hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

31240 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
db4b781fef Ruby: CFG: make RescueModifier post-order 2021-12-17 12:21:18 +01:00
Arthur Baars
cff63fa7d7 Ruby: CFG: make WhenExpr post-order 2021-12-17 12:21:18 +01:00
Arthur Baars
a9286e897b Ruby: CFG make in-clause post-order 2021-12-17 12:21:18 +01:00
Arthur Baars
f49605569b Ruby: CFG make more expressions post-order 2021-12-17 12:21:18 +01:00
Arthur Baars
a4ea7129c2 Ruby: CFG: make 'case' a PostOrder node 2021-12-17 12:21:18 +01:00
Rasmus Wriedt Larsen
83f1b2ca5d Python: Add SSRF qhelp 
I included examples of both types in the qhelp of both queries, to
provide context of what each of them actually are.
 2021-12-17 11:48:26 +01:00
Anders Schack-Mulligen
3adc0b57ed Merge pull request #7426 from MathiasVP/fix-join-order-in-http-string-literal-charpred 
C++: Fix join-order in `HttpStringLiteral` charpred
 2021-12-17 11:21:38 +01:00
Arthur Baars
96aef9f63f Merge pull request #7393 from aibaars/ruby-simple-parameter-not-expr 
Ruby: SimpleParameter should not be an Expr
 2021-12-17 10:41:43 +01:00
Asger Feldthaus
89775428b4 JS: Autoformat 2021-12-17 10:32:02 +01:00
Asger Feldthaus
3e6389cad6 JS: Bump extractor version string 2021-12-17 10:32:00 +01:00
Asger Feldthaus
95a93fe033 JS: Change note 2021-12-17 10:31:50 +01:00
Asger Feldthaus
e2c6dd7d56 JS: Recognize {{& ... }} as an XSS sink 2021-12-17 10:31:50 +01:00
Asger Feldthaus
61cc84ba69 JS: Recognize leading/trailing ~ and & in mustache-tags 2021-12-17 10:31:50 +01:00
Asger Feldthaus
ce68a6d1c5 JS: Remove unneeded qualifier in static field access 2021-12-17 10:31:50 +01:00
Rasmus Wriedt Larsen
e7abe43e3e Python: Add SSRF change-note 2021-12-17 10:04:55 +01:00
Tom Hvitved
734bfbd7ae Merge pull request #7433 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-12-17 09:52:36 +01:00
Rasmus Wriedt Larsen
e309d8227c Python: Remove debug predicate 
Accidentally committed :|
 2021-12-17 09:44:35 +01:00
Tony Torralba
6f2d91a8ad Sinks for CloseableThreadContext 2021-12-17 09:17:04 +01:00
Mathias Vorreiter Pedersen
d840796494 C++: Fix join-order in 'phi_node' predicate. 2021-12-17 07:50:04 +00:00
github-actions[bot]
6c57cbba2b Add changed framework coverage reports 2021-12-17 00:09:41 +00:00
Rasmus Wriedt Larsen
1d00730753 Python: Allow http[s]:// prefix for SSRF 2021-12-17 00:27:18 +01:00
Rasmus Wriedt Larsen
8d9a797b75 Python: Add tricky .format SSRF tests 2021-12-17 00:24:51 +01:00
Rasmus Wriedt Larsen
6f297f4e9c Python: Fix SSRF sanitizer tests 
They were very misleading before, because a sanitizer that happened
early, would remove taint from the rest of the cases by use-use flow :|
 2021-12-16 23:24:08 +01:00
Rasmus Wriedt Larsen
4b5599fe17 Python: Improve full/partial SSRF split 
Now full-ssrf will only alert if **all** URL parts are fully
user-controlled.
 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
cb934e17b1 Python: Adjust SSRF location to request call 
Since that might not be the same place where the vulnerable URL part is.
 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
b1bca85162 Python: Add interesting test-case 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
5a7efd0fee Python: Minor adjustments to QLDoc of HTTP::Client::Request 2021-12-16 22:48:51 +01:00
Erik Krogh Kristensen
2626b0b3dc QL: fix test workflow 2021-12-16 22:26:42 +01:00
Erik Krogh Kristensen
be076dc2c8 add Erik and Taus as QL-for-QL reviewers 2021-12-16 21:47:42 +01:00
Mathias Vorreiter Pedersen
53a1f935b7 C++: Fix join-order in 'HttpStringLiteral' charpred. 2021-12-16 17:12:50 +00:00
Chris Gavin
8fabbd697e Merge pull request #7422 from github/todo-comment-kind 
Add `kind` metadata to example query.
 2021-12-16 16:36:15 +00:00
Chris Smowton
e3b2eed2d2 Merge pull request #7423 from github/atorralba/log4j-CVE-2021-45046 
Java: Cover CVE-2021-45046 in the Log4jJndiInjection query
 2021-12-16 16:00:45 +00:00
Nick Rolfe
dba26a92e9 Merge remote-tracking branch 'origin/main' into nickrolfe/user-controlled-bypass 2021-12-16 15:05:01 +00:00
Erik Krogh Kristensen
8eda061d2f add dbscheme and codeql version to query hash 2021-12-16 15:49:07 +01:00
Tom Hvitved
579b58b8fa Merge pull request #7402 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-12-16 15:42:10 +01:00
Arthur Baars
3ef707e358 Address comment 2021-12-16 15:38:41 +01:00
Arthur Baars
cdbd8b27d3 Ruby: SimpleParameter is not an Expr 2021-12-16 15:38:40 +01:00
Rasmus Wriedt Larsen
6ce1524192 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-12-16 15:19:37 +01:00
Chris Gavin
4a1e2ed408 Add a severity and select the correct number of columns. 2021-12-16 14:02:36 +00:00
Tom Hvitved
e9ef53c31b Merge pull request #7390 from hvitved/ruby/deprecate-pattern-classes 
Ruby: Deprecate `Pattern` classes
 2021-12-16 14:36:13 +01:00
Tony Torralba
7d6cba77a0 Add tests 2021-12-16 13:44:01 +01:00
Tony Torralba
2e0ca6ce2b Add stubs 2021-12-16 13:44:01 +01:00
Tony Torralba
7d70b77141 Add new sinks and taint steps 2021-12-16 13:43:58 +01:00
Chris Gavin
407c265daf Add kind metadata to example query. 2021-12-16 12:12:36 +00:00
Michael Nebel
95d175e9e0 Merge pull request #7406 from michaelnebel/csharp-system-threading-csv 
C#: Convert more flow summaries to CSV format.
 2021-12-16 12:56:44 +01:00
Michael Nebel
d777ba8a25 C#: Cleanup private imports in LibraryTypeDataFlow. 2021-12-16 11:24:24 +01:00
Michael Nebel
a26403b359 Convert System.Tuple and friends flow to CSV format. 2021-12-16 11:20:04 +01:00
Asger Feldthaus
0e9c2377e3 JS: Use a field in RouterHandlerParameter 2021-12-16 10:26:35 +01:00
Michael Nebel
348e3b74f3 C#: Convert System.Text.Encoding flow to CSV format. 2021-12-16 10:03:12 +01:00
CodeQL CI
f274f06d9b Merge pull request #7409 from asgerf/js/track-functions-with-methods 
Approved by erik-krogh
 2021-12-16 09:01:42 +00:00