hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
edvraa
3723f7f132 comments 2021-07-12 01:13:40 +03:00
edvraa
2c9d6827ad comments 2021-07-12 01:13:40 +03:00
edvraa
74cb61a475 Autoformat 2021-07-12 01:13:40 +03:00
edvraa
65fb46af3d fix help files 2021-07-12 01:13:40 +03:00
edvraa
d0e9a01edc Rename files 2021-07-12 01:13:40 +03:00
edvraa
5c9a3d5ce7 Single Secure query 2021-07-12 01:13:39 +03:00
edvraa
07327984b0 Single HttpOnly query 2021-07-12 01:13:39 +03:00
edvraa
dea4d67ebd Extract to predicate isCookieWithSensitiveName 2021-07-12 01:13:39 +03:00
edvraa
7e723e90f1 Remove redundant iResponse.getAppendMethod() = mc.getTarget(), it is already covered by higher level exists 2021-07-12 01:13:39 +03:00
edvraa
98261a63c5 typo accessibe -> accessible 2021-07-12 01:13:39 +03:00
edvraa
89c4102462 HttpOnly and Secure cookie queries 2021-07-12 01:13:39 +03:00
Erik Krogh Kristensen
440e4b9a92 enable unicode support in the Python ReDoS query 2021-07-11 21:28:40 +02:00
Artem Smotrakov
c98f1a479e Better taint propagation in UnsafeTypeConfig 2021-07-09 10:24:15 +02:00
Artem Smotrakov
476843a278 Added comments for Jackson in UnsafeDeserialization.qll 2021-07-09 10:24:15 +02:00
Artem Smotrakov
e9731cd212 Minor improvements for Jackson in UnsafeDeserialization.qll 2021-07-09 10:24:15 +02:00
Artem Smotrakov
704cc77bb5 Added a change note for Jackson 2021-07-09 10:24:14 +02:00
Artem Smotrakov
24e4b68b9c Removed getAnAccess() calls for Jackson 2021-07-09 10:24:14 +02:00
Artem Smotrakov
aefd21075b Added tests for UnsafeDeserialization.ql and Jackson 2021-07-09 10:24:10 +02:00
Artem Smotrakov
ea0991c980 Added Jackson to UnsafeDeserialization.qhelp 2021-07-09 10:17:29 +02:00
Artem Smotrakov
97fca620fa Cover attacker-controlled types for deserialization with Jackson 2021-07-09 10:16:04 +02:00
Artem Smotrakov
3eb2af1bc2 First draft of sinks for unsafe deserialization with Jackson 2021-07-09 10:16:01 +02:00
ihsinme
eedcb0171d Add files via upload 2021-07-05 11:14:51 +03:00
ihsinme
b10bdf1475 Add files via upload 2021-07-05 11:13:05 +03:00
Tom Hvitved
4de4753c67 C#: Remove Query.qll top-level modules 2021-07-04 09:35:27 +02:00
Tom Hvitved
c812d4e4e8 C#: Add Query suffix to libraries that should only be imported by queries 2021-07-04 09:35:26 +02:00
Taus
a65d40e36f Merge branch 'main' into python-add-typetrackingnode 2021-07-02 20:55:37 +02:00
Taus
55d822cc56 Python: Add TypeTrackingNode 
Splits `ModuleVariableNode` away from `LocalSourceNode`, instead
creating a class `TypeTrackingNode` that encapsulates both of these.

This means we no longer have module variable nodes as part of
`LocalSourceNode` (which is good, since they have no "local" aspect to
them), and hence we can have `LocalSourceNode` inherit directly from
`ExprNode` (which makes the API a bit nicer).

Unfortunately these are breaking changes, so we can't actually fulfil
the above two desiderata until the `track` and `backtrack` methods on
`LocalSourceNode` have been fully deprecated. For this reason, we
preserve the present implementation of `LocalSourceNode`, and instead
lay the foundation for switching over in the future, by deprecating
`track` and `backtrack` on `LocalSourceNode`.
 2021-07-02 18:00:33 +00:00
Geoffrey White
dc2cb9bd62 C++: Fix numbering. 2021-07-02 18:33:36 +01:00
Geoffrey White
bc3b347569 C++: Another test case to consider. 2021-07-02 18:32:46 +01:00
Geoffrey White
a53b161afb C++: Move some variant tests to a case we definitely do want to flag the base case of. 2021-07-02 18:18:11 +01:00
Geoffrey White
c3cd1359d6 C++: Mark the cases we're not sure about. 2021-07-02 18:18:10 +01:00
Geoffrey White
cf8fa830a9 C++: Clarify the note about file descriptors. 2021-07-02 18:18:10 +01:00
Geoffrey White
d86a0ab7a5 C++: Add test cases involving file descriptor versions. 2021-07-02 18:17:59 +01:00
CodeQL CI
1d56748eed Merge pull request #6200 from yoff/pythonJS-make-expbtlib-private 
Approved by RasmusWL, esbena
 2021-07-02 09:09:18 -07:00
Joe Farebrother
4d459f24d9 Fix up tests and update models 2021-07-02 14:46:33 +01:00
Joe Farebrother
fc017b7934 Use ArrayElement of in flow step specifications 2021-07-02 14:46:31 +01:00
Joe Farebrother
15415931ce Use Argument ranges in CSV rows 2021-07-02 14:46:03 +01:00
Joe Farebrother
5325622813 Convert sql-related flow steps to CSV 2021-07-02 14:46:03 +01:00
Anders Schack-Mulligen
3c6604daa7 Java: Fix subtypes interpretation. 2021-07-02 14:43:56 +02:00
Anders Schack-Mulligen
6813a79423 Java: Add test for override of Map.put highlighting problem. 2021-07-02 14:41:59 +02:00
Anders Schack-Mulligen
55ebbc3e01 Java: Add signature to Map.put. 2021-07-02 14:41:32 +02:00
Geoffrey White
cfbfe924ef C++: Replace cached with more efficient QL. 2021-07-02 13:03:46 +01:00
CodeQL CI
a25933aa56 Merge pull request #5926 from RasmusWL/small-cleanups 
Approved by tausbn
 2021-07-02 04:59:54 -07:00
Asger Feldthaus
457ce14ca6 JS: Summarize steps into captured variables 2021-07-02 13:42:42 +02:00
Rasmus Wriedt Larsen
3c8c2d1da1 Merge pull request #6209 from yoff/python-add-redos-queryhelp 
Python: port redos .qhelp from js
 2021-07-02 13:42:39 +02:00
Asger Feldthaus
093ff41170 JS: Update tests 2021-07-02 13:31:17 +02:00
Rasmus Wriedt Larsen
81fab487a4 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-07-02 13:27:41 +02:00
Rasmus Wriedt Larsen
22c155687e Python: Fix code after removing getPostUpdateNode 2021-07-02 13:25:25 +02:00
Rasmus Wriedt Larsen
7a6eee50ff Revert "Python: Add getPostUpdateNode to DataFlow::Node" 
This reverts commit 9137f04bd3.
 2021-07-02 13:23:02 +02:00
Rasmus Wriedt Larsen
e56dfe75bd Python: AttrRef getOjbect/1 -> accesses/2 
See this thread for discussion:
https://github.com/github/codeql/pull/5926#discussion_r635384981
 2021-07-02 13:21:12 +02:00