hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-26 09:18:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,971 Commits 1,718 Branches 163 Tags
c08f94ec040163d0762d73cab2fedd3abef01002
Commit Graph

24971 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
c08f94ec04 Python: Fix parsing of octal escapes 2021-08-11 15:01:26 +02:00
Rasmus Lerchedahl Petersen
34b054ff53 Python: Add consistency checks 2021-08-11 14:58:27 +02:00
Tom Hvitved
d658ef1dcd Merge pull request #6449 from hvitved/python/contains-in-scope-perf 
Python: Avoid bad join in `AstExtended::AstNode::containsInScope`
 2021-08-10 10:27:00 +02:00
Chris Smowton
cb73100717 Merge pull request #6458 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-10 09:23:53 +01:00
Chris Smowton
9f9c76390f Nudge CI 2021-08-10 09:12:18 +01:00
Asger F
077aa05336 Merge pull request #6448 from asgerf/js/handlebars-extraction-preliminary 
JS: Update locations in Angular2 test
 2021-08-10 08:50:18 +02:00
github-actions[bot]
22fe354aab Add changed framework coverage reports 2021-08-10 00:07:47 +00:00
Chris Smowton
5ba9347281 Merge pull request #6006 from artem-smotrakov/timing-attacks 
Java: Timing attacks while comparing results of cryptographic operations
 2021-08-09 15:30:47 +01:00
Chris Smowton
171dc26531 Fix test reference and expectations 2021-08-09 13:56:55 +01:00
Tom Hvitved
ea6d51f123 Python: Avoid bad join in AstExtended::AstNode::containsInScope 2021-08-09 11:20:57 +02:00
Asger Feldthaus
88500a3fa3 JS: Update TRAP test output 2021-08-09 11:19:08 +02:00
Asger Feldthaus
2836d465e4 JS: Update locations in Angular2 test 2021-08-09 11:03:15 +02:00
Tom Hvitved
15db6dfb10 Merge pull request #6431 from hvitved/csharp/silence-xml-extraction 
C#: Silence XML extraction commands
 2021-08-09 09:36:23 +02:00
CodeQL CI
562ba49f4e Merge pull request #6406 from erik-krogh/cleanCfg 
Approved by asgerf
 2021-08-09 00:21:31 -07:00
Tamás Vajk
c1cf2a1c5f Merge pull request #5579 from edvraa/cookies 
C#: HttpOnly and Secure cookie queries
 2021-08-09 08:58:11 +02:00
Shati Patel
8bb47b91b9 Merge pull request #6426 from shati-patel/docs/cwe-coverage 
Docs: Make TOC more visible and add note about CWE coverage
 2021-08-05 15:01:29 +01:00
Shati Patel
97dd88661e Merge pull request #6427 from shati-patel/docs/vscode-tests 
Docs: Mention setting for running tests in VS Code (already shipped)
 2021-08-05 15:01:20 +01:00
Tom Hvitved
5b5ed97421 C#: Silence XML extraction commands 2021-08-05 15:24:01 +02:00
Tom Hvitved
4ee5cc5557 Merge pull request #6428 from hvitved/csharp/xss-nodes 
C#: Add missing `nodes` predicate to XSS queries
 2021-08-05 15:03:22 +02:00
Tom Hvitved
9eb3f28ef1 C#: Add missing nodes predicate to XSS queries 2021-08-05 13:53:52 +02:00
Tom Hvitved
6471092139 Merge pull request #6394 from github/p0/csharp-virtual-dispatch-limit 
C#: Guard against virtual dispatch branching too much.
 2021-08-05 13:20:14 +02:00
shati-patel
dbf49a8257 Docs: Mention setting for running tests in VS Code 2021-08-05 11:27:20 +01:00
shati-patel
09f3001048 Docs: Make TOC more visible and add note about CWE coverage 2021-08-05 10:55:41 +01:00
Anders Schack-Mulligen
c29353db80 Merge pull request #6424 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-05 09:48:53 +02:00
Tony Torralba
0356ed7f9e Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check 
Java: Promote Missing JWT signature check query from experimental
 2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen
1932f604dc Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb 
Add unsafe-deserialization support for Jabsorb
 2021-08-05 09:04:23 +02:00
Erik Krogh Kristensen
d3ea58002d fix a case in union where order wasn't necessarily preserved 2021-08-05 08:48:15 +02:00
Erik Krogh Kristensen
6ca53c8b25 a little more special casing in CFGExtractor union 2021-08-05 08:32:56 +02:00
CodeQL CI
475032780e Merge pull request #6311 from asgerf/js/dom-element-methods 
Approved by erik-krogh
 2021-08-04 23:18:34 -07:00
github-actions[bot]
9d13edb325 Add changed framework coverage reports 2021-08-05 00:08:17 +00:00
Erik Krogh Kristensen
7e422a656a remove unused imports 2021-08-04 23:41:36 +02:00
Erik Krogh Kristensen
ff9943906d micro optimize the hot loops by adding special cases and removing streams 2021-08-04 23:35:58 +02:00
Fosstars
b913928294 Renamed queries and merged qhelp files 2021-08-04 17:54:16 +02:00
Chris Smowton
1f08c3fe55 Move test files to appropriate package directories 2021-08-04 16:50:03 +01:00
Chris Smowton
5a42448888 Code review suggestions 
- Remove unneeded import
- Remove unnecessary `toLowerCase` call
 2021-08-04 16:08:07 +01:00
Chris Smowton
69549e9ce3 Add unsafe-deserialization support for Jabsorb 
This is partly extracted from https://github.com/github/codeql/pull/5954
 2021-08-04 15:35:50 +01:00
Asger Feldthaus
1b67b43b40 JS: Change note 2021-08-04 16:25:59 +02:00
Asger Feldthaus
00f4694616 JS: Recognize methods returning DOM objects 2021-08-04 16:25:56 +02:00
Anders Schack-Mulligen
5f9f857c34 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:23:21 +02:00
Anders Schack-Mulligen
78998d0ca1 Update java/ql/src/semmle/code/java/security/JWT.qll 2021-08-04 16:22:56 +02:00
Anders Schack-Mulligen
6a09a5667d Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection 
Java: Promote JNDI Injection query from experimental
 2021-08-04 15:48:44 +02:00
Tony Torralba
bc9563c073 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:40:32 +02:00
Tony Torralba
989afb446e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-08-04 14:07:10 +02:00
Tony Torralba
a046d75ea6 Apply suggestions from code review 2021-08-04 13:15:49 +02:00
edvraa
e790ee7c2e Fix formatting 2021-08-04 14:06:27 +03:00
Tony Torralba
452fd9a8e3 Refactor to path query 2021-08-04 13:05:18 +02:00
Anders Schack-Mulligen
fe654dc8ee Merge pull request #6418 from github/cwe-918-add-sec-sev 
Update Security-Severity for CWE-918
 2021-08-04 13:04:40 +02:00
turbo
a8f84da7ac Update Security-Severity for CWE-918 2021-08-04 12:17:21 +02:00
Tony Torralba
b586f3ec9c Make the additional flow step abstract 2021-08-04 12:11:17 +02:00
Tony Torralba
f4bc4df8c1 Renamed JWTQuery so that it's named after the actual query name 2021-08-04 12:08:08 +02:00