hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,775 Commits 1,671 Branches 157 Tags
1db5cb15f018f4ce94895ec9d405b7afb14d0b4d
Commit Graph

20775 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
1db5cb15f0 Update javascript/ql/src/semmle/javascript/security/IncompleteBlacklistSanitizer.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-17 13:30:05 +01:00
Erik Krogh Kristensen
3640bbd466 add test for IncompleteHtmlAttributeSanitization 2021-03-16 13:25:27 +01:00
Erik Krogh Kristensen
1bf259beef support another String.prototype.replace pattern 2021-03-16 13:25:13 +01:00
CodeQL CI
c08230ce1e Merge pull request #5378 from asgerf/js/meta-problem-queries 
Approved by esbena
 2021-03-16 03:58:12 -07:00
Tamás Vajk
24140195d6 Merge pull request #5242 from tamasvajk/feature/tuple-df 
C#: Add tuple dataflow
 2021-03-16 11:45:11 +01:00
Tamás Vajk
8d6b8359eb Merge pull request #5316 from tamasvajk/feature/roslyn3.9 
C#: Upgrade Roslyn dependencies to 3.9
 2021-03-16 11:44:42 +01:00
CodeQL CI
86b933a0e0 Merge pull request #5354 from yoff/doc-fix-typo-csharp-dataflow 
Approved by hvitved
 2021-03-15 23:52:38 -07:00
Anders Schack-Mulligen
45c9428668 Merge pull request #5337 from smowton/smowton/feature/commons-lang-random-sources 
Java: Add support for Commons-Lang's RandomUtils
 2021-03-15 16:21:01 +01:00
CodeQL CI
9268050eb8 Merge pull request #5369 from erik-krogh/tempObjInj 
Approved by asgerf
 2021-03-15 05:23:55 -07:00
CodeQL CI
a9c292e265 Merge pull request #5391 from erik-krogh/additionalXss 
Approved by asgerf
 2021-03-15 04:50:54 -07:00
Erik Krogh Kristensen
b039267b76 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-15 12:39:56 +01:00
Anders Schack-Mulligen
e37ba75599 Merge pull request #5401 from Marcono1234/patch-2 
Add missing quote in documentation
 2021-03-15 09:17:29 +01:00
Marcono1234
a457f5cc4a Add missing quote in documentation 2021-03-13 05:01:56 +01:00
yoff
a760ed8c55 Merge pull request #5388 from tausbn/python-api-graph-builtins 
Python: Support built-ins in API graphs
 2021-03-12 17:45:59 +01:00
Tamas Vajk
27048191c8 C#: Add dataflow test for tuple-positional pattern 2021-03-12 17:14:24 +01:00
Tamas Vajk
9ff304ca6b Fix missing variable binding 2021-03-12 16:14:32 +01:00
Taus
dfc0e9b906 Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces 
Python: Port py/bind-socket-all-network-interfaces query
 2021-03-12 16:04:19 +01:00
CodeQL CI
cb6ee547ca Merge pull request #5379 from asgerf/js/d3 
Approved by erik-krogh
 2021-03-12 06:49:48 -08:00
Taus
c6d6d07720 Apply suggestions from code review 2021-03-12 14:28:59 +01:00
Taus
ffe5d30c2b Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-12 14:27:07 +01:00
Chris Smowton
92d61354d4 Remove abstract class RandomNumberGenerator 2021-03-12 13:04:31 +00:00
Asger Feldthaus
a2d1e88bb3 JS: Update more test expectations 2021-03-12 12:57:21 +00:00
Anders Schack-Mulligen
a8b84e430f Merge pull request #5390 from Marcono1234/patch-2 
Java: Fix documentation mistake in Modules.qll
 2021-03-12 12:51:24 +01:00
Anders Schack-Mulligen
c9786df760 Merge pull request #5344 from smowton/smowton/feature/commons-object-utils 
Java: Add models for flow- and taint-preserving functions in Commons ObjectUtils
 2021-03-12 12:46:31 +01:00
Anders Schack-Mulligen
195ed0173c Merge pull request #5393 from aschackmull/java/taint-not-value-step 
Java: Remove value steps from taint steps.
