hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 15:04:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,389 Commits 1,680 Branches 158 Tags
d34901ac8cdff8f6148fec2f04e926aa6babf9fc
Commit Graph

48389 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
d34901ac8c Data flow: Track return position instead of return kind 
Reverts bdb205a318.
 2022-12-15 15:29:12 +01:00
Tom Hvitved
1820bb4b0b Data flow: Simplify forwards flow-through pruning 2022-12-15 15:29:11 +01:00
Tom Hvitved
cb84b557cf Data flow: Track parameter instead of parameter position 
Reverts 70d2a0df8a.
 2022-12-15 15:29:11 +01:00
Mathias Vorreiter Pedersen
99286fbdb1 Merge pull request #11704 from jketema/scanf-free 
C++: Exclude deallocation functions as `scanf` result accesses
 2022-12-15 13:17:43 +00:00
Tom Hvitved
d7e44a5426 Merge pull request #10714 from hvitved/ruby/initialize 
Ruby: Model flow through `initialize` constructors
 2022-12-15 13:42:59 +01:00
Owen Mansel-Chan
0af530061d Merge pull request #11697 from owen-mc/go/make-dataflowtype-singleton 
Make DataFlowType a singleton
 2022-12-15 12:07:57 +00:00
Jeroen Ketema
ef61d14e9c C++: Add change note 2022-12-15 12:57:13 +01:00
Jeroen Ketema
0b4c4fd580 C++: Simplify deallocation check 2022-12-15 12:46:32 +01:00
Alex Ford
1b49bfe605 Merge pull request #11497 from alexrford/ruby/rails_globalid 
Ruby: model `rails/globalid` component
 2022-12-15 10:35:15 +00:00
Erik Krogh Kristensen
1500fa5f67 Merge pull request #10663 from pwntester/restify_improvements 
Javascript: Improve Restify support and add new Spife support
 2022-12-15 11:08:22 +01:00
Michael Nebel
a67e02df21 Merge pull request #11691 from michaelnebel/renameextensibles 
C#/Java: Rename externalflow extensible predicates
 2022-12-15 11:05:22 +01:00
Tom Hvitved
b3feb4f295 Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2022-12-15 10:46:06 +01:00
Michael Nebel
12c1ebd81c C#/Java: Add change note. 2022-12-15 09:41:14 +01:00
Jeroen Ketema
4fb43d56b3 C++: Exclude deallocation functions as scanf result accesses 2022-12-15 09:39:16 +01:00
Erik Krogh Kristensen
55558120d9 add explicit this 2022-12-14 20:59:28 +01:00
Jami
33955ee4ab Merge pull request #11623 from jcogs33/jcogs33/exclude-funcexpr-from-dataflowtargetapi 
Java/C#: exclude `FunctionalExpr`s from `DataFlowTargetApi`
 2022-12-14 12:22:50 -05:00
Owen Mansel-Chan
8703da9db6 Merge pull request #11698 from owen-mc/go/fix-test-to-do-what-it-says 
Fix test to use `hasQualifiedName/2`
 2022-12-14 17:11:58 +00:00
Alvaro Muñoz
f46a8faf00 port RouteSetup API-based implementation to DataFlow one 2022-12-14 17:37:32 +01:00
Tom Hvitved
c04b90bc6b Add change note 2022-12-14 16:30:18 +01:00
Alex Ford
2af5925f38 Ruby: improve coverage of GlobalID::Identification modelling 2022-12-14 15:21:19 +00:00
Owen Mansel-Chan
6ef677b606 Fix test to use hasQualifiedName/2 2022-12-14 15:20:02 +00:00
Owen Mansel-Chan
d18179c243 Add QLDoc for toString on DataFlowType 2022-12-14 14:56:54 +00:00
Asger F
a92acf5218 Merge pull request #11689 from asgerf/js/missing-csrf-qhelp 
JS: Update MissingCsrfMiddleware after 'csurf' deprecation
 2022-12-14 15:50:32 +01:00
Alvaro Muñoz
