hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 04:40:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
39,717 Commits 1,773 Branches 168 Tags
e39da7d12003849d9d036396da05aa596d1be8da
Commit Graph

39717 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
e39da7d120 Revert "JS: Recognize DomSanitizer from @angular/core" 
This reverts commit ff1d0cc4c7.
 2022-05-25 13:54:40 +00:00
Henry Mercer
199f8e981c Remove NoSQL sinks since September 2018 2022-05-25 13:54:40 +00:00
Esben Sparre Andreasen
dc753961bf Remove additional Xss sinks 2022-05-25 13:54:40 +00:00
Esben Sparre Andreasen
8a46def57b Remove additional SQL sinks 2022-05-25 13:54:40 +00:00
Esben Sparre Andreasen
ed61dadc1e Remove additional path-injection sinks 2022-05-25 13:54:40 +00:00
Esben Sparre Andreasen
b8946e66f8 Remove pseudo-properties 2022-05-25 13:54:40 +00:00
Esben Sparre Andreasen
75b09ee8c7 Remove 2020 sinks from SqlInjection.ql 2022-05-25 13:54:40 +00:00
Esben Sparre Andreasen
7e134bba6c Remove 2020 sinks from Xss.ql 2022-05-25 13:54:40 +00:00
Esben Sparre Andreasen
10b660ddbe Remove 2020 sinks from TaintedPath.ql 2022-05-25 13:54:40 +00:00
tombolton
5cbec77509 randomly sample 5 percent of unknown in evaluation endpoints 2022-05-25 14:53:20 +01:00
tombolton
2771d3471b update XssThroughDom with Eriks recent changes 2022-05-25 14:44:14 +01:00
tombolton
07251ac35c replace StoredXss with CodeInjection in alert counting query 2022-05-25 14:44:14 +01:00
tombolton
c397a98922 remove additional XssThroughDom import 2022-05-25 14:44:14 +01:00
tombolton
dadfbb886a fix case in ExtractEndpointData.qll 2022-05-25 14:44:13 +01:00
tombolton
27f50d6118 update docstrings of CodeInjection and XssThroughDom queries 2022-05-25 14:44:13 +01:00
tombolton
a71f10494f explicitly include individual boosted queries in the ATM suite 2022-05-25 14:44:13 +01:00
tombolton
63626fdc67 add XssThroughDomATM.ql 2022-05-25 14:44:13 +01:00
tombolton
be6f6f5298 use new module names based on depreciation warning 2022-05-25 14:44:12 +01:00
tombolton
9ef4bf5441 fix case in CodeInjectionATM.qll 2022-05-25 14:44:12 +01:00
tombolton
a7d385cf99 add XssThroughDom and CodeInjection to mapping query 2022-05-25 14:44:12 +01:00
tombolton
adb4fc324f add XssThroughDom and CodeInjection to ExtractEndpointData.qll 2022-05-25 14:44:12 +01:00
tombolton
5f5e86c2b2 add XssThroughDom and CodeInjection to Queries.qll 2022-05-25 14:44:11 +01:00
tombolton
0c4dc1a143 add CodeInjection sink to the endpoint types 2022-05-25 14:44:11 +01:00
tombolton
de1bc89099 add CodeInjection extraction and evaluation queries 2022-05-25 14:44:11 +01:00
tombolton
f2f6379054 fix docstrings in XssThroughDom queries 2022-05-25 14:44:10 +01:00
tombolton
f2a0c38232 add XssThroughDom extraction and evaluation queries 2022-05-25 14:44:10 +01:00
Tom Bolton
67572bb770 Merge pull request #9193 from github/tombolton/add-counting-queries 
JS: Add individual per-security-query counting queries
 2022-05-25 10:02:28 +01:00
Michael Nebel
e9d371c650 Merge pull request #8600 from michaelnebel/csharp/dotnetruntimemodels 
C#: Dotnet Runtime models.
