hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
23,989 Commits 1,693 Branches 161 Tags
160f3b43128b760ccb14aa4a4b2a053d3edc8a49
Commit Graph

23989 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Farebrother
160f3b4312 Remove ArrayElement from sink specifications 2021-07-01 14:41:39 +01:00
Joe Farebrother
4bea33402c Rename test labels for more clarity 2021-07-01 14:38:20 +01:00
Joe Farebrother
1a06c132be Use ArrayElement of to handle arargs case in SpringJdbc.qll 2021-07-01 14:38:20 +01:00
Joe Farebrother
29f82fc81f Use ArrayElementOf in Android sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
f4a59cc2e3 Convert tainted arrays to arrays of tainted elements in tests 2021-07-01 14:38:19 +01:00
Joe Farebrother
865477d020 Convert android tests to inline expectations 2021-07-01 14:38:19 +01:00
Joe Farebrother
95d8018a43 Include overrides for SQLiteQueryBuilder sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
0d4f8aedb8 Use Argument ranges in CSV rows 2021-07-01 14:38:19 +01:00
Joe Farebrother
7926d16844 Convert SQL sinks to CSV format 2021-07-01 14:38:19 +01:00
Anders Schack-Mulligen
cda5c22f6e Merge pull request #5590 from github/sauyon/java-spring-errors 
Add models for Spring validation.Errors
 2021-07-01 14:29:49 +02:00
Anders Schack-Mulligen
37f8794d01 Merge pull request #6165 from edoardopirovano/fix-regression 
Performance: Improve join order in data flow library
 2021-07-01 14:13:18 +02:00
yo-h
d325d2ae81 Merge pull request #6180 from tamasvajk/fix/coverage-report-search-path 
Upgrade database in coverage report jobs
 2021-06-30 21:00:09 -04:00
Taus
e4af14638b Merge pull request #6175 from yoff/python-port-ReDoS 
Python: port ReDoS queries from Javascript
 2021-06-30 16:26:07 +02:00
yoff
6a77b890af Merge pull request #6155 from RasmusWL/port-cleartext-queries 
Python: Port cleartext queries
 2021-06-30 15:52:34 +02:00
Taus
fc71a648c0 Merge pull request #6092 from RasmusWL/markupsafe-modeling 
Python: Add `MarkupSafe` model
 2021-06-30 15:52:10 +02:00
Anders Schack-Mulligen
d8b017e6c0 Merge pull request #6036 from atorralba/atorralba/spring-beans 
Java: Flow summaries for Spring's Bean Properties classes
 2021-06-30 15:41:24 +02:00
Anders Schack-Mulligen
b8b6f05603 Merge pull request #6187 from aschackmull/java/perf-fix-variable-getinit 
Java: Fix bad join-order.
 2021-06-30 15:39:00 +02:00
Rasmus Lerchedahl Petersen
a176e6ac30 Python: comment out temporarily unused predicate 2021-06-30 15:28:31 +02:00
Rasmus Lerchedahl Petersen
45e30b0c06 Python: comment out temporarily unused predicate 2021-06-30 15:04:37 +02:00
Rasmus Lerchedahl Petersen
c306cee04e Python: mimic JS file hierarchy 2021-06-30 15:03:22 +02:00
Rasmus Lerchedahl Petersen
651f8abba0 Python: Avoid multiple results for toString 2021-06-30 14:39:49 +02:00
Rasmus Wriedt Larsen
c2708176b1 Python: Support %-style formatting for MarkupSafe 2021-06-30 14:15:41 +02:00
Rasmus Wriedt Larsen
0a4efd0e86 Python: Add %-style formatting tests for MarkupSafe 2021-06-30 14:13:59 +02:00
Rasmus Wriedt Larsen
c84658dff1 Python: Use MethodCallNode for MarkupSafe string-format 2021-06-30 13:58:09 +02:00
Rasmus Wriedt Larsen
d6e8fafdbd Python: Proper sorting in Frameworks.qll 2021-06-30 13:55:26 +02:00
