hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

50611 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
ea4c2e4321 Swift: Add CSV extension points. 2023-02-27 23:01:05 +00:00
Geoffrey White
c533334470 Swift: Implementation classes should be private. 2023-02-27 23:01:04 +00:00
Geoffrey White
c21ec1c3f5 Swift: Standardize the taint sources, sinks, sanitizers. 2023-02-27 23:01:04 +00:00
Geoffrey White
6928e62d8b Swift: Split the three sensitive exprs queries into separate QL and QLL files. 2023-02-27 23:01:04 +00:00
Nick Rolfe
0f4df0da99 Merge pull request #12326 from RasmusWL/python-fix-expected 
Python: Fix expected of call-graph after merge
 2023-02-27 17:30:10 +00:00
Erik Krogh Kristensen
50aa5e072a Merge pull request #12177 from erik-krogh/alias-html 
JS: More precise type-test sanitizer guards in unsafe-html-construction
 2023-02-27 18:16:11 +01:00
Rasmus Wriedt Larsen
d198b91c82 Python: Fix expected of call-graph after merge 
Since the import resolution was fixed, but tests not rerun, these
expectations were not updated to reflect that we now handle them
properly 💪
 2023-02-27 17:38:28 +01:00
Edward Minnix III
7f607fb46b Merge pull request #12032 from egregius313/egregius313/promote-hardcoded-jwt-credential 
Java: Promote Hardcoded JWT credential query
 2023-02-27 11:33:53 -05:00
Erik Krogh Kristensen
927c322b7b Merge pull request #11769 from erik-krogh/moreSan 
JS: Sanitizer for `sanitizer(x) === true`
 2023-02-27 15:48:34 +01:00
Mathias Vorreiter Pedersen
332b759873 Merge pull request #12275 from jketema/uniform-ssa 
Make "Detecting a potential buffer overflow" example more uniform
 2023-02-27 14:38:11 +00:00
Mathias Vorreiter Pedersen
1dd95a61c1 Merge pull request #12292 from github/calumgrant/aggregate-domain 
Query and tests for sum without domain
 2023-02-27 14:19:20 +00:00
Taus
25043f51a4 Merge pull request #11376 from RasmusWL/call-graph-code 
Python: New type-tracking based call-graph
 2023-02-27 14:51:21 +01:00
Paolo Tranquilli
5cb3279816 Merge pull request #12319 from github/redsun82/swift-codegen 
Codegen: make Swift codegen language agnostic
 2023-02-27 14:06:20 +01:00
Alex Ford
7c85448cba Merge pull request #12080 from alexrford/js-use-shared-cryptography 
JS: Use shared `CryptographicOperation` concept
 2023-02-27 12:26:38 +00:00
Tony Torralba
0e3f4f6c7c Merge pull request #12305 from pwntester/new_java_net_URL_toURI_taintstep 
Java: Add new java.net.URI taintsteps
 2023-02-27 13:09:46 +01:00
Ed Minnix
ed1aac1aa5 Remove unneeded example file 2023-02-27 12:16:14 +01:00
Ed Minnix
06a1368e7c Additional test cases 2023-02-27 12:16:14 +01:00
Ed Minnix
4aec708fac Add change note 2023-02-27 12:16:14 +01:00
Ed Minnix
6de946ef00 Remove experimental files 2023-02-27 12:16:14 +01:00
Ed Minnix
3ff1a97e38 Add byte[] signatures 2023-02-27 12:16:14 +01:00
Ed Minnix
d71386e001 Add example file for documentation 2023-02-27 12:16:14 +01:00
Ed Minnix
fa6ac063d1 Add com.auth0.jwt.algorithm.Algorithm sinks 
The HMAC* constructors of the com.auth0.jwt.algorithm.Algorithm class
take a secret as a parameter. Therefore, the arguments should be added
to be checked for hardcoded credentials.
