hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
23,492 Commits 1,714 Branches 163 Tags
aa82d0b815a64de2594dfa830383f30eeca57dca
Commit Graph

23492 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
aa82d0b815 Java: Make Content public as DataFlow::Content. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
80880320d5 Dataflow: Sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
b7ac329ba1 DataFlow: Add support for configuration-specific implicit reads. 2021-06-21 14:41:19 +02:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
Shati Patel
bbb5a39c02 Merge pull request #6072 from shati-patel/shati-patel/vs-code-setting 
[Already shipped] Docs: Update setting in CodeQL for VS Code
 2021-06-21 08:34:14 +01:00
yo-h
26a04d6659 Merge pull request #6108 from tamasvajk/fix/coverage-commenter 
Fix diff in the framework coverage PR comment
 2021-06-18 14:02:15 -04:00
Tamas Vajk
b3f44f457a Fix diff in the framework coverage PR comment 2021-06-18 16:33:50 +02:00
CodeQL CI
081fd28090 Merge pull request #6102 from RasmusWL/js-qhelp-fixup 
Approved by erik-krogh
 2021-06-18 04:52:48 -07:00
Chris Smowton
6302187a5d Merge pull request #5957 from haby0/java/BeanShellInjection 
Java: BeanShell Injection
 2021-06-18 12:38:51 +01:00
Jonas Jensen
f829fff2ad Merge pull request #6100 from github/AlonaHlobina-patch-2 
Update C/C++ Clang and GCC versions.rst
 2021-06-18 13:10:29 +02:00
Rasmus Wriedt Larsen
968a0921d4 JS: Fix secure example inclusion in InsecureDownload.qhelp 2021-06-18 12:12:06 +02:00
Anders Schack-Mulligen
7eb6da3888 Merge pull request #5772 from smowton/smowton/feature/apache-tuple-flow 
Add models for Apache Commons Lang's tuple types
 2021-06-18 11:25:07 +02:00
AlonaHlobina
bd820458f5 Update docs/codeql/support/reusables/versions-compilers.rst 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-06-18 12:24:34 +03:00
haby0
a73cb3f04a Fix error 2021-06-18 17:22:26 +08:00
CodeQL CI
1ffd9c9ba7 Merge pull request #6086 from asgerf/js/knex 
Approved by esbena
 2021-06-18 01:58:21 -07:00
Calum Grant
32f6a465b0 Merge pull request #6080 from github/calumgrant/security-severities 
Update security-severity scores
 2021-06-18 09:40:40 +01:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00
haby0
0d18e4ff9c BeanShell Injection 2021-06-18 15:54:13 +08:00
AlonaHlobina
9feda2ddd6 Update C/C++ Clang and GCC versions.rst 2021-06-18 10:46:22 +03:00
Tamás Vajk
0545bcfbd2 Merge pull request #6028 from github/tamasvajk/feature/csv-coverage-report-comment 
Add CSV coverage PR commenter
 2021-06-18 09:32:45 +02:00
Chris Smowton
64001cc02c Merge pull request #5587 from smowton/smowton/admin/promote-ssrf-query 
Promote SSRF query from experimental
 2021-06-17 13:02:33 +01:00
Chris Smowton
d28c95d16c Field foo of -> Field[foo] of 2021-06-17 12:49:25 +01:00
Chris Smowton
74b2a2c7a6 Improve style of interpretField 2021-06-17 12:45:44 +01:00
Chris Smowton
5cf0243dd0 Add change note 2021-06-17 12:34:40 +01:00
Chris Smowton
2cc1f46871 Model constructors for (Imm|M)utable(Pair|Triple) 2021-06-17 12:34:40 +01:00
Chris Smowton
fbaa382158 Add tests for Pair.of and Triple.of 2021-06-17 12:34:40 +01:00
Chris Smowton
eebaab8fe9 Order left and right consistently 2021-06-17 12:34:40 +01:00
Chris Smowton
365aab9bd9 Improve matching of Field specifiers; add Field recognition in tests 2021-06-17 12:34:36 +01:00
Chris Smowton
472a2a64dd Add models for Apache Commons tuples 2021-06-17 12:25:21 +01:00
Chris Smowton
73fa680224 Add support for CSV-specified flow to or from fields. 2021-06-17 12:24:28 +01:00
Tamas Vajk
07b83d5dc1 Remove commented code 2021-06-17 13:04:39 +02:00
Tamás Vajk
c532db58fd Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-06-17 13:04:39 +02:00
Tamas Vajk
e61f725196 Apply code review findings 2021-06-17 13:04:39 +02:00
Tamas Vajk
4abaa7870f Add CSV coverage PR commenter 2021-06-17 13:04:39 +02:00
Tamás Vajk
200126b302 Merge pull request #6008 from github/tamasvajk/feature/csv-coverage-report 
Add timeseries CSV generator script
 2021-06-17 13:03:41 +02:00
Chris Smowton
11b70326fd Add Jakarta WS url-open sink 2021-06-17 11:58:41 +01:00
Chris Smowton
da1e760269 Adjust Spring models to use erased function signatures 2021-06-17 11:43:33 +01:00
Chris Smowton
1176fec287 Improve docs 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-17 11:43:33 +01:00
Chris Smowton
09f27554d0 Note incidental extra models in change note 2021-06-17 11:43:33 +01:00
Chris Smowton
7509e36382 Remove no-longer-needed BasicRequestLine model from InsecureBasicAuth.ql; adjust test expectations accordingly 2021-06-17 11:43:33 +01:00
Chris Smowton
c531b81ebe Rename RequestForgery.java -> SanitizationTests.java 2021-06-17 11:43:33 +01:00
Chris Smowton
cb99e17f4d Split and rename JavaNetHttp and ApacheHttp tests for consistency 2021-06-17 11:43:32 +01:00
Chris Smowton
6c4a909b86 Remove dead code from test 2021-06-17 11:43:32 +01:00
Chris Smowton
08ab5f5546 Remove redundant test 2021-06-17 11:43:32 +01:00
Chris Smowton
74569ce316 Tidy Jax-RS test 2021-06-17 11:43:32 +01:00
Chris Smowton
57ca36baad Tidy Spring test 2021-06-17 11:43:32 +01:00
Chris Smowton
8b080a94e7 Convert request forgery tests to inline expectations; add missing models revealed by this process. 2021-06-17 11:43:32 +01:00
Chris Smowton
b66dcbe5b6 Factor request-forgery config so it can be used in an inline-expectations test 2021-06-17 11:43:32 +01:00
Chris Smowton
ee872f1752 Add missing tests, add additional models revealed missing in the process, and add stubs to support them all. 2021-06-17 11:43:32 +01:00
Chris Smowton
49bbfc3f4b Convert SSRF sinks into url-open CSV sinks 
I also drop the previous approach of taint-tracking through various builder objects in favour of assuming that a URI set in a request-builder object is highly likely to end up requested in some way or another.

This will cause the `java/non-https-url` query to pick the new sinks up too, and fixes a Spring case that had never worked but went unnoticed until now.
 2021-06-17 11:43:30 +01:00