hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
2a4747b27e Merge pull request #313 from github/hmac-remove-unicode-char 
Remove unicode character from doc string
 2021-09-27 12:57:21 +02:00
Harry Maclean
3e100bc2a9 Remove unicode character from doc string 
We require that all source code is in ASCII.
 2021-09-27 11:40:04 +01:00
Rasmus Wriedt Larsen
ded3088529 Python/JS: Recognize SHA-3 hash functions 
Official names are SHA3-224, SHA3-256, SHA3-384, SHA3-512 as per
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
 2021-09-27 12:08:40 +02:00
Tony Torralba
78c12dc505 Move to lib 2021-09-27 12:04:14 +02:00
Tony Torralba
ad08ccb50b Apply suggestion from code review 2021-09-27 12:00:21 +02:00
mc
95751fcc21 Update XsltInjection.qhelp 
Made a few minor tweaks during editorial review
 2021-09-27 12:00:21 +02:00
Tony Torralba
13417dbf14 Remove DataFlow references from XsltInjection.qll 2021-09-27 12:00:20 +02:00
Tony Torralba
ff21662b23 Refactor XsltInjection.qll 2021-09-27 12:00:18 +02:00
Tony Torralba
6967b06dee Decouple XsltInjection.qll to reuse the taint tracking configuration 2021-09-27 11:59:51 +02:00
Tony Torralba
fc58ada92e Add change note 2021-09-27 11:58:20 +02:00
Tony Torralba
108118afa3 Use InlineExpectationsTest 2021-09-27 11:58:18 +02:00
Tony Torralba
d8bb5273e7 Refactor to use CSV sink models 2021-09-27 11:57:58 +02:00
Tony Torralba
c792567904 Move from experimental 2021-09-27 11:57:53 +02:00
Tony Torralba
6d9a88d1c8 Move to lib 2021-09-27 11:43:46 +02:00
mc
3520fed752 Update SpelInjection.qhelp 2021-09-27 11:40:51 +02:00
Tony Torralba
d10dbbdd9d Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-09-27 11:40:51 +02:00
Tony Torralba
6bf1e87bbe Remove CSV sinks; make imports private 2021-09-27 11:40:47 +02:00
Tony Torralba
91f46624b6 Refactor SpelInjection.qll 2021-09-27 11:40:26 +02:00
Tony Torralba
94f32d2985 Decouple SpelInjection.qll to reuse the taint tracking configuration 2021-09-27 11:39:30 +02:00
Tony Torralba
569426b04e Consider subtypes of Expression and ExpressionParser 
Add parseRaw as additional taint step
 2021-09-27 11:38:12 +02:00
Tony Torralba
b0852f6c16 Add change note 2021-09-27 11:37:46 +02:00
Tony Torralba
b985ddb868 Use InlineExpectationsTest 2021-09-27 11:37:41 +02:00
Tony Torralba
079769ed2e Refactored SpelInjection.qll to use CSV sink models 2021-09-27 11:36:56 +02:00
Tony Torralba
fc6af0476f Moved from experimental 2021-09-27 11:36:48 +02:00
Anders Fugmann
03bd7d7f96 C++: Update test results from OverflowStatic 2021-09-27 11:23:08 +02:00
Anders Schack-Mulligen
92ffd8c465 Merge pull request #6749 from aschackmull/java/istextblock 
Java: Add StringLiteral.isTextBlock().
 2021-09-27 10:54:31 +02:00
Jonas Jensen
b0836a620c Merge pull request #6757 from geoffw0/impropnulltest2 
C++: Small improvement to cpp/improper-null-termination
 2021-09-27 10:52:49 +02:00
Jonas Jensen
06b36f742e Merge pull request #6745 from andersfugmann/handle_overflow_for_upperbound 
C++: Handle overflow for upperbound
codeql-cli/v2.6.3 		2021-09-27 10:32:49 +02:00
James Fletcher
c977cfe40a Merge pull request #6754 from github/update-link 
Update one more link in the QL training content
 2021-09-27 08:33:42 +01:00
Anders Fugmann
e0921ac983 C++: Increase precision of cpp/static-buffer-overflow to high 2021-09-27 09:06:36 +02:00
luchua-bc
5264936fc3 Correct the run method and add Math.min check 2021-09-24 21:00:53 +00:00
Geoffrey White
7e7dfe2cc4 C++: Understand format arguments. 2021-09-24 19:25:43 +01:00
Geoffrey White
91a8b9fdd9 C++: Add suggested test (and a good variant). 2021-09-24 18:34:28 +01:00
Nick Rolfe
175958b9be Consider Oj.load a sink for unsafe deserialization 
Unless a known-safe mode is used, either by setting the default options,
or by explicitly passing a mode in the options hash argument.
 2021-09-24 17:43:22 +01:00
Alexander Eyers-Taylor
8debae1a3b Merge pull request #6753 from github/aibaars/fix-typo 
Fix typo in language spec
 2021-09-24 17:21:14 +01:00
Rasmus Wriedt Larsen
547cbb6322 Merge pull request #6331 from porcupineyhairs/pythonXpath 
Python : Improve Xpath Injection Query
 2021-09-24 18:11:08 +02:00
james
1adc5c2a5b update links correctly 2021-09-24 17:00:59 +01:00
Geoffrey White
6901d9d9c2 C++: Add and use getRemoteSocket predicates. 2021-09-24 15:16:48 +01:00
Geoffrey White
9f59bc8f7b C++: Naive translation to use RemoteFlow*Function. 2021-09-24 15:12:14 +01:00
Rasmus Wriedt Larsen
d39df18544 Python: Minor test cleanup 2021-09-24 16:11:27 +02:00
james
e664711f47 make links to slide decks relative 2021-09-24 14:56:48 +01:00
Tom Hvitved
793368d670 More uses of instanceof in the external/internal AST layer 2021-09-24 15:55:15 +02:00
Arthur Baars
7d3a219f63 Fix typo in language spec 
Thanks to https://github.com/github/codeql/issues/6750
 2021-09-24 15:47:09 +02:00
james
23e4ad1abb update one more link 2021-09-24 14:46:14 +01:00
Geoffrey White
3e1bc66984 Merge pull request #6733 from MathiasVP/fix-qldoc-in-initialize-dynamic-allocation-instruction 
C++/C#: Fix QLDoc on `InitializeDynamicAllocationInstruction`.{`getAllocationAddressOperand` and `getAllocationAddress`}
 2021-09-24 14:30:03 +01:00
alexet
49f8f46354 Java: Cache params string computation. 2021-09-24 14:12:26 +01:00
Rasmus Wriedt Larsen
26d2fbd217 Python: Fix new XPath injection query 
Fixes the typo `ETXpath` => `ETXPath`
 2021-09-24 15:11:34 +02:00
Rasmus Wriedt Larsen
913a679ef5 Python: Replace old XPath injection query 2021-09-24 15:10:41 +02:00
Anders Peter Fugmann
aebde189f8 C++: Apply peer review suggestion 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-09-24 15:09:23 +02:00
Anders Schack-Mulligen
66c206cc61 Merge pull request #6747 from bmuskalla/organizeUtils 
Java: Organize `utils` into separate directories
 2021-09-24 15:05:51 +02:00