hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-19 03:41:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,020 Commits 1,781 Branches 169 Tags
0105b829c41edf03e0675d24bce282f1eeebf600
Commit Graph

24020 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
0105b829c4 JS: Update test output 2021-07-02 11:55:56 +02:00
Asger Feldthaus
6d9b96f6e8 JS: Dont use getALocalSource() when marking Vue template sinks 2021-07-02 11:55:56 +02:00
Asger Feldthaus
472b41f5e1 JS: Update React to handle string literals being SourceNodes 2021-07-02 11:55:56 +02:00
Asger Feldthaus
39c204ac39 JS: Treat string literals as source nodes 2021-07-02 11:55:56 +02:00
Anders Schack-Mulligen
80124df78e Merge pull request #5487 from joefarebrother/sql-sinks 
Java: Convert SQL sinks to CSV format
 2021-07-02 10:51:09 +02:00
CodeQL CI
61ee193dc0 Merge pull request #6197 from asgerf/js/recompose 
Approved by esbena
 2021-07-02 00:58:06 -07:00
Esben Sparre Andreasen
0cf9c95981 Merge pull request #6193 from esbena/esbena/mootools-xss 
JS: add Mootools XSS sinks
 2021-07-02 09:24:56 +02:00
Anders Schack-Mulligen
4e1155cfd2 Merge pull request #6202 from smowton/smowton/admin/cleanup-duplicated-experimental-query 
Deduplicate shared body of regular and experimental versions of `java/command-line-injection` query.
 2021-07-02 09:23:50 +02:00
Anders Schack-Mulligen
f9da044e54 Merge pull request #6185 from aschackmull/java/perf-fix-request-forgery 
Java: Fix bad magic.
 2021-07-02 09:07:07 +02:00
Taus
f151338def Merge pull request #6198 from RasmusWL/fix-cleartext-logging 
Python: Some minor fixes to `py/clear-text-logging-sensitive-data`
 2021-07-01 18:28:25 +02:00
Chris Smowton
8b7db8a8cc Merge pull request #5408 from p0wn4j/urlclassloader-webclient-ssrf-sinks 
Java: Add URLClassLoader, WebClient SSRF sinks
 2021-07-01 16:14:22 +01:00
Tamás Vajk
05842dcdb3 Merge pull request #6181 from tamasvajk/feature/test-options-files 
C#: Start using 'options' files in tests
 2021-07-01 17:03:27 +02:00
Joe Farebrother
1e82c607ef Mark failing tests as missing 2021-07-01 15:29:47 +01:00
Tamas Vajk
5e2770339f Add adjusted expected files 2021-07-01 16:09:11 +02:00
Tamas Vajk
03d1a3e0ad Trim test files + remove duplicate newlines 2021-07-01 16:09:11 +02:00
Tamas Vajk
4900ecfabe Manual fixes 2021-07-01 16:09:11 +02:00
Tamas Vajk
c29d11087b C#: Start using 'options' files in tests 2021-07-01 16:08:47 +02:00
Chris Smowton
e0a7f6e14f Fix URLClassLoader test 2021-07-01 15:03:38 +01:00
Chris Smowton
d5a9f3d87b Deduplicate shared body of regular and experimental versions of java/command-line-injection query. 2021-07-01 14:53:56 +01:00
Joe Farebrother
160f3b4312 Remove ArrayElement from sink specifications 2021-07-01 14:41:39 +01:00
Joe Farebrother
4bea33402c Rename test labels for more clarity 2021-07-01 14:38:20 +01:00
Joe Farebrother
1a06c132be Use ArrayElement of to handle arargs case in SpringJdbc.qll 2021-07-01 14:38:20 +01:00
Joe Farebrother
29f82fc81f Use ArrayElementOf in Android sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
f4a59cc2e3 Convert tainted arrays to arrays of tainted elements in tests 2021-07-01 14:38:19 +01:00
