hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,923 Commits 1,673 Branches 157 Tags
d772ea0efe81f9f4917f84d6f95b7eed40cc222b
Commit Graph

32923 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ihsinme
d772ea0efe Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-01 10:49:36 +03:00
ihsinme
0c8a07218c Add files via upload 2022-02-25 11:16:05 +03:00
ihsinme
bddb5fd9f9 Add files via upload 2022-02-25 11:14:20 +03:00
ihsinme
3d1f4d5499 Merge pull request #1 from github/main 
up to head
 2022-02-25 11:04:55 +03:00
Mathias Vorreiter Pedersen
ab3cad749c Merge pull request #8173 from MathiasVP/add-using-expired-stack-address-query 
C++: Add another `CWE-825` query
 2022-02-24 17:18:35 +00:00
Tom Bolton
8dfc0d25d1 Merge pull request #8232 from github/tombolton/use-updated-counting-query 
Add new xss queries to result counting query
 2022-02-24 16:38:53 +00:00
Erik Krogh Kristensen
844815a032 Merge pull request #8231 from erik-krogh/fix-ql-for-ql-in-ql-for-ql 
QL: fix ql-for-ql errors inside ql-for-ql
 2022-02-24 15:01:45 +01:00
Erik Krogh Kristensen
ea1503ce2c fix ql-for-ql errors inside ql-for-ql 2022-02-24 14:41:27 +01:00
tombolton
d80ef6566d add new xss queries to result counting query 2022-02-24 13:31:40 +00:00
Tamás Vajk
83aaeca751 Merge pull request #8228 from tamasvajk/fix/change-notes-0.0.9 
Fix 0.0.9 change note to match concatenated change log
 2022-02-24 14:04:31 +01:00
Chris Smowton
4973224de7 Merge pull request #8216 from github/smowton/fix/creating-codeql-databases-docs-typo 
Fix typo
 2022-02-24 12:24:32 +00:00
Tamas Vajk
a8c2d87897 Fix 0.0.9 change note to match concatenated change log 2022-02-24 12:51:10 +01:00
Mathias Vorreiter Pedersen
e4af34253a C++: Actually fix incorrect annotation 2022-02-24 11:06:57 +00:00
Mathias Vorreiter Pedersen
ef5f16ddd3 Merge branch 'main' into add-using-expired-stack-address-query 2022-02-24 08:41:27 +00:00
Erik Krogh Kristensen
e13b2df86f Merge pull request #8185 from erik-krogh/amdImp 
JS: recognize modules imported by AMD imports as library inputs
 2022-02-23 20:21:45 +01:00
Chris Smowton
3167a67e65 Fix typo 2022-02-23 18:19:11 +00:00
Chris Smowton
01db73bfc7 Merge pull request #5935 from porcupineyhairs/javaSstiNew 
Java : Add SSTI query
 2022-02-23 17:30:02 +00:00
Mathias Vorreiter Pedersen
8900f6c043 C++: Add comment about ir re-evaluation. 2022-02-23 17:12:05 +00:00
Mathias Vorreiter Pedersen
033edc24f4 C++: Respond to review comments. 2022-02-23 16:23:49 +00:00
Mathias Vorreiter Pedersen
fd83f3a999 Merge pull request #8209 from jketema/ir-structured-bindings-tests 
C++: Add IR structured binding tests
 2022-02-23 16:09:40 +00:00
Chris Smowton
7b425a80bc Note path query expectations 2022-02-23 16:02:54 +00:00
Rasmus Wriedt Larsen
aeba497832 Merge pull request #7735 from yoff/python/promote-log-injection 
Python: promote log injection
 2022-02-23 16:21:12 +01:00
Jeroen Ketema
99dd049c1b Add IR test for tuple structured bindings 2022-02-23 16:15:19 +01:00
Jeroen Ketema
caf0f28547 Add IR test for data member structured bindings 2022-02-23 15:55:19 +01:00
Taus
3ce7d47b5b Merge pull request #7452 from jorgectf/python_jwt 
Python: Add Python_JWT to JWT security query
 2022-02-23 15:23:20 +01:00
Jeroen Ketema
ec2567b64b Add IR test for array structured bindings 2022-02-23 15:10:10 +01:00
Chris Smowton