Rasmus Wriedt Larsen
075953860b Merge branch 'main' into markupsafe-modeling 2021-06-30 13:55:08 +02:00
Anders Schack-Mulligen
f03d460e95 Java: Fix bad join-order. 2021-06-30 13:42:45 +02:00
Tamas Vajk
dc63f23d6b Fix review findings 2021-06-30 13:40:36 +02:00
Tamas Vajk
6a35c8c5f4 Upgrade database in coverage report jobs 2021-06-30 13:40:36 +02:00
Tamás Vajk
10a6089739 Merge pull request #6148 from tamasvajk/feature/try-csv-source-models 
C#: Start using CSV based flow models
 2021-06-30 12:58:42 +02:00
Tony Torralba
a3e1b139c3 Fix spring stubs location 2021-06-30 12:56:45 +02:00
Tony Torralba
0bb9e464b2 Merge branch 'main' into atorralba/spring-beans 2021-06-30 12:55:10 +02:00
Rasmus Lerchedahl Petersen
72986e1e28 Python: Add some comments on the booelan sweep 
pattern
 2021-06-30 12:50:36 +02:00
Rasmus Lerchedahl Petersen
4ca0ee87f0 Merge branch 'main' of github.com:github/codeql into python-port-ReDoS 2021-06-30 12:28:54 +02:00
Rasmus Lerchedahl Petersen
52d91917aa Merge branch 'python-port-ReDoS' of github.com:yoff/codeql into python-port-ReDoS 2021-06-30 12:25:59 +02:00
Rasmus Lerchedahl Petersen
09e71cfdfd Python: update test expectations 2021-06-30 12:25:29 +02:00
Rasmus Lerchedahl Petersen
6dfbf80494 Python: Disable use of toUnicode 
until supporting CLI is released
 2021-06-30 12:21:52 +02:00
Rasmus Wriedt Larsen
e5d65992b4 Python: Use DefinitionNode instead of Assign 
Based on https://github.com/github/codeql/pull/6155#discussion_r660964666:

> Hmm... Would it be better to do this using DefinitionNode instead of
> Assign? The latter is fairly limited in what it can represent, and also
> raises questions of whether this definition is sound with regard to
> control-flow splitting.
 2021-06-30 12:08:32 +02:00
yoff
c19522e921 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-06-30 11:49:45 +02:00
Tamas Vajk
0946ae2ae9 Fix review findings 2021-06-30 11:39:51 +02:00
Tony Torralba
9d64cadb50 Adapt tests after applying changes from code review 2021-06-30 10:02:03 +02:00
Tony Torralba
b64b8ecec2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-30 09:52:22 +02:00
Anders Schack-Mulligen
374859efb4 Merge pull request #6156 from smowton/smowton/feature/jax-rs-content-type-sensitivity 
Jax RS XSS Tests
 2021-06-30 09:52:07 +02:00
Tamás Vajk
a0e768bb43 Merge pull request #6172 from tamasvajk/fix/csv-comment-again 
Fix CSV framework coverage commenter workflow
 2021-06-30 09:10:47 +02:00
Tom Hvitved
22dd53f245 Merge pull request #6167 from hvitved/csharp/trap-stack-preprocessor-conditions 
C#: Add active preprocessor conditions as suffix in all TRAP `.push` instructions
 2021-06-30 08:34:47 +02:00
Sauyon Lee
52d1901d6e Adjust validation models to reflect array parameters 2021-06-29 12:01:24 -07:00
Sauyon Lee
52b24118b3 Add tests for Spring validation.Errors 2021-06-29 12:01:23 -07:00
Edoardo Pirovano
8354f66c29 Performance: Improve join order in data flow library 2021-06-29 18:23:22 +01:00
Rasmus Wriedt Larsen
94bcda3bae Python: Highlight problem picking DataFlow::Node for Assign 2021-06-29 15:32:16 +02:00
Sauyon Lee
b76f761e56 Import springvalidation in ExternalFlow.qll 2021-06-29 05:51:58 -07:00