hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yo-h
1f6996002a Java: add permits relation to dbscheme (sealed classes) 2021-06-28 19:48:39 -04:00
jorgectf
51395d155f Move xmltodict to its own file under frameworks/ 2021-06-28 21:08:43 +02:00
Jorge
350440897c Apply suggestions from code review 
Update `xmltodict` format and delete `ujson` modeling.

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-06-28 21:02:40 +02:00
jorgectf
68c683189a Polish documentation, mongoCollectionMethod() and update .expected 2021-06-28 20:55:49 +02:00
Chris Smowton
dd70f2c87e Add spurious results now found in JaxXSS.java 2021-06-28 19:24:19 +01:00
Chris Smowton
768a8e78dd Fixup JaxRs.ql to cope with stubbed MediaType file 
In a real-world situation this type would be defined in an imported jar, but since here it is defined in a stub the getADeclaredContentType routine can see it is defined as an empty string in the stubbed implementation. Filter these out so the test more closely resembles the real situation.
 2021-06-28 19:24:19 +01:00
Chris Smowton
8eaffaff35 Fix test mistakes 2021-06-28 19:24:19 +01:00
Chris Smowton
6b3bc42ef2 Add JAX-RS XSS tests 2021-06-28 19:24:18 +01:00
Chris Smowton
b3c186c513 Convert XSS test to inline expectations 2021-06-28 19:24:18 +01:00
jorgectf
3fd1129895 Delete trivial tests 2021-06-28 20:18:31 +02:00
jorgectf
0ca4f240d9 Merge tests and update .expected 2021-06-28 20:13:53 +02:00
Sauyon Lee
240058be28 fixup! Fix tests for Spring util 
Apply review comments
 2021-06-28 10:53:00 -07:00
Sauyon Lee
4012076c90 fixup! Model spring util 
Apply review comments
 2021-06-28 10:52:58 -07:00
Felicity Chapman
267e36919e Merge pull request #6153 from github/docs-content-4456-multiple-dbs 
Add information on multi-db options to the CodeQL CLI docs
 2021-06-28 17:38:49 +01:00
Ryan Parman
0d7e4d5854 Update getting-started-with-the-codeql-cli.rst 
1. The documentation is at least one full macOS release behind, and we're past WWDC so we already know what the next version is. IMO, we should optimize the documentation for the now + future, rather than providing exceptions for them while favoring legacy releases. _Current_ macOS requires the steps that are currently hidden by default; I would recommend inverting the pattern so that _current_ is shown by default, and legacy releases are hidden away.

1. Homebrew is the bread and butter of many developers. Installing Python via Homebrew installs a custom version of `xattr` that is different from the system's `xattr`, which doesn't support the `-c` flag. By specifically executing the system-provided version of `xattr` by path, you are more-or-less guaranteed to get the system-provided `xattr` with the expected `-c` flag.
 2021-06-28 10:20:00 -06:00
Sauyon Lee
bddc88c010 Add stubs for Spring util tests 2021-06-28 08:26:40 -07:00
Sauyon Lee
60db9e1851 Rename springframework-5.2.3 to 5.3.8 2021-06-28 08:26:39 -07:00
Sauyon Lee
fb0e6bfb42 Fix tests for Spring util 2021-06-28 08:26:39 -07:00
Sauyon Lee
739b142209 Generate tests for Spring util 2021-06-28 08:26:38 -07:00
Sauyon Lee
92ebb63b1f Model Spring AntPath utils 2021-06-28 08:26:38 -07:00
Sauyon Lee
c4e9b1fd8e Model Spring util 2021-06-28 08:26:37 -07:00
Rasmus Lerchedahl Petersen
c7992f6c6e Python: add change note 2021-06-28 17:24:37 +02:00
Rasmus Lerchedahl Petersen
40ac91eecd Python: Add some tests for exponential ReDoS 
- `KnownCVEs` contain the currently triaged Python CVEs
- `unittest.py` contains some tests constructed by @erik-krogh
- `redos.py` contains a port of `tst.js` from javascript
The expected file has been ported as well with some fixups by @tausbn
 2021-06-28 17:04:49 +02:00
Rasmus Lerchedahl Petersen
591b6ef69c Python: Add ReDoS as identical files from JS 
The library specific file is `RegExpTreeView`.
