hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-25 03:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,692 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
7bf5abf6b0 Merge pull request #493 from gagliardetto/html-template-escaping-passthrough 
Add CWE-79: HTML template escaping passthrough
 2021-04-08 20:36:54 +01:00
Erik Krogh Kristensen
956311457d fixed bad SourceNode X SourceNode join in HTTP model 2021-04-08 21:15:50 +02:00
ihsinme
9b3ccade43 Update test.c 2021-04-08 22:06:35 +03:00
ihsinme
3d117243e4 Update test.c 2021-04-08 22:05:31 +03:00
ihsinme
02eb447a35 Update InsufficientControlFlowManagementWhenUsingBitOperations.expected 2021-04-08 22:04:08 +03:00
ihsinme
a6b486a448 Update InsufficientControlFlowManagementWhenUsingBitOperations.ql 2021-04-08 22:01:43 +03:00
Dilan
d73ba13b28 autoformat fix 2021-04-08 11:41:58 -07:00
Artem Smotrakov
b39a3ab12c Added setVariable() sink 2021-04-08 20:41:43 +03:00
Tamás Vajk
8adaee05b6 Merge pull request #5453 from tamasvajk/feature/use_codeql_stubs 
C#: Adjust make_stubs.py to use codeql instead of odasa
 2021-04-08 16:16:05 +02:00
Anders Schack-Mulligen
6109ef5e88 Merge pull request #5475 from Marcono1234/marcono1234/minus-literal 
Java: Improve documentation regarding minus in front of numeric literals
 2021-04-08 16:11:14 +02:00
Asger Feldthaus
7d300b53d7 JS: Autoformat 2021-04-08 15:06:48 +01:00
Anders Schack-Mulligen
d42a01cb3a qldoc fixup 2021-04-08 15:45:21 +02:00
Slavomir
68c0073c0b Use PassthroughTypeName instead of string 2021-04-08 14:24:35 +01:00
Slavomir
7c35902724 Use DataFlow::Node as parameters 2021-04-08 14:24:35 +01:00
Slavomir
dc95902e56 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-08 14:24:35 +01:00
Slavomir
1a9b09e8bd Add NumericType sanitizer 2021-04-08 14:24:35 +01:00
Slavomir
541c411086 Add isSanitizer predicate to FlowConfFromUntrustedToTemplateExecutionCall, and a test for it 2021-04-08 14:24:35 +01:00
Slavomir
8f124f8395 Add missing docs 2021-04-08 14:24:35 +01:00
Slavomir
e2b7c035ad Use only one instance of TaintTracking. 2021-04-08 14:24:35 +01:00
Slavomir
280ffdf060 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
5351a8eeb7 Use TaintTracking an TaintTracking2 2021-04-08 14:24:35 +01:00
Slavomir
b42d21f740 Improve comments and naming. 2021-04-08 14:24:35 +01:00
Slavomir
d5355eb6b4 Cleanup 2021-04-08 14:24:35 +01:00
Slavomir
cc31cd2fe2 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
0bb5ef6af2 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
7b4a748793 Remove DummySource 2021-04-08 14:24:35 +01:00
Slavomir
7e9f23ab8e Refactor flow logic to ensure untrusted flows to conversion, and conversion flows to template-exec. 2021-04-08 14:24:35 +01:00
Slavomir
963631dedf Improve naming. 2021-04-08 14:24:35 +01:00
Slavomir
687e556df6 Fixes from code review 2021-04-08 14:24:35 +01:00
Slavomir
ad91e4abcb Remove DummySource 2021-04-08 14:24:35 +01:00
Slavomir
63d51205c9 Apply suggestions from code review 
Co-authored-by: Sauyon Lee <sauyon@github.com>
 2021-04-08 14:24:35 +01:00
Slavomir
49894341a8 Add CWE-79: HTML template escaping passthrough 2021-04-08 14:24:35 +01:00
Arthur Baars
ceb2eb21d8 Address comments 2021-04-08 15:11:57 +02:00
Tamas Vajk
e5160929eb Remove ODASA reference from make_stubs.py 2021-04-08 15:04:02 +02:00
Erik Krogh Kristensen
30ba69d991 treat "files" in a package.json as main modules, if "main" is not present 2021-04-08 14:42:12 +02:00
Tom Hvitved
036e181bc1 C#: Improve performance of Dispatch::SimpleTypeDataFlow::getASourceType() 2021-04-08 14:27:28 +02:00
Tom Hvitved
716568ebd1 Merge pull request #5623 from hvitved/csharp/enclosing 
C#: Compute enclosing callable as a transitive closure
 2021-04-08 14:20:09 +02:00
Tom Hvitved
9820116734 Merge pull request #5603 from hvitved/csharp/dataflow/no-unique 
C#: Remove `unique` wrappers from `DataFlow::Node::get(EnclosingCallable|ControlFlowNode)`
 2021-04-08 14:19:34 +02:00
Asger Feldthaus
52a2260dc7 JS: Rename change note file 2021-04-08 12:52:23 +01:00
Rasmus Wriedt Larsen
c738f387b1 Merge pull request #5624 from tausbn/python-make-callcfgnode-a-localsourcenode 
Python: Improve `CallCfgNode` interface
 2021-04-08 13:38:24 +02:00
haby0
1da48ed4d1 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-08 19:22:14 +08:00
haby0
bfbfe7af13 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-08 19:21:58 +08:00
haby0
21004006d6 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-08 19:17:04 +08:00
Taus
cf5f760ecd Merge pull request #5582 from RasmusWL/all-tuple 
Python: Add support for `__all__` assigned to tuple
 2021-04-08 13:03:27 +02:00
Rasmus Wriedt Larsen
83477439a1 Python: Make django views/fields/forms class modeling extensible 
This also requires that we make this part of the modeling public, which I guess
is step we want to take eventually anyway!

I'm not quite sure whether the modules `Django::Views` and `Django::Forms` are
actually helpful, or whether we should just have their modules available as
`Django::View`, `Django::Form`, and `Django::Field`...
 2021-04-08 12:45:37 +02:00
Rasmus Wriedt Larsen
b7483a5394 Python: Add modeledSubclassRef for Django views/fields/forms 2021-04-08 12:45:36 +02:00
Rasmus Wriedt Larsen
322bdcb703 Python: Port Django view modeling to API graphs 2021-04-08 12:45:35 +02:00
Rasmus Wriedt Larsen
8ce5c46e05 Python: Minor refactor 
modName/clsName _is_ shorter, but also looks way worse :D
 2021-04-08 12:45:34 +02:00
Tamas Vajk
a790eb8110 Fix for unconstrained generic types 2021-04-08 12:20:01 +02:00
Tamas Vajk
a8cbdc92b9 Add more test cases 2021-04-08 12:17:19 +02:00