hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 13:06:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,948 Commits 1,714 Branches 162 Tags
220f2ded852504e1ac761b7a73fce70cd35b72cd
Commit Graph

25948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
220f2ded85 Merge pull request #6698 from asgerf/js/template-self-assignment 
Approved by esbena
 2021-09-15 01:08:39 -07:00
Anders Schack-Mulligen
3f7d6e6f85 Merge pull request #6136 from smowton/smowton/admin/spring-xss-content-type-sensitivity 
Spring HTTP: improve content-type sensitivity
 2021-09-15 09:50:56 +02:00
Anders Schack-Mulligen
2a9e3da24f Merge pull request #6697 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-09-15 09:35:09 +02:00
Asger Feldthaus
b5db4047a0 JS: Exclude template files in SelfAssignment 2021-09-15 08:59:47 +02:00
github-actions[bot]
baab70bea6 Add changed framework coverage reports 2021-09-15 00:07:57 +00:00
CodeQL CI
b25b19f71b Merge pull request #6584 from erik-krogh/clipBoard 
Approved by esbena
 2021-09-14 12:41:49 -07:00
Erik Krogh Kristensen
3b6c8c5191 Merge branch 'main' into clipBoard 2021-09-14 20:21:37 +02:00
CodeQL CI
136d04390d Merge pull request #6695 from erik-krogh/js-add-cwes 
Approved by esbena
 2021-09-14 11:19:35 -07:00
Chris Smowton
ca87768a93 Merge pull request #6692 from bmuskalla/testGeneratorFlowTest 
Java: Test generator uses `InlineFlowTest`
 2021-09-14 15:44:24 +01:00
Chris Smowton
406466de9a Simplify specifiesContentType predicate 2021-09-14 15:24:46 +01:00
Mathias Vorreiter Pedersen
adbeba291b Merge pull request #6687 from MathiasVP/fix-fp-in-av-rule-114 
C++: Exclude uninstantiated templates from AV Rule 114.
 2021-09-14 15:24:18 +01:00
Chris Smowton
6cff0d0376 Merge pull request #6393 from luchua-bc/java/xss-jsf 
Java: CWE-079 Query to detect XSS with JavaServer Faces (JSF)
 2021-09-14 15:15:56 +01:00
Benjamin Muskalla
abd770a027 Avoid empty template in test generator 2021-09-14 15:32:12 +02:00
Chris Smowton
a1ad1ddc10 Deprecated and replace uses of old name ServletWriterSource 2021-09-14 14:21:29 +01:00
Erik Krogh Kristensen
b936a04826 add some fitting CWEs to existing queries 2021-09-14 14:59:24 +02:00
Anders Schack-Mulligen
26eafcb55a Merge pull request #6456 from smowton/smowton/admin/flexjson-unsafe-deserialization 
Java: add unsafe-deserialization support for Flexjson
 2021-09-14 14:33:22 +02:00
Rasmus Wriedt Larsen
8b7fad8595 Merge pull request #6283 from tausbn/python-fix-exceptstmt-gettype 
Python: Fix `ExceptStmt::getType`
 2021-09-14 13:40:33 +02:00
Rasmus Wriedt Larsen
49f5f1e2c2 Merge pull request #6336 from tausbn/python-make-annotated-assignment-a-definitionnode 
Python: Two fixes regarding annotated assignments
 2021-09-14 13:37:53 +02:00
Chris Smowton
6af5c5fc86 Add change note 2021-09-14 12:36:38 +01:00
Chris Smowton
26dbf058c8 Add reverse import from ExternalFlow.qll 2021-09-14 12:35:33 +01:00
Chris Smowton
fcc0f1d5a7 Expand test to exercise all sinks 2021-09-14 12:27:33 +01:00
Chris Smowton
e439b7d7f8 Remove resource-related sources 
These access application-owned resources AFAICT
 2021-09-14 12:24:27 +01:00
Tom Hvitved
98a12cef26 Merge pull request #6690 from hvitved/js/files-folders-drop-columns 
JavaScript: Drop redundant columns from `files` and `folders` relations
 2021-09-14 13:13:37 +02:00
Chris Smowton
104873e8ee Autoformat 2021-09-14 12:07:59 +01:00
Chris Smowton
6811441459 Factor JSF source definitions 2021-09-14 12:07:48 +01:00
Chris Smowton
b7fc068cee Move JSFRenderer.qll to lib 2021-09-14 11:49:01 +01:00
Chris Smowton
023c533745 Combine Servlet and JSF vulnerable writer flow-tracking 
JSP and Servlet already shared this logic; might as well add JSF into the same mechanism.