818c2da1aa fix Spife tests (without heuristics) 2022-12-14 15:42:27 +01:00
Alvaro Muñoz
4cf7299d79 restore Spife.qll to working status 2022-12-14 15:41:53 +01:00
Owen Mansel-Chan
50414cc748 Make DataFlowType a singleton 2022-12-14 14:40:15 +00:00
Alvaro Muñoz
14faff4477 fix restify tests 2022-12-14 15:38:35 +01:00
Owen Mansel-Chan
38369a72dc Merge pull request #11696 from github/smowton-patch-1 
go: fix bug in zip-slip example fix
 2022-12-14 14:31:58 +00:00
Michael Nebel
fe3c8613cd Java: Fix name of extensible in java integration test. 2022-12-14 15:25:47 +01:00
Chris Smowton
5799287a2b go: fix bug in zip-slip example fix 2022-12-14 13:51:32 +00:00
Jami
b248b44983 Merge pull request #11668 from jcogs33/jcogs33/update-isjdkinternal 
Java: update `isJdkInternal`
 2022-12-14 08:33:18 -05:00
Erik Krogh Kristensen
7615668f92 Merge pull request #11662 from erik-krogh/c-useInstanceOf 
Swift/C++: Use instanceof in more places
 2022-12-14 14:30:21 +01:00
Jami
f61b817751 Merge pull request #11631 from jcogs33/jcogs33/update-externalapi-charpredicate 
Java/C#: add `isUninteresting` to `ExternalApi` characteristic predicate
 2022-12-14 08:25:02 -05:00
Owen Mansel-Chan
0b849a319b Merge pull request #11587 from owen-mc/go/remove-error-expr-from-dbscheme 
Go: Remove @errorexpr from the dbscheme (use @badexpr)
 2022-12-14 13:15:04 +00:00
Anders Schack-Mulligen
598b4c38b7 Merge pull request #11619 from aschackmull/java/typetrack-lambda 
Java: Switch DispatchFlow to typetracking.
 2022-12-14 14:08:29 +01:00
Michael Nebel
bc02adb400 Java: Make the corresponding rename in all the data extensions. 2022-12-14 13:48:31 +01:00
Michael Nebel
b45d079a01 Java: Move and rename externalflow related extensible predicates. 2022-12-14 13:43:34 +01:00
Michael Nebel
9fc1b3ac82 C#: Rename predicates in tests. 2022-12-14 13:43:34 +01:00
Michael Nebel
b5e7ba6135 C#: Rename extensible predicate in data extension definitions. 2022-12-14 13:43:34 +01:00
Michael Nebel
596c2c0345 C#/Java: Rename the modelgenerator and converter predicate names. 2022-12-14 13:43:34 +01:00
Michael Nebel
6d7401de7d C#: Rename the extensible predicates related to external flow. 2022-12-14 13:43:34 +01:00
Alvaro Muñoz
e1f05e960d Merge branch 'restify_improvements' of https://github.com/pwntester/codeql into restify_improvements 2022-12-14 13:11:13 +01:00
Alvaro Muñoz
a71fc930a6 add tests 2022-12-14 13:11:02 +01:00
Tom Hvitved
5d9c64ba6f Ruby: Model flow through initialize constructors 2022-12-14 12:57:39 +01:00
Tom Hvitved
9a7628c988 Ruby: Add data flow tests for constructors 2022-12-14 12:57:39 +01:00
Tom Hvitved
25b2d11368 Merge pull request #11635 from hvitved/dataflow/approx-content 
Data flow: Introduce `ApproxContent` in a new pruning stage between stages 2 and 3
 2022-12-14 12:56:50 +01:00
Asger F
b63c658e3b JS: recognize tiny-csrf 2022-12-14 12:30:15 +01:00
Asger F
162419138d JS: Replace csurf -> lusca.csrf from example and qhelp 2022-12-14 12:30:15 +01:00
Owen Mansel-Chan
3c6f466e78 Include downgrade scripts in extractor pack 2022-12-14 10:46:20 +00:00
Owen Mansel-Chan
14e6f9fee2 Remove @errorexpr from the dbscheme (use @badexpr) 2022-12-14 10:46:19 +00:00