hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 02:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,158 Commits 1,693 Branches 161 Tags
fc7e062debb99a4cfe5d537cf9cf72f3e5b42f9c
Commit Graph

24158 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
fc7e062deb Java: Add models for the Spring cache package 2021-07-14 04:57:56 -07:00
Sauyon Lee
d9fb09d132 Java: Add models for the Spring ui package. 2021-07-14 04:57:56 -07:00
Anders Schack-Mulligen
04244b3c45 Merge pull request #5974 from github/sauyon/java/spring-webmultipart 
Model Spring `web.multipart`
 2021-07-14 13:57:24 +02:00
Anders Schack-Mulligen
3c4cd15738 Merge pull request #5505 from joefarebrother/android-sql-convert 
Java: Convert Android SQL-related flow steps to CSV format
 2021-07-14 13:56:55 +02:00
Mathias Vorreiter Pedersen
0b21caa9ae Merge pull request #6280 from MathiasVP/restrict-call-context-relation 
C++: Potentially improve performance of call-context calculation
 2021-07-14 12:15:26 +02:00
Mathias Vorreiter Pedersen
1480ac7c1d C++: Potentially improve performance by restricting the size of the call-context relation. 2021-07-14 11:23:56 +02:00
Chris Smowton
3ae99b93ca Merge pull request #6215 from aschackmull/java/fix-csv-subtype-interpretation 
Java: Fix CSV subtype interpretation
 2021-07-14 09:57:21 +01:00
CodeQL CI
f6f7020388 Merge pull request #6250 from erik-krogh/python-redos-unicode 
Approved by RasmusWL
 2021-07-14 01:09:26 -07:00
CodeQL CI
436168aa4f Merge pull request #6267 from erik-krogh/read-pkg 
Approved by asgerf
 2021-07-14 01:01:33 -07:00
Anders Schack-Mulligen
8dc1f28c68 Merge pull request #6272 from hvitved/dataflow/flow-summary-impl-cached 
Data flow: Use cached predicates from DataFlowImplCommon in `FlowSummaryImpl.qll`
 2021-07-14 09:12:23 +02:00
Sauyon Lee
51211c0394 Add stubs 2021-07-13 10:29:02 -07:00
Sauyon Lee
c2c7fee8df Fix tests 2021-07-13 10:29:02 -07:00
Sauyon Lee
b01e6d49fb Add generated tests 2021-07-13 10:29:01 -07:00
Sauyon Lee
b807757863 Model Spring web.multipart 2021-07-13 10:29:01 -07:00
Robert Marsh
25dd29b24f Merge pull request #6158 from MathiasVP/call-ctx-for-function-ptr-resolution 
C++: Resolve function pointer calls using call contexts
 2021-07-13 10:00:44 -07:00
CodeQL CI
f9b539e5b9 Merge pull request #6253 from asgerf/js/more-precise-capture-steps 
Approved by erik-krogh
 2021-07-13 07:42:07 -07:00
Erik Krogh Kristensen
086c9c8156 remove redundant getACall() 
Co-authored-by: Asger F <asgerf@github.com>
 2021-07-13 16:32:14 +02:00
Tom Hvitved
7e9d87055d Data flow: Sync 2021-07-13 16:15:00 +02:00
Tom Hvitved
febebed15e Data flow: Use cached predicates from DataFlowImplCommon in FlowSummaryImpl.qll 2021-07-13 16:15:00 +02:00
Anders Schack-Mulligen
9388983e41 Java: Add missing stub. 2021-07-13 15:26:37 +02:00
Anders Schack-Mulligen
0f6f020766 Java: Fix models. 2021-07-13 15:23:19 +02:00
Taus
6aec7f2c49 Merge pull request #6264 from RasmusWL/customization-files-for-path-problems 
Python: Provide proper source/sink customization for most path queries
 2021-07-13 15:09:33 +02:00
CodeQL CI
48ec223727 Merge pull request #6212 from asgerf/js/typescript-4.3.5 
Approved by esbena
 2021-07-13 05:45:09 -07:00
CodeQL CI
9d59cba644 Merge pull request #6262 from erik-krogh/slash 
Approved by asgerf
 2021-07-13 05:44:55 -07:00
CodeQL CI
c87fe95d52 Merge pull request #6258 from erik-krogh/case 
Approved by asgerf
 2021-07-13 05:44:49 -07:00
CodeQL CI
b34f444c88 Merge pull request #6254 from erik-krogh/json2csv 
Approved by asgerf
 2021-07-13 05:44:36 -07:00
Rasmus Wriedt Larsen
6f8969a55e Python: Add change-note 2021-07-13 14:39:44 +02:00
Rasmus Wriedt Larsen
9ed61e7663 Python: Port py/polynomial-redos to use proper source/sink customization 
I noticed the configuration/customization files are in the `performance`
folder in JS, but I just kept them in place, since that seems correct to
me.
