hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,784 Commits 1,671 Branches 157 Tags
926d7f53f29438b62559b1ee885d0db42cd07ede
Commit Graph

301 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
6540e1e8bf Swift: Share 'ControlFlowGraphImplShared.qll' for Swift with Ruby and C#. 2022-05-23 13:12:45 +01:00
Tom Hvitved
bd9b6567c7 Data flow: Introduce ContentDataFlow.qll 2022-05-19 13:28:56 +02:00
Erik Krogh Kristensen
5d1c41c269 Merge branch 'main' into pyMaD 2022-05-17 12:23:03 +02:00
yoff
2822ed9594 Merge remote-tracking branch 'upstream/main' into python-dataflow/flow-summaries-from-scratch 2022-05-16 08:10:15 +00:00
Nick Rolfe
1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Nick Rolfe
4321b5e1fa QL for QL: generalise non-US spelling query 
1. Catch common misspelling as well.
2. Also check names of classes, predicates, etc.
 2022-05-12 13:17:32 +01:00
Rasmus Lerchedahl Petersen
80175a9af5 Python: Compiles and mostly pass tests 
- add flowsummaries shared files
- register in indentical files
- fix initial non-monotonic recursions
  - add DataFlowSourceCall
  - add resolvedCall
  - add SourceParameterNode

failing tests:
- 3/library-tests/with/test.ql
 2022-05-10 12:48:42 +00:00
Joe Farebrother
f9f7a01f57 Add Java ReDoS libraries to identical-files.json 2022-05-04 15:41:33 +01:00
Erik Krogh Kristensen
1c2c9159a9 initial MaD implementation for Python 2022-05-02 12:45:19 +02:00
Chris Smowton
d309e15072 Merge pull request #8748 from smowton/smowton/admin/dependent-dataflow-configs 
Java: Avoid higher-numbered dataflow configs that depend on lower-numbered ones
 2022-04-22 08:56:00 +01:00
Chris Smowton
27d87e9300 Add TaintTracking3 2022-04-15 09:25:26 +01:00
Asger Feldthaus
4c72c31a5a QL: Add InlineExpectationsTest 2022-04-13 08:45:25 +02:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization 
Incomplete url string sanitization
 2022-03-31 10:59:51 +02:00
Michael Nebel
26d5eb64b3 C#/Java: Initial merge ModelGeneratorUtils into CaptureModels. 2022-03-29 11:07:57 +02:00
Michael Nebel
62dcbff67f C#: Update sync files config. 2022-03-29 11:07:57 +02:00
Michael Nebel
858508fa33 C#: Make sure that language independent parts of CaptureSinkModels is in sync. 2022-03-29 11:07:57 +02:00
Michael Nebel
b4efd0e154 C#: Make sure that the shared CaptureSummaryModel is in sync. 2022-03-29 11:07:56 +02:00
Arthur Baars
65f8f56095 Merge branch 'main' into incomplete-url-string-sanitization 2022-03-24 11:27:30 +01:00
Rasmus Wriedt Larsen
bbf60b875e Merge pull request #8476 from RasmusWL/shared-concepts-scaffolding 
Python/JS/Ruby: Shared concepts scaffolding
 2022-03-23 10:22:42 +01:00
yoff
47e062cfb9 Merge pull request #8486 from aibaars/incomplete-hostname-python 
Python: switch to shared implementation of IncompleteHostnameRegExp.ql
 2022-03-22 15:06:14 +01:00
Rasmus Wriedt Larsen
311cbb4e13 Merge branch 'main' into shared-concepts-scaffolding 2022-03-22 10:36:33 +01:00
Erik Krogh Kristensen
90a6717932 sync ExponentialBackTracking.qll for ruby 2022-03-22 09:27:04 +01:00
Harry Maclean
91a7e9405c Share HttpToFileAccessQuery between JS and Ruby 
There's so little in this query that it may not be worth sharing, but
it's an interesting exercise in figuring out how we do it nicely.
