hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-30 11:01:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,274 Commits 1,763 Branches 168 Tags
f4a5141ce8159eb24be2f75dd41ab548a98c8fff
Commit Graph

34274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
f4a5141ce8 Revert "JS: Recognize DomSanitizer from @angular/core" 
This reverts commit ff1d0cc4c7.
 2022-04-01 08:13:00 +00:00
Henry Mercer
4538f47906 Remove NoSQL sinks since September 2018 2022-04-01 08:13:00 +00:00
Esben Sparre Andreasen
fc5c3fdbe8 Remove additional Xss sinks 2022-04-01 08:13:00 +00:00
Esben Sparre Andreasen
59dddac3f7 Remove additional SQL sinks 2022-04-01 08:13:00 +00:00
Esben Sparre Andreasen
377af46bf8 Remove additional path-injection sinks 2022-04-01 08:13:00 +00:00
Esben Sparre Andreasen
83538137d5 Add benjamin-button.md 2022-04-01 08:13:00 +00:00
Esben Sparre Andreasen
1498e94f3b Remove pseudo-properties 2022-04-01 08:13:00 +00:00
Esben Sparre Andreasen
61151b4711 Remove 2020 sinks from SqlInjection.ql 2022-04-01 08:13:00 +00:00
Esben Sparre Andreasen
ffbe93616d Remove 2020 sinks from Xss.ql 2022-04-01 08:13:00 +00:00
Esben Sparre Andreasen
63a1cc4f25 Remove 2020 sinks from TaintedPath.ql 2022-04-01 08:13:00 +00:00
annarailton
c6bb4e42f6 Update endpointTypeEncoded -> label 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1821
 2022-03-31 09:21:38 +01:00
annarailton
e4c4de49eb Add test for query mappings 2022-03-31 09:21:38 +01:00
annarailton
de546bd11a Change encoding -> label and description -> labelName 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1820
 2022-03-31 09:21:38 +01:00
annarailton
0438fe19cb Change NotASinkType to NegativeType 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1819
 2022-03-31 09:21:37 +01:00
Arthur Baars
7e866ed376 Merge pull request #8617 from cklin/qldoc-coverage-new-language 
QLdoc check: handle new languages gracefully
 2022-03-31 10:00:36 +02:00
Chuan-kai Lin
1ff0fda5d1 QLdoc check: handle new languages gracefully 2022-03-30 14:58:13 -07:00
Chuan-kai Lin
48015e5a2e Merge pull request #8597 from cklin/run-js-ml-tests 
JS: Fix expected test output for ATM queries
 2022-03-30 13:10:02 -07:00
Chuan-kai Lin
a8dabb238d JS: Fix expected test output for ATM queries 2022-03-30 11:35:17 -07:00
Nick Rolfe
fa1bb82701 Merge pull request #8610 from github/nickrolfe/re-fix-location-join-order 
Ruby: undo accidental revert of #8538
 2022-03-30 16:31:52 +01:00
Nick Rolfe
10b75bff76 Ruby: undo accidental revert of 13be9919 2022-03-30 16:02:12 +01:00
Chris Smowton
9675f34cf5 Merge pull request #8257 from luchua-bc/java/insecure-webview-resource-response 
Java: CWE-200 Query to detect insecure WebResourceResponse implementation
 2022-03-30 15:56:27 +01:00
Arthur Baars
031d183bdf Merge pull request #8532 from aibaars/regex-refactor-2 
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
 2022-03-30 16:38:47 +02:00
Dave Bartolomeo
70c44734e6 Merge pull request #8445 from dbartol/dbartol/ir-range/semantic-scratch 
Sign, Modulus, and Range analysis for C++ using sharable semantic layer
 2022-03-30 07:08:09 -04:00
Dave Bartolomeo
e2396a5e03 Remove PrintIR tests for range analysis 
These were only used for debugging, and don't actually make good tests.
