hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 16:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,950 Commits 1,689 Branches 159 Tags
383b2e183dbfcb57577229aaeefe6d154cdadac9
Commit Graph

53950 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nora Dimitrijević
383b2e183d Merge pull request #12936 from d10c/swift/rename-functions 
Swift: rename ugly names in the Function AST hierarchy
 2023-05-01 17:08:19 +02:00
Michael Nebel
a9cf6885d0 Merge pull request #12952 from michaelnebel/csharp/refactorcontentflow 
C#: Re-factor ContentFlow to a parameterised module and use the new API.
 2023-05-01 15:53:57 +02:00
Anders Schack-Mulligen
6c8cb0dc5e Merge pull request #12930 from aschackmull/dataflow/split-typedcontent 
Dataflow: Refactor access paths to split TypedContent into an explicit pair
 2023-05-01 14:58:15 +02:00
Tom Hvitved
3a8a585335 Merge pull request #12979 from hvitved/type-tracking-inline-late 
Type tracking: Use `noopt`+`inline_late` in `TypeTracker::[small]step`
 2023-05-01 14:58:04 +02:00
Tom Hvitved
4687ac16ff Type tracking: Use noopt+inline_late in TypeTracker::[small]step 2023-05-01 11:48:16 +02:00
yoff
0bc6f10a71 Merge pull request #12220 from amammad/amammad-python-paramiko 
add some python sinks for paramiko ssh clients
 2023-05-01 11:38:50 +02:00
Asger F
2c89f9747b Merge pull request #12949 from asgerf/js/angular-native 
JS: Add a few more DOM element sources
 2023-05-01 11:08:45 +02:00
Nora Dimitrijević
c81ea9d747 Merge branch 'main' into swift/rename-functions 2023-05-01 11:03:26 +02:00
Michael Nebel
36ea61c25e C#: Address review comments. 2023-05-01 10:38:39 +02:00
Asger F
e9f1e99526 Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization 
JS: Update model of js-yaml
 2023-05-01 09:57:20 +02:00
Rasmus Wriedt Larsen
1bba5258d6 Merge pull request #11280 from RasmusWL/dict-dataflow-steps 
Python: Support more dictionary read/store steps
 2023-04-30 16:07:29 +02:00
Erik Krogh Kristensen
3d41cd583f Merge pull request #12963 from tyage/track-interfile-use-router 
JS: Track interfile useRouter
 2023-04-28 22:41:43 +02:00
Asger F
d1c8e0abd7 Merge pull request #12951 from asgerf/js/json-with-comments 
JS: Stop complaining about comments in JSON files
 2023-04-28 20:53:35 +02:00
Asger F
f87740ab18 Merge pull request #12867 from asgerf/js/webpack-bundles 
JS: Ignore more webpack modules
 2023-04-28 14:35:57 +02:00
Asger F
1b75afb5b1 JS: Change note 2023-04-28 14:32:11 +02:00
Michael B. Gale
edfe2d7ab7 Merge pull request #12944 from github/mbg/go/html-template-sanitizers 
Go: Add `html/template` functions as sanitisers for XSS queries
 2023-04-28 12:15:57 +01:00
Michael B. Gale
5a44fae515 Go: add test for unrelated A->C data flow 2023-04-28 10:56:12 +01:00
Mathias Vorreiter Pedersen
205bb76036 Merge pull request #12960 from MathiasVP/fp-invalid-deref-2 
C++: Add more FPs for `cpp/invalid-pointer-deref`
 2023-04-28 09:47:46 +01:00
Mathias Vorreiter Pedersen
4ef58cd662 C++: Remove unused parameter in test. 2023-04-28 09:30:30 +01:00
Anders Schack-Mulligen
ce64408442 Merge pull request #12954 from aschackmull/java/implicitlypublic 
Java: Add SrcCallable.isImplicitlyPublic convenience predicate.
 2023-04-28 10:07:45 +02:00
Asger F
ee25f97ea5 Merge pull request #12956 from asgerf/js/express-array-routes 
JS: Properly recognise Express middlewares in an array
 2023-04-28 09:57:35 +02:00
Mathias Vorreiter Pedersen
5f4d0892ff Merge pull request #12900 from MathiasVP/ir-translate-constant-static-local-vars-2 2023-04-28 08:46:25 +01:00
tyage
933b55d37d Track interfile useRouter 2023-04-28 15:49:26 +09:00
Asger F
8a9308c8b0 JS: Update test output 2023-04-28 07:55:20 +02:00
amammad
b3669b818b v1.3 change name according to camelCase 2023-04-28 04:56:47 +02:00
Asger F
0c8f895e0f JS: Add one more test 2023-04-27 21:06:20 +02:00
Asger F
97a942de80 JS: Update test output 2023-04-27 21:04:35 +02:00
Mathias Vorreiter Pedersen
5c23474634 C++: Add FPs for 'cpp/invalid-pointer-deref'. 2023-04-27 18:49:05 +01:00
Mathias Vorreiter Pedersen
6c095d8143 Merge pull request #12953 from MathiasVP/fp-invalid-deref 
C++: Add FP for `cpp/invalid-pointer-deref`
 2023-04-27 17:29:37 +01:00
Michael B. Gale
72b082806b Go: Update html-template-escaping-passthrough 
Modify this query to apply sanitizers only in the data flow
between untrusted inputs and passthrough conversion types.
 2023-04-27 17:14:38 +01:00
Mathias Vorreiter Pedersen
e46c53af1d C++: accept test changes. 2023-04-27 17:13:02 +01:00
Mathias Vorreiter Pedersen
1372ee7a44 Update cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-04-27 17:10:44 +01:00
Asger F
0fb79bdf64 JS: Include a local step before store step 2023-04-27 17:58:02 +02:00
Asger F
c674afb674 JS: Fix condition in getRouteHandlerNode 
Previous version did not account for arrays
 2023-04-27 17:58:02 +02:00
Asger F
682ff23e04 JS: Update Express test 2023-04-27 16:36:04 +02:00
Asger F
36889f6d72 JS: Fix isResponse/isRequest 2023-04-27 16:35:56 +02:00
Asger F
70331c0ea4 JS: Decouple chaining from ExplicitResponseSource 2023-04-27 16:14:27 +02:00
Asger F
96e415aba6 JS: Track express route handlers into arrays 2023-04-27 16:14:22 +02:00
Mathias Vorreiter Pedersen
432c0b508a C++: Add another FP. 2023-04-27 14:50:29 +01:00
Anders Schack-Mulligen
9df2ee00d6 Java: Add SrcCallable.isImplicitlyPublic convenience predicate. 2023-04-27 15:20:49 +02:00
Anders Schack-Mulligen
71ae0909d8 Dataflow: Enforce type pruning in all forward stages. 2023-04-27 14:55:26 +02:00
Anders Schack-Mulligen
9140cbefc0 Dataflow: Sync. 2023-04-27 14:55:23 +02:00
Anders Schack-Mulligen
a761eea2dc Dataflow: Autoformat 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
9ad2da6196 Java: Fix reference to TypedContent. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
4f2d2361a4 Dataflow: Eliminate TypedContent. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
5373b4d466 Dataflow: Remove superfluous predicates. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
b534e7b6d5 Dataflow: Remove superfluous columns 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
a2fa97ac22 Dataflow: Replace TypedContent with Content in access paths. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
123534a676 Dataflow: Eliminate front type in AccessPathFront. 2023-04-27 14:52:25 +02:00
Anders Schack-Mulligen
ff3e45e1ba Dataflow: Eliminate TypedContentApprox. 2023-04-27 14:52:25 +02:00