hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 07:23:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,692 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
1f4d67b77b OpenUrlRedirect: Whitelist some more fields and methods 2020-03-26 07:20:51 -07:00
Sauyon Lee
541c82a7f3 HTTP: Add some more untrusted fields and methods 
Also, fix up broken tests.
 2020-03-26 07:20:14 -07:00
Philip Ginsbach
71c588a74f information on version support 2020-03-26 14:15:29 +00:00
Tom Hvitved
a8660d446e C#: Fix typo 2020-03-26 14:54:03 +01:00
Sauyon Lee
e1b0bed6b3 Merge pull request #72 from max-schaefer/improve-virtual-call-resolution 
Refine virtual call targets by local reasoning where possible
 2020-