hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-06 06:05:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
31,072 Commits 1,747 Branches 166 Tags
f44f33788f49ffeddd11acd4f1a69a421b4a6137
Commit Graph

31072 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
f44f33788f QL: cache the compiled extractor 2021-12-17 20:22:55 +01:00
Erik Krogh Kristensen
380d238c31 QL: run the QL-for-QL tests when a nested folder is changed 2021-12-17 20:22:30 +01:00
Erik Krogh Kristensen
8fbd056b4e QL: add the QL-for-QL label automatically 2021-12-17 20:22:27 +01:00
Erik Krogh Kristensen
d612687ae7 QL: don't require change notes for QL-for-QL 2021-12-17 20:22:23 +01:00
Erik Krogh Kristensen
f7f9b4d3f4 QL: use erik-krogh/ql codeql-action 2021-12-17 20:22:20 +01:00
Erik Krogh Kristensen
ea1ee68fe1 QL: fix join order of ql/override-swapped-name 2021-12-17 20:22:20 +01:00
Erik Krogh Kristensen
5717a216d3 QL: fix bad join 2021-12-17 20:22:20 +01:00
Erik Krogh Kristensen
4d12d8dd5e QL: update the stats file 2021-12-17 20:22:20 +01:00
Henry Mercer
bebf4ca8fc Merge pull request #7357 from github/henrymercer/js-atm-only-featurize-with-flow 
JS: Only featurize endpoints that are part of a flow path
 2021-12-17 18:03:40 +00:00
Henry Mercer
d058d36b1f Merge pull request #7445 from github/henrymercer/bump-atm-pack-version 
Bump ATM pack version to 0.0.2
 2021-12-17 17:54:50 +00:00
Henry Mercer
055432530f Bump ATM pack version to 0.0.2 2021-12-17 16:49:59 +00:00
Henry Mercer
c1864531cd JS: Push FeaturizationConfig context into more predicates 2021-12-17 16:31:56 +00:00
Henry Mercer
383437c571 JS: Only featurize endpoints that are part of a flow path 2021-12-17 16:31:56 +00:00
Nick Rolfe
dd12eab29b Merge pull request #7444 from github/nickrolfe/ql-autobuilder 
QL for QL: add autobuilder that respects LGTM_INDEX_FILTERS
 2021-12-17 16:22:42 +00:00
Anders Schack-Mulligen
c03f189dec Merge pull request #7434 from MathiasVP/fix-join-order-in-phi-node 
C++: Fix join-order in `phi_node` predicate.
 2021-12-17 17:06:57 +01:00
Nick Rolfe
e6c60ebd41 QL for QL: add autobuilder that respects LGTM_INDEX_FILTERS 2021-12-17 16:05:21 +00:00
CodeQL CI
5054d5b555 Merge pull request #7420 from RasmusWL/ssrf-new 
Approved by yoff
 2021-12-17 15:20:49 +00:00
Rasmus Wriedt Larsen
83f87f0272 Python: Adjust .expected based on new comment 
That was changed in 9866214
 2021-12-17 15:29:41 +01:00
CodeQL CI
de4b655ddb Merge pull request #7327 from asgerf/js/handlebars-more-raw-interpolation 
Approved by erik-krogh
 2021-12-17 14:07:57 +00:00
Mathias Vorreiter Pedersen
45753e519f C++: Fully lock down the join order correctly. 2021-12-17 13:43:56 +00:00
Rasmus Wriedt Larsen
626009ea60 Python: Fix typo 2021-12-17 14:29:38 +01:00
yoff
9866214ebe Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/full_partial_test.py 2021-12-17 14:26:43 +01:00
CodeQL CI
39ec7132af Merge pull request #7049 from asgerf/js/routing-trees 
Approved by erik-krogh
 2021-12-17 12:26:38 +00:00
Tony Torralba
f3819e7b06 Merge pull request #7435 from github/atorralba/log4j-CVE-2021-45046 
Java: New sinks for Log4j CloseableThreadContext
 2021-12-17 13:19:51 +01:00
Erik Krogh Kristensen
c70a2bebda Merge pull request #7410 from erik-krogh/erik-krogh/publish-ql-for-ql 
Add QL for QL
 2021-12-17 12:55:25 +01:00
Mathias Vorreiter Pedersen
c1af8b93c2 C++: Better join-order fix. 2021-12-17 11:50:53 +00:00
Rasmus Wriedt Larsen
83f1b2ca5d Python: Add SSRF qhelp 
I included examples of both types in the qhelp of both queries, to
provide context of what each of them actually are.
