hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 02:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,919 Commits 1,693 Branches 161 Tags
924e445ce991ca4d4e5a7de66408a58a4026ea2e
Commit Graph

1145 Commits

Author SHA1 Message Date
Slavomir
924e445ce9 Add missing newline 2021-05-22 18:19:44 +02:00
Slavomir
f261f34f57 Add query to detect CORS misconfiguration 2021-05-22 18:14:13 +02:00
Chris Smowton
bc80772075 Tag lines of code query 2021-05-14 18:27:55 +01:00
Owen Mansel-Chan
f0fd501a23 No need to cache isUnreachableInCall any more 2021-05-12 08:54:58 +01:00
Owen Mansel-Chan
a86390d850 Sync data-flow libraries 
As of 2021-05-12
 2021-05-12 08:54:11 +01:00
Chris Smowton
879666682d Merge pull request #537 from gagliardetto/fix-clevergo 
CleverGo: Update generated naming
 2021-05-10 12:32:08 +01:00
Slavomir
7810461651 Update generated naming 2021-05-09 22:52:07 +02:00
Owen Mansel-Chan
fcbedee4c5 Keep call to defaultTaintSanitizerGuard 2021-05-06 15:06:29 +01:00
Owen Mansel-Chan
349df54905 Ignore lambda data flow for now 2021-05-06 13:57:49 +01:00
Owen Mansel-Chan
daf73553f6 Sync shared dataflow libraries 2021-05-05 16:58:30 +01:00
Slavomir
ea2909a362 HTTP::HeaderWrite: Don't override string getHeaderValue() with none() 2021-04-30 15:39:09 +01:00
Slavomir
110a3983c1 Regenerate codeql: Refactor HTTP::HeaderWrite 2021-04-30 15:39:09 +01:00
Slavomir
5578afa189 Regenerate using latest codemill generator. 2021-04-30 15:39:09 +01:00
Chris Smowton
0beaa7fdc9 Model content-type setters as HeaderWrites. 2021-04-30 15:39:09 +01:00
Chris Smowton
9ea8b34e47 HTTP ResponseBody: support HeaderWrites with hard-coded header values. 2021-04-30 15:39:09 +01:00
Chris Smowton
3fd2c7d4bb Note response writers for existing HeaderWrite and HttpRedirect instances 2021-04-30 15:39:09 +01:00
Slavomir
36396df271 HttpResponseBody: Move .getAPredecessor*() to the test query. 2021-04-30 15:39:09 +01:00
Slavomir
989bfa2b1d Improve naming and comments. 2021-04-30 15:39:09 +01:00
Slavomir
78b403f42e Stub alternative HTTP::ResponseBody model implementation 2021-04-30 15:39:09 +01:00
Slavomir
ff848a502a ResponseBody: Use .getAPredecessor*().getStringValue() instead of just .getStringValue() 2021-04-30 15:39:09 +01:00
Sauyon Lee
27b72b53e5 Add diagnostic queries 2021-04-27 01:18:21 -07:00
Sauyon Lee
9f85846980 Add lines of code summary query 2021-04-27 01:18:20 -07:00
Sauyon Lee
ed978e439f Add GoFile and move HtmlFile to Files.qll 2021-04-27 01:18:19 -07:00
Sauyon Lee
2a80a60468 Add GeneratedFile concept 2021-04-27 01:18:19 -07:00
Sauyon Lee
3393588353 Move concepts imports to Concepts.qll 2021-04-27 01:18:18 -07:00
Chris Smowton
4fb714f445 Simplify implementation of ExtractTupleElementInstruction.getResultType 2021-04-21 12:33:00 +01:00
Sauyon Lee
d1daca541e Add types for more tuple extractions 
Specifically, extractions where the RHS is a map element read or a channel receive
will now have types.
 2021-04-20 14:23:31 -07:00
Chris Smowton
b2e92fa084 Remove needless model of Part.Read 
Read already gets a model as an implementation of the `Reader` interface.
 2021-04-20 11:05:36 +01:00
Chris Smowton
948e064440 Fix mis-modelling Part.Read 2021-04-20 11:03:17 +01:00
Chris Smowton
a367950014 Restore OpenRedirect's exclusion of POST-only request components 2021-04-19 17:05:23 +01:00
Chris Smowton
7d258ae722 Improve net/http taint-tracking fidelity 
* Don't taint error returns from http.Request methods
* Track taint across mime/multipart.Part methods
 2021-04-19 16:05:23 +01:00
Sauyon Lee
80fe7384cd Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-04-09 14:30:23 +01:00
Sauyon Lee
4462948cfc Add a new diagnostics file class and use it for errors 2021-04-09 14:30:23 +01:00
Slavomir
7ea0434514 Move clevergo framework to experimental 2021-04-09 08:38:37 +01:00
Slavomir
3915305361 Refactor and improve HTTP:ResponseBody models and tests 2021-04-09 08:38:37 +01:00
Slavomir
8c18aa6cbd Simplify HTTP::HeaderWrite 2021-04-09 08:38:37 +01:00
Slavomir
7edf739602 Model HTTP::HeaderWrite; regenerate stubs 2021-04-09 08:38:37 +01:00
Slavomir
93ff2459d1 Use docs instead of comments for classes. 2021-04-09 08:38:36 +01:00
Slavomir
0fe7050e7e Add models for HTTP::ResponseBody 2021-04-09 08:38:36 +01:00
Slavomir
98b3cc2dc4 Fix autoformatting 2021-04-09 08:38:36 +01:00
Slavomir
c53d8d3e56 Add http redirect model 2021-04-09 08:38:36 +01:00
Slavomir
55c8d9b22c Make naming more consistent 2021-04-09 08:38:36 +01:00
Slavomir
f95f35387f Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
bdc5f90c97 Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
d3d7d2d103 Simplify UntrustedSources struct fields 2021-04-09 08:38:36 +01:00
Slavomir
c01259ec2c Simplify UntrustedSources interface methods 2021-04-09 08:38:36 +01:00
Slavomir
a6c1acfaba Fix imports 2021-04-09 08:38:36 +01:00
Slavomir
a90f609c53 Manually add packagePath() predicate 2021-04-09 08:38:36 +01:00
Slavomir
928c12da57 Simplify UntrustedSources methods 2021-04-09 08:38:36 +01:00
Slavomir
34dcf83e11 Fix module doc 2021-04-09 08:38:36 +01:00