hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,853 Commits 1,712 Branches 163 Tags
7d5577109294ffd39a77aefcac3f25976a77dfbd
Commit Graph

32853 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
7d55771092 Merge pull request #8150 from asgerf/js/prep-sharing-api-graph-mad 
Approved by erik-krogh
 2022-02-23 11:59:31 +00:00
CodeQL CI
62ee8fce3a Merge pull request #8186 from asgerf/js/request-forgery-docs-followup 
Approved by esbena, hubwriter
 2022-02-23 11:46:37 +00:00
Stephan Brandauer
a664e02d04 Merge pull request #8014 from kaeluka/js/functionality-from-untrusted-source 
JS: Functionality from untrusted sources query (CWE-830)
 2022-02-23 12:45:31 +01:00
Stephan Brandauer
1ed71e15f3 apply docreview feedback 2022-02-23 11:21:22 +01:00
Tony Torralba
f011bbc92c Merge pull request #8055 from luchua-bc/java/unsafe-url-forward-with-shared-lib 
CWE-552: Switch to the shared PathSanitizer library
 2022-02-23 11:00:23 +01:00
Stephan Brandauer
517d6969e1 Merge pull request #8171 from kaeluka/js/update-atm-query-docs-for-nosql-sql-injection 
update ATM NosqlInjection and SqlInjection query docs
 2022-02-23 10:54:37 +01:00
Asger Feldthaus
22ba43fff6 JS: Minor fixup in the client-side request forgery qhelp 2022-02-23 10:54:26 +01:00
Stephan Brandauer
c17d8b145a Merge pull request #8054 from asgerf/js/split-request-forgery 
JS: split request forgery query into server-side and client-side variants
 2022-02-23 10:27:16 +01:00
Mathias Vorreiter Pedersen
31a204a5d9 Merge pull request #8174 from jketema/hinding-cleanup 
C++: Simplify `cpp/declaration-hides-variable`
 2022-02-23 08:27:59 +00:00
Esben Sparre Andreasen
58e0d54744 Merge pull request #8168 from github/esbena/hapi-reflected-xss 
JS: model hapi handler returns as reflected-xss sinks
 2022-02-23 08:53:15 +01:00
Jeroen Ketema
423d325204 C++: Simplify cpp/declaration-hides-variable 
The check for `(unnamed local variable)` is no longer needed, because these
variables are now identified as being compiler generated.
 2022-02-22 23:04:48 +01:00
Erik Krogh Kristensen
73f2e89f3e Merge pull request #8165 from erik-krogh/protoWrite 
JS: support more property writes in js/prototype-pollution-utility
 2022-02-22 21:30:22 +01:00
Erik Krogh Kristensen
b6b93065ff Merge pull request #8157 from erik-krogh/lodash-clone 
JS: add lodash.{clone, cloneDeep} as a clone step
 2022-02-22 18:12:10 +01:00
Erik Krogh Kristensen
c487bb73a7 Merge pull request #8143 from erik-krogh/pred-ql-style 
QL: add ql-for-ql query for detecting bad predicate qldoc
 2022-02-22 17:49:12 +01:00
Jeroen Ketema
aecc17c49b Merge pull request #7928 from jketema/structured-bindings-db-scheme 
C++: Add table that identifies C++ structured bindings
 2022-02-22 17:34:26 +01:00
Stephan Brandauer
6a9186cdef update ATM NosqlInjection and SqlInjection query docs 2022-02-22 16:56:18 +01:00
Geoffrey White
31d214d5ee Merge pull request #8170 from geoffw0/typos 
C++: Fix Spelling Typos.
