hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-10 01:24:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
960 Commits 1,738 Branches 164 Tags
bee94757dd2674ebe1ff953708ef75fe6fd67621
Commit Graph

960 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Rolfe
bee94757dd Add query test for ReDoS.ql, ported from JS 2021-06-25 12:51:35 +01:00
Nick Rolfe
6142029fdc Recognise \t as not escaping t 2021-06-25 12:46:25 +01:00
Nick Rolfe
a77e7761fd Make \h and \H character class escapes 2021-06-25 12:27:39 +01:00
Nick Rolfe
a5dff79e51 Fix locations of regexp nodes in AST viewer 2021-06-25 12:00:38 +01:00
Nick Rolfe
9ec503a3a5 Merge remote-tracking branch 'origin/main' into regex 2021-06-24 18:16:13 +01:00
Nick Rolfe
17a59ef824 Add basic test for regex parsing 2021-06-24 18:06:08 +01:00
Arthur Baars
f69c5dc19b Merge pull request #221 from github/package-depend-on-compile-queries 
make the package job depend on compile-queries
 2021-06-24 19:03:44 +02:00
Nick Rolfe
51b0ffdaf8 Fix printAst to support adding edges in AstDesugar test 2021-06-24 17:14:23 +01:00
Nick Rolfe
f7e89f47fd Comment out temporarily-unused predicates 2021-06-24 17:06:41 +01:00
Alex Ford
58e9b69ea4 make the package job depend on compile-queries 2021-06-24 16:52:22 +01:00
Nick Rolfe
a6dd2fa0a1 Split ReDoS query into .ql and .qll, and add .qhelp 2021-06-24 16:32:45 +01:00
Arthur Baars
7574d1cad7 Merge pull request #220 from github/aibaars/update-build-yml 
Update build.yml
 2021-06-24 16:38:26 +02:00
Arthur Baars
dfc96de4cc Update build.yml 2021-06-24 16:09:45 +02:00
Tom Hvitved
9438885776 Merge pull request #216 from github/hvitved/synthesis-location 
AST synthesis: Move location information into a separate predicate
 2021-06-23 16:50:17 +02:00
Nick Rolfe
c784e37089 Add regexp parser and exponential ReDoS query 2021-06-23 15:29:49 +01:00
Alex Ford
e5f0206c6d Merge pull request #208 from github/action-controller-1 
Model accesses to `ActionController` parameters via `params` method
 2021-06-23 14:21:55 +01:00
Alex Ford
0238c19085 remove TODO 2021-06-23 14:11:38 +01:00
Alex Ford
5941eb2be4 model some ActionController user input sources (params) 2021-06-23 14:11:38 +01:00
Alex Ford
9227f3a0c3 Add RemoteFlowSources.qll 2021-06-23 14:11:38 +01:00
Alex Ford
5163514d43 Merge pull request #218 from github/build-yml-debug 
Fix `compile-queries` job
 2021-06-23 14:04:33 +01:00
Alex Ford
8e1f2e6237 try fixing build.yml 2021-06-23 13:41:51 +01:00
Tom Hvitved
1dde5b8ef9 AST synthesis: Move location information into a separate predicate 2021-06-23 08:46:07 +02:00
Alex Ford
dbf1805c8b Merge pull request #196 from github/active-record-1 
Start modelling some potential SQL fragment sinks in ActiveRecord
 2021-06-22 16:05:26 +01:00
Arthur Baars
bedd790d33 Merge pull request #217 from github/aibaars-patch-2 
Remove ad-hoc entries from query suite
 2021-06-22 15:48:22 +02:00
Arthur Baars
f7eee915da Remove ad-hoc queries 2021-06-22 15:35:30 +02:00
Arthur Baars
33c5312842 Merge pull request #215 from github/bump-codeql 
Bump `codeql` submodule
 2021-06-21 16:18:04 +02:00
Tom Hvitved
992d8faa06 Bump codeql submodule 2021-06-21 16:06:45 +02:00
Tom Hvitved
abe5e3d953 Merge pull request #210 from github/hvitved/dataflow/consistency 
Data flow: Add consistency queries
 2021-06-21 14:42:55 +02:00
Nick Rolfe
35eb4a3af4 Merge pull request #214 from github/regexp_naming 
Use RegExp prefix instead of Regex, for consistency with other languages.
 2021-06-21 11:06:19 +01:00
Tom Hvitved
b820f3f20d Merge pull request #212 from github/hvitved/ssa/assigns-pred 
Add `Ssa::WriteDefinition::assigns/1` predicate
 2021-06-21 10:46:48 +02:00
Nick Rolfe
65aa97c07c Use RegExp prefix instead of Regex, for consistency with other languages. 2021-06-18 15:56:19 +01:00
Tom Hvitved
7cc02e6d00 Add Ssa::WriteDefinition::assigns/1 predicate 2021-06-18 10:42:32 +02:00
Nick Rolfe
78db1bf045 Merge pull request #211 from github/smaller_trap 
Tweaks to reduce size of TRAP output
 2021-06-17 17:09:14 +01:00
Nick Rolfe
ab72b4e9e7 Use hexadecimal encoding for TRAP labels 2021-06-17 16:16:32 +01:00
Nick Rolfe
ed93233917 Remove unnecessary spaces in TRAP output 2021-06-17 16:16:06 +01:00
Alex Ford
7439ab5635 remove recvCls field from ActiveRecordModelClassMethodCall 2021-06-17 14:42:42 +01:00
Alex Ford
214532516b try to avoid a future merge conflict 2021-06-17 14:41:51 +01:00
Alex Ford
762656ee60 Add QLDoc to ActiveRecord.qll 2021-06-17 14:41:51 +01:00
Alex Ford
12a0af1d28 Tidy up PotentiallyUnsafeSqlExecutingMethodCall characteristic predicate 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-06-17 14:39:40 +01:00
Tom Hvitved
41ed9f3e1b Data flow: Fix inconsistencies 2021-06-17 10:48:32 +02:00
Tom Hvitved
00e544189e Data flow: Add consistency queries 2021-06-17 10:26:56 +02:00
Tom Hvitved
ad54f2e1f4 Bump codeql submodule 2021-06-17 10:24:19 +02:00
Tom Hvitved
872c7edfc8 Merge pull request #207 from github/bump-codeql 
Bump `codeql` submodule
 2021-06-16 12:33:40 +02:00
Tom Hvitved
84d79ccae9 Bump codeql submodule 2021-06-16 11:55:38 +02:00
Alex Ford
bf43a77df5 Include some more types of expressions as possible active record SQL sink arguments 2021-06-15 12:41:42 +01:00
Alex Ford
ea21c591af remove accidentally unbound variable 2021-06-15 11:39:48 +01:00
Alex Ford
c1b9952517 account for chained method calls when constructing ActiveRecord SQL queries 2021-06-15 11:39:48 +01:00
Alex Ford
f8a77b9854 format QL 2021-06-15 11:39:48 +01:00
Alex Ford
57c04266e3 rename SqlExecutingMethodCall as PotentiallyUnsafeSqlExecutingMethodCall 2021-06-15 11:39:48 +01:00
Alex Ford
2d4bb61789 limit SqlExecutingMethodCall to those that are called with a StringlikeLiteral argument 2021-06-15 11:39:48 +01:00