hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 00:43:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,060 Commits 1,693 Branches 160 Tags
5bfdca895b4787dc2bd40cc672b261f04e7cca5c
Commit Graph

21060 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
5bfdca895b JS: Remove recursive def of SourceNode::Range 2021-03-22 15:07:38 +00:00
Asger Feldthaus
230b9cf5d3 JS: Avoid recursion in SourceNode::Range 2021-03-22 15:07:38 +00:00
yoff
c6a69e1d6e Merge pull request #5457 from RasmusWL/framework-tests-non-experimental 
Python: Move framework tests out of experimental
 2021-03-19 16:29:50 +01:00
Rasmus Wriedt Larsen
d9079e34e3 Python: Move framework tests out of experimental 
Since they are not experimental anymore 😄
 2021-03-19 15:51:54 +01:00
Erik Krogh Kristensen
79feb3b689 Merge pull request #5454 from asgerf/js/fix-untrusted-checkout-id 
JS: Fix query ID for UntrustedCheckout
 2021-03-19 14:32:52 +01:00
CodeQL CI
3b117f5218 Merge pull request #5419 from erik-krogh/forgery 
Approved by asgerf
 2021-03-19 12:56:53 +00:00
Asger Feldthaus
42c4b22ea1 JS: Fix query ID for UntrustedCheckout 2021-03-19 12:41:34 +00:00
Jonas Jensen
98c1aa5298 Merge pull request #5271 from github/files-query 
C++: Summary metrics queries
 2021-03-19 12:56:19 +01:00
Tamás Vajk
0732f200e8 Merge pull request #5421 from tamasvajk/feature/codequalityfixes 
C#: Fix code quality issues reported by code scanning
 2021-03-19 12:09:18 +01:00
Tamás Vajk
752c911a22 Merge pull request #5394 from tamasvajk/feature/upgrade-nuget-packages 
C#: Upgrade nuget packages
 2021-03-19 12:09:00 +01:00
CodeQL CI
e8498b85e3 Merge pull request #5430 from RasmusWL/improve-path-docs 
Approved by shati-patel, yoff
 2021-03-19 04:01:22 -07:00
Tom Hvitved
09a49e4580 Merge pull request #5311 from hvitved/dataflow/lambda 
Data flow: Move C# lambda flow logic into shared library
 2021-03-19 11:44:15 +01:00
yoff
37036b5e76 Merge pull request #5437 from RasmusWL/small-pyyaml-improvements 
Python: Small PyYAML improvements
 2021-03-19 11:15:49 +01:00
Cornelius Riemenschneider
783a63a8a8 Update cpp/ql/src/Summary/LinesOfCode.ql 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-19 10:54:41 +01:00
CodeQL CI
fc7f19f900 Merge pull request #5433 from erik-krogh/clientSocket 
Approved by esbena
 2021-03-19 02:12:19 -07:00
Rasmus Wriedt Larsen
7543f10593 Python: Reorganize PyYAML tests a bit 2021-03-19 09:53:25 +01:00
Tamas Vajk
20f0b3329a C#: Fix code quality issues reported by code scanning 2021-03-19 09:18:57 +01:00
yoff
746e9948b0 Merge pull request #5075 from RasmusWL/crypto 
Python: Port py/weak-crypto-key to use type-tracking
 2021-03-18 20:53:28 +01:00
Erik Krogh Kristensen
58617c5c59 recognize client websockets as ClientRequests 2021-03-18 19:08:39 +01:00
Aditya Sharad
f4dc5b963b Merge pull request #5335 from Marcono1234/patch-1 
Add name to check-change-note.yml workflow
 2021-03-18 10:44:53 -07:00
Erik Krogh Kristensen
ed8e0fb593 remove CannonicalName API nodes 2021-03-18 15:34:17 +01:00
Erik Krogh Kristensen
7180a1ed52 add Type to MkHasUnderlyingType 2021-03-18 15:16:31 +01:00
Erik Krogh Kristensen
6bab41ce8b Merge pull request #5350 from JarLob/actions 
github actions queries
 2021-03-18 14:46:25 +01:00
Mathias Vorreiter Pedersen
c0e1df47a6 Merge pull request #5431 from MathiasVP/av-rule-79-use-gvn 
C++: Use GVN in AV Rule 79
 2021-03-18 12:35:26 +01:00
CodeQL CI
3b34bfd1c6 Merge pull request #5432 from asgerf/js/more-string-steps 
Approved by erik-krogh
 2021-03-18 04:16:07 -07:00
Rasmus Wriedt Larsen
42b2c3ed52 Python: Model C-based loaders for PyYAML 
Not really that important. But easy to do while I was working on this library.
