hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

654 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
2b9408b0c3 Concepts: Add some architecture documentation 2022-03-17 13:49:10 +01:00
Harry Maclean
36c421346b Introduce ConceptsShared.qll 2022-03-17 13:49:10 +01:00
Erik Krogh Kristensen
aa8b7c8679 update reference to deprecated class name 2022-03-16 22:32:54 +01:00
Erik Krogh Kristensen
d8a5947a08 simplify TaintedUrlSuffix::source() to only consider window.location based sources 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
b3de5d94a6 move PrefixStringSanitizer to the Query.qll file, and have it extend LabeledSanitizerGuardNode 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
562dce57e8 rename isXSSSink to isXssSink 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
f083e87fa1 refactor the js/xss query to use three flowlabels and one configuration 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
87842bb8b7 add client-side-url sinks that may execute JavaScript as XSS sinks 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
b471fec149 split interpretsArgumentsAsURL out of interpretsArgumentsAsHTML, and use it to generalize AttributeUrlSink 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
2576e1f655 add utility predicate to get client-side remote-flow-sources that contain a URL query/fragment 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
67e6a4c716 add a isXSSSink predicate to the client-side-url-redirection sinks 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
559f03ebbc remove unnecessary module qualifier 2022-03-16 22:32:07 +01:00
Erik Krogh Kristensen
2d9d383c55 remove unused import 2022-03-16 22:32:07 +01:00
Asger Feldthaus
e1976da7f9 JS: Autoformat 2022-03-16 15:01:17 +01:00
Asger F
228570129e Merge branch 'main' into ruby/mad-prototype 2022-03-16 13:50:31 +01:00
Asger Feldthaus
e168da4c5f Shared: make a predicate private 2022-03-16 13:48:56 +01:00
Asger Feldthaus
e3fbaf5d8f Shared: prefer exists(var) instead of var = any(string s) 2022-03-16 13:37:08 +01:00
Asger Feldthaus
102540072e Shared: remove documentation prone to falling out of date 2022-03-16 13:32:55 +01:00
Arthur Baars
ab93b3784b Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-16 12:31:12 +01:00
Arthur Baars
852f05bfb7 Address comment 2022-03-16 12:26:39 +01:00
Asger Feldthaus
f140c13261 JS: Sync ApiGraphModels.qll and update accordingly 2022-03-16 12:04:41 +01:00
Asger Feldthaus
d8b4bc81ff JS: Rename EntryPoint.getNode -> getANode 2022-03-16 12:04:39 +01:00
Erik Krogh Kristensen
cd9d61c1fc Merge pull request #8450 from erik-krogh/importAs 
disallow lowercase import-as aliases
 2022-03-16 11:32:37 +01:00
Asger Feldthaus
ecf7073bf1 Shared: codeql -> ql in code blocks 2022-03-16 11:00:24 +01:00
Erik Krogh Kristensen
b45f56ac08 Merge pull request #8431 from erik-krogh/deadCode 
Delete dead code
 2022-03-15 20:09:06 +01:00
Erik Krogh Kristensen
89af50f6d5 rename all lower-case import-as statements 2022-03-15 14:40:38 +01:00
Erik Krogh Kristensen
3067231b1a Merge pull request #8253 from erik-krogh/domWrite 
JS: merge hasDominatingWrite and hasDominatingAssignment
 2022-03-15 13:37:00 +01:00
Asger Feldthaus
82750638c6 JS: Verify models even if package is not used in database 2022-03-15 10:51:44 +01:00
Asger Feldthaus
a19f06ffc0 JS: Port checks to JS 2022-03-15 10:35:49 +01:00
Asger Feldthaus
97ca1155c3 JS: Sync ApiGraphModels.qll and test 2022-03-15 09:29:34 +01:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper 
Rename all upper-case variables, and all lower-case modules
 2022-03-15 09:00:37 +01:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 
Post-release preparation for codeql-cli-2.8.3
 2022-03-14 21:05:09 +01:00
Asger Feldthaus
fee32d3480 Elaborate on qldoc for API::EntryPoint 2022-03-14 17:52:07 +01:00
Asger Feldthaus
c9d7651c59 Be explicit about re-exporting 2022-03-14 17:26:30 +01:00
Erik Krogh Kristensen
c93f29b1a1 fix typo in change note 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-14 16:03:45 +01:00
Erik Krogh Kristensen
2250ebc5e2 remove leftover comments 2022-03-14 13:04:22 +01:00
Erik Krogh Kristensen
3bf5e06d53 delete all dead code 2022-03-14 13:03:31 +01:00
Erik Krogh Kristensen
a4525bbb29 add change-note 2022-03-14 12:22:39 +01:00
Erik Krogh Kristensen
8515a70fe6 JS: fix all ql/no-upper-case-variables 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
7d6700a943 Merge branch 'main' into depMore 2022-03-14 11:49:18 +01:00
Erik Krogh Kristensen
c06336480c add change note 2022-03-14 11:41:53 +01:00
Erik Krogh Kristensen
bbb2847ec1 Merge pull request #8323 from erik-krogh/acronyms 
Enforcing consistent casing of acronyms
 2022-03-14 11:38:25 +01:00
Erik Krogh Kristensen
6d66ea4253 also deprecate the definitionReaches predicate, it was only used in a test 2022-03-14 10:14:15 +01:00
Erik Krogh Kristensen
54760081dc add pointers to the qldoc of deprecated predicates 2022-03-14 10:10:38 +01:00
Erik Krogh Kristensen
8f86b067e7 deprecate the unused localTaintStep and stringStep predicates 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
cc231fef4c deprecate some unused predicate in DefUse.qll 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
c0a63beec1 deprecate unused document predicates in DOM.qll 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
9cf0a94e4d use some Sanitizer classes that were unused in the query code 2022-03-13 23:54:53 +01:00
Alex Ford
808cc9cf35 Merge pull request #8396 from alexrford/ruby/charpred-only-field 
Ruby: resolve `ql/field-only-used-in-charpred` alerts
 2022-03-11 15:48:05 +00:00