Erik Krogh Kristensen
|
ea6b68fc59
|
add missing qldoc
|
2022-04-20 18:10:53 +02:00 |
|
Erik Krogh Kristensen
|
12e60c7a06
|
move TypeTestGuard to the Query.qll file
|
2022-04-20 18:10:53 +02:00 |
|
Erik Krogh Kristensen
|
b1bad271d5
|
only activate the PrefixString label in Query.qll files
|
2022-04-20 18:10:53 +02:00 |
|
Erik Krogh Kristensen
|
8a5b1668f9
|
move initialization of sanitizer-guards to Query.qll files
|
2022-04-20 18:10:53 +02:00 |
|
Erik Krogh Kristensen
|
73dbe44824
|
remove dead import
|
2022-04-20 18:10:53 +02:00 |
|
Erik Krogh Kristensen
|
8d3bd9d7cd
|
move the ExceptionXss sources into the Customizations file
|
2022-04-20 18:10:53 +02:00 |
|
Erik Krogh Kristensen
|
25708c5091
|
move the XssThroughDom sources into the Customizations file
|
2022-04-20 18:10:53 +02:00 |
|
Erik Krogh Kristensen
|
ad14bbae90
|
create a customizations file for StoredXss
|
2022-04-20 18:10:53 +02:00 |
|
Erik Krogh Kristensen
|
162a4992a5
|
move the ReflectedXss sources/sinks into the Customizations file
|
2022-04-20 18:10:53 +02:00 |
|
Erik Krogh Kristensen
|
173e1d0262
|
move the DomBasedXss sources/sinks into the Customizations file
|
2022-04-20 18:10:53 +02:00 |
|
Erik Krogh Kristensen
|
9631b68de9
|
move LocalUrlSanitizingGuard out of the customizations file
|
2022-04-20 18:10:52 +02:00 |
|
Arthur Baars
|
040dd09c5a
|
Merge pull request #8718 from github/sj/codeowners-pms
Update CODEOWNERS for documentation and license changes
|
2022-04-20 18:08:43 +02:00 |
|
Arthur Baars
|
98df392b4f
|
Merge pull request #8719 from github/sj/update-readme-license-explanation
Update README to clarify license explanation
|
2022-04-20 18:07:00 +02:00 |
|
AlexDenisov
|
a187939424
|
Merge pull request #8784 from AlexDenisov/alexdenisov/swift-package-test-sdk
Swift: package test SDK
|
2022-04-20 16:07:40 +02:00 |
|
Bas van Schaik
|
732a2c32a8
|
Update README.md
|
2022-04-20 15:03:49 +01:00 |
|
Anders Schack-Mulligen
|
677c436e99
|
Merge pull request #8703 from aschackmull/dataflow/revert-state-in-out-barriers
Dataflow: Revert support for flow-state based in-/out-barriers
|
2022-04-20 14:54:02 +02:00 |
|
Nick Rolfe
|
3d109a4051
|
Merge pull request #8777 from github/nickrolfe/post_update_node
Ruby: make PostUpdateNode public
|
2022-04-20 12:04:37 +01:00 |
|
Alex Denisov
|
682c910d49
|
Swift: package test SDK
|
2022-04-20 12:35:19 +02:00 |
|
Asger F
|
e60475618d
|
Merge pull request #8728 from asgerf/ql/library-coverage
QL: Add facilities for data flow
|
2022-04-20 11:40:18 +02:00 |
|
Nick Rolfe
|
f1b8af1db9
|
Ruby: rename PostUpdateNode::Range to PostUpdateNodeImpl
|
2022-04-20 10:35:40 +01:00 |
|
Anders Schack-Mulligen
|
cb898ae03f
|
Merge pull request #8701 from aschackmull/doc/any-none
Doc: Add any() and none() to the language reference.
|
2022-04-20 10:49:42 +02:00 |
|
yoff
|
0c7130602a
|
Merge pull request #8731 from RasmusWL/delete-old-readme
Python: Delete old dataflow readme
|
2022-04-20 10:36:12 +02:00 |
|
yoff
|
a66153d73e
|
Merge pull request #8733 from RasmusWL/split-dataflow-private
Python: Split `DataFlowPrivate`
|
2022-04-20 10:21:05 +02:00 |
|
Erik Krogh Kristensen
|
10130eef6d
|
Merge pull request #8678 from erik-krogh/fileSource
JS: Add files as a source for `js/xss-through-dom`
|
2022-04-20 09:18:38 +02:00 |
|
Felicity Chapman
|
b10e7300ae
|
Update docs/codeql/ql-language-reference/formulas.rst
|
2022-04-19 17:29:31 +01:00 |
|
Nick Rolfe
|
c02670aca2
|
Ruby: make PostUpdateNode public
|
2022-04-19 17:12:51 +01:00 |
|
Felicity Chapman
|
d663102ffb
|
Update docs/codeql/ql-language-reference/formulas.rst
|
2022-04-19 16:57:05 +01:00 |
|
Felicity Chapman
|
6fbe227cbc
|
Try to fix Sphinx warning in formulas.rst
|
2022-04-19 16:36:42 +01:00 |
|
Stephan Brandauer
|
2fb3147b7b
|
Merge pull request #8430 from kaeluka/js/CVE-2022-24718
JS: Add taint step for handlebars model
|
2022-04-19 15:57:58 +01:00 |
|
Michael Nebel
|
91324d40b5
|
Merge pull request #8659 from michaelnebel/csharp/capturemodelsmetadata
C#: Add kind tag to Capture model queries.
