hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-27 09:31:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
36,563 Commits 1,761 Branches 168 Tags
fe1104e651cbfa0a41d21e89255fc0643de34415
Commit Graph

36563 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
fe1104e651 Remove additional path-injection sinks 2022-05-12 12:38:01 +00:00
Esben Sparre Andreasen
ef85fc6ac2 Remove pseudo-properties 2022-05-12 12:38:01 +00:00
Esben Sparre Andreasen
fcf402b624 Remove 2020 sinks from SqlInjection.ql 2022-05-12 12:38:00 +00:00
Esben Sparre Andreasen
ee1c52b7b2 Remove 2020 sinks from Xss.ql 2022-05-12 12:38:00 +00:00
Esben Sparre Andreasen
d6c4e9ccf1 Remove 2020 sinks from TaintedPath.ql 2022-05-12 12:38:00 +00:00
tombolton
411da97077 update XssThroughDom with Eriks recent changes 2022-05-12 13:35:40 +01:00
tombolton
1009a8262e replace StoredXss with CodeInjection in alert counting query 2022-05-12 12:14:11 +01:00
tombolton
87f793e446 remove additional XssThroughDom import 2022-05-12 12:13:24 +01:00
tombolton
599f86f746 fix case in ExtractEndpointData.qll 2022-05-12 11:57:27 +01:00
tombolton
7b50325c13 update docstrings of CodeInjection and XssThroughDom queries 2022-05-12 11:43:47 +01:00
tombolton
3a6c4d2567 explicitly include individual boosted queries in the ATM suite 2022-05-12 11:40:09 +01:00
tombolton
2beb5001d3 add XssThroughDomATM.ql 2022-05-12 11:39:13 +01:00
tombolton
eebfe8edd7 use new module names based on depreciation warning 2022-05-12 11:36:59 +01:00
tombolton
d2344d12f6 fix case in CodeInjectionATM.qll 2022-05-12 11:36:29 +01:00
tombolton
1be7d9c6b7 add XssThroughDom and CodeInjection to mapping query 2022-05-12 11:36:02 +01:00
tombolton
cc35409b34 add XssThroughDom and CodeInjection to ExtractEndpointData.qll 2022-05-12 11:21:33 +01:00
tombolton
244fc5aa34 add XssThroughDom and CodeInjection to Queries.qll 2022-05-12 11:09:02 +01:00
tombolton
a0391f124a add CodeInjection sink to the endpoint types 2022-05-12 11:05:04 +01:00
tombolton
f5ecc7e8b5 add CodeInjection extraction and evaluation queries 2022-05-12 11:04:31 +01:00
tombolton
7034156172 fix docstrings in XssThroughDom queries 2022-05-12 11:00:01 +01:00
tombolton
1aa33529b9 add XssThroughDom extraction and evaluation queries 2022-05-12 10:41:25 +01:00
Harry Maclean
e8972b814f Merge pull request #8635 from hmac/hmac/io-popen 
Ruby: Model IO.popen
 2022-05-12 21:17:55 +12:00
Anders Schack-Mulligen
e0c74d4390 Merge pull request #9124 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-12 09:06:07 +02:00
Anders Schack-Mulligen
fad7d9ae72 Merge pull request #9120 from igfoo/igfoo/fixes 
Kotlin: Fix some alerts
 2022-05-12 08:29:34 +02:00
Erik Krogh Kristensen
6014614a31 Merge pull request #9103 from erik-krogh/nextParam 
JS: add support for typed NextJS route-handlers
 2022-05-12 08:18:26 +02:00
github-actions[bot]
acaf4517c0 Add changed framework coverage reports 2022-05-12 00:17:30 +00:00
Chris Smowton
85dc1090fe Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security 
Java: tolerate `cookie.setSecure(request.isSecure())`
 2022-05-11 21:29:14 +01:00
Tom Hvitved
46ab25b61e Merge pull request #9098 from aschackmull/dataflow/perf 
Dataflow: Performance fixes
 2022-05-11 20:41:48 +02:00
Ian Lynagh
33e17f1665 Kotlin: Fix some alerts 2022-05-11 17:58:50 +01:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge 
Initial Kotlin support
 2022-05-11 16:16:22 +01:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key 
Java: CWE-321 Query to detect hardcoded JWT secret keys
 2022-05-11 16:31:34 +02:00
Henry Mercer
6ecc542ca3 Merge pull request #9117 from github/henrymercer/java/tag-telemetry 
Java: Tag telemetry queries with `telemetry`
 2022-05-11 15:13:35 +01:00
Henry Mercer
a626078423 Merge pull request #9118 from github/henrymercer/csharp/tag-telemetry 
C#: Tag telemetry queries with `telemetry`
 2022-05-11 15:13:29 +01:00
Anders Schack-Mulligen
4884520ee1 Dataflow: Review fix. 2022-05-11 15:40:49 +02:00
Chris Smowton
f7e1f3e1a5 Remove URL fragment from Google search 2022-05-11 14:38:09 +01:00
Tom Hvitved
333780e635 Merge pull request #8898 from hvitved/dataflow/clear-expect-summary-components 
Data flow: Introduce 'with/without content' summary components
 2022-05-11 15:16:42 +02:00
Ian Lynagh
c0a755e061 Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge 
Resolving conflicts:
	java/ql/lib/semmle/code/java/Expr.qll
 2022-05-11 14:13:09 +01:00
Rasmus Wriedt Larsen
46f309c373 Merge pull request #6360 from jorgectf/jorgectf/python/insecure-cookie 
Python: Add cookie security-related queries
 2022-05-11 14:47:11 +02:00
Henry Mercer
b6f1ddcdab Java: Tag telemetry queries with telemetry 
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
 2022-05-11 13:29:25 +01:00
Henry Mercer
cdd6e0e104 C#: Tag telemetry queries with telemetry 
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
 2022-05-11 13:27:49 +01:00
Rasmus Wriedt Larsen
cff950f5f7 Python: Fix select of py/insecure-cookie 2022-05-11 14:06:30 +02:00
Anders Schack-Mulligen
9a4d86e9b4 Merge pull request #8571 from Marcono1234/marcono1234/statement-expression 
Java: Add `ValueDiscardingExpr`
 2022-05-11 13:37:24 +02:00
Rasmus Wriedt Larsen
fc8633cc01 Python: Fix select for py/cookie-injection 2022-05-11 13:18:14 +02:00
Chris Smowton
0044326884 Add change note 2022-05-11 12:06:27 +01:00
Chris Smowton
c17ef42cc7 Insecure cookie query: accept ServletRequest.isSecure(), and allow more than one possible input to a setSecure(...) call. 2022-05-11 11:59:37 +01:00
luchua-bc
f85c01c975 Correct string source 2022-05-11 10:37:22 +00:00
Chris Smowton
1af0e9b619 Servlets.qll: don't use deprecated library visiblity modifier. 2022-05-11 11:31:14 +01:00
Arthur Baars
a47e429945 Merge pull request #8909 from aibaars/tree-sitter-update 
Tree sitter update
 2022-05-11 12:02:14 +02:00
Rasmus Wriedt Larsen
add6579385 Merge pull request #9022 from RasmusWL/ruby-fix 
Ruby: Fix `isLocalSourceNode` implementation
 2022-05-11 11:52:44 +02:00
Rasmus Wriedt Larsen
27b99c51e9 Python: Add placeholder precision for py/insecure-cookie 2022-05-11 11:36:06 +02:00