codeql

mirror of https://github.com/github/codeql.git synced 2026-02-15 06:23:42 +01:00

Author	SHA1	Message	Date
Dave Bartolomeo	590b4aac2a	Fix PR feedback	2021-10-07 11:00:15 -04:00
Arthur Baars	2a32b59840	Merge pull request #331 from github/aibaars/remove-unsafe Remove use of 'unsafe'	2021-10-07 16:58:59 +02:00
Alex Ford	de01770612	update test output	2021-10-07 15:50:35 +01:00
Dave Bartolomeo	eed0eab02c	Merge remote-tracking branch 'upstream/main' into dbartol/refactor	2021-10-07 10:49:45 -04:00
Arthur Baars	439d873564	Remove use of 'unsafe'	2021-10-07 16:38:29 +02:00
Alex Ford	168e67dd6d	deduplicate `string constantQualifiedName(ConstantWriteAccess)` as `string ConstantWriteAccess#getQualifiedName`	2021-10-07 15:30:36 +01:00
Alex Ford	5b38e06765	Rename `ActiveRecordModelClass#methodMayAccessField()` as `ActiveRecordModelClass#getAPotentialFieldAccessMethod()`	2021-10-07 15:30:36 +01:00
Alex Ford	3bdc680434	Drop a comment that is no longer relevant	2021-10-07 15:30:36 +01:00
Alex Ford	8262247ed7	Minor simplification of finderMethodName predicate	2021-10-07 15:30:36 +01:00
Alex Ford	eb8c48d10f	Remove some unused predicates	2021-10-07 15:30:36 +01:00
Alex Ford	c9edbd98d5	Update ql/lib/codeql/ruby/frameworks/ActiveRecord.qll Co-authored-by: Harry Maclean <hmac@github.com>	2021-10-07 15:30:36 +01:00
Alex Ford	e4fe1d5c13	check for superclass method definitions in ActiveRecordModelClass#methodMayAccessField	2021-10-07 15:30:36 +01:00
Alex Ford	fb5cfcc9b0	OrmTracking goes through or expressions	2021-10-07 15:30:36 +01:00
Alex Ford	be018cc97f	update ActionController tests	2021-10-07 15:30:36 +01:00
Alex Ford	955080234b	partial support for rails layouts	2021-10-07 15:30:36 +01:00
Alex Ford	8e1b48e607	StoredXSS.qhelp	2021-10-07 15:30:36 +01:00
Alex Ford	182a926eeb	rename some example files	2021-10-07 15:30:36 +01:00
Alex Ford	1929a95e89	format	2021-10-07 15:30:36 +01:00
Alex Ford	6065e29aba	Fix performance issues related to a x-product between `ActiveRecordModelInstantiation` and `MethodCall`	2021-10-07 15:30:36 +01:00
Alex Ford	43a49689d7	reorganize ActiveRecord field access heuristics	2021-10-07 15:30:36 +01:00
Alex Ford	8f81eaa79c	format	2021-10-07 15:30:36 +01:00
Alex Ford	b2434950d3	abstract away some ActiveRecord specific parts of XSS.qll	2021-10-07 15:30:36 +01:00
Alex Ford	6a32c0cde0	update XSS tests	2021-10-07 15:30:36 +01:00
Alex Ford	6dc3ce335b	make rb/stored-xss track ActiveRecord db accesses	2021-10-07 15:30:36 +01:00
Alex Ford	f6dd6bb00c	expand ActiveRecord modelling to cover how to access fields	2021-10-07 15:30:36 +01:00
Alex Ford	eb5f26ce06	duplicate DataFlow implementation	2021-10-07 15:30:36 +01:00
Alex Ford	a2084f813e	rb/stored-xss structure and initial implementation (FileSystemReadAccess sources)	2021-10-07 15:30:36 +01:00
Chris Smowton	9a80ab31c4	Merge pull request #6567 from luchua-bc/java/sensitive_android_file_leak Java: CWE-200 - Query to detect exposure of sensitive information from android file intent	2021-10-07 15:19:39 +01:00