 2021-03-18 11:55:01 +01:00
Rasmus Wriedt Larsen
54e6f51512 Python: Add example of C-based PyYAML loaders 
```
In [6]: yaml.load("!!python/object/new:os.system [echo EXPLOIT!]", yaml.CLoader)
EXPLOIT!
Out[6]: 0
```
 2021-03-18 11:50:59 +01:00
Rasmus Wriedt Larsen
25b15d7470 Python: Move PyYAML modeling classes within module 
For now, this is how we're trying to structure things -- all in all it doesn't
matter too much, since everything is still marked as private.
 2021-03-18 11:48:30 +01:00
Rasmus Wriedt Larsen
5ec8511d50 Python: Port PyYAML model to API graphs 2021-03-18 11:47:46 +01:00
Rasmus Wriedt Larsen
14e9bda5de Python: Refactor PyYAML tests a bit 2021-03-18 11:39:47 +01:00
Rasmus Wriedt Larsen
45a1fc6a96 Python: Add link to better PyYAML docs 
I found this randomly
 2021-03-18 11:20:22 +01:00
Asger Feldthaus
e30fa89405 JS: Update more test expectations 2021-03-18 10:04:39 +00:00
Erik Krogh Kristensen
8b931626ce add edge from root type MkHasUnderlyingType 2021-03-18 11:04:08 +01:00
Rasmus Wriedt Larsen
7b92012edf Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-03-18 10:58:49 +01:00
Jaroslav Lobačevski
a9ed3317bf Fix regex per suggestion 2021-03-18 11:54:55 +02:00
Erik Krogh Kristensen
40ec23cf13 refactor MkHasUnderlyingType to use Label::instance() 2021-03-18 10:47:38 +01:00
Mathias Vorreiter Pedersen
2abf4c068f C++: Use getAnExpr. Also extend the other recursive case similarly. 2021-03-18 08:42:10 +01:00
Jaroslav Lobačevski
7b6773c96a Update javascript/ql/src/experimental/semmle/javascript/Actions.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-17 19:49:03 +02:00
CodeQL CI
1d9f8c2d37 Merge pull request #5427 from RasmusWL/use-new-builtin-modeling 
Approved by yoff
 2021-03-17 09:07:36 -07:00
Jaroslav Lobačevski
e3bf308952 Removed positive lookbehind 2021-03-17 17:32:10 +02:00
Mathias Vorreiter Pedersen
834e35f192 C++: Add change-note. 2021-03-17 16:26:15 +01:00
Asger Feldthaus
ae410aabd6 JS: Add change note 2021-03-17 15:24:10 +00:00
Asger Feldthaus
e4d891cab5 JS: Add tests for flow through replace 2021-03-17 15:20:40 +00:00
Asger Feldthaus
9cfbb90591 JS: Add test case for insufficient replace-sanitizer 2021-03-17 15:20:40 +00:00
Asger Feldthaus
198bdcab26 JS: Make XSS MetacharEscapeSanitizer more precise 2021-03-17 15:20:40 +00:00
Asger Feldthaus
effa52f9e1 JS: Step through string replace callbacks 2021-03-17 15:15:49 +00:00
CodeQL CI
7c20c4a664 Merge pull request #5396 from asgerf/js/shared-taint-step 
Approved by erik-krogh, esbena
 2021-03-17 08:07:20 -07:00
Mathias Vorreiter Pedersen
a3f806bb1d Use GVN in AV rule 79. 2021-03-17 16:01:49 +01:00
Rasmus Wriedt Larsen
d426f1efaf Docs: Highlight need for explicit import of DataFlow lib 
at least in some langauges
 2021-03-17 16:01:20 +01:00
yoff
514c9efcdd Merge pull request #5426 from RasmusWL/insecure-default-protocl-tests-are-also-py3 
Python: Also test py/insecure-default-protocol on Python 3
 2021-03-17 15:59:00 +01:00