hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
20,112 Commits 1,741 Branches 166 Tags
ffe5d30c2b99a5d078df51596ec57dbc78d96dbd
Commit Graph

20112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
33b5802ff6 C++: Update StdPair.qll (just for consistency). 2021-02-11 16:01:44 +00:00
Erik Krogh Kristensen
fd46b7a7bc fix type in change-note 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-11 16:17:26 +01:00
Erik Krogh Kristensen
69d8aa143c add taint step for the snarkdown libary 2021-02-11 16:16:46 +01:00
Taus Brock-Nannestad
4c66071f5f Python: Revert "Python: Support moduleImport("dotted.name") in API graphs" 
This reverts commit 2c4a477a4e.

It's probably best _not_ to do this, as any `getMember` cycle in the
API graph will lead to nontermination.
 2021-02-11 16:08:28 +01:00
Taus Brock-Nannestad
ea30598a08 Python: Split dotted names more efficiently 2021-02-11 16:07:39 +01:00
Erik Krogh Kristensen
d14586de56 add two non ReDoS regular expressions to the ReDoS test suite 
Adds the regular expression from #5145
 2021-02-11 14:41:45 +01:00
Erik Krogh Kristensen
f12c38425f add change-note 2021-02-11 13:36:53 +01:00
Erik Krogh Kristensen
3ee0029cd8 Update javascript/change-notes/2021-02-08-xml-parser-taint.md 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-11 13:33:42 +01:00
CodeQL CI
02578cfff2 Merge pull request #5112 from erik-krogh/forms 
Approved by asgerf
 2021-02-11 04:32:14 -08:00
Erik Krogh Kristensen
044f80215e add change note 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
010d580f8e add model for multiparty 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
61b4ffec3d add remote flow from the Formidable library 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
a03f4ed3cd add remote flow source for busboy 2021-02-11 09:34:02 +01:00
Erik Krogh Kristensen
e2fbf8a68c add files uploaded with multer as RemoteFlowSource 2021-02-11 09:33:15 +01:00
Marcono1234
2a1c11b517 Improve MavenPom documentation, rename inconsistent predicates 2021-02-10 23:56:45 +01:00
Raul Garcia (MSFT)
ef0d3720a1 Addressing a few comments 2021-02-10 13:39:24 -08:00
Raul Garcia
190164c182 Update csharp/ql/src/experimental/Security Features/campaign/Solorigate/Solorigate.qhelp 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
 2021-02-10 13:30:40 -08:00
Erik Krogh Kristensen
7cff1f441b add model for the unified and remark libraries 2021-02-10 18:13:01 +01:00
Rasmus Wriedt Larsen
c57a4df819 Python: Model taint of self.request on django view class 2021-02-10 17:48:48 +01:00
Rasmus Wriedt Larsen
9ca738d921 Python: Add taint test for self.request on django view class 2021-02-10 17:48:41 +01:00
Erik Krogh Kristensen
0d497e8b9a add model for the showdown library 2021-02-10 17:22:42 +01:00
Rasmus Wriedt Larsen
ca0d345987 Django: Model any class used in django route setup as view class 2021-02-10 16:26:25 +01:00
Rasmus Wriedt Larsen
b428945bc2 Django: Fix DjangoRouteHandler char-pred 
Before it the class would contain _all_ functions xD
 2021-02-10 16:21:51 +01:00
Rasmus Wriedt Larsen
78a3206fce Python: Add test with unkown view class in django 2021-02-10 15:56:33 +01:00
Anders Schack-Mulligen
b74911204a Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser 
Java: Insecure JXBrowser
 2021-02-10 15:48:17 +01:00
Rasmus Wriedt Larsen
42eceb80bd Python: Handle view functions with decorators 2021-02-10 15:47:55 +01:00
Erik Krogh Kristensen
f76018c039 add taint step for the markdown-table library 2021-02-10 15:11:41 +01:00
Erik Krogh Kristensen
b4704f7016 add taint-step for the marked library 2021-02-10 14:51:08 +01:00
Erik Krogh Kristensen
91f7d33044 add change note 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
101d4358a9 detect DOM nodes from event callbacks 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
be9636491b add source for react-hook-form in xss-through-dom 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
65d93c9061 detect for DOM elements from DOM events in React 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
458dda9d25 add xss-through-dom source from react-final-form 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
ff3950ce98 add model for formik 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
d1087d4e41 move sources from XssThroughDom into a customizations file 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
4969a1ef4f add change note 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
0ca2310594 add model for htmlparser2 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
e2a66bf3ed add model for xml-js 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
73f7cd149f add model for sax 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
c43025d7b3 add model for xml2js 2021-02-10 14:16:30 +01:00
Erik Krogh Kristensen
44ca2e26a6 add taint-step to XML parsers 2021-02-10 14:16:08 +01:00
intrigus
5c82ff83de Java: Fix qhelp, fix CWE reference 2021-02-10 13:57:51 +01:00
Alvaro Muñoz
645b021845 Add support for the Preconditions Class in the Guava framework 2021-02-10 13:20:29 +01:00
Alvaro Muñoz
0cf3a29429 Add support for Apache Commons Lang ArrayUtils 2021-02-10 13:09:57 +01:00
Shati Patel
18225fa254 Merge pull request #4997 from github/shati-patel/cwe-coverage-docs 
Docs: Add outline for CWE coverage page
 2021-02-10 11:45:09 +00:00
Alvaro Muñoz
3b4357792b Remove sanitizing condition which does not prevent 
vulnerability.
 2021-02-10 12:21:48 +01:00
Anders Schack-Mulligen
66d0bf6b5e Merge pull request #5128 from hvitved/dataflow/exploration-clears-content 
Data flow: Take `clearsContent()` into account in flow exploration
 2021-02-10 11:52:24 +01:00
yoff
9930d59aca Merge pull request #5124 from RasmusWL/typetracking-with-decorator 
Python: Add test for type-tracking through decorators
 2021-02-10 09:34:54 +01:00
Tom Hvitved
1f9b42f9ab Data flow: Sync files 2021-02-09 20:10:23 +01:00
Tom Hvitved
e5970f4c65 Data flow: Take clearsContent() into account in flow exploration 2021-02-09 20:09:24 +01:00