|
2022-04-19 16:39:03 +02:00 |
|
Anders Schack-Mulligen
|
48fbbf2531
|
Dataflow: Add change notes.
|
2022-04-19 15:29:35 +02:00 |
|
Anders Schack-Mulligen
|
b521d64156
|
Dataflow: Sync.
|
2022-04-19 15:29:35 +02:00 |
|
Anders Schack-Mulligen
|
4ae59b530b
|
Dataflow: Revert flow-state versions of in-/out-barriers.
|
2022-04-19 15:29:34 +02:00 |
|
Anders Schack-Mulligen
|
82463c9290
|
Merge pull request #8774 from MathiasVP/nomagic-revPartialPathStep
Add `nomagic` to `revPartialPathStep`
|
2022-04-19 14:02:04 +02:00 |
|
Mathias Vorreiter Pedersen
|
a7c0113bc7
|
Merge pull request #8741 from geoffw0/autogen
C++: Fix issue with extremely long comments in AutogeneratedFile.qll
|
2022-04-19 10:45:16 +01:00 |
|
Geoffrey White
|
0aa1945f30
|
C++: Comments.
|
2022-04-19 10:04:15 +01:00 |
|
Mathias Vorreiter Pedersen
|
91b413d59f
|
Dataflow: Sync identical files.
|
2022-04-19 09:57:21 +01:00 |
|
Mathias Vorreiter Pedersen
|
d5722ffa61
|
C++: Add 'nomagic' to 'revPartialPathStep'.
|
2022-04-19 09:56:41 +01:00 |
|
Chuan-kai Lin
|
b433f08cef
|
Merge pull request #8770 from cklin/csharp-downgrades-remove-version
C#: remove version from downgrades pack
|
2022-04-18 09:41:21 -07:00 |
|
Chuan-kai Lin
|
8e850ee564
|
C#: remove version from downgrades pack
|
2022-04-18 08:46:05 -07:00 |
|
Geoffrey White
|
8a32c17c56
|
C++: Fix the issue.
|
2022-04-14 17:03:28 +01:00 |
|
Jean Helie
|
d094bbc06d
|
Merge pull request #8546 from github/jhelie/enforce-unknown-incompatibiliy-with-notasink
ML: add defensive check to ensure Unknown endpoints cannot also be NotASink
|
2022-04-14 11:21:18 +02:00 |
|
Harry Maclean
|
c3f1fba985
|
Merge pull request #8598 from hmac/hmac/insecure-dep-resolution
Ruby: Add rb/insecure-dependency query
|
2022-04-14 02:09:44 +02:00 |
|
Jean Helie
|
1e39a9caae
|
ML: update regression test output following fix to getAnUnknown predicate
|
2022-04-13 18:14:16 +02:00 |
|
Jean Helie
|
f87cd164ce
|
ML: add defensive check to ensure Unknown endpoints cannot also be NotASink
|
2022-04-13 18:14:16 +02:00 |
|
Jean Helie
|
f2b813a6e7
|
ML: add regression test for effective sink that is also NotASink
|
2022-04-13 18:14:16 +02:00 |
|
Henry Mercer
|
6603f8ab94
|
Merge pull request #8734 from github/henrymercer/non-extending-subtypes-minor-fixes
Docs: Fix typo and formatting in "Non-extending subtypes"
|
2022-04-13 17:11:33 +01:00 |
|
Henry Mercer
|
54b3d4d0d7
|
Docs: Fix typo and formatting in "Non-extending subtypes"
- Fix typo `select any(Foo f) would yield bar` -> `select any(Foo f).foo() would yield bar`
- Fix inline code formatting
- Change `foo_method` to `fooMethod` to follow QL style guide
|
2022-04-13 16:12:42 +01:00 |
|
AlexDenisov
|
df2cc181a0
|
Merge pull request #8726 from redsun82/swift-prebuilt-fetching
Swift: fetch prebuilt swift and link against it
|
2022-04-13 16:58:36 +02:00 |
|
Paolo Tranquilli
|
aaf9e7da2f
|
turn off universal_binaries for now
|
2022-04-13 16:45:23 +02:00 |
|