hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
490 Commits 1,684 Branches 159 Tags
dcd6aaf69a67ec2e365737993687ea1231518643
Commit Graph

292 Commits

Author SHA1 Message Date
Sauyon Lee
ea3a7e8038 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-04-02 23:58:39 -07:00
Sauyon Lee
e27947e280 Add comment for new url concatenation sanitizer 2020-04-02 23:58:39 -07:00
Sauyon Lee
3c02b3ab74 Add SafeUrlFlowCustomizations doc comment 2020-04-02 23:58:38 -07:00
Sauyon Lee
c68e509508 OpenUrlRedirect: Fix some comments 2020-04-02 23:58:37 -07:00
Sauyon Lee
4e5b17e18d Sanitize hostname if there is a slash and a previous component 2020-04-02 23:58:36 -07:00
Sauyon Lee
4b3982154a Add a SafeUrlFlow configuration 2020-04-02 23:58:35 -07:00
Sauyon Lee
4bcffe2d47 RequestForgery: Add a safe URL sanitizer 2020-04-02 23:58:34 -07:00
Sauyon Lee
1c859a8991 Address review comments 2020-04-02 23:58:33 -07:00
Sauyon Lee
89a03c8b67 RequestForgery: Add high precision 2020-04-02 23:49:58 -07:00
Sauyon Lee
314787956b Allow write base to be inside an implicit dereference 2020-04-02 23:49:56 -07:00
Sauyon Lee
e9b0f88946 RequestForgery: Add taint step for URL Host assignment 2020-04-02 23:49:55 -07:00
Sauyon Lee
12928d9f17 HTTP: Add model for Client.Do 2020-04-02 23:49:55 -07:00
Sauyon Lee
6876eabf54 RequestForgery: Add query help 2020-04-02 23:49:54 -07:00
Sauyon Lee
b23c75afb6 RequestForgery: move query from experimental 2020-04-02 23:49:53 -07:00
Max Schaefer
77c282824e Merge pull request #81 from gagliardetto/system-executors 
Expand system executors (continuation of #70)
 2020-04-03 07:24:05 +01:00
Sauyon Lee
f9610f22e7 Merge pull request #85 from max-schaefer/codeql-stats 
Use CodeQL for creating stats
 2020-04-02 10:57:20 -07:00
Slavomir
b5f14d1296 Add awk and similar 2020-04-02 13:07:43 +03:00
Slavomir
81bc3c03a9 Add more commands 2020-04-02 13:03:22 +03:00
Max Schaefer
ddb6f2ca6a Update stats. 2020-04-02 10:15:20 +01:00
Slavomir
32beebd059 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-04-02 12:09:06 +03:00
Sauyon Lee
bc59fa40d7 Merge pull request #73 from intrigus-lgtm/make-CWE-643-supported 
Make cwe 643 supported
 2020-04-01 17:45:45 -07:00
intrigus
be21d49cf2 Add precision to query 2020-04-01 16:15:24 +02:00
intrigus
a524cc4716 Properly match methods defined in classes 2020-04-01 16:04:24 +02:00
Slavomir
33c18b0d11 expand system executors 2020-04-01 15:12:48 +03:00
intrigus
e18d15070a Switch to jbowtie/gokogiri 2020-03-30 23:42:44 +02:00
intrigus
b097826dd8 Add missing class qualifiers 2020-03-30 23:42:13 +02:00
intrigus
051f17ce67 Fix class name 2020-03-30 23:37:37 +02:00
Max Schaefer
28ed803fae Data flow: Add module doc comment for TaintTrackingImpl.qll 
cf https://github.com/Semmle/ql/pull/3155
 2020-03-30 11:21:53 +01:00
Max Schaefer
bb34c91b38 Add Qldoc for the last few remaining predicates. 
Apart from a missing module doc comment for `TaintTrackingImpl.qll` which we'll need to synchronize with the other languages (https://github.com/Semmle/ql/pull/3155), this gets us to 100% Qldoc coverage.
 2020-03-30 10:38:25 +01:00
intrigus
26cfa93947 Ignore type incompatible sinks 2020-03-27 21:32:53 +01:00
intrigus
21feb9d996 Add byte slice type 2020-03-27 15:37:36 +01:00
intrigus
d609c0ca43 Shorten example code 2020-03-27 15:31:20 +01:00
intrigus
c5a1185939 Apply style suggestions 2020-03-27 15:29:21 +01:00
intrigus
b24c23389c Don't match unexported functions 2020-03-27 15:21:00 +01:00
intrigus-lgtm
5eaaa4264a Apply suggestions from code review 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-27 13:42:30 +01:00
Sauyon Lee
4747524fee Address review comments 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-27 04:15:30 -07:00
Sauyon Lee
05761bc2cd Address review comments 2020-03-27 04:03:30 -07:00
Sauyon Lee
a4f1e2b527 Add a model for Read methods on io.Reader 2020-03-26 18:57:44 -07:00
intrigus
be50db1cc7 Move XPath injection query to supported query 
The XPath injection query is moved to the supported queries.
Removed unnecessary code from the go test file
 2020-03-26 20:19:58 +01:00
intrigus
03023e8205 Add XPath model to default imports 2020-03-26 20:19:19 +01:00
intrigus
35a6fdb589 Add XPath framework models 2020-03-26 20:18:16 +01:00
Sauyon Lee
1f4d67b77b OpenUrlRedirect: Whitelist some more fields and methods 2020-03-26 07:20:51 -07:00
Sauyon Lee
541c82a7f3 HTTP: Add some more untrusted fields and methods 
Also, fix up broken tests.
 2020-03-26 07:20:14 -07:00
Sauyon Lee
e1b0bed6b3 Merge pull request #72 from max-schaefer/improve-virtual-call-resolution 
Refine virtual call targets by local reasoning where possible
 2020-03-26 06:00:59 -07:00
Max Schaefer
e6bdc1809b Update ql/src/semmle/go/dataflow/internal/DataFlowDispatch.qll 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-25 15:04:48 +00:00
Sauyon Lee
f77d46f296 Address review comments. 2020-03-25 04:01:15 -07:00
Sauyon Lee
9321ff9110 OpenUrlRedirect: Add support for url.Host reassignments 2020-03-25 04:01:14 -07:00
Sauyon Lee
5f83dbd07b OpenUrlRedirect: Exclude header sources 2020-03-25 04:01:13 -07:00
Sauyon Lee
49aa43bd49 Make header Get and Values calls into taint steps 2020-03-25 04:01:12 -07:00
Sauyon Lee
83a417f52e OpenUrlRedirect: Use a taint-tracking safe URLs 2020-03-25 04:01:11 -07:00