hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
56,773 Commits 1,673 Branches 157 Tags
a735d18a1bb5c33a895a419f52a4b497841298eb
Commit Graph

56773 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
a735d18a1b C++: Add inline expectations tests for the allocation-to-invalid-pointer stage of the query. 2023-07-18 18:15:24 +01:00
Mathias Vorreiter Pedersen
5099de5b3d C++: Split the query into 4 files. 2023-07-18 18:15:18 +01:00
Mathias Vorreiter Pedersen
a038b389c3 C++: More cleanup. 2023-07-18 14:03:04 +01:00
Mathias Vorreiter Pedersen
d41d2bc29e Merge pull request #13699 from MathiasVP/final-config-to-invalid-pointer-deref 
C++: Handle call-contexts mismatches in `cpp/invalid-pointer-deref`
 2023-07-18 13:08:21 +01:00
Alex Ford
e803e98ee4 Merge pull request #13585 from alexrford/rb/rack-env-query-string 
Ruby: add rack `env['QUERY_STRING']` as a remote flow input
 2023-07-18 12:44:07 +01:00
yoff
a1aa16f901 Merge pull request #13745 from GeekMasher/py-mad-xss 
Python - Add Models as Data support for Reflected XSS Query
 2023-07-18 13:39:17 +02:00
Geoffrey White
1deacf40ca Merge pull request #13660 from geoffw0/regexinjection 
Swift: Query for regular expression injection
 2023-07-18 10:25:30 +01:00
Jeroen Ketema
5d8b203112 Merge pull request #13758 from jketema/val-cat-tests 
C++: Add more IR tests
 2023-07-18 11:02:27 +02:00
Anders Schack-Mulligen
e72366194b Merge pull request #13754 from aschackmull/java/remotesource-inbarrier 
Java: Exclude source-to-source flow in 5 queries.
 2023-07-18 10:33:44 +02:00
Geoffrey White
b5a8a8d431 Merge pull request #13715 from geoffw0/parsemode 
Swift: Recognize regular expression parse mode flags
 2023-07-18 09:09:56 +01:00
Jeroen Ketema
e2de94b233 C++: Add more IR tests 
These show the value categories for more static member calls, and show that
a load occurs when a `volatile` variable is being used in an empty context.
 2023-07-18 08:40:54 +02:00
Jeroen Ketema
a426010b06 Merge pull request #13621 from MathiasVP/deprecate-ast-dataflow 
C++: Deprecate AST dataflow
 2023-07-18 08:13:47 +02:00
Mathias Vorreiter Pedersen
d63ead55dc C++: Remove barrier that's no longer needed. 2023-07-17 15:59:35 +01:00
Mathew Payne
6ef55aa14f Update python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-07-17 15:44:38 +01:00
Geoffrey White
869ad2eb65 Apply suggestions from code review 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2023-07-17 15:17:24 +01:00
Alex Ford
27ee72c265 Merge remote-tracking branch 'origin/main' into rb/rack-env-query-string 2023-07-17 14:11:25 +01:00
Alex Ford
06aefe01b8 Update ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-07-17 14:08:44 +01:00
Alex Ford
ab1f341aa6 Merge pull request #13566 from alexrford/rb/rack-params 
Ruby: add `Rack::Request` params and cookies as remote input sources
 2023-07-17 14:07:20 +01:00
Mathias Vorreiter Pedersen
11f2681904 Merge pull request #13740 from MathiasVP/unique-entry-point 
C++: Exclude invalid functions from new range analysis
 2023-07-17 13:32:50 +01:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Mathias Vorreiter Pedersen
be95d29589 Documentation: Update version number. 2023-07-17 11:08:40 +01:00
Mathew Payne
e3d75c488e Merge branch 'main' into py-mad-xss 2023-07-17 11:08:09 +01:00
Mathias Vorreiter Pedersen
