codeql

mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00

Author	SHA1	Message	Date
Chris Smowton	6af5c5fc86	Add change note	2021-09-14 12:36:38 +01:00
Chris Smowton	26dbf058c8	Add reverse import from ExternalFlow.qll	2021-09-14 12:35:33 +01:00
Chris Smowton	fcc0f1d5a7	Expand test to exercise all sinks	2021-09-14 12:27:33 +01:00
Chris Smowton	e439b7d7f8	Remove resource-related sources These access application-owned resources AFAICT	2021-09-14 12:24:27 +01:00
Tony Torralba	b740cf9664	Add change note	2021-09-14 13:16:47 +02:00
Tony Torralba	097927226b	Improved heuristics to increase precision	2021-09-14 13:16:47 +02:00
Tony Torralba	f8d1e2ac11	Refactor tests to use InlineExpectationsTest	2021-09-14 13:16:45 +02:00
Tony Torralba	1f7990d6bb	Refactor to use ConditionalBypassQuery.qll	2021-09-14 13:16:09 +02:00
Tony Torralba	a484e9fb06	Use RemoteFlowSource instead of UserInput	2021-09-14 13:16:09 +02:00
Tom Hvitved	b69033f4ff	C++: Upgrade script	2021-09-14 13:14:04 +02:00
Tom Hvitved	6c32b92929	C++: Drop redundant columns from `files` and `folders` relations	2021-09-14 13:14:04 +02:00
Tom Hvitved	98a12cef26	Merge pull request #6690 from hvitved/js/files-folders-drop-columns JavaScript: Drop redundant columns from `files` and `folders` relations	2021-09-14 13:13:37 +02:00
Chris Smowton	104873e8ee	Autoformat	2021-09-14 12:07:59 +01:00
Chris Smowton	6811441459	Factor JSF source definitions	2021-09-14 12:07:48 +01:00
Chris Smowton	b7fc068cee	Move JSFRenderer.qll to lib	2021-09-14 11:49:01 +01:00
Chris Smowton	023c533745	Combine Servlet and JSF vulnerable writer flow-tracking JSP and Servlet already shared this logic; might as well add JSF into the same mechanism.	2021-09-14 11:48:34 +01:00
Chris Smowton	cb8096f636	Remove JSF XSS Example Per previous commit, no need for a top-level JSF example	2021-09-14 11:47:37 +01:00
Chris Smowton	cca9ad06b4	Remove JSF example I don't think we need this: there are lots of possible XSS vectors; we don't need to enumerate every one in the qhelp file.	2021-09-14 11:47:36 +01:00
Chris Smowton	76e4077b56	Delete unused classes	2021-09-14 11:47:35 +01:00
luchua-bc	24addd5c10	Query to detect XSS with JavaServer Faces (JSF)	2021-09-14 11:47:32 +01:00
Chris Smowton	e92b9cbe99	Improve getAProducesExpr documentation	2021-09-14 11:16:45 +01:00
Benjamin Muskalla	f9918cc63c	Test generator uses `InlineFlowTest`	2021-09-14 11:58:56 +02:00
Anders Schack-Mulligen	e71173d953	Merge pull request #6591 from bmuskalla/inlineFlowTest Java: Simplify setup for flow tests using `InlineExpectationsTest`	2021-09-14 10:31:29 +02:00
Tom Hvitved	57b5b2af2e	JavaScript: DB upgrade script	2021-09-14 10:25:53 +02:00
Tom Hvitved	25e1da0150	JavaScript: Update expected test output	2021-09-14 10:25:42 +02:00
Tom Hvitved	63e28c57cd	JavaScript: Drop redundant columns from `files` and `folders` relations	2021-09-14 10:25:37 +02:00
Benjamin Muskalla	199e015a06	Support missing String methods	2021-09-14 10:22:22 +02:00
Tamás Vajk	d52616b687	Merge pull request #6683 from tamasvajk/feature/csv-coverage-fix Only leave CSV coverage updater job enabled on github/codeql	2021-09-14 10:13:28 +02:00
Benjamin Muskalla	93f9097b02	Merge pull request #6689 from github/workflow/coverage/update Update CSV framework coverage reports	2021-09-14 09:35:31 +02:00
ihsinme	8fa3cefb8c	Update DoubleRelease.ql	2021-09-14 10:31:20 +03:00
ihsinme	d150c9a6be	Update DoubleRelease.ql	2021-09-14 08:51:13 +03:00
github-actions[bot]	bf7c26e681	Add changed framework coverage reports	2021-09-14 00:07:57 +00:00
Taus	4d24be04a1	Merge pull request #6688 from RasmusWL/small-fix Python: Fix `globals() == locals()` FP	2021-09-13 21:50:13 +02:00
Erik Krogh Kristensen	b889674486	add change note	2021-09-13 20:45:35 +02:00
Erik Krogh Kristensen	8569d261f7	add test	2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen	8e98dcefb1	add clipboard data as a RemoteFlowSource	2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen	3983aceb48	recognize types of the form "HTML%Element" as dom values	2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen	bac80bf686	delete ClipboardXss.ql experimental query	2021-09-13 20:43:31 +02:00
Rasmus Wriedt Larsen	f402475dd3	Python: Fix `globals() == locals()` FP	2021-09-13 20:03:11 +02:00
Rasmus Wriedt Larsen	69fe2a36e5	Python: Add `globals() == locals()` test	2021-09-13 20:02:08 +02:00
Rasmus Wriedt Larsen	ba7cdec2ea	Python: Add some lines in test file These are just empty now, such that it's obvious the tests didn't change.	2021-09-13 20:00:50 +02:00
Rasmus Wriedt Larsen	a9694bf0ef	Python: Clean whitespace	2021-09-13 19:58:59 +02:00
Mathias Vorreiter Pedersen	a714966e9b	Import 'cpp' and add more description.	2021-09-13 18:43:34 +01:00
Ethan P	930a36df37	Add example step for ending build tracing	2021-09-13 13:40:49 -04:00
Mathias Vorreiter Pedersen	034899367d	C++: Exclude uninstantiated templates from AV Rule 114.	2021-09-13 18:08:51 +01:00
Ethan P	47a543e086	Add reviewer feedback	2021-09-13 12:02:31 -04:00
Tom Hvitved	3bdc92ba8e	Merge pull request #6681 from hvitved/java/files-folders-drop-columns Java: Drop redundant columns from `files` and `folders` relations	2021-09-13 17:43:31 +02:00
Chris Smowton	122ffca049	Merge pull request #6645 from Marcono1234/marcono1234/spurious-javadoc-param-generic-class Java: Detect spurious param Javadoc tag of generic classes	2021-09-13 16:41:06 +01:00
Benjamin Muskalla	24d740b2da	Merge branch 'main' into inlineFlowTest	2021-09-13 17:15:37 +02:00
Benjamin Muskalla	bf5a46f6d8	Simplify inline tests	2021-09-13 17:08:02 +02:00

1 2 3 4 5 ...

26109 Commits