codeql

mirror of https://github.com/github/codeql.git synced 2025-12-28 22:56:32 +01:00

Author	SHA1	Message	Date
Marcono1234	905648e452	Add ConditionalExpr.getBranchExpr(boolean)	2021-02-12 04:50:41 +01:00
haby0	6901cd4899	Merge branch 'main' of https://github.com/haby0/codeql into main	2021-02-12 11:18:33 +08:00
haby0	22e741c7a3	*)add XQExpression.executeCommand(0) sink	2021-02-12 11:17:42 +08:00
haby0	dbb3d458f5	*)add XQExpression.executeCommand(0) sink	2021-02-12 10:47:41 +08:00
Marcono1234	e89891fa1f	Address review comments	2021-02-12 01:30:47 +01:00
Artem Smotrakov	042c0b005e	Covered sandboxes for JEXL 2 - Updated SandboxedJexlFlowConfig to cover JEXL 2 - Added SandboxedJexl2 test	2021-02-11 22:57:26 +01:00
Raul Garcia (MSFT)	710ca21d19	Addressing comments we missed earlier	2021-02-11 11:52:58 -08:00
Artem Smotrakov	7543df60da	Callable.call() should not be a sink in JexlInjection.ql	2021-02-11 20:37:23 +01:00
Geoffrey White	354f21f2c3	C++: BSL support.	2021-02-11 16:57:20 +00:00
Erik Krogh Kristensen	004147a22f	add change note	2021-02-11 17:54:53 +01:00
Erik Krogh Kristensen	6f405635ef	add ClientRequest model for apollo-client	2021-02-11 17:49:44 +01:00
Mathias Vorreiter Pedersen	91627cbd88	C++: Add models for BSD-style send and recv functions.	2021-02-11 17:21:32 +01:00
Geoffrey White	21b2999722	C++: Update StdSet.qll.	2021-02-11 16:01:55 +00:00
Geoffrey White	33b5802ff6	C++: Update StdPair.qll (just for consistency).	2021-02-11 16:01:44 +00:00
Erik Krogh Kristensen	fd46b7a7bc	fix type in change-note Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2021-02-11 16:17:26 +01:00
Erik Krogh Kristensen	69d8aa143c	add taint step for the `snarkdown` libary	2021-02-11 16:16:46 +01:00
Taus Brock-Nannestad	4c66071f5f	Python: Revert "Python: Support `moduleImport("dotted.name")` in API graphs" This reverts commit `2c4a477a4e`. It's probably best _not_ to do this, as any `getMember` cycle in the API graph will lead to nontermination.	2021-02-11 16:08:28 +01:00
Taus Brock-Nannestad	ea30598a08	Python: Split dotted names more efficiently	2021-02-11 16:07:39 +01:00
Jonathan Leitschuh	35e2ceba13	Update java/ql/src/semmle/code/xml/MavenPom.qll Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-02-11 08:59:02 -05:00
Erik Krogh Kristensen	d14586de56	add two non ReDoS regular expressions to the ReDoS test suite Adds the regular expression from #5145	2021-02-11 14:41:45 +01:00
Erik Krogh Kristensen	f12c38425f	add change-note	2021-02-11 13:36:53 +01:00
Erik Krogh Kristensen	3ee0029cd8	Update javascript/change-notes/2021-02-08-xml-parser-taint.md Co-authored-by: Asger F <asgerf@github.com>	2021-02-11 13:33:42 +01:00
CodeQL CI	02578cfff2	Merge pull request #5112 from erik-krogh/forms Approved by asgerf	2021-02-11 04:32:14 -08:00
Erik Krogh Kristensen	044f80215e	add change note	2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen	010d580f8e	add model for `multiparty`	2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen	61b4ffec3d	add remote flow from the `Formidable` library	2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen	a03f4ed3cd	add remote flow source for `busboy`	2021-02-11 09:34:02 +01:00
Erik Krogh Kristensen	e2fbf8a68c	add files uploaded with `multer` as RemoteFlowSource	2021-02-11 09:33:15 +01:00
haby0	a6a0fa28c4	*)add XQExpression.executeQuery(0) sink	2021-02-11 16:05:48 +08:00
Marcono1234	2a1c11b517	Improve MavenPom documentation, rename inconsistent predicates	2021-02-10 23:56:45 +01:00
Raul Garcia (MSFT)	ef0d3720a1	Addressing a few comments	2021-02-10 13:39:24 -08:00
Raul Garcia	190164c182	Update csharp/ql/src/experimental/Security Features/campaign/Solorigate/Solorigate.qhelp Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>	2021-02-10 13:30:40 -08:00
Artem Smotrakov	af0f361ac8	Updated JexlInjection.ql to check for sandboxes - Added a dataflow config to track setting a sandbox on JexlBuilder - Added SandboxedJexl3.java test	2021-02-10 22:19:45 +01:00
Erik Krogh Kristensen	7cff1f441b	add model for the `unified` and `remark` libraries	2021-02-10 18:13:01 +01:00
Rasmus Wriedt Larsen	c57a4df819	Python: Model taint of self.request on django view class	2021-02-10 17:48:48 +01:00
Rasmus Wriedt Larsen	9ca738d921	Python: Add taint test for self.request on django view class	2021-02-10 17:48:41 +01:00
Jonathan Leitschuh	3b92f97967	Refactor DeclaredRepository to library	2021-02-10 11:41:50 -05:00
Erik Krogh Kristensen	0d497e8b9a	add model for the `showdown` library	2021-02-10 17:22:42 +01:00
Anders Schack-Mulligen	e9bfbb677d	Java: Connect the external sources and steps to the defaults.	2021-02-10 17:06:21 +01:00
Anders Schack-Mulligen	5a391ab6c0	Java: Add qldoc.	2021-02-10 16:54:48 +01:00
Jonathan Leitschuh	21b6f35ddc	Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp	2021-02-10 10:52:27 -05:00
Jonathan Leitschuh	49985a77e3	Apply suggestions from code review Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com> Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>	2021-02-10 10:51:37 -05:00
Rasmus Wriedt Larsen	ca0d345987	Django: Model any class used in django route setup as view class	2021-02-10 16:26:25 +01:00
Rasmus Wriedt Larsen	b428945bc2	Django: Fix DjangoRouteHandler char-pred Before it the class would contain _all_ functions xD	2021-02-10 16:21:51 +01:00
Rasmus Wriedt Larsen	78a3206fce	Python: Add test with unkown view class in django	2021-02-10 15:56:33 +01:00
Anders Schack-Mulligen	b74911204a	Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser Java: Insecure JXBrowser	2021-02-10 15:48:17 +01:00
Rasmus Wriedt Larsen	42eceb80bd	Python: Handle view functions with decorators	2021-02-10 15:47:55 +01:00
Erik Krogh Kristensen	f76018c039	add taint step for the `markdown-table` library	2021-02-10 15:11:41 +01:00
Erik Krogh Kristensen	b4704f7016	add taint-step for the `marked` library	2021-02-10 14:51:08 +01:00
Erik Krogh Kristensen	91f7d33044	add change note	2021-02-10 14:17:49 +01:00

... 126 127 128 129 130 ...

26405 Commits