 2022-05-25 10:33:09 +02:00
AlexDenisov
8b131adeb1 Merge pull request #9283 from github/alexdenisov/swift-integration-tests 
Swift: add integration tests
 2022-05-25 10:04:08 +02:00
Michael Nebel
9cab92b16f C#: Update flow summaries test after rebase. The rebase included a fix to the isAutoGenerated predicate, which means that a summary is only considered autogenerated, if no hand-written version exist. This affects the printing as well. 2022-05-25 08:28:15 +02:00
Michael Nebel
5b405bb4cf C#: Update FlowSummaries test with generated printing (needed due to rebase). 2022-05-25 08:28:15 +02:00
Michael Nebel
ba7238d6e2 C#: Update XML Injectiont test output after rebase (query has been turned into a path-problem and the output is now affected by the added summaries for NameValueCollection). 2022-05-25 08:28:15 +02:00
Michael Nebel
75532432af C#: Update flow summaries test (note that the test doesn't correctly print the generated flag at the moment). 2022-05-25 08:28:15 +02:00
Michael Nebel
c8ede58704 C#: Flow summaries has now been added for Exception stack trace, but not for ToString. The latter will be encoded as an extra taintstep in the analysis. To reduce noise for all uses of an exception itself an isSanitizerIn is introduced. 2022-05-25 08:28:15 +02:00
Michael Nebel
4d6d1c8376 C#: Since NameValueCollection now has a flow summary for the string indexer it is no longer consider an unsafe external api, which is why it has disappared from the result. 2022-05-25 08:28:14 +02:00
Michael Nebel
ee027f845c C#: Since NameValueCollection now has a flow summary for the indexer it is considered a SafeExternalApiCallable and will thus not be included in the result of the test. 2022-05-25 08:28:14 +02:00
Michael Nebel
268230ef19 C#: Add QlDoc to the Generated file. 2022-05-25 08:28:14 +02:00
Michael Nebel
e2d6cd20c7 C#: Update tests due to new summaries for ProcessStartInfo. 2022-05-25 08:28:14 +02:00
Michael Nebel
9b8636aa23 C#: Update test because we now have a flow summary the string indexer for NameValueCollection. 2022-05-25 08:28:14 +02:00
Michael Nebel
d9c7ba471d C#: Update taint steps test as the generated models now include a model for the getters for KeyValuePair (we only had manual summaries for the constructor). 2022-05-25 08:28:14 +02:00
Michael Nebel
f8e729025f C#: Add generated Dotnet Runtime summary models that allows to up two reads and two stores and update flow summaries test. 2022-05-25 08:28:14 +02:00
Michael Nebel
3b62b45ea8 C#: Add generated framework models to ExternalFlow. 2022-05-25 08:28:14 +02:00
Tom Hvitved
efda248bea Merge pull request #9315 from michaelnebel/swift/dataflowsync 
Swift: Sync changes to DataFlowImplCommon from PR #9024.
 2022-05-25 08:24:15 +02:00
Michael Nebel
5f3a039c65 Swift: Sync changes to DataFlowImplCommon from PR #9024. 2022-05-25 08:05:22 +02:00
Robert Marsh
8cc509e5e9 Merge pull request #9275 from MathiasVP/swift-add-dataflow-lib 
Swift: Add shared dataflow library
 2022-05-24 15:11:42 -04:00
Robert Marsh
54ac36718c Merge pull request #9284 from MathiasVP/more-cfg-for-exprs 
Swift: CFG for `TypeExpr`, `MemberRefExpr`, `DefaultArgumentExpr` and `ForceValueExpr`
 2022-05-24 14:51:26 -04:00
Chris Smowton
98ef22358e Merge pull request #9213 from smowton/smowton/fix/inherited-single-abstract-method 
Kotlin: fix implementation of SAM classes that inherit their abstract method
 2022-05-24 18:22:55 +01:00
Ian Lynagh
2e1db7ddcd Merge pull request #9290 from igfoo/igfoo/kotlin1.7 
Kotlin: Add support for the 1.7 RC
 2022-05-24 16:16:19 +01:00
Nick Rolfe
dd52a70454 Merge pull request #9292 from github/nickrolfe/cfg_scope 
Ruby: rename CfgScope::Range_ to CfgScopeImpl
 2022-05-24 15:53:16 +01:00
Michael Nebel
daace0fe68 Merge pull request #9270 from michaelnebel/csharp/summarized-callable-fix 
C#: Summarized callable
 2022-05-24 16:36:44 +02:00