a8fe10f353 Java template injection query: import pathgraph 2022-02-23 13:47:24 +00:00
Mathias Vorreiter Pedersen
4b03778938 Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-02-23 13:10:29 +00:00
CodeQL CI
7d55771092 Merge pull request #8150 from asgerf/js/prep-sharing-api-graph-mad 
Approved by erik-krogh
 2022-02-23 11:59:31 +00:00
CodeQL CI
62ee8fce3a Merge pull request #8186 from asgerf/js/request-forgery-docs-followup 
Approved by esbena, hubwriter
 2022-02-23 11:46:37 +00:00
Stephan Brandauer
a664e02d04 Merge pull request #8014 from kaeluka/js/functionality-from-untrusted-source 
JS: Functionality from untrusted sources query (CWE-830)
 2022-02-23 12:45:31 +01:00
Chris Smowton
50d9945625 Autoformat 2022-02-23 11:41:23 +00:00
Mathias Vorreiter Pedersen
53299d61eb C++: Add more tests. 2022-02-23 11:38:01 +00:00
Mathias Vorreiter Pedersen
c8f940124f C++: Respond to review comments. 2022-02-23 11:17:12 +00:00
Chris Smowton
476997a599 Replace more non-breaking spaces 2022-02-23 11:02:17 +00:00
Stephan Brandauer
1ed71e15f3 apply docreview feedback 2022-02-23 11:21:22 +01:00
Tony Torralba
f011bbc92c Merge pull request #8055 from luchua-bc/java/unsafe-url-forward-with-shared-lib 
CWE-552: Switch to the shared PathSanitizer library
 2022-02-23 11:00:23 +01:00
Stephan Brandauer
517d6969e1 Merge pull request #8171 from kaeluka/js/update-atm-query-docs-for-nosql-sql-injection 
update ATM NosqlInjection and SqlInjection query docs
 2022-02-23 10:54:37 +01:00
Asger Feldthaus
22ba43fff6 JS: Minor fixup in the client-side request forgery qhelp 2022-02-23 10:54:26 +01:00
Erik Krogh Kristensen
203212657e recognize modules imported by AMD imports as library inputs 2022-02-23 10:39:45 +01:00
Mathias Vorreiter Pedersen
8b7214621b Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.qhelp 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-02-23 09:38:30 +00:00
Mathias Vorreiter Pedersen
8e0f354c2c Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.cpp 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-02-23 09:38:06 +00:00
Mathias Vorreiter Pedersen
862ebefbad Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-02-23 09:33:58 +00:00
Mathias Vorreiter Pedersen
dda85bf234 Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-02-23 09:33:52 +00:00
Stephan Brandauer
c17d8b145a Merge pull request #8054 from asgerf/js/split-request-forgery 
JS: split request forgery query into server-side and client-side variants
 2022-02-23 10:27:16 +01:00
Mathias Vorreiter Pedersen
31a204a5d9 Merge pull request #8174 from jketema/hinding-cleanup 
C++: Simplify `cpp/declaration-hides-variable`
 2022-02-23 08:27:59 +00:00
Esben Sparre Andreasen
58e0d54744 Merge pull request #8168 from github/esbena/hapi-reflected-xss 
JS: model hapi handler returns as reflected-xss sinks
 2022-02-23 08:53:15 +01:00
jorgectf
4aa1c0a11e Update .expected 2022-02-23 00:55:39 +01:00
Jeroen Ketema
423d325204 C++: Simplify cpp/declaration-hides-variable 
The check for `(unnamed local variable)` is no longer needed, because these
variables are now identified as being compiler generated.
 2022-02-22 23:04:48 +01:00
Erik Krogh Kristensen
73f2e89f3e Merge pull request #8165 from erik-krogh/protoWrite 
JS: support more property writes in js/prototype-pollution-utility
 2022-02-22 21:30:22 +01:00