8c21699040 C++: Accept test changes. 2023-07-17 10:51:42 +01:00
Mathias Vorreiter Pedersen
f9db6a9868 C++: Don't do range analysis on malformed IR. 2023-07-17 10:15:01 +01:00
Geoffrey White
69b98c769c Merge pull request #13354 from geoffw0/sharedsensitive2 
Swift: Improve SensitiveExprs.qll Heuristics
 2023-07-17 09:16:09 +01:00
Geoffrey White
4644b7184b Swift: # -> // 2023-07-17 09:12:01 +01:00
Anders Schack-Mulligen
6770d2a49b Java: Exclude source-to-source flow in 5 queries. 2023-07-17 09:06:49 +02:00
Owen Mansel-Chan
0b8353eb64 Merge pull request #13602 from pwntester/ruby/add_gqlgen_support 
Go: Add support for the gqlgen library
 2023-07-15 07:04:09 +01:00
Alvaro Muñoz
0ea0d54050 gofmt -w . 2023-07-14 22:15:40 +02:00
Alex Ford
bdf1aa0807 Merge pull request #13746 from asgerf/rb/fix-rack-todo 
Ruby: Use API graphs asCallable() instead of Proc.new workaround
 2023-07-14 16:29:00 +01:00
Alex Ford
d89c10dd85 Merge pull request #13130 from maikypedia/maikypedia/xpath-injection 
Ruby :  XPath Injection Query (CWE-643)
 2023-07-14 14:10:09 +01:00
Taus
9193de6898 Merge pull request #13730 from github/tausbn/limit-number-of-candidates-in-application-mode 
Java: Limit the number of samples extracted in application mode
 2023-07-14 14:09:59 +02:00
Asger F
2962727f0f Ruby: Use API graphs asCallable() instead of Proc.new workaround 2023-07-14 13:50:07 +02:00
Alex Ford
dbb55ff2b4 Ruby: fix xpathinjection deprecation warnings 2023-07-14 12:45:27 +01:00
Mathew Payne
cf65ab834d fix: formatting issue 2023-07-14 12:31:40 +01:00
Mathew Payne
4c1612f2dd feat: add change log notes 2023-07-14 12:28:51 +01:00
Mathew Payne
c292984338 feat: add MaD to XSS query 2023-07-14 12:25:54 +01:00
Alex Ford
c0009379d1 qlformat 2023-07-14 12:04:03 +01:00
Asger F
31bed36231 Merge pull request #13612 from asgerf/rb/api-graph-explicit-proc-lambda 
Ruby: Improve support for explicit proc-creation
 2023-07-14 13:02:44 +02:00
Geoffrey White
1c8297b91b Merge pull request #13548 from geoffw0/redos 
Swift: Query for REDOS (Regular Expression Denial Of Service)
 2023-07-14 10:44:52 +01:00
Anders Schack-Mulligen
80a799df01 Merge pull request #13735 from aschackmull/dataflow/forcehighprecision-fix 
Dataflow: Fix forceHighPrecision for length-2 prefixes.
 2023-07-14 11:42:35 +02:00
Geoffrey White
1274393c72 Swift: Remove 'cached' annotations. 2023-07-14 10:11:09 +01:00
Chris Smowton
3d8b4d850a Merge pull request #13742 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-07-14 09:00:17 +01:00
github-actions[bot]
b675a1e2fe Add changed framework coverage reports 2023-07-14 00:19:14 +00:00
Alvaro Muñoz
11a915dcd7 Merge branch 'ruby/add_gqlgen_support' of https://github.com/pwntester/codeql into ruby/add_gqlgen_support 2023-07-13 22:16:41 +02:00
Alvaro Muñoz
55366f6743 retab 2023-07-13 22:16:34 +02:00
Alvaro Muñoz
9f6c7efd91 Update go/ql/test/library-tests/semmle/go/frameworks/gqlgen/gqlgen.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-07-13 22:11:37 +02:00
Alvaro Muñoz
4111ed6653 retab generated.go 2023-07-13 22:10:19 +02:00
Alvaro Muñoz
d681094824 Fixup expected file 2023-07-13 21:42:16 +02:00
Alvaro Muñoz
1dedc0ae55 Update go/ql/test/library-tests/semmle/go/frameworks/gqlgen/graph/schema.resolvers.go 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-07-13 21:39:47 +02:00