hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
ff49aaa684 JS: Do not capture own variables 2021-07-02 13:17:32 +02:00
Asger Feldthaus
8befb03cb9 JS: Add test case with spurious call/return flow 2021-07-02 13:17:32 +02:00
Asger Feldthaus
a2b913119d JS: Change note 2021-07-02 12:47:55 +02:00
Asger Feldthaus
ee608540c5 JS: Add support for createNamespacedHelpers 2021-07-02 12:47:55 +02:00
Asger Feldthaus
dd1e21c713 JS: Model vuex 2021-07-02 12:47:55 +02:00
Asger Feldthaus
fefe30a9fa JS: Add API graph edges for indirect propref members 2021-07-02 12:47:54 +02:00
Asger Feldthaus
2a3bc0f110 JS: Add spread step when bactracking in API graphs 2021-07-02 12:47:54 +02:00
Asger Feldthaus
9f2897b179 JS: Make VueRouterFlowSource a subclass of ClientSideRemoteFlowSource 2021-07-02 12:47:54 +02:00
CodeQL CI
38f763dd6a Merge pull request #6192 from asgerf/js/string-literals-as-source-nodes 
Approved by esbena
 2021-07-02 03:47:20 -07:00
Rasmus Lerchedahl Petersen
6f2642607e Python: make the import of RedosUtil public 
This mirrors `SuperlinearBacktracking.qll`
An alternative is to keep it private and import it again
in the query files.
 2021-07-02 12:32:04 +02:00
Chris Smowton
6823855e9c Merge pull request #6203 from smowton/smowton/admin/avoid-config-imports-from-qlls 
Java: Reduce DataFlow Configuration pollution from Random.qll and JexlInjection.qll
 2021-07-02 11:27:27 +01:00
Chris Smowton
ca1bf7791e Merge pull request #6210 from tamasvajk/fix/large-coverage-comment 
Fix markdown link in framework coverage PR comment
 2021-07-02 11:27:17 +01:00
Rasmus Lerchedahl Petersen
77c329fb0f Python/JS: Make much more private 2021-07-02 12:13:52 +02:00
Tamás Vajk
4a5fe75d8c Merge pull request #6207 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-02 12:00:31 +02:00
Asger Feldthaus
c3b7d85341 JS: Update test output after rebasing 2021-07-02 11:57:45 +02:00
Tamas Vajk
f3f069fed5 Fix markdown link in framework coverage PR comment 2021-07-02 11:56:00 +02:00
Asger Feldthaus
7249d2892a JS: Add comment to VueTemplateSink class 2021-07-02 11:55:56 +02:00
Asger Feldthaus
0105b829c4 JS: Update test output 2021-07-02 11:55:56 +02:00
Asger Feldthaus
6d9b96f6e8 JS: Dont use getALocalSource() when marking Vue template sinks 2021-07-02 11:55:56 +02:00
Asger Feldthaus
472b41f5e1 JS: Update React to handle string literals being SourceNodes 2021-07-02 11:55:56 +02:00
Asger Feldthaus
39c204ac39 JS: Treat string literals as source nodes 2021-07-02 11:55:56 +02:00
Rasmus Lerchedahl Petersen
1fc9638486 Python: port redos .qhelp from js 2021-07-02 11:36:46 +02:00
Chris Smowton
a51154a8ef Deduplicate Jexl configuration 2021-07-02 10:02:28 +01:00
Chris Smowton
d022c57903 Add change note 2021-07-02 10:02:28 +01:00
Chris Smowton
bbd3ecb768 Add docs to RandomQuery.qll 2021-07-02 10:02:28 +01:00
Chris Smowton
e661fc08d3 Split Android XSS sink defintions out of XSS.qll 
This removes one of the routes by which XSS.qll is always in scope, and so its dataflow configuration is too -- however it is still always in scope because JaxWS.qll imports it.