Chris Smowton	39640efc9b	Remove no-longer-needed TaintPreservingCallables and update test expectations	2021-10-07 14:33:39 +01:00
Anders Schack-Mulligen	2b88a2aa0c	Dataflow: Fix qldoc: s/accesspath/access path/.	2021-10-07 14:46:24 +02:00
Anders Schack-Mulligen	f885751107	Java: Add change note.	2021-10-07 14:42:19 +02:00
Tom Hvitved	764a987b09	C#: Speedup GVN string `concat`s by pulling ranges into separate predicates	2021-10-07 13:51:05 +02:00
haby0	538bf7c321	Update python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql Co-authored-by: yoff <lerchedahl@gmail.com>	2021-10-07 19:44:25 +08:00
Anders Schack-Mulligen	fc69acee46	Java: Add test.	2021-10-07 13:28:02 +02:00
Nick Rolfe	253064144b	Tweak alert wording. This reflects the fact that the query finds results where validation is only disabled under certain conditions.	2021-10-07 12:06:53 +01:00
Tom Hvitved	1c08592637	Merge pull request #329 from github/hvitved/dataflow/synth-return Data flow: Add a synthetic return node	2021-10-07 13:06:39 +02:00
Chris Smowton	b7448d55ed	Introduce TaintInheritingContent instead of using parts of DataFlowPrivate	2021-10-07 11:20:19 +01:00
Henry Mercer	4b069d41f6	Merge pull request #6818 from github/henrymercer/js/add-classify-files-to-library-pack JS: Move `ClassifyFiles.qll` to library pack	2021-10-07 11:18:20 +01:00
Tom Hvitved	c540615223	HardcodedCredentials: Add test for default parameter values	2021-10-07 11:57:57 +02:00
CodeQL CI	a0dd3d9e75	Merge pull request #6815 from asgerf/js/adjust-security-severity-scores Approved by erik-krogh, esbena	2021-10-07 02:36:19 -07:00
Sebastian Bauersfeld	f651bc3668	Adjust locations of results in JSP files. This is necessary due to known limitations in VSCode which cause locations with zero character indices to be mapped to invalid ranges. This is hopefully a temporary workaround until this problem has been properly addressed.	2021-10-07 12:45:21 +07:00
Dave Bartolomeo	d8d9073bc2	Merge pull request #6826 from github/aeisenberg/add-library	2021-10-06 20:18:39 -04:00
Andrew Eisenberg	e2b1f6ac50	Packaging: Add library flag to upgrades packs This flag was missing. It should be there. Otherwise, this pack cannot be built.	2021-10-06 14:29:55 -07:00
Nick Rolfe	ffda527da9	Tidy up	2021-10-06 18:07:29 +01:00
Dave Bartolomeo	0452512de2	Merge pull request #6820 from github/aeisenberg/gitignore Ignore .codeql folder	2021-10-06 12:59:45 -04:00
Chris Smowton	f88c8a64a1	Copyedit	2021-10-06 17:37:21 +01:00
Chris Smowton	b33daa3d3a	Update Intent model tests, and fix models where required	2021-10-06 17:09:47 +01:00
Chris Smowton	4be2347a30	Adapt to use the new shared Intent models	2021-10-06 16:15:18 +01:00
Henry Mercer	83cbc86f50	JS: Move `ClassifyFiles.qll` to library pack This allows us to use this library in packs that depend on the `codeql/javascript-all` library pack.	2021-10-06 16:08:06 +01:00
Andrew Eisenberg	c9c45808b4	Merge pull request #6819 from github/aeisenberg/javascript/fix-compile-errors Fixes compile errors by moving files	2021-10-06 07:59:50 -07:00

... 214 215 216 217 218 ...

41418 Commits