 2023-02-27 12:16:14 +01:00
AlexDenisov
85bf10ee0f Merge pull request #12227 from github/redsun82/swift-5.7.3 
Swift: update to 5.7.3
 2023-02-27 10:24:07 +01:00
Paolo Tranquilli
1218145259 Codegen: update README.md files 2023-02-27 10:01:50 +01:00
Paolo Tranquilli
06a6450be4 Codegen: make --qltest-output optional 2023-02-27 09:46:48 +01:00
Paolo Tranquilli
cdd4e8021b Move swift/codegen to misc/codegen 2023-02-27 09:46:48 +01:00
Paolo Tranquilli
6d192cdcc1 Swift: make C++ code generation language agnostic 2023-02-27 09:46:48 +01:00
Paolo Tranquilli
feb4e60c4b Swift: make all ql generation language agnostic 2023-02-27 09:46:48 +01:00
Paolo Tranquilli
aca18f5da8 Swift: make codegen use a config file 2023-02-27 09:46:48 +01:00
Paolo Tranquilli
e4627cb702 Swift: make codegen a bit more language-agnostic 2023-02-27 09:46:48 +01:00
Tony Torralba
c027e10ef7 Add java.net tests 2023-02-27 09:33:16 +01:00
Tony Torralba
4a9f63ea1a Fix toASCIIString casing 2023-02-27 09:32:42 +01:00
erik-krogh
0e60fc5512 Merge branch 'main' into alias-html 2023-02-27 09:16:25 +01:00
Erik Krogh Kristensen
f8f926ad50 Merge pull request #12175 from erik-krogh/reg-input 
JS: add process.env and process.argv etc. as source for `js/regex-injection`
 2023-02-27 09:12:02 +01:00
Erik Krogh Kristensen
4ffe20ae75 Merge pull request #12189 from erik-krogh/more-export 
JS: also consider relative exports when finding library inputs
 2023-02-27 09:02:55 +01:00
Alvaro Muñoz
f393a3c549 Add toExternalForm 2023-02-24 18:50:31 +01:00
Alvaro Muñoz
f1d765aa27 Missing taintstep for java.net.URL.toURI() 2023-02-24 18:45:52 +01:00
Mathias Vorreiter Pedersen
f92433171d Merge pull request #12304 from MathiasVP/more-fixes-to-large-join-order-query 
QL: More fixes to the join-order query
 2023-02-24 14:21:05 +00:00
Mathias Vorreiter Pedersen
c9f8ebd620 QL: Remove redundant conjunct in aggregates. 2023-02-24 13:19:52 +00:00
Mathias Vorreiter Pedersen
375de59a14 QL: More fixes to the join-order query. 2023-02-24 12:44:17 +00:00
Calum Grant
10aad99e21 Add avg case 2023-02-24 11:02:07 +00:00
Tom Hvitved
af14f36127 Merge pull request #12289 from hvitved/util/file-system 
Util: Add shared file system implementation
 2023-02-24 11:23:48 +01:00
Chris Smowton
da459c4086 Merge pull request #12281 from smowton/smowton/feature/kotlin-too-new-diagnostic 
Add test for a too-new Kotlin version
 2023-02-24 08:48:30 +00:00
Mathias Vorreiter Pedersen
95283154ae Merge pull request #12303 from MathiasVP/join-order-query-fixes 2023-02-23 22:56:29 +00:00
Mathias Vorreiter Pedersen
1f40518c78 QL: Fixup the join-order query. 2023-02-23 22:39:20 +00:00
Mathias Vorreiter Pedersen
a86a8ced54 Merge pull request #12302 from MathiasVP/recursive-join-order-metric 
QL: Extend the join-order badness query to recursive predicates
 2023-02-23 22:35:35 +00:00
Mathias Vorreiter Pedersen
f0fe6fba88 QL: Accept test changes. 2023-02-23 22:25:04 +00:00
Mathias Vorreiter Pedersen
b0e391cff0 QL: Extend the join order metric to cover recursive predicates. 2023-02-23 22:12:23 +00:00
Mathias Vorreiter Pedersen
bb692a7e4a Merge pull request #12299 from github/calumgrant/qlql 
Add classes and predicates to StructuredLogs
 2023-02-23 21:47:28 +00:00
Calum Grant
41d88a45d9 Fix merge 2023-02-23 21:02:43 +00:00