hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,399 Commits 1,712 Branches 163 Tags
8553ca1019e0ca29ec8a6c5feea61876e9890d89
Commit Graph

22399 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
8553ca1019 Autoformatting 2021-05-10 15:42:20 +02:00
Tony Torralba
d99b5bfc66 Reuse previous tests from experimental 2021-05-10 11:17:20 +02:00
Tony Torralba
c70503142f Require JS enabled even when cross-origin access is enabled in the webviews 2021-05-10 09:45:59 +02:00
Tony Torralba
6884edf52a Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-05-07 16:31:55 +02:00
Tony Torralba
1f1a1bdb41 Remove unnecessary CWE reference 2021-05-07 16:29:00 +02:00
Felicity Chapman
10e76ff28f Merge pull request #5831 from github/3893-code-scanning 
Update CodeQL CLI article to use different query suite example
 2021-05-07 12:37:47 +01:00
Tony Torralba
dcee1daa31 Mark spurious test results 2021-05-07 13:17:04 +02:00
Tony Torralba
e6b7da1926 Add import for Android sinks in ExternalFlow 2021-05-07 12:41:39 +02:00
Tony Torralba
e2e65aca3c Add new sink for Android XSS 2021-05-07 12:25:19 +02:00
Anders Schack-Mulligen
8783746516 Merge pull request #5774 from atorralba/promote-xpath-injection 
Java: Promote XPath Injection query from experimental
 2021-05-07 12:04:49 +02:00
Tony Torralba
2a501956b3 Mark a MISSING test result as suggested in code review 2021-05-07 11:17:51 +02:00
Tony Torralba
b69be30b88 Fix imports as suggested in code review 2021-05-07 11:07:06 +02:00
CodeQL CI
7a7586488a Merge pull request #5833 from erik-krogh/filterStep 
Approved by esbena
 2021-05-06 13:47:23 -07:00
Aditya Sharad
68e53054c6 Merge pull request #5840 from github/henrymercer/update-code-scanning-selectors 
Update code scanning selectors to include summary metrics and `@kind alert` aliases
 2021-05-06 11:51:12 -07:00
Shati Patel
cf80773453 Merge pull request #5830 from Marcono1234/marcono1234/guides-link-updates 
Docs: Use GitHub links for guides, improve formatting
 2021-05-06 16:44:11 +01:00
Tony Torralba
f16605b3c1 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-05-06 15:17:55 +02:00
Tony Torralba
b69261727d Add a new test for 2021-05-06 13:26:25 +02:00
Tony Torralba
1f1f85aeb5 Add change note and fix some QLDocs 2021-05-06 13:13:23 +02:00
Tony Torralba
f1fab854c4 Fix tests for XXE, introduced a dependency with jaxen 2021-05-06 12:11:55 +02:00
Tony Torralba
e14294a2f7 Remove XSS sink since it's better handled in this query 2021-05-06 11:20:37 +02:00
Tony Torralba
84504a88e4 Fix tests by adding AndroidManifest.xml 2021-05-06 10:55:56 +02:00
Tony Torralba
76468559ba Add safe example for dom4j 2021-05-06 10:17:25 +02:00
Tony Torralba
926fedb7fb Update java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-06 09:18:50 +02:00
Tony Torralba
00a7576679 Rename XPath Injection test file 2021-05-06 09:18:50 +02:00
Tony Torralba
8af7f4a484 New sinks and test cases 2021-05-06 09:18:49 +02:00
Tony Torralba
ccb3ea4453 Fix XPath Injection tests classpath 2021-05-06 09:18:49 +02:00
Tony Torralba
509fc8a640 Add missing docs to stubs 2021-05-06 09:18:49 +02:00
Tony Torralba
26c3ff2cee Move from experimental to standard 2021-05-06 09:18:49 +02:00
Tony Torralba
215118c7ea Fixes in QLDocs and imports 2021-05-06 09:18:49 +02:00
Tony Torralba
720b5d6da3 Refactored sto use CSV sink model. Also, added more sinks 2021-05-06 09:18:49 +02:00
Tony Torralba
ab62bb66f4 Consider second parameter of Node.selectNodes 2021-05-06 09:18:49 +02:00
Tony Torralba
d72dd9b861 javax.xml.xpath.XPath is an interface 2021-05-06 09:18:49 +02:00
Tony Torralba
2bb2baf6f7 Support more methods that evaluate XPath expressions 2021-05-06 09:18:49 +02:00
Tony Torralba
3705970bfd Refactored XPath.qll to remove redundant classes and restrict visibility 2021-05-06 09:18:49 +02:00
Tony Torralba
d739a8cac2 Moved configuration from XPath.qll back to XPath Injection query 2021-05-06 09:18:48 +02:00
Tony Torralba
ee269fbc69 Added missing doc comments 2021-05-06 09:18:48 +02:00
Tony Torralba
fb3e56eac8 Fix imports and stubs so that tests pass 2021-05-06 09:18:48 +02:00
Tony Torralba
a62997463f Remove unused imports; use set literals in hasName 2021-05-06 09:18:48 +02:00
Tony Torralba
ed5619498c WIP: XPath Injection promotion 2021-05-06 09:18:48 +02:00
Tony Torralba
a706046a19 Reestructured test 2021-05-06 09:17:53 +02:00
Henry Mercer
a3c57c43c8 Code Scanning selectors: Include summary metrics 2021-05-05 16:38:39 +01:00
Henry Mercer
74c9994305 Code Scanning selectors: Add alert aliases 2021-05-05 16:36:39 +01:00
Shati Patel
059a5f35fa Merge pull request #5812 from mario-campos/patch-1 
Add React Native to JavaScript frameworks docs
 2021-05-05 16:03:41 +01:00
Tony Torralba
c138ed3e4d QLDocs 2021-05-05 16:51:15 +02:00
Tony Torralba
03ce8d689f Refactored to use CSV sink model 2021-05-05 16:34:30 +02:00
Erik Krogh Kristensen
4ac21e9f3f make the .filter step more precise 2021-05-05 14:53:09 +02:00
CodeQL CI
69cd9dfb7d Merge pull request #5826 from erik-krogh/moreLib 
Approved by esbena
 2021-05-05 04:40:49 -07:00
Felicity Chapman
8b2009cfb1 Minor updates to qhelp file 2021-05-05 12:36:29 +01:00
Erik Krogh Kristensen
ab53f3b380 add array.filter() as a taint-step 2021-05-05 12:03:14 +02:00
Erik Krogh Kristensen
e333267e69 require that the factory function is in a main module file 2021-05-05 12:00:38 +02:00