 2022-02-22 15:09:50 +00:00
Mathias Vorreiter Pedersen
894992d403 Merge pull request #8169 from MathiasVP/fix-spelling-in-post-dominance-frontier 
C++/C#: Fix spelling of 'postDominanceFrontier'
 2022-02-22 14:54:39 +00:00
Geoffrey White
4908eaf5ec C++: Typos. 2022-02-22 14:33:11 +00:00
Mathias Vorreiter Pedersen
b6740ed4a1 C++/C#: Fix spelling of 'postDominanceFrontier'. 2022-02-22 13:48:13 +00:00
Esben Sparre Andreasen
2c527f7b35 model hapi handler returns as reflected-xss sinks 2022-02-22 14:12:01 +01:00
Erik Krogh Kristensen
517e17d422 support more property writes in js/prototype-pollution-utility, and generalize ObjectDefinePropertyAsPropWrite 2022-02-22 13:23:34 +01:00
Pierre
5ee96121fc Merge pull request #8162 from github/turbo-no-glibc-no 
Docs: Add note about muslc incompatibility
 2022-02-22 13:06:28 +01:00
Henry Mercer
4f7604f0dd Merge pull request #8151 from github/henrymercer/separate-atm-model-pack 2022-02-22 11:47:35 +00:00
Pierre
1d81f90260 Update docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-02-22 12:47:31 +01:00
Erik Krogh Kristensen
08c703f605 exclude private predicates 2022-02-22 12:34:16 +01:00
Stephan Brandauer
2278e7f6e6 CWE 830 polish error messages 2022-02-22 11:41:54 +01:00
Stephan Brandauer
82330391c3 CWE-830 add support for setting attributes via setAttribute method 2022-02-22 11:41:54 +01:00
Stephan Brandauer
d80cd1aeb5 CWE 830 test where both branches in a ternary are unsafe 2022-02-22 11:41:53 +01:00
Stephan Brandauer
2934aa1a3a rewrite docs, improve error messages, etc 2022-02-22 11:41:53 +01:00
Stephan Brandauer
d2335b65d5 stylistic improvements after review 2022-02-22 11:41:53 +01:00
Stephan Brandauer
9aec4437e2 polish qhelp for CWE-830 and add test file 2022-02-22 11:41:53 +01:00
Stephan Brandauer
44d86569ac remove illegal chars from comments 2022-02-22 11:41:53 +01:00
Stephan Brandauer
fd77e27ed9 replace taint tracking by type tracking and merge remaining queries for CWE-830 2022-02-22 11:41:53 +01:00
Stephan Brandauer
8cafa6d562 improve error message in CWE-830 2022-02-22 11:41:53 +01:00
Stephan Brandauer
780fa97869 always require integrity checking for certain CDNs 2022-02-22 11:41:53 +01:00
Stephan Brandauer
83764df4f5 rename tests for CW-830 to clarify responsibilities 2022-02-22 11:41:52 +01:00
Stephan Brandauer
8d397fea09 JS: query to find dynamic creations of DOM elements that use untrusted sources 2022-02-22 11:41:52 +01:00
Stephan Brandauer
b35c70994f permit http urls to 127.0.0.1 and others 2022-02-22 11:41:52 +01:00
Stephan Brandauer
dd2b779a3c add CWE 830 link to references 2022-02-22 11:41:52 +01:00
Stephan Brandauer
b170422c22 add changenotes for functionality from untrusted source query 2022-02-22 11:41:52 +01:00
Stephan Brandauer
6722c17bb0 JS: Functionality from untrusted sources query (CWE-830) 2022-02-22 11:41:52 +01:00
Erik Krogh Kristensen
8ff2992b56 have each case on a separate line 2022-02-22 11:40:26 +01:00
Erik Krogh Kristensen
addb27c80e deduplicate "%" 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-02-22 11:34:59 +01:00
Pierre
8b7f899883 Update getting-started-with-the-codeql-cli.rst 2022-02-22 11:34:49 +01:00
Pierre
6f936942fa Add note about non-glibc systems 2022-02-22 11:29:51 +01:00
Asger Feldthaus
1be47db2e6 JS: Factor out more JS-specific code 2022-02-22 09:51:56 +01:00
Asger Feldthaus
2d509eb345 JS: Make Impl.qll determine the location of AccessPathSyntax.qll 2022-02-22 09:51:52 +01:00
Asger Feldthaus
42a3d8c689 JS: Treat Member[x] as a language-specific token 
In Ruby it is ambiguous whether Member[foo] means x.foo or x::foo
 2022-02-22 09:51:52 +01:00
Asger Feldthaus
acf95d6178 JS: Move summary resolution into JS-specific code 2022-02-22 09:51:52 +01:00