hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 08:06:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,673 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
06366fa320 Merge pull request #4856 from jbj/gvn-wrapper-test 
C++: Test the AST wrapper for IR GVN
 2020-12-21 09:31:10 +01:00
Tom Hvitved
16aee6e71e Merge pull request #4842 from hvitved/csharp/format-method-no-insertion-param 
C#: Recognize format methods without insertion parameters
 2020-12-21 09:25:18 +01:00
Jonas Jensen
3236cbd83e C++: Test the AST wrapper for IR GVN 
Out of our 3 GVN libraries, the one we actually use in production didn't
have tests -- except indirectly through `diff_ir_expr.ql`.
 2020-12-21 08:21:02 +01:00
neal1991
b9d24b8255 fix for issue #4849 2020-12-21 08:54:15 +08:00
neal1991
eac83df40b fix for issue #4848 2020-12-21 08:52:42 +08:00
luchua-bc
4ec78d04f8 Insecure LDAP authentication 2020-12-21 00:15:15 +00:00
Erik Krogh Kristensen
3a43421193 add missing qhelp 2020-12-19 00:02:42 +01:00
yo-h
402ed04189 Merge pull request #4844 from johnlugton/servicestack 
Add provisional support for ServiceStack framework to feature branch
 2020-12-18 16:24:27 -05:00
John Lugton
059d6b0e0f Fix warning in ServiceStack.qll 2020-12-18 08:34:06 -08:00
John Lugton
563dc62c33 Improve qldoc for ServiceStack.qll 2020-12-18 08:23:27 -08:00
Erik Krogh Kristensen
05569187b4 improve performance of suffix checking 2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen
6369374224 implement new algorithm for detecting superlinear backtracking in regular expressions 2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen
7ce91e9146 introduce cannonical representatives of RegExpTerms to decrease the number of InputSymbols in the NFA 2020-12-18 17:21:11 +01:00
Erik Krogh Kristensen
34dda6d38b refactor to share predicates between regular expression queries 2020-12-18 16:15:56 +01:00
Rasmus Wriedt Larsen
49f902d28b Merge pull request #4757 from yoff/python-dataflow-synthetic-callables 
Python: Enclosing callable for synthetic arguments
 2020-12-18 16:06:26 +01:00
yoff
a08eb99778 Merge pull request #4779 from RasmusWL/django-class-based-handlers 
Python: Add modeling of django class based view handlers
 2020-12-18 15:58:51 +01:00
Anders Schack-Mulligen
5106d5df53 Merge pull request #4833 from luchua-bc/java-broken-crypto-algorithms 
Java: Add missing broken crypto algorithms
 2020-12-18 15:12:29 +01:00
Rasmus Wriedt Larsen
3e6296c7b8 Python: Fix grammar in QLDoc 2020-12-18 14:54:14 +01:00
Rasmus Wriedt Larsen
ed11e8f916 Python: Simplify predicate implementation 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-12-18 14:52:20 +01:00
Mathias Vorreiter Pedersen
b5102043b1 Fix comments. 2020-12-18 14:19:02 +01:00
Chris Smowton
de4cdda839 Merge pull request #4841 from smowton/smowton/admin/mergeback-126-2020-12-16 
Mergeback rc/1.26
 2020-12-18 12:59:06 +00:00
Mathias Vorreiter Pedersen
f5e4725642 C++: Propagate flow from instruction's to non-exact operands for arrays and unions, and accept test changes. 2020-12-18 13:54:34 +01:00
Rasmus Lerchedahl Petersen
e6e1cc2398 Python: Remember to accept failing tests 2020-12-18 13:38:14 +01:00
Rasmus Lerchedahl Petersen
712765c185 Python: Use ImportExp instead of SSA nodes 
This also reverts the previous commit.
It should be squashed with that one, but for now we keep the history,
so we can track the performance tests.
 2020-12-18 13:30:24 +01:00
Erik Krogh Kristensen
b2116dc5b4 add more tests for polynomial/exponential redos 2020-12-18 13:19:17 +01:00
Mathias Vorreiter Pedersen
2bf8e47932 Merge branch 'main' into default-taint-tracking-operand-instruction-interleaving 2020-12-18 11:59:10 +01:00
Mathias Vorreiter Pedersen
7ccd48e53c Make DefaultTaintTracking do operand->instruction->operand interleaving like DataFlowUtil. 2020-12-18 11:57:16 +01:00
Geoffrey White
dc4ca9b1b9 C++: Add qhelp and example. 2020-12-18 10:10:05 +00:00
Tom Hvitved
d53faa86dc C#: Restrict FormatInvalid.ql and UncontrolledFormatString.ql to calls with insertions 2020-12-18 10:53:11 +01:00
Rasmus Lerchedahl Petersen
0629d3e6e7 Python: Enclosing callable for synthetic arguments 2020-12-18 10:45:24 +01:00
Rasmus Lerchedahl Petersen
a16d58dfc0 Python: Add tests cases with synthetic arguments 2020-12-18 10:41:42 +01:00
Jonas Jensen
fd7dec7f20 Merge pull request #4824 from geoffw0/modelchanges5 
C++: Add cases in the Allocation model.
 2020-12-18 09:16:01 +01:00
Tamas Vajk
8e8c3a9ded Add change note 2020-12-18 09:15:33 +01:00
Tamas Vajk
6fd1f0049d Add DB upgrade folder 2020-12-18 09:10:55 +01:00
John Lugton
3f1f83f667 remove experimental 2020-12-17 16:24:52 -08:00
John Lugton
6d5f9035e6 Minor fixes to XSS: 
Only want returns in request methods
Also care about non-string 1st args to HttpResult e.g. streams
 2020-12-17 16:17:26 -08:00
John Lugton
7d47bffd53 Tidy up ServiceStack.qll 
Use fully qualified names for classes
Make util predicate private
Make naming more consistent with rest of ql libs
 2020-12-17 16:17:26 -08:00
Chelsea Boling
d4acccb13c Update sink 2020-12-17 16:17:26 -08:00
Chelsea Boling
0a7e4b6840 Update sink based on feedback 2020-12-17 16:17:26 -08:00
Chelsea Boling
4e0f3a30ee Update sink based on feedback 2020-12-17 16:17:25 -08:00
Chelsea Boling
ba46eaa143 Refactor sink 2020-12-17 16:17:25 -08:00
Chelsea Boling
3c493511e9 Update file 2020-12-17 16:17:25 -08:00
Chelsea Boling
12e8107492 Add example 2020-12-17 16:17:25 -08:00
Chelsea Boling
5c7dedffb3 Update sinks 2020-12-17 16:17:25 -08:00
Chelsea Boling
71a08c3237 Update servicestack lib 2020-12-17 16:17:25 -08:00
John Lugton
d408ae7e10 Split ServiceStack into modules and incorporate into main lib 2020-12-17 16:17:25 -08:00
John Lugton
386eb2d56b move ServiceStack out of microsoft 2020-12-17 16:17:25 -08:00
Chelsea Boling
a2615339f7 Delete ServiceStack.qll 2020-12-17 16:17:24 -08:00
Chelsea Boling
cae6f91729 Create ServiceStack.qll 2020-12-17 16:17:24 -08:00
Chelsea Boling
dbe0170249 Add files via upload 2020-12-17 16:17:24 -08:00