 2022-03-30 06:45:28 -04:00
Dave Bartolomeo
19789fa738 Merge remote-tracking branch 'upstream/main' into semantic-scratch 2022-03-30 06:39:14 -04:00
Nick Rolfe
a274af2b16 Merge pull request #7985 from github/nickrolfe/constant_regexp 
Ruby: separate constant propagation of regexps from strings
 2022-03-30 11:37:33 +01:00
Robert Marsh
8d21c8b7c5 Merge pull request #8423 from 4B5F5F4B/main 
[CPP][Linux Kernel]Add ql to detect CVE-2017-5123
 2022-03-29 15:10:15 -04:00
luchua-bc
fa2a6a7da3 Remove unnecessary taint step and update qldoc 2022-03-29 17:52:49 +00:00
Jeroen Ketema
e5ac492b62 Merge pull request #8593 from jketema/pointless-options 
C++: Remove debugging options from library tests
 2022-03-29 17:55:47 +02:00
Jeroen Ketema
d1857a9e37 C++: Remove debugging options from library tests 2022-03-29 17:24:18 +02:00
Michael Nebel
c3ac5aba57 Merge pull request #8482 from michaelnebel/csharp/capturesourcesink-models 
C#: Capture[Source|Sink]Models utility.
 2022-03-29 14:43:10 +02:00
Dave Bartolomeo
c9f79047b3 Improve QLDoc 2022-03-29 07:27:45 -04:00
Dave Bartolomeo
01c747ccb7 Remove debugging code 2022-03-29 07:14:51 -04:00
Dave Bartolomeo
820beed085 Remove Java portion (moved to separate PR) 2022-03-29 07:09:33 -04:00
Tony Torralba
e564481e9f Organize imports 2022-03-29 11:38:24 +02:00
Asger F
68575f3655 Merge pull request #8579 from asgerf/js/literal-csv-rows 
JS: write all CSV rows as literals
 2022-03-29 11:13:19 +02:00
Michael Nebel
8e60073d5a Java: Remove dataflow imports for java.qll. 2022-03-29 11:07:58 +02:00
Michael Nebel
f734edf8ff C#/Java: Minor refactor and re-arranging of code to align the CaptureModel specific implementations. 2022-03-29 11:07:58 +02:00
Michael Nebel
dd267b353a C#: Move isRelevantMemberAccess out of PropagateToSinkConfigurationSpecific. 2022-03-29 11:07:58 +02:00
Michael Nebel
3933dfa78e Java: Make imports private and add parts of the dataflow library to java.qll (same as in C#). 2022-03-29 11:07:58 +02:00
Michael Nebel
ad90c55bc6 C#: Improve encapsulation in CaptureModelsSpecific. 2022-03-29 11:07:57 +02:00
Michael Nebel
26d5eb64b3 C#/Java: Initial merge ModelGeneratorUtils into CaptureModels. 2022-03-29 11:07:57 +02:00
Michael Nebel
9b7691a5fc C#/Java: Address comments on re-exposing functionality. 2022-03-29 11:07:57 +02:00
Michael Nebel
1710b66003 C#/Java: Some minor variable name changes and QL Doc updates. 2022-03-29 11:07:57 +02:00
Michael Nebel
4298024cd6 C#: Refactor isRelevantForModels. 2022-03-29 11:07:57 +02:00
Michael Nebel
5970fd9904 C#: Also include property reads in possible new sink discovery. Only include public fields and properties. 2022-03-29 11:07:57 +02:00
Michael Nebel
8a65efbae4 C#/Java: Add isRelevantSinkKind predicate with language specific implementation. 2022-03-29 11:07:57 +02:00
Michael Nebel
0009d781d7 Java: Make most imports private. 2022-03-29 11:07:57 +02:00
Michael Nebel
1c7d764d54 C#: Make most module imports private. 2022-03-29 11:07:57 +02:00
Michael Nebel
ad27a5a1a6 C#/Java: Add some more QL Doc to the CaptureModels[Specific] implementation. 2022-03-29 11:07:57 +02:00