 2022-03-22 11:10:08 +13:00
Harry Maclean
0cfe37dff4 Share TaintedFormatString between Ruby and JS 2022-03-21 12:51:46 +13:00
Arthur Baars
beef8e29bc Merge pull request #8332 from hvitved/ruby/regexp-taint-flow 
Ruby: Use taint tracking instead of type tracking to define `regExpSource`
 2022-03-18 18:24:02 +01:00
Arthur Baars
9412b331db Revert "Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql"" 
This reverts commit 6d24591416.
 2022-03-18 16:31:22 +01:00
Arthur Baars
bf888f0f0b Merge remote-tracking branch 'upstream/main' into incomplete-url-string-sanitization 
Conflicts:
	config/identical-files.json
	javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
	javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
	ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
 2022-03-18 16:09:20 +01:00
Tom Hvitved
d97eaba070 Ruby: Add dataflow/taintracking copies for use in libraries 2022-03-18 14:48:12 +01:00
Arthur Baars
431b60506e Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-18 13:05:34 +01:00
Arthur Baars
6d24591416 Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql" 
This reverts commit ce50f35dda.
 2022-03-18 13:02:55 +01:00
Harry Maclean
36c421346b Introduce ConceptsShared.qll 2022-03-17 13:49:10 +01:00
Asger F
228570129e Merge branch 'main' into ruby/mad-prototype 2022-03-16 13:50:31 +01:00
Arthur Baars
ab93b3784b Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-16 12:31:12 +01:00
Michael Nebel
20cbd6b332 Java/C#: Include the share files in sync files. 2022-03-14 13:47:24 +01:00
Arthur Baars
747c7f6b5e JS/Ruby: share implementation of IncompleteUrlSubstringSanitization query 2022-03-09 12:11:14 +01:00
Jeroen Ketema
3877598c12 C++: Remove cpp/duplicated-lines-in-files which was deprecated over a year ago 2022-03-08 12:58:19 +01:00
Arthur Baars
ce50f35dda Python: switch to shared implementation of IncompleteHostnameRegExp.ql 2022-03-07 16:10:08 +01:00
Arthur Baars
98f56f4d60 Js/Ruby: Share IncompleteHostnameRegExp.ql 2022-03-07 16:10:08 +01:00
Asger Feldthaus
a33e89279d Ruby: instantiate ApiGraphModels library in Ruby 2022-03-01 14:08:20 +01:00
Asger F
02c4966109 Merge pull request #7878 from asgerf/dot-separated-access-paths 
Shared: Switch to dot-separated access paths in summary specs
 2022-02-21 13:29:09 +01:00
Asger Feldthaus
6dbeb81f36 Ruby: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:55 +01:00
Asger Feldthaus
dffa1d1558 C#: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:55 +01:00
Asger Feldthaus
753c557dbe Java: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:54 +01:00
Alex Ford
cfb2d7ffaf Ruby: add shared SensitiveDataHeuristics.qll 2022-01-28 16:38:58 +00:00
Tony Torralba
ea4ff80cc6 Add DataFlowImplForOnActivityResult to identical-files.json 2022-01-19 16:08:31 +01:00
Alex Ford
a2104de8a0 Move CryptoAlgorithms::AlgorithmsName into a separate internal/CryptoAlgorithmNames.qll 2021-12-22 16:38:15 +00:00
Alex Ford
bdb2d8ba16 Ruby: split OpenSSL parts from CryptoALgorithms.qll and sync with JS/Python version 2021-12-22 16:38:15 +00:00
Erik Krogh Kristensen
ee858d840e get ReDoSUtil in sync for ruby 2021-11-18 16:49:34 +01:00
Erik Krogh Kristensen
1cca377e7d Merge pull request #6561 from erik-krogh/htmlReg 
JS/Py/Ruby: add a bad-tag-filter query
 2021-11-18 09:39:13 +01:00
Mathias Vorreiter Pedersen
7197216185 Add a copy of SsaImplCommon to the identical-files script. 2021-10-28 12:36:36 +01:00