The files are recorded as identical via the mapping
in `identical-files.json`.
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
d2eeaff441 JS: Refactor ReDoS to make files sharable 
the extra ordering conditions in ReDoSUtil will be needed
for the Python implementation.
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
2c27ce7aa5 Python: Make ast viewer see regexes 
This work is due to @erik-krogh who also
 - made corresponding fixes to `RegexTreeView.qll`
 - implemented `toUnicode` so it is available on `String`s
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
d953ba8dd4 Python: A parse-tree-view of regular expressions 
This contains several contributions from @erik-krogh
and also some fixes from @nickrolfe
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
21007d21f4 Python: track if qualifiers allow unbounded 
repeats. This in preparation for ReDoS
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
74ca1d00b9 Python: More precise regex parsing 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
e5f07cc4d3 Python: inline test of regex components 
- Added naive implementation of `charRange` so the test can run.
- Made predicates public as needed.
 2021-06-28 17:04:48 +02:00
Tony Torralba
8112d723e0 Merge branch 'main' into atorralba/spring-beans 2021-06-28 17:02:31 +02:00
Tony Torralba
393b95cbbe Remove 'magic' from tests 2021-06-28 17:01:34 +02:00
Tamas Vajk
006303420b Fix CSV framework coverage commenter workflow 2021-06-28 15:07:13 +02:00
Jorge
a5009efb4b Merge pull request #5 from RasmusWL/nosql-fixes 
Small NoSQL fixes
 2021-06-28 14:23:57 +02:00
Chris Smowton
ca4c519a2a Merge pull request #6170 from smowton/smowton/admin/cleanup-exec-tainted-query 
Change ID and description of cloned query
 2021-06-28 13:22:34 +01:00
jorgectf
1d432af498 Update .expected 2021-06-28 14:18:27 +02:00
jorgectf
1d4d8ab6e0 Fix tests 2021-06-28 14:16:52 +02:00
jorgectf
b9422518b3 Rephrase .qhelp 2021-06-28 14:00:00 +02:00
Felicity Chapman
c4047afc05 Add extra reference to docs.github.com 
Clarify the existing reference and add one for CodeQL code scanning using GitHub Actions.
 2021-06-28 12:30:49 +01:00
Felicity Chapman
b52b158c97 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-06-28 12:20:20 +01:00
Chris Smowton
3d69868297 Change ID and description of cloned query 
This should be cleaned up more effectively soon, but this suffices to fix the clashing-id problem.
 2021-06-28 12:18:59 +01:00
Rasmus Wriedt Larsen
318694ccc8 Python: Don't rely on d = d.getOutput() for Decoding 
Although it is for `json.loads` and the like.
 2021-06-28 13:17:45 +02:00
Rasmus Wriedt Larsen
59711424bd Python: Fix qhelp for NoSQL injection 2021-06-28 11:48:28 +02:00
Tamas Vajk
3b5856907f Add updated C# framework coverage report 2021-06-28 11:29:46 +02:00
Tamas Vajk
3170781d57 Rework timeseries report to iterate git history only once 2021-06-28 11:29:45 +02:00
Tamas Vajk
1ec1e1cfc8 Adjust framework coverage report generator to include all sources not just remote ones 2021-06-28 11:20:32 +02:00
Tamas Vajk
4524563923 Fix timeseries coverage report to handle multiple languages 2021-06-28 11:20:32 +02:00
Tamas Vajk
a90a86bcbf Fix flow from Element of Argument[0] for Int32.TryParse(ReadOnlySpan<Char>,... 2021-06-28 11:20:32 +02:00
Tamas Vajk
1d8b19e153 Adjust coverage report generator to allow multiple sink identifiers per CWE 2021-06-28 11:20:32 +02:00
Tamas Vajk
2a75989881 Migrate StringContent sink to CSV format 2021-06-28 11:20:32 +02:00