hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,154 Commits 1,741 Branches 165 Tags
c8441dc4fbd93d84ecfe0082f4fb0a7e4592ec40
Commit Graph

17154 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
8cf21e3b2b autoformat 2020-10-16 16:56:35 +02:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Tom Hvitved
d91ea55f0c Merge pull request #4440 from aschackmull/dataflow/adaptive-field-precision 
Dataflow: Adaptive field flow precision
 2020-10-16 15:08:56 +02:00
Erik Krogh Kristensen
27a2cd310d inline value in nodeLeadingToCsrfWrite 2020-10-16 14:21:49 +02:00
Erik Krogh Kristensen
017c73dce3 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-16 14:20:40 +02:00
Erik Krogh Kristensen
c2338b218f Update javascript/ql/src/semmle/javascript/dataflow/Nodes.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-16 14:12:36 +02:00
CodeQL CI
1d9b0ce059 Merge pull request #4460 from max-schaefer/js/unsafe-shell-command-construction-infeasible-paths 
Approved by asgerf
 2020-10-16 05:05:29 -07:00
Anders Schack-Mulligen
2b19a48030 Merge pull request #3880 from hvitved/dataflow/precise-aps 
Data flow: Precise access paths
 2020-10-16 13:54:35 +02:00
Anders Schack-Mulligen
b352605d12 Dataflow: Code review fixes. 2020-10-16 13:45:51 +02:00
Erik Krogh Kristensen
7598d31fc1 add change note 2020-10-16 13:35:31 +02:00
Erik Krogh Kristensen
b3d5f9c4dd support throttle like calls as partial calls 2020-10-16 13:33:02 +02:00
Anders Schack-Mulligen
664f04020f Revert "Dataflow: Count callables instead of nodes for fieldFlowBranchLimit." 
This reverts commit 1501a40de8.
 2020-10-16 12:51:50 +02:00
Anders Schack-Mulligen
1501a40de8 Dataflow: Count callables instead of nodes for fieldFlowBranchLimit. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
6aae51fa4f Dataflow: Sync. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
8f055f56b8 Dataflow: Adaptive field flow precision. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
b0f0f89dbc Dataflow: Minor pruning improvements. 2020-10-16 12:51:17 +02:00
Taus Brock-Nannestad
60fcb5e7d5 Python: Add PEP-328 test example 
Based on https://www.python.org/dev/peps/pep-0328/#guido-s-decision

Original "code" is in the Public Domain.
 2020-10-16 12:03:43 +02:00
Rasmus Wriedt Larsen
86798063a3 Python: Model tainted attributes of django HttpRequest 2020-10-16 11:12:20 +02:00
Rasmus Wriedt Larsen
a3cdbf2052 Python: Basic modeling of Django HttpRequest 2020-10-16 11:12:19 +02:00
Rasmus Wriedt Larsen
f547b6010b Python: Implement routed parameter for django.urls.re_path 2020-10-16 11:12:17 +02:00
Rasmus Wriedt Larsen
ff8708df67 Python: Implement routed parameter for django.urls.path 
Matching current implementation in
f07a7bf8cf/python/ql/src/semmle/python/web/django/General.qll (L125-L133)
 2020-10-16 11:12:16 +02:00
Rasmus Wriedt Larsen
8803fb2778 Python: Refactor RouteSetup with default impl for getUrlPattern 
Having multiple copies of the StrConst data-flow tracking code means that if we
need to update this to be more sophisticated, we could easily forget to do it
somewhere :|

Until we have a proper `.getAPossibleStringValue` helper, this refactoring
should be nice :)
 2020-10-16 11:12:15 +02:00
Rasmus Wriedt Larsen
44683f2959 Python: Identify route handlers for django 
Not including class based handlers
 2020-10-16 11:12:14 +02:00
Rasmus Wriedt Larsen
c0d71f767a Python: Add taint test for django v2/v3 2020-10-16 11:12:13 +02:00
Rasmus Wriedt Larsen
09a2a6cdfd Python: Fix django re_path kwarg test 
Since it was using the wrong keyword argument name before :D
 2020-10-16 11:12:12 +02:00
Rasmus Wriedt Larsen
b28d022be9 Python: Add simpel model of a django path/re_path route setup 
Also had to change the annotation to not include the `r` prefix for the
raw-string... not sure why that isn't replicated, but ¯\_(ツ)_/¯
 2020-10-16 11:12:11 +02:00
Rasmus Wriedt Larsen
979dc471ac Python: Port old routing tests 2020-10-16 11:12:09 +02:00
Rasmus Wriedt Larsen
ca60132e24 Python: Django test: Add simple route handler and annotations 2020-10-16 11:12:09 +02:00
Rasmus Wriedt Larsen
44b9b7f084 Python: Django test: Enable app 
and add a bits of use docs
 2020-10-16 11:12:08 +02:00
Rasmus Wriedt Larsen
6506e5d646 Python: Django test: Add testapp 2020-10-16 11:12:07 +02:00
Rasmus Wriedt Larsen
c71c41b759 Python: Django test: Disable DB (for now) 2020-10-16 11:12:06 +02:00
Rasmus Wriedt Larsen
f704c566b9 Python: Add real django 3.1 project as base of tests 2020-10-16 11:12:05 +02:00
Tom Hvitved
27fc610c0d Python: Update expected test output 2020-10-16 09:09:06 +02:00
Tom Hvitved
5f01fda1ef Data flow: Sync files 2020-10-16 09:05:02 +02:00
Tom Hvitved
82e56d4ebb Data flow: Simplify pathStep and pathIntoCallable 2020-10-16 09:05:02 +02:00
Anders Schack-Mulligen
94f110f739 Sync. 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
b4ecfaeda3 Dataflow: Remove inconsistent AccessPath.getType(). 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
d88c551f64 Dataflow: qldoc fix 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
98f10b29b8 Dataflow: Simplify SCC: remove some apa params. 2020-10-16 09:05:01 +02:00
Anders Schack-Mulligen
4e2f786040 Dataflow: Precalculate AccessPath to avoid massive recursion. 2020-10-16 09:05:01 +02:00
Mathias Vorreiter Pedersen
ca534ccb03 C++: Update inline expectation comments 2020-10-16 09:05:01 +02:00
Tom Hvitved
570b624eb7 C++: Update expected test output 2020-10-16 09:05:01 +02:00
Tom Hvitved
d48a6a5555 C#: Update expected test output 2020-10-16 09:04:58 +02:00
Tom Hvitved
d608138c0c Data flow: Sync files 2020-10-16 09:03:13 +02:00
Tom Hvitved
a35a178080 Data flow: Precise access paths 2020-10-16 09:03:13 +02:00
Tom Hvitved
0dc066c515 Data flow: Rename AccessPath to AccessPathApprox 2020-10-16 09:03:13 +02:00
Asger Feldthaus
287ec0cbbb JS: Add test for default flow labels 2020-10-16 07:16:02 +01:00
Asger Feldthaus
583f3d7fd9 JS: Also materialize labels in ZipSlip 2020-10-16 07:12:30 +01:00
Asger Feldthaus
4337c5adaf JS: Workaround ascii PR check 2020-10-16 07:12:29 +01:00
Asger Feldthaus
b3d8b95433 JS: Autoformat 2020-10-16 07:12:29 +01:00