hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 00:31:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,687 Branches 159 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
abe30457ee Python: Accept test changes. 2022-03-17 14:03:58 +01:00
Tom Hvitved
79ea2a3a9c Data flow: Sync files 2022-03-17 14:03:58 +01:00
Tom Hvitved
4df12dc6e6 Data flow: State-changing taint steps should not be stepped over by the big step relation 2022-03-17 14:03:58 +01:00
Rasmus Wriedt Larsen
2b9408b0c3 Concepts: Add some architecture documentation 2022-03-17 13:49:10 +01:00
Harry Maclean
36c421346b Introduce ConceptsShared.qll 2022-03-17 13:49:10 +01:00
Erik Krogh Kristensen
870521bd1e Merge pull request #8473 from erik-krogh/redundantAnyCast 
QL: expand redundant-inline-cast, and rename to redundant-cast
 2022-03-17 10:41:50 +01:00
Erik Krogh Kristensen
fe94421d32 rename redundant-inline-cast to redundant-cast 2022-03-17 10:25:40 +01:00
Erik Krogh Kristensen
f3ca6bbc2e PY: update expected output after fixing bug in flask model 2022-03-17 09:42:30 +01:00
Erik Krogh Kristensen
879680057e fix all ql/unused-field warnings 2022-03-17 09:41:42 +01:00
Erik Krogh Kristensen
d5fd0d6724 add ql/unused-field query 2022-03-17 09:40:16 +01:00
Erik Krogh Kristensen
86398a8c65 Merge pull request #8304 from erik-krogh/xssUrl 
JS: Refactor the XSS / Client-side-url queries
 2022-03-17 09:13:09 +01:00
4B5F5F4B
d4c7314484 Delete cve-2016-6480.ql 
commit by mistake
 2022-03-17 09:49:28 +08:00
Erik Krogh Kristensen
aa8b7c8679 update reference to deprecated class name 2022-03-16 22:32:54 +01:00
Erik Krogh Kristensen
6cdc38748c update expected output 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
d8a5947a08 simplify TaintedUrlSuffix::source() to only consider window.location based sources 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
b3de5d94a6 move PrefixStringSanitizer to the Query.qll file, and have it extend LabeledSanitizerGuardNode 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
562dce57e8 rename isXSSSink to isXssSink 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
f083e87fa1 refactor the js/xss query to use three flowlabels and one configuration 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
87842bb8b7 add client-side-url sinks that may execute JavaScript as XSS sinks 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
b471fec149 split interpretsArgumentsAsURL out of interpretsArgumentsAsHTML, and use it to generalize AttributeUrlSink 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
2576e1f655 add utility predicate to get client-side remote-flow-sources that contain a URL query/fragment 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
67e6a4c716 add a isXSSSink predicate to the client-side-url-redirection sinks 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
fc79242674 add tests 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
559f03ebbc remove unnecessary module qualifier 2022-03-16 22:32:07 +01:00
Erik Krogh Kristensen
2d9d383c55 remove unused import 2022-03-16 22:32:07 +01:00
Arthur Baars
1a51f0cf56 Ruby: regex: fix getGroupNumber 
non-capture groups should not have a group number
 2022-03-16 18:50:51 +01:00
Dave Bartolomeo
606e015afb Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysis.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-16 13:07:35 -04:00
Dave Bartolomeo
e275ab3951 Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-16 13:07:15 -04:00
Dave Bartolomeo
6adc11b10e Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-16 13:07:08 -04:00
Dave Bartolomeo
b36281dd8c Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-16 13:07:02 -04:00
Dave Bartolomeo
db4963ada0 Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-16 13:06:54 -04:00
Michael Nebel
4a68b74aa3 C#: Re-use the asPartialModel for DataFlowPrivate in tests. 2022-03-16 17:02:00 +01:00
Michael Nebel
115cef2484 C#: Move asPartialModel into DataFlowPrivate (to enable re-use). 2022-03-16 16:44:24 +01:00
Arthur Baars
f95e1efb67 Ruby: remove wrong clause 2022-03-16 16:25:42 +01:00
Arthur Baars
fb8cc6e1a4 Ruby: String.index method returns 'nil', not '-1' 2022-03-16 16:18:19 +01:00
Michael Nebel
138eb485c6 C#: Address review comments. 2022-03-16 16:00:48 +01:00
Jeroen Ketema
7a9a9d833a Merge pull request #8435 from jketema/all-the-barriers 
Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard
 2022-03-16 15:50:19 +01:00
Michael Nebel
68f24cda0b Merge pull request #8462 from michaelnebel/csharp/capture-models-fix-bad-join-order 
C#: Fix bad join order in returnNodeAsOutput.
 2022-03-16 15:46:17 +01:00
Dave Bartolomeo
571c034549 Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-16 10:14:45 -04:00
Tony Torralba
8790df7a34 Style fixes 2022-03-16 15:11:04 +01:00
Asger Feldthaus
e1976da7f9 JS: Autoformat 2022-03-16 15:01:17 +01:00
Arthur Baars
f2ec5132ba Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-16 14:46:34 +01:00
Dave Bartolomeo
e669ffa22e Merge pull request #8320 from jketema/structured-binding-array 
C++: Handle initialization of structured bindings via bitwise copy in extractor
 2022-03-16 09:41:31 -04:00
Ian Lynagh
565f607096 Java: Add a changenote for ErrorExpr/ErrorStmt 2022-03-16 13:20:33 +00:00
Asger F
228570129e Merge branch 'main' into ruby/mad-prototype 2022-03-16 13:50:31 +01:00
Asger Feldthaus
e168da4c5f Shared: make a predicate private 2022-03-16 13:48:56 +01:00
Michael Nebel
5f7b5ec5df C#: Fix bad join order in returnNodeAsOutput. 2022-03-16 13:44:11 +01:00
Asger Feldthaus
8cef512234 Ruby: ensure ApiGraphs.qll imports its entry points 2022-03-16 13:40:14 +01:00
Asger Feldthaus
e3fbaf5d8f Shared: prefer exists(var) instead of var = any(string s) 2022-03-16 13:37:08 +01:00
Asger Feldthaus
102540072e Shared: remove documentation prone to falling out of date 2022-03-16 13:32:55 +01:00