 2021-07-02 10:02:25 +01:00
Chris Smowton
747a8e4157 Split up JexlInjection.qll 
This avoids a DataFlow2::Configuration being in scope for all queries via the import from ExternalFlow.qll
 2021-07-02 10:01:51 +01:00
Chris Smowton
643f7dfb87 Split up Random.qll 
This prevents bringing a dataflow config into scope from utility libraries.
 2021-07-02 10:00:49 +01:00
Asger Feldthaus
8177b5747a JS: Bump TypeScript version to 4.3.5 2021-07-02 10:57:27 +02:00
Anders Schack-Mulligen
80124df78e Merge pull request #5487 from joefarebrother/sql-sinks 
Java: Convert SQL sinks to CSV format
 2021-07-02 10:51:09 +02:00
CodeQL CI
61ee193dc0 Merge pull request #6197 from asgerf/js/recompose 
Approved by esbena
 2021-07-02 00:58:06 -07:00
Esben Sparre Andreasen
0cf9c95981 Merge pull request #6193 from esbena/esbena/mootools-xss 
JS: add Mootools XSS sinks
 2021-07-02 09:24:56 +02:00
Anders Schack-Mulligen
4e1155cfd2 Merge pull request #6202 from smowton/smowton/admin/cleanup-duplicated-experimental-query 
Deduplicate shared body of regular and experimental versions of `java/command-line-injection` query.
 2021-07-02 09:23:50 +02:00
Anders Schack-Mulligen
f9da044e54 Merge pull request #6185 from aschackmull/java/perf-fix-request-forgery 
Java: Fix bad magic.
 2021-07-02 09:07:07 +02:00
github-actions[bot]
55aff21587 Add changed framework coverage reports 2021-07-02 00:09:02 +00:00
Taus
a9c1d3ba86 Python: Clean up LocalSourceNode charpred 
This results in the same set of nodes, but is a bit more clear about
the reasons why. For instance, `ModuleVariableNode`s are included
directly, and not in a roundabout way by virtue of not having flow to
them. This should hopefully be a bit more robust as well.
 2021-07-01 19:12:18 +00:00
Geoffrey White
41a540e4e0 C++: Make isMicrosoft() faster. 2021-07-01 17:42:02 +01:00
Taus
f151338def Merge pull request #6198 from RasmusWL/fix-cleartext-logging 
Python: Some minor fixes to `py/clear-text-logging-sensitive-data`
 2021-07-01 18:28:25 +02:00
Chris Smowton
8b7db8a8cc Merge pull request #5408 from p0wn4j/urlclassloader-webclient-ssrf-sinks 
Java: Add URLClassLoader, WebClient SSRF sinks
 2021-07-01 16:14:22 +01:00
Tamás Vajk
05842dcdb3 Merge pull request #6181 from tamasvajk/feature/test-options-files 
C#: Start using 'options' files in tests
 2021-07-01 17:03:27 +02:00
Taus
336c0662ef Python: Remove pointless LocalSourceNodes 
This gets rid of a large number of nodes that seemingly have no impact.
 2021-07-01 15:02:31 +00:00
Joe Farebrother
1e82c607ef Mark failing tests as missing 2021-07-01 15:29:47 +01:00
Tamas Vajk
5e2770339f Add adjusted expected files 2021-07-01 16:09:11 +02:00
Tamas Vajk
03d1a3e0ad Trim test files + remove duplicate newlines 2021-07-01 16:09:11 +02:00
Tamas Vajk
4900ecfabe Manual fixes 2021-07-01 16:09:11 +02:00
Tamas Vajk
c29d11087b C#: Start using 'options' files in tests 2021-07-01 16:08:47 +02:00
Chris Smowton
e0a7f6e14f Fix URLClassLoader test 2021-07-01 15:03:38 +01:00
Chris Smowton
d5a9f3d87b Deduplicate shared body of regular and experimental versions of java/command-line-injection query. 2021-07-01 14:53:56 +01:00
Joe Farebrother
160f3b4312 Remove ArrayElement from sink specifications 2021-07-01 14:41:39 +01:00
Joe Farebrother
4bea33402c Rename test labels for more clarity 2021-07-01 14:38:20 +01:00