 2021-03-12 12:44:48 +01:00
Taus Brock-Nannestad
978200e2ad Python: Distinguish between Python 2 and 3 
Also moves the filtering on `name` to before the big disjunction in
`MkModuleImport`.
 2021-03-12 12:35:23 +01:00
Chris Smowton
58d5c2c32d Abbreviate redundant value-flow / taint-flow tests 2021-03-12 10:53:27 +00:00
Cornelius Riemenschneider
0274162c4d Merge pull request #5385 from github/igfoo/failed_extractions 
C++: Add FailedExtractions.ql
 2021-03-12 11:14:06 +01:00
Anders Schack-Mulligen
1d3ad0cb52 Java: Remove value steps from taint steps. 2021-03-12 11:09:53 +01:00
Jonas Jensen
2d4f624935 Merge pull request #5381 from MathiasVP/fix-link-in-CONTRIBUTING 
Fix dead link in CONTRIBUTING.md
 2021-03-12 10:27:45 +01:00
Asger Feldthaus
5d6a93332f JS: Autoformat 2021-03-12 08:28:32 +00:00
Erik Krogh Kristensen
d7b0f628a1 add test 2021-03-12 00:03:20 +01:00
Erik Krogh Kristensen
ae805eb939 don't filter away templated URLs in RemoteServerResponse 2021-03-11 23:52:24 +01:00
Marcono1234
edeb08480e Java: Fix documentation mistake in Modules.qll 2021-03-11 23:45:59 +01:00
Taus Brock-Nannestad
c7b2b719cf Python: Support builtins in API graphs 2021-03-11 23:03:18 +01:00
Ian Lynagh
75ebb348a0 C++: Add name/description to FailedExtractions.ql 2021-03-11 18:44:24 +00:00
Asger Feldthaus
a03cb11257 JS: Include $().prop() source in XssThroughDom 2021-03-11 16:27:31 +00:00
Chris Smowton
82a000bcca Improve change note 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-03-11 16:22:56 +00:00
Chris Smowton
6508a223c3 Remove useless =y value specification from inline test expectations 2021-03-11 16:22:56 +00:00
Chris Smowton
b5268def16 Add models for CONST_BYTE and CONST_SHORT 2021-03-11 16:22:56 +00:00
Chris Smowton
1c1ca70027 Add models for flow- and taint-preserving functions in Commons ObjectUtils. 
These should all be value-preserving, but we don't support value-preserving varargs methods yet.
 2021-03-11 16:22:54 +00:00
Asger Feldthaus
2f3a76c43b JS: Handle global variable d3 2021-03-11 16:17:27 +00:00
Asger Feldthaus
3b11958e33 JS: Expand D3 model a bit 2021-03-11 16:13:02 +00:00
Ian Lynagh
6ef8fb667f C++: Autoformat FailedExtractions.ql 2021-03-11 14:48:27 +00:00
Ian Lynagh
3c1e445a59 C++: Add a changenote for cpp/diagnostics/failed-extractions. 2021-03-11 14:33:04 +00:00
Ian Lynagh
2341c653f7 C++: Add FailedExtractions.ql 2021-03-11 14:08:55 +00:00
Mathias Vorreiter Pedersen
0edae89425 Merge pull request #5380 from github/criemen/clang-cl 
C++: Add clang-cl.exe to `compiledAsMicrosoft()`.
 2021-03-11 13:56:25 +01:00
Mathias Vorreiter Pedersen
4977169cf5 Fix dead link in CONTRIBUTING.md 2021-03-11 13:36:19 +01:00
Cornelius Riemenschneider
288ee92d52 C++: Add clang-cl.exe to compiledAsMicrosoft(). 2021-03-11 12:15:27 +00:00
Asger Feldthaus
3fb810b540 JS: Add @kind problem meta queries 2021-03-11 10:46:18 +00:00