Joe Farebrother
865477d020 Convert android tests to inline expectations 2021-07-01 14:38:19 +01:00
Joe Farebrother
95d8018a43 Include overrides for SQLiteQueryBuilder sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
0d4f8aedb8 Use Argument ranges in CSV rows 2021-07-01 14:38:19 +01:00
Joe Farebrother
7926d16844 Convert SQL sinks to CSV format 2021-07-01 14:38:19 +01:00
Chris Smowton
44e8dd9ec5 Add change note 2021-07-01 13:36:00 +01:00
Anders Schack-Mulligen
cda5c22f6e Merge pull request #5590 from github/sauyon/java-spring-errors 
Add models for Spring validation.Errors
 2021-07-01 14:29:49 +02:00
Asger Feldthaus
993cc29275 JS: Autoformat 2021-07-01 14:22:44 +02:00
Anders Schack-Mulligen
37f8794d01 Merge pull request #6165 from edoardopirovano/fix-regression 
Performance: Improve join order in data flow library
 2021-07-01 14:13:18 +02:00
Rasmus Wriedt Larsen
b0309dd321 Python: Limit SensitiveDataSources to prevent _some_ cross-talk 2021-07-01 12:08:12 +02:00
Rasmus Wriedt Larsen
f64e58a21c Python: Fix a QLDoc for SensitiveDataSources 2021-07-01 12:05:59 +02:00
Rasmus Wriedt Larsen
d7e3ebb15c Python: Add tests showing sensitive data cross-talk 2021-07-01 12:05:51 +02:00
Esben Sparre Andreasen
85b9003af4 JS: add Mootools XSS sinks 2021-07-01 09:17:27 +02:00
yo-h
d325d2ae81 Merge pull request #6180 from tamasvajk/fix/coverage-report-search-path 
Upgrade database in coverage report jobs
 2021-06-30 21:00:09 -04:00
p0wn4j
0db7496617 Add URLClassLoader and Spring WebClient SSRF sinks 2021-07-01 03:34:14 +04:00
Rasmus Wriedt Larsen
d9e2f504f8 Python: Fix clear text logging sink 
No need to restrict it to arguments that are calls
 2021-06-30 20:31:17 +02:00
Taus
e4af14638b Merge pull request #6175 from yoff/python-port-ReDoS 
Python: port ReDoS queries from Javascript
 2021-06-30 16:26:07 +02:00
yoff
6a77b890af Merge pull request #6155 from RasmusWL/port-cleartext-queries 
Python: Port cleartext queries
 2021-06-30 15:52:34 +02:00
Taus
fc71a648c0 Merge pull request #6092 from RasmusWL/markupsafe-modeling 
Python: Add `MarkupSafe` model
 2021-06-30 15:52:10 +02:00
Anders Schack-Mulligen
d8b017e6c0 Merge pull request #6036 from atorralba/atorralba/spring-beans 
Java: Flow summaries for Spring's Bean Properties classes
 2021-06-30 15:41:24 +02:00
Anders Schack-Mulligen
b8b6f05603 Merge pull request #6187 from aschackmull/java/perf-fix-variable-getinit 
Java: Fix bad join-order.
 2021-06-30 15:39:00 +02:00
Rasmus Lerchedahl Petersen
a176e6ac30 Python: comment out temporarily unused predicate 2021-06-30 15:28:31 +02:00
Asger Feldthaus
376efaa46c JS: Change note 2021-06-30 15:10:52 +02:00
Asger Feldthaus
780453008a JS: Drive-by fixes in ComposedFunctions.qll 2021-06-30 15:07:59 +02:00
Asger Feldthaus
7e2871bfdf JS: Propagate React components through recompose HOCs 2021-06-30 15:05:28 +02:00
Rasmus Lerchedahl Petersen
45e30b0c06 Python: comment out temporarily unused predicate 2021-06-30 15:04:37 +02:00
Rasmus Lerchedahl Petersen
c306cee04e Python: mimic JS file hierarchy 2021-06-30 15:03:22 +02:00