hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,899 Commits 1,714 Branches 163 Tags
ffa34251957ff9bc6476d4be0a064c1e1f083192
Commit Graph

53899 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
ffa3425195 rename away from deprecated alias in test-files 2023-05-01 10:42:14 +02:00
erik-krogh
f2adc4f958 add missing qldoc 2023-05-01 10:42:14 +02:00
erik-krogh
59cc90e547 move Regex into a ParseRegExp file, and rename the class to RegExp 2023-05-01 10:42:14 +02:00
erik-krogh
556bb41999 move all code to find Regex flag into a module 2023-05-01 10:42:14 +02:00
erik-krogh
f0254fc089 introduce RegExpInterpretation instead of RegexString, and move RegexTreeView.qll into a regexp folder 2023-05-01 10:42:13 +02:00
erik-krogh
e677b62241 use type-tracking instead of global dataflow for tracking regular expressions 2023-05-01 10:41:53 +02:00
Asger F
e9f1e99526 Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization 
JS: Update model of js-yaml
 2023-05-01 09:57:20 +02:00
Rasmus Wriedt Larsen
1bba5258d6 Merge pull request #11280 from RasmusWL/dict-dataflow-steps 
Python: Support more dictionary read/store steps
 2023-04-30 16:07:29 +02:00
Erik Krogh Kristensen
3d41cd583f Merge pull request #12963 from tyage/track-interfile-use-router 
JS: Track interfile useRouter
 2023-04-28 22:41:43 +02:00
Asger F
d1c8e0abd7 Merge pull request #12951 from asgerf/js/json-with-comments 
JS: Stop complaining about comments in JSON files
 2023-04-28 20:53:35 +02:00
Asger F
f87740ab18 Merge pull request #12867 from asgerf/js/webpack-bundles 
JS: Ignore more webpack modules
 2023-04-28 14:35:57 +02:00
Asger F
1b75afb5b1 JS: Change note 2023-04-28 14:32:11 +02:00
Michael B. Gale
edfe2d7ab7 Merge pull request #12944 from github/mbg/go/html-template-sanitizers 
Go: Add `html/template` functions as sanitisers for XSS queries
 2023-04-28 12:15:57 +01:00
Michael B. Gale
5a44fae515 Go: add test for unrelated A->C data flow 2023-04-28 10:56:12 +01:00
Mathias Vorreiter Pedersen
205bb76036 Merge pull request #12960 from MathiasVP/fp-invalid-deref-2 
C++: Add more FPs for `cpp/invalid-pointer-deref`
 2023-04-28 09:47:46 +01:00
Mathias Vorreiter Pedersen
4ef58cd662 C++: Remove unused parameter in test. 2023-04-28 09:30:30 +01:00
Anders Schack-Mulligen
ce64408442 Merge pull request #12954 from aschackmull/java/implicitlypublic 
Java: Add SrcCallable.isImplicitlyPublic convenience predicate.
 2023-04-28 10:07:45 +02:00
Asger F
ee25f97ea5 Merge pull request #12956 from asgerf/js/express-array-routes 
JS: Properly recognise Express middlewares in an array
 2023-04-28 09:57:35 +02:00
Mathias Vorreiter Pedersen
5f4d0892ff Merge pull request #12900 from MathiasVP/ir-translate-constant-static-local-vars-2 2023-04-28 08:46:25 +01:00
tyage
933b55d37d Track interfile useRouter 2023-04-28 15:49:26 +09:00
Asger F
8a9308c8b0 JS: Update test output 2023-04-28 07:55:20 +02:00
Asger F
0c8f895e0f JS: Add one more test 2023-04-27 21:06:20 +02:00
Asger F
97a942de80 JS: Update test output 2023-04-27 21:04:35 +02:00
Mathias Vorreiter Pedersen
5c23474634 C++: Add FPs for 'cpp/invalid-pointer-deref'. 2023-04-27 18:49:05 +01:00
Mathias Vorreiter Pedersen
6c095d8143 Merge pull request #12953 from MathiasVP/fp-invalid-deref 
C++: Add FP for `cpp/invalid-pointer-deref`
 2023-04-27 17:29:37 +01:00
Michael B. Gale
72b082806b Go: Update html-template-escaping-passthrough 
Modify this query to apply sanitizers only in the data flow
between untrusted inputs and passthrough conversion types.
 2023-04-27 17:14:38 +01:00
Mathias Vorreiter Pedersen
e46c53af1d C++: accept test changes. 2023-04-27 17:13:02 +01:00
Mathias Vorreiter Pedersen
1372ee7a44 Update cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-04-27 17:10:44 +01:00
Asger F
0fb79bdf64 JS: Include a local step before store step 2023-04-27 17:58:02 +02:00
Asger F
c674afb674 JS: Fix condition in getRouteHandlerNode 
Previous version did not account for arrays
 2023-04-27 17:58:02 +02:00
Asger F
682ff23e04 JS: Update Express test 2023-04-27 16:36:04 +02:00
Asger F
36889f6d72 JS: Fix isResponse/isRequest 2023-04-27 16:35:56 +02:00
Asger F
70331c0ea4 JS: Decouple chaining from ExplicitResponseSource 2023-04-27 16:14:27 +02:00
Asger F
96e415aba6 JS: Track express route handlers into arrays 2023-04-27 16:14:22 +02:00
Mathias Vorreiter Pedersen
432c0b508a C++: Add another FP. 2023-04-27 14:50:29 +01:00
Anders Schack-Mulligen
9df2ee00d6 Java: Add SrcCallable.isImplicitlyPublic convenience predicate. 2023-04-27 15:20:49 +02:00
Anders Schack-Mulligen
246d904712 Merge pull request #12948 from aschackmull/dataflow/pathnode-type-tostring 
Dataflow: Add type to PathNode.toString.
 2023-04-27 14:14:10 +02:00
Mathias Vorreiter Pedersen
5a8bed0285 C++: Add FP for 'cpp/invalid-pointer-deref'. 2023-04-27 13:13:21 +01:00
Tom Hvitved
f888382d35 Merge pull request #12906 from hvitved/ruby/track-block-no-self 
Ruby: Prevent flow into `self` in `trackBlock`
 2023-04-27 12:48:05 +02:00
Geoffrey White
5a77dfb5d5 Merge pull request #12905 from geoffw0/webviewdoc 
Swift: Doc review for swift/unsafe-webview-fetch
 2023-04-27 11:23:53 +01:00
Henry Mercer
9ded5b87a5 Merge pull request #12942 from github/henrymercer/update-diagnostics-integration-tests 
C#: Update diagnostics integration tests
 2023-04-27 11:23:14 +01:00
Geoffrey White
507bb61c3c Swift: Add missing '.' 2023-04-27 11:00:35 +01:00
Anders Schack-Mulligen
f685ae1fa7 Java: Update one more expected output. 2023-04-27 12:00:32 +02:00
Geoffrey White
c823c58e00 Swift: WebView -> web view. 2023-04-27 10:57:25 +01:00
Geoffrey White
cc8d7bff0b Update swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-27 10:12:13 +01:00
Asger F
410719fd9e Update JSONError.expected 2023-04-27 10:57:38 +02:00
Asger F
5a4fe1b4da JS: Stop complaining about comments in JSON files 2023-04-27 10:55:36 +02:00
Anders Schack-Mulligen
6025feebd9 C#: Update expected output. 2023-04-27 10:24:24 +02:00
Tony Torralba
21a00f9197 Merge pull request #12946 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-04-27 10:13:07 +02:00
github-actions[bot]
e6c4bd18d6 Add changed framework coverage reports 2023-04-27 00:17:19 +00:00