hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
491 Commits 1,684 Branches 159 Tags
407493094de3d6bc3be7e5f1065fb765f760ed09
Commit Graph

346 Commits

Author SHA1 Message Date
Sauyon Lee
ea3a7e8038 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-04-02 23:58:39 -07:00
Sauyon Lee
e27947e280 Add comment for new url concatenation sanitizer 2020-04-02 23:58:39 -07:00
Sauyon Lee
3c02b3ab74 Add SafeUrlFlowCustomizations doc comment 2020-04-02 23:58:38 -07:00
Sauyon Lee
c68e509508 OpenUrlRedirect: Fix some comments 2020-04-02 23:58:37 -07:00
Sauyon Lee
4e5b17e18d Sanitize hostname if there is a slash and a previous component 2020-04-02 23:58:36 -07:00
Sauyon Lee
4b3982154a Add a SafeUrlFlow configuration 2020-04-02 23:58:35 -07:00
Sauyon Lee
4bcffe2d47 RequestForgery: Add a safe URL sanitizer 2020-04-02 23:58:34 -07:00
Sauyon Lee
1c859a8991 Address review comments 2020-04-02 23:58:33 -07:00
Sauyon Lee
89a03c8b67 RequestForgery: Add high precision 2020-04-02 23:49:58 -07:00
Sauyon Lee
830c3fce2a RequestForgery: Add tests 2020-04-02 23:49:57 -07:00
Sauyon Lee
314787956b Allow write base to be inside an implicit dereference 2020-04-02 23:49:56 -07:00
Sauyon Lee
e9b0f88946 RequestForgery: Add taint step for URL Host assignment 2020-04-02 23:49:55 -07:00
Sauyon Lee
12928d9f17 HTTP: Add model for Client.Do 2020-04-02 23:49:55 -07:00
Sauyon Lee
6876eabf54 RequestForgery: Add query help 2020-04-02 23:49:54 -07:00
Sauyon Lee
b23c75afb6 RequestForgery: move query from experimental 2020-04-02 23:49:53 -07:00
Max Schaefer
77c282824e Merge pull request #81 from gagliardetto/system-executors 
Expand system executors (continuation of #70)
 2020-04-03 07:24:05 +01:00
Sauyon Lee
f9610f22e7 Merge pull request #85 from max-schaefer/codeql-stats 
Use CodeQL for creating stats
 2020-04-02 10:57:20 -07:00
Shati Patel
3af3548c30 Remove "learn-ql" folder 2020-04-02 11:56:15 +01:00
Shati Patel
6126d32d82 Remove .rst files from this repo 2020-04-02 11:35:19 +01:00
Shati Patel
3a12c1c2d4 Docs: Add README with links to new docs location 2020-04-02 11:35:14 +01:00
Slavomir
b5f14d1296 Add awk and similar 2020-04-02 13:07:43 +03:00
Slavomir
81bc3c03a9 Add more commands 2020-04-02 13:03:22 +03:00
Max Schaefer
ddb6f2ca6a Update stats. 2020-04-02 10:15:20 +01:00
Slavomir
32beebd059 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-04-02 12:09:06 +03:00
Sauyon Lee
bc59fa40d7 Merge pull request #73 from intrigus-lgtm/make-CWE-643-supported 
Make cwe 643 supported
 2020-04-01 17:45:45 -07:00
intrigus
be21d49cf2 Add precision to query 2020-04-01 16:15:24 +02:00
intrigus
a524cc4716 Properly match methods defined in classes 2020-04-01 16:04:24 +02:00
intrigus
615fe09ed7 Format go test stubs 2020-04-01 15:52:55 +02:00
Slavomir
33c18b0d11 expand system executors 2020-04-01 15:12:48 +03:00
intrigus
4924be54a7 Fix one test method 2020-03-31 16:46:29 +02:00
intrigus
0586fe9235 Add missing stubs in vendor/ 2020-03-31 16:46:08 +02:00
intrigus
66451a776d Add test cases for all libraries 
Note: This is currently missing appropriate vendoring
so will probably fail for now.
 2020-03-30 23:44:25 +02:00
intrigus
e18d15070a Switch to jbowtie/gokogiri 2020-03-30 23:42:44 +02:00
intrigus
b097826dd8 Add missing class qualifiers 2020-03-30 23:42:13 +02:00
intrigus
051f17ce67 Fix class name 2020-03-30 23:37:37 +02:00
Max Schaefer
28ed803fae Data flow: Add module doc comment for TaintTrackingImpl.qll 
cf https://github.com/Semmle/ql/pull/3155
 2020-03-30 11:21:53 +01:00
Max Schaefer
bb34c91b38 Add Qldoc for the last few remaining predicates. 
Apart from a missing module doc comment for `TaintTrackingImpl.qll` which we'll need to synchronize with the other languages (https://github.com/Semmle/ql/pull/3155), this gets us to 100% Qldoc coverage.
 2020-03-30 10:38:25 +01:00
intrigus
26cfa93947 Ignore type incompatible sinks 2020-03-27 21:32:53 +01:00
intrigus
8278dd358e Try to fix test 2020-03-27 16:13:00 +01:00
intrigus
21feb9d996 Add byte slice type 2020-03-27 15:37:36 +01:00
intrigus
d609c0ca43 Shorten example code 2020-03-27 15:31:20 +01:00
intrigus
c5a1185939 Apply style suggestions 2020-03-27 15:29:21 +01:00
intrigus
b24c23389c Don't match unexported functions 2020-03-27 15:21:00 +01:00
intrigus-lgtm
5eaaa4264a Apply suggestions from code review 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-27 13:42:30 +01:00
Sauyon Lee
080d14ea50 Add a test for the Read taint step 2020-03-27 04:22:13 -07:00
Sauyon Lee
4747524fee Address review comments 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-27 04:15:30 -07:00
Sauyon Lee
05761bc2cd Address review comments 2020-03-27 04:03:30 -07:00
Sauyon Lee
a4f1e2b527 Add a model for Read methods on io.Reader 2020-03-26 18:57:44 -07:00
intrigus
be50db1cc7 Move XPath injection query to supported query 
The XPath injection query is moved to the supported queries.
Removed unnecessary code from the go test file
 2020-03-26 20:19:58 +01:00
intrigus
03023e8205 Add XPath model to default imports 2020-03-26 20:19:19 +01:00