hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 18:14:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
988 Commits 1,740 Branches 164 Tags
ba7021086bc1d915773c271367faef54097e4178
Commit Graph

988 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Rolfe
ba7021086b Merge remote-tracking branch 'origin/main' into regex 2021-06-25 15:00:26 +01:00
Nick Rolfe
bee94757dd Add query test for ReDoS.ql, ported from JS 2021-06-25 12:51:35 +01:00
Nick Rolfe
6142029fdc Recognise \t as not escaping t 2021-06-25 12:46:25 +01:00
Nick Rolfe
a77e7761fd Make \h and \H character class escapes 2021-06-25 12:27:39 +01:00
Nick Rolfe
a5dff79e51 Fix locations of regexp nodes in AST viewer 2021-06-25 12:00:38 +01:00
Arthur Baars
fa5e7cb9cc Merge pull request #223 from github/aibaars/mkdir-p 
Create parent folders when copying qhelp and sample files
 2021-06-25 11:29:27 +02:00
Alex Ford
5179e3e5d6 Merge pull request #209 from github/query-sql-injection 2021-06-25 09:59:50 +01:00
Arthur Baars
0d77f49f7c Create parent folders 2021-06-24 22:07:58 +02:00
Alex Ford
2a7d8bbc0a Apply suggestions from code review 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2021-06-24 19:43:35 +01:00
Arthur Baars
d4666ab099 Merge pull request #222 from github/aibaars/file-filters 
Add support for LGTM_INDEX_FILTERS environment variable
 2021-06-24 20:09:08 +02:00
Arthur Baars
e3b4e0a9a3 Add missing use statement 2021-06-24 20:00:41 +02:00
Arthur Baars
f92989350a Update autobuilder/src/main.rs 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-06-24 19:50:32 +02:00
Nick Rolfe
9ec503a3a5 Merge remote-tracking branch 'origin/main' into regex 2021-06-24 18:16:13 +01:00
Alex Ford
a45366e426 remove unnecessary ExprNodes prefix 2021-06-24 18:12:26 +01:00
Alex Ford
b27891b14e update ActiveRecord test output 2021-06-24 18:12:26 +01:00
Alex Ford
1f5a5181b9 StringInterpolationComponentCfgNode extends ExprNodes::StmtSequenceCfgNode 2021-06-24 18:12:26 +01:00
Alex Ford
a4a8f17a54 Update ql/src/codeql_ruby/dataflow/BarrierGuards.qll 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2021-06-24 18:12:26 +01:00
Alex Ford
9883a9b606 update SqlInjection tests 2021-06-24 18:12:26 +01:00
Alex Ford
d62f4f5bd4 Address review comments 2021-06-24 18:12:26 +01:00
Alex Ford
bc5a1b86ff Fix handling of arrays passed to ActiveRecord SQL methods 2021-06-24 18:12:26 +01:00
Alex Ford
fc8db88b66 Apply suggestions from code review 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2021-06-24 18:12:25 +01:00
Alex Ford
7415503772 update ActiveRecord test output 2021-06-24 18:12:25 +01:00
Alex Ford
12e4c9ee90 update SqlInjection tests 2021-06-24 18:12:25 +01:00
Alex Ford
734fe01867 Support named :conditions parameter to some SQL executing ActiveRecord calls 2021-06-24 18:12:25 +01:00
Alex Ford
91bde8d85d Support ActiveRecord SQL executing calls where there is a self receiver (implicit or explicit) 2021-06-24 18:12:25 +01:00
Alex Ford
5386c776b3 Implement rb/sql-injection 2021-06-24 18:12:25 +01:00
Alex Ford
957b29b5af Add more defaultAdditionalTaintSteps 2021-06-24 18:12:25 +01:00
Alex Ford
6e5665da8c Make ActiveRecord model flag more potentially dangerous SQL executions 2021-06-24 18:12:25 +01:00
Alex Ford
8761873cd1 Implement two common barrier guards 2021-06-24 18:12:25 +01:00
Alex Ford
98313d0a56 Convenience classes for wrapping some Exprs as ExprCfgNodes 2021-06-24 18:12:25 +01:00
Alex Ford
ad1d8420f3 Make BarrierGuard abstract 2021-06-24 18:12:25 +01:00
Alex Ford
adf32e973a Create Frameworks.qll to act as a container for all framework models 2021-06-24 18:12:25 +01:00
Nick Rolfe
17a59ef824 Add basic test for regex parsing 2021-06-24 18:06:08 +01:00
Arthur Baars
f69c5dc19b Merge pull request #221 from github/package-depend-on-compile-queries 
make the package job depend on compile-queries
 2021-06-24 19:03:44 +02:00
Arthur Baars
22990a938d Add support for LGTM_INDEX_FILTERS environment variable 
* re-implement autobuilder script in Rust
* add additional --include/--exclude flags based on LGTM_INDEX_FILTERS
  environment variable
 2021-06-24 18:45:31 +02:00
Nick Rolfe
51b0ffdaf8 Fix printAst to support adding edges in AstDesugar test 2021-06-24 17:14:23 +01:00
Nick Rolfe
f7e89f47fd Comment out temporarily-unused predicates 2021-06-24 17:06:41 +01:00
Alex Ford
58e9b69ea4 make the package job depend on compile-queries 2021-06-24 16:52:22 +01:00
Nick Rolfe
a6dd2fa0a1 Split ReDoS query into .ql and .qll, and add .qhelp 2021-06-24 16:32:45 +01:00
Arthur Baars
7574d1cad7 Merge pull request #220 from github/aibaars/update-build-yml 
Update build.yml
 2021-06-24 16:38:26 +02:00
Arthur Baars
dfc96de4cc Update build.yml 2021-06-24 16:09:45 +02:00
Tom Hvitved
9438885776 Merge pull request #216 from github/hvitved/synthesis-location 
AST synthesis: Move location information into a separate predicate
 2021-06-23 16:50:17 +02:00
Nick Rolfe
c784e37089 Add regexp parser and exponential ReDoS query 2021-06-23 15:29:49 +01:00
Alex Ford
e5f0206c6d Merge pull request #208 from github/action-controller-1 
Model accesses to `ActionController` parameters via `params` method
 2021-06-23 14:21:55 +01:00
Alex Ford
0238c19085 remove TODO 2021-06-23 14:11:38 +01:00
Alex Ford
5941eb2be4 model some ActionController user input sources (params) 2021-06-23 14:11:38 +01:00
Alex Ford
9227f3a0c3 Add RemoteFlowSources.qll 2021-06-23 14:11:38 +01:00
Alex Ford
5163514d43 Merge pull request #218 from github/build-yml-debug 
Fix `compile-queries` job
 2021-06-23 14:04:33 +01:00
Alex Ford
8e1f2e6237 try fixing build.yml 2021-06-23 13:41:51 +01:00
Tom Hvitved
1dde5b8ef9 AST synthesis: Move location information into a separate predicate 2021-06-23 08:46:07 +02:00