterLifetime.ql 2025-11-15 15:21:03 +01:00
Tom Hvitved
e69ff0d5e8 Rust: Restrict type propagation into arguments 2025-11-14 09:44:58 +01:00
Geoffrey White
e0f0305ace Rust: Add test cases for rust/access-invalid-pointer based on real world FPs. 2025-11-13 16:07:22 +00:00
Tom Hvitved
467bd541d2 Merge pull request #20770 from hvitved/rust/attribute-macro-expansion-filter 
Rust: Remove elements superseded by attribute macro expansions
 2025-11-12 19:52:09 +01:00
Geoffrey White
c77eef39e2 Rust: Convert the query to a path-problem with global data flow. 2025-11-12 16:21:46 +00:00
Geoffrey White
209f394b5e Rust: Fix the alert message. 2025-11-12 15:51:03 +00:00
Geoffrey White
f8ef48b924 Rust: Add query test. 2025-11-12 15:44:15 +00:00
Geoffrey White
8624f9c660 Merge pull request #20749 from github/copilot/add-secure-cookie-test-cases 
Add test coverage for actix-web, poem, and http-types cookie secure attribute
 2025-11-11 09:26:26 +00:00
Tom Hvitved
c81f5f5190 Rust: Remove elements superseded by attribute macro expansions 2025-11-10 09:18:58 +01:00
Geoffrey White
680870dbf3 Rust: Fix after merge. 2025-11-06 09:39:51 +00:00
Geoffrey White
1ce787a185 Merge branch 'main' into mv3 2025-11-06 09:23:01 +00:00
Geoffrey White
1e7acc5e1a Merge branch 'main' into copilot/add-secure-cookie-test-cases 2025-11-05 17:53:02 +00:00
Geoffrey White
ad24b7414e Rust: Fix for Poem cookies defaulting secure. 2025-11-05 11:32:30 +00:00
Geoffrey White
99a369228b Rust: Model poem cookie methods. 2025-11-05 11:14:40 +00:00
Geoffrey White
ff06181e4b Rust: We actually want barriers on set_secure(false) as well as set_secure(true), to prevent excessive flow paths. 2025-11-04 19:30:35 +00:00
Geoffrey White
5fed5a278e Rust: It turns out Poem defaults 'secure' to true. 2025-11-04 18:37:20 +00:00
Geoffrey White
7383e4ff23 Rust: Test for another edge cases supported by two of the libraries. 2025-11-04 18:25:02 +00:00
Geoffrey White
21274d3d76 Rust: Add tests of poem CookieConfig. 2025-11-04 15:14:00 +00:00
Geoffrey White
e5933d0c54 Rust: Add test cases with cookie builders. 2025-11-04 15:13:31 +00:00
Geoffrey White
55cf375886 Rust: Add the cookies to jars, indicating that they're ready for use. 2025-11-04 13:10:33 +00:00
Geoffrey White
7fe4877ddd Rust: Update test annotations. 2025-11-04 12:36:56 +00:00
Geoffrey White
077bcf6b92 Merge pull request #20740 from geoffw0/rustbarriers 
Rust: Add numeric type barriers for three queries
 2025-11-04 10:08:46 +00:00
copilot-swe-agent[bot]
ee3d57ef3c Update test cases with correct APIs and run CodeQL test 
Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
 2025-11-03 17:38:25 +00:00
copilot-swe-agent[bot]
8f02ab107c Add test cases for actix-web, poem, and http-types cookie secure attribute 
Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
 2025-11-03 17:16:04 +00:00
Geoffrey White
56e98c45ec Rust: Accept trivial changes to test .expected files. 2025-11-03 17:08:22 +00:00
Geoffrey White
33efed92b8 Rust: Add integral type barrier for Regex injection. 2025-10-31 16:37:10 +00:00
Geoffrey White
2d4369ac6c Rust: Add numeric type barrier for log injection. 2025-10-31 16:32:32 +00:00
Geoffrey White
52397f0ce0 Rust: Add numeric type barrier for SQL injection. 2025-10-31 16:25:44 +00:00
Geoffrey White
aaa3b1bcb4 Rust: Add a couple of new test cases. 2025-10-31 16:20:52 +00:00
Tom Hvitved
6d64800e85 Rust: Move variable consistency check into AstConsistency.qll 2025-10-31 10:42:51 +01:00
Tom Hvitved
ee0467d74c Rust: Update expected output 2025-10-21 18:44:37 +02:00