 2021-09-14 11:48:34 +01:00
Chris Smowton
cb8096f636 Remove JSF XSS Example 
Per previous commit, no need for a top-level JSF example
 2021-09-14 11:47:37 +01:00
Chris Smowton
cca9ad06b4 Remove JSF example 
I don't think we need this: there are lots of possible XSS vectors; we don't need to enumerate every one in the qhelp file.
 2021-09-14 11:47:36 +01:00
Chris Smowton
76e4077b56 Delete unused classes 2021-09-14 11:47:35 +01:00
luchua-bc
24addd5c10 Query to detect XSS with JavaServer Faces (JSF) 2021-09-14 11:47:32 +01:00
Chris Smowton
e92b9cbe99 Improve getAProducesExpr documentation 2021-09-14 11:16:45 +01:00
Benjamin Muskalla
f9918cc63c Test generator uses InlineFlowTest 2021-09-14 11:58:56 +02:00
Anders Schack-Mulligen
e71173d953 Merge pull request #6591 from bmuskalla/inlineFlowTest 
Java: Simplify setup for flow tests using `InlineExpectationsTest`
 2021-09-14 10:31:29 +02:00
Tom Hvitved
57b5b2af2e JavaScript: DB upgrade script 2021-09-14 10:25:53 +02:00
Tom Hvitved
25e1da0150 JavaScript: Update expected test output 2021-09-14 10:25:42 +02:00
Tom Hvitved
63e28c57cd JavaScript: Drop redundant columns from files and folders relations 2021-09-14 10:25:37 +02:00
Tamás Vajk
d52616b687 Merge pull request #6683 from tamasvajk/feature/csv-coverage-fix 
Only leave CSV coverage updater job enabled on github/codeql
 2021-09-14 10:13:28 +02:00
Benjamin Muskalla
93f9097b02 Merge pull request #6689 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-09-14 09:35:31 +02:00
github-actions[bot]
bf7c26e681 Add changed framework coverage reports 2021-09-14 00:07:57 +00:00
Taus
4d24be04a1 Merge pull request #6688 from RasmusWL/small-fix 
Python: Fix `globals() == locals()` FP
 2021-09-13 21:50:13 +02:00
Erik Krogh Kristensen
b889674486 add change note 2021-09-13 20:45:35 +02:00
Erik Krogh Kristensen
8569d261f7 add test 2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen
8e98dcefb1 add clipboard data as a RemoteFlowSource 2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen
3983aceb48 recognize types of the form "HTML%Element" as dom values 2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen
bac80bf686 delete ClipboardXss.ql experimental query 2021-09-13 20:43:31 +02:00
Rasmus Wriedt Larsen
f402475dd3 Python: Fix globals() == locals() FP 2021-09-13 20:03:11 +02:00
Rasmus Wriedt Larsen
69fe2a36e5 Python: Add globals() == locals() test 2021-09-13 20:02:08 +02:00
Rasmus Wriedt Larsen
ba7cdec2ea Python: Add some lines in test file 
These are just empty now, such that it's obvious the tests didn't
change.
 2021-09-13 20:00:50 +02:00
Rasmus Wriedt Larsen
a9694bf0ef Python: Clean whitespace 2021-09-13 19:58:59 +02:00