 2021-12-17 11:48:26 +01:00
Anders Schack-Mulligen
3adc0b57ed Merge pull request #7426 from MathiasVP/fix-join-order-in-http-string-literal-charpred 
C++: Fix join-order in `HttpStringLiteral` charpred
 2021-12-17 11:21:38 +01:00
Arthur Baars
96aef9f63f Merge pull request #7393 from aibaars/ruby-simple-parameter-not-expr 
Ruby: SimpleParameter should not be an Expr
 2021-12-17 10:41:43 +01:00
Asger Feldthaus
89775428b4 JS: Autoformat 2021-12-17 10:32:02 +01:00
Asger Feldthaus
3e6389cad6 JS: Bump extractor version string 2021-12-17 10:32:00 +01:00
Asger Feldthaus
95a93fe033 JS: Change note 2021-12-17 10:31:50 +01:00
Asger Feldthaus
e2c6dd7d56 JS: Recognize {{& ... }} as an XSS sink 2021-12-17 10:31:50 +01:00
Asger Feldthaus
61cc84ba69 JS: Recognize leading/trailing ~ and & in mustache-tags 2021-12-17 10:31:50 +01:00
Asger Feldthaus
ce68a6d1c5 JS: Remove unneeded qualifier in static field access 2021-12-17 10:31:50 +01:00
Rasmus Wriedt Larsen
e7abe43e3e Python: Add SSRF change-note 2021-12-17 10:04:55 +01:00
Tom Hvitved
734bfbd7ae Merge pull request #7433 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-12-17 09:52:36 +01:00
Rasmus Wriedt Larsen
e309d8227c Python: Remove debug predicate 
Accidentally committed :|
 2021-12-17 09:44:35 +01:00
Tony Torralba
6f2d91a8ad Sinks for CloseableThreadContext 2021-12-17 09:17:04 +01:00
Mathias Vorreiter Pedersen
d840796494 C++: Fix join-order in 'phi_node' predicate. 2021-12-17 07:50:04 +00:00
github-actions[bot]
6c57cbba2b Add changed framework coverage reports 2021-12-17 00:09:41 +00:00
Rasmus Wriedt Larsen
1d00730753 Python: Allow http[s]:// prefix for SSRF 2021-12-17 00:27:18 +01:00
Rasmus Wriedt Larsen
8d9a797b75 Python: Add tricky .format SSRF tests 2021-12-17 00:24:51 +01:00
Rasmus Wriedt Larsen
6f297f4e9c Python: Fix SSRF sanitizer tests 
They were very misleading before, because a sanitizer that happened
early, would remove taint from the rest of the cases by use-use flow :|
 2021-12-16 23:24:08 +01:00
Rasmus Wriedt Larsen
4b5599fe17 Python: Improve full/partial SSRF split 
Now full-ssrf will only alert if **all** URL parts are fully
user-controlled.
 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
cb934e17b1 Python: Adjust SSRF location to request call 
Since that might not be the same place where the vulnerable URL part is.
 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
b1bca85162 Python: Add interesting test-case 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
5a7efd0fee Python: Minor adjustments to QLDoc of HTTP::Client::Request 2021-12-16 22:48:51 +01:00
Erik Krogh Kristensen
2626b0b3dc QL: fix test workflow 2021-12-16 22:26:42 +01:00
Erik Krogh Kristensen
be076dc2c8 add Erik and Taus as QL-for-QL reviewers 2021-12-16 21:47:42 +01:00