hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,987 Commits 1,684 Branches 159 Tags
65e9262b414cc865c8f26f71bf2218bcf992cc97
Commit Graph

1987 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Shati Patel
65e9262b41 Merge pull request #556 from github/shati-patel-patch-1 
Update CODEOWNERS
 2021-07-28 12:56:48 +01:00
Shati Patel
0c4674cf86 Update CODEOWNERS 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-07-28 11:54:25 +01:00
Shati Patel
e83af8e4ea Update CODEOWNERS 2021-07-28 11:42:33 +01:00
Chris Smowton
e39753c72a Merge pull request #552 from github/deferinloop-kind 
Add @kind to deferinloop.ql
 2021-07-19 11:17:26 +01:00
Chris Smowton
b03513bcd2 Merge pull request #542 from gagliardetto/cors-misconfig 
Add query to detect CORS misconfiguration
 2021-07-16 16:12:15 +01:00
Chris Smowton
87afdae1c7 use hasFlowTo where possible 2021-07-16 14:38:05 +01:00
Sam Partington
e227a4315f Add @kind to deferinloop.ql 
Required to use this query with the CodeQL CLI
 2021-07-16 14:25:58 +01:00
Slavomir
52b650a1be Add AllowOriginHeaderWrite and AllowCredentialsHeaderWrite classes 2021-07-16 00:01:55 +02:00
Slavomir
e92738a93f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-16 00:42:36 +03:00
Chris Smowton
73227f12df Merge pull request #539 from gagliardetto/fiber 
Add web framework: github.com/gofiber/fiber
 2021-07-15 17:53:45 +01:00
Slavomir
d252d6003f Remove Protocol as UntrustedFlowSource 2021-07-15 16:20:33 +02:00
Slavomir
498332c186 Mention Fiber.json in Fiber.qll 2021-07-15 15:15:10 +02:00
Slavomir
7d1a632b61 Move fiber spec in the same folder as source 2021-07-15 15:12:02 +02:00
Slavomir
92e0f02d2a Remove special cases inside if 2021-07-15 15:06:28 +02:00
Slavomir
66bd56f444 Don't use any() as sink 2021-07-05 13:14:56 +02:00
Chris Smowton
cd1e14ed09 Merge pull request #549 from edoardopirovano/change-pragma 
Performance: Remove `pragma[noopt]`
 2021-06-22 19:14:52 +01:00
Edoardo Pirovano
65a34b4aa6 Performance: Remove pragma[noopt] 2021-06-22 10:05:53 +01:00
Chris Smowton
52028cf363 Merge pull request #547 from edoardopirovano/fix-join-order 
Performance: Fix bad join ordering
 2021-06-21 20:11:22 +01:00
Edoardo Pirovano
a7c656db8b Performance: Fix bad join ordering 2021-06-21 18:58:35 +01:00
Slavomir
c0f195ba16 Reduce false positives 2021-06-19 22:25:51 +02:00
edvraa
ac777d237d autoformat 2021-06-17 09:23:26 +01:00
edvraa
0456d4793a Fix path tracking 2021-06-17 09:23:26 +01:00
edvraa
4576b16f30 Use dataflow gettype 2021-06-17 09:23:26 +01:00
edvraa
062acedd49 Unify and make getValueForFieldWrite private 2021-06-17 09:23:26 +01:00
edvraa
236b623f60 Get rid of NetHttpCookieTrackingConfiguration 2021-06-17 09:23:26 +01:00
edvraa
031a79b8f5 Gorilla Store Save sink 2021-06-17 09:23:26 +01:00
edvraa
8110c3d059 Use HasFlow 2021-06-17 09:23:26 +01:00
edvraa
d60d18a8d0 Stay on dataflow level 2021-06-17 09:23:26 +01:00
edvraa
ed8d025bdf Dedicated types 2021-06-17 09:23:26 +01:00
edvraa
cba4f0448e Use package 2021-06-17 09:23:26 +01:00
edvraa
167496edff Use MethodCallNode and hasQualifiedName 2021-06-17 09:23:26 +01:00
edvraa
5929f66efb No need for Function f 2021-06-17 09:23:26 +01:00
edvraa
06c328c5aa Fix comment 2021-06-17 09:23:26 +01:00
edvraa
3ac1b4ba0b Use CallNode 2021-06-17 09:23:26 +01:00
edvraa
d06f4ca21e Fix argumnt nr 2021-06-17 09:23:26 +01:00
edvraa
9224a315f1 inline isGinContextCookieFlow 2021-06-17 09:23:26 +01:00
edvraa
4d397d9974 Fix tests 2021-06-17 09:23:26 +01:00
edvraa
5349c98ae1 Comments 2021-06-17 09:23:26 +01:00
edvraa
0b9959e4ef Default stub 2021-06-17 09:23:26 +01:00
edvraa
d32fa19c12 reformat 2021-06-17 09:23:26 +01:00
edvraa
4eb4787692 simplify expressions 2021-06-17 09:23:26 +01:00
edvraa
f537c479c9 path tracking 2021-06-17 09:23:26 +01:00
edvraa
253abc55d9 get rid of AuthCookieNameConfiguration 2021-06-17 09:23:26 +01:00
edvraa
9c0b83fd34 Use getAPredecessor 2021-06-17 09:23:26 +01:00
edvraa
ff06815db1 Code review 2021-06-17 09:23:26 +01:00
edvraa
cbaad2efb9 Sensitive cookie without HttpOnly 2021-06-17 09:23:26 +01:00
Chris Smowton
191a4c1101 Merge pull request #546 from github/calumgrant/security-severities 
Add security-severity scores
 2021-06-16 14:22:27 +01:00
Calum Grant
975e4d7284 Add security-severity scores 2021-06-15 15:56:57 +01:00
Slavomir
824b5a4b52 Wildcard origin does not allow Access-Control-Allow-Credentials: true 2021-06-05 10:40:28 +02:00
Chris Smowton
db0566c325 Merge pull request #543 from gagliardetto/clevergo-spec 
Add codemill spec for clevergo
 2021-06-03 13:59:59 +01:00