 2021-07-13 14:39:44 +02:00
Rasmus Wriedt Larsen
cea2f82be9 Python: Port py/path-injection to use proper source/sink customization 2021-07-13 14:09:02 +02:00
Rasmus Wriedt Larsen
bf214ac3bb Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-07-13 13:41:26 +02:00
Tom Hvitved
cb1b227c87 Merge pull request #6270 from hvitved/csharp/standalone-nuget-restore 
C#: Skip `dotnet restore` in standalone extraction when `nuget_restore: false` is set
 2021-07-13 13:36:40 +02:00
Rasmus Wriedt Larsen
1a59c9b64a Merge pull request #6204 from tausbn/python-ensmallen-localsourcenode 
Python: Clean up `LocalSourceNode` charpred
 2021-07-13 13:27:38 +02:00
Mathias Vorreiter Pedersen
1ed027e0d1 Merge pull request #6266 from erik-krogh/mootools-doc 
JS: add missing qldoc in MooTools.qll
 2021-07-13 10:39:21 +02:00
Anders Schack-Mulligen
be96647f78 Merge pull request #6256 from hvitved/dataflow/summary-node-type-join-order 
Data flow: Fix bad join-orders in `summaryNodeType`
 2021-07-13 10:24:30 +02:00
Erik Krogh Kristensen
07bc5856db add the cwd option from read-pkg as sink for path-injection 2021-07-12 23:43:15 +02:00
Erik Krogh Kristensen
cadbdcff0a add missing qldoc in MooTools.qll 2021-07-12 23:20:51 +02:00
Robert Marsh
61ee4af66c Merge pull request #6159 from MathiasVP/more-effective-barriers-in-bounded-predicate 
C++: More effective barriers in the `bounded` predicate for CWE-190
 2021-07-12 11:59:37 -07:00
Mathias Vorreiter Pedersen
7da7ec60d9 C++: Inline predicates from 'Bounded.qll'. 2021-07-12 19:09:33 +02:00
Mathias Vorreiter Pedersen
4fc60aedc6 C++: Relax the restrictions on when '%' is a barrier and accept test changes. 2021-07-12 17:39:12 +02:00
Mathias Vorreiter Pedersen
a6f1f8d3b6 C++: Add testcases demonstrating FPs from real code. 2021-07-12 17:39:12 +02:00
Mathias Vorreiter Pedersen
6a11aa7f2a Merge pull request #6154 from MathiasVP/more-random-sources-in-uncontrolled-arithmetic 
C++: Add more random sources in `cpp/uncontrolled-arithmetic`
 2021-07-12 17:37:44 +02:00
Erik Krogh Kristensen
899e54fbc9 add support for the slash library 2021-07-12 16:36:54 +02:00
Rasmus Wriedt Larsen
47f5c977cf Python: Port py/stack-trace-exposure to use proper source/sink customization 2021-07-12 16:22:10 +02:00
Rasmus Wriedt Larsen
934007c811 Python: Port py/unsafe-deserialization to use proper source/sink customization 2021-07-12 16:22:10 +02:00
Rasmus Wriedt Larsen
7c71223f7f Python: Port py/url-redirection to use proper source/sink customization 2021-07-12 16:22:10 +02:00
Rasmus Wriedt Larsen
b4c0b1b525 Python: Port py/reflective-xss to use proper source/sink customization 2021-07-12 16:22:10 +02:00
Rasmus Wriedt Larsen
62e4445f45 Python: Port py/command-line-injection to use proper source/sink customization 2021-07-12 16:22:10 +02:00
Rasmus Wriedt Larsen
7f53781ba7 Python: Port py/code-injection to use proper source/sink customization 2021-07-12 16:22:10 +02:00
Rasmus Wriedt Larsen
0be280c608 Python: Port py/sql-injection to use proper source/sink customization 2021-07-12 16:22:10 +02:00
Tom Hvitved
6ba6d9931c C#: Skip dotnet restore in standalone extraction when nuget_restore: false is set 2021-07-12 15:16:16 +02:00