hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,989 Commits 1,703 Branches 162 Tags
f5ff50880c05009e4f0d2749fec736cc79657fd2
Commit Graph

53989 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sim4n6
f5ff50880c Updated qhelp for the use of html_escape() 2023-05-20 17:58:24 +01:00
Sim4n6
cc3cc1faef Merge branch 'ruby-UBV' of https://github.com/sim4n6/codeql-pun into ruby-UBV 2023-05-20 12:59:50 +01:00
Sim4n6
d11cb9195c Use of CGI.escapeHTML() in test samples 2023-05-20 12:57:50 +01:00
Sim4n6
e345d7dca4 Update ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:54:03 +01:00
Sim4n6
7cd1fd4bbf CWE-179 and CWE-180 are included in metadata 2023-05-20 12:51:45 +01:00
Sim4n6
957023ec44 nfd and nfkd are considered 2023-05-20 12:51:24 +01:00
Sim4n6
c9c7179a0b Deleted the ugly flowchart. 2023-05-20 12:49:46 +01:00
Sim4n6
c3c65ca712 Qhelp formatting 2023-05-20 12:48:26 +01:00
Sim4n6
8dcf139b45 Update ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:46:54 +01:00
Sim4n6
eb7e1de65b Update ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:43:05 +01:00
Sim4n6
69ca49f168 Deleted the UBV query change note. 2023-05-20 12:39:54 +01:00
Sim4n6
1247403d43 Updated expected results file 2023-05-04 08:56:45 +01:00
Sim4n6
14ca20e782 removed redundant imports 2023-05-03 17:43:54 +01:00
Sim4n6
019b85beb6 Add Unicode Bypass Validation query, test and help file 2023-05-02 15:36:39 +01:00
Mathias Vorreiter Pedersen
2e5a04854e Merge pull request #12989 from MathiasVP/add-fp-overrun-write-product-flow 
C++: Add testcase with `cpp/overrun-write` FP
 2023-05-02 14:33:34 +01:00
Mathias Vorreiter Pedersen
635d290504 C++: Add testcase with FP. 2023-05-02 13:51:16 +01:00
Asger F
67afbee06d Merge pull request #12825 from smiddy007/JS-Allow-Truncated-Hash-Forge-NonKeyCipher 
JS: Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS libr…
 2023-05-02 13:59:30 +02:00
Anders Schack-Mulligen
353d5f82a6 Merge pull request #12984 from aschackmull/dataflow/instanceof-node 
Dataflow: Replace "extends Node" with "instanceof Node".
 2023-05-02 13:52:33 +02:00
Asger F
0ce27d13a7 Merge pull request #12985 from asgerf/rb/meta-query-sql-injection 
Ruby: add SQL injection sinks to meta query
 2023-05-02 13:35:06 +02:00
Mathias Vorreiter Pedersen
ab67103e6e Merge pull request #12966 from MathiasVP/dataflow-for-static-vars 
C++: Dataflow for static local variables
 2023-05-02 11:52:43 +01:00
Anders Schack-Mulligen
ca09649679 Dataflow: Forward hasLocationInfo. 2023-05-02 10:48:32 +02:00
Asger F
f59c149bae Ruby: add SQL injection sinks to meta query 2023-05-02 10:46:55 +02:00
Anders Schack-Mulligen
2001ce34d4 Java/C#: Adjust references. 2023-05-02 10:21:09 +02:00
Tony Torralba
51c08f1314 Merge pull request #12969 from atorralba/atorralba/java/fix-model-generator-sinks-instance-parameters 
Java: Fix sink model generator for instance parameters
 2023-05-02 10:10:59 +02:00
Mathias Vorreiter Pedersen
fbc872cf1d Update cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-05-02 09:07:57 +01:00
Anders Schack-Mulligen
5927bb2030 Dataflow: Replace "extends Node" with "instanceof Node". 2023-05-02 09:48:34 +02:00
Nora Dimitrijević
383b2e183d Merge pull request #12936 from d10c/swift/rename-functions 
Swift: rename ugly names in the Function AST hierarchy
 2023-05-01 17:08:19 +02:00
Michael Nebel
a9cf6885d0 Merge pull request #12952 from michaelnebel/csharp/refactorcontentflow 
C#: Re-factor ContentFlow to a parameterised module and use the new API.
 2023-05-01 15:53:57 +02:00
Anders Schack-Mulligen
6c8cb0dc5e Merge pull request #12930 from aschackmull/dataflow/split-typedcontent 
Dataflow: Refactor access paths to split TypedContent into an explicit pair
 2023-05-01 14:58:15 +02:00
Tom Hvitved
3a8a585335 Merge pull request #12979 from hvitved/type-tracking-inline-late 
Type tracking: Use `noopt`+`inline_late` in `TypeTracker::[small]step`
 2023-05-01 14:58:04 +02:00
Tom Hvitved
4687ac16ff Type tracking: Use noopt+inline_late in TypeTracker::[small]step 2023-05-01 11:48:16 +02:00
yoff
0bc6f10a71 Merge pull request #12220 from amammad/amammad-python-paramiko 
add some python sinks for paramiko ssh clients
 2023-05-01 11:38:50 +02:00
Asger F
2c89f9747b Merge pull request #12949 from asgerf/js/angular-native 
JS: Add a few more DOM element sources
 2023-05-01 11:08:45 +02:00
Nora Dimitrijević
c81ea9d747 Merge branch 'main' into swift/rename-functions 2023-05-01 11:03:26 +02:00
Michael Nebel
36ea61c25e C#: Address review comments. 2023-05-01 10:38:39 +02:00
Asger F
e9f1e99526 Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization 
JS: Update model of js-yaml
 2023-05-01 09:57:20 +02:00
Rasmus Wriedt Larsen
1bba5258d6 Merge pull request #11280 from RasmusWL/dict-dataflow-steps 
Python: Support more dictionary read/store steps
 2023-04-30 16:07:29 +02:00
Mathias Vorreiter Pedersen
a7d238f4c4 C++: Accept consistency changes. 2023-04-28 22:41:58 +01:00
Erik Krogh Kristensen
3d41cd583f Merge pull request #12963 from tyage/track-interfile-use-router 
JS: Track interfile useRouter
 2023-04-28 22:41:43 +02:00
Asger F
d1c8e0abd7 Merge pull request #12951 from asgerf/js/json-with-comments 
JS: Stop complaining about comments in JSON files
 2023-04-28 20:53:35 +02:00
Tony Torralba
77ec181cac Java: Fix sink model generator for instance parameters 2023-04-28 14:49:04 +02:00
Asger F
f87740ab18 Merge pull request #12867 from asgerf/js/webpack-bundles 
JS: Ignore more webpack modules
 2023-04-28 14:35:57 +02:00
Asger F
1b75afb5b1 JS: Change note 2023-04-28 14:32:11 +02:00
Michael B. Gale
edfe2d7ab7 Merge pull request #12944 from github/mbg/go/html-template-sanitizers 
Go: Add `html/template` functions as sanitisers for XSS queries
 2023-04-28 12:15:57 +01:00
Michael B. Gale
5a44fae515 Go: add test for unrelated A->C data flow 2023-04-28 10:56:12 +01:00
Mathias Vorreiter Pedersen
2716c73f87 C++: Add change note. 2023-04-28 10:49:49 +01:00
Mathias Vorreiter Pedersen
c35cb70c9f C++: Fix inconsistencies. 2023-04-28 10:40:18 +01:00
Mathias Vorreiter Pedersen
fd2f0257b6 C++: Accept query changes. 2023-04-28 10:25:12 +01:00
Mathias Vorreiter Pedersen
24d1cac9d7 C++: Accept test changes. 2023-04-28 10:25:07 +01:00
Mathias Vorreiter Pedersen
ee7b137c24 C++: Add dataflow for static locals. 2023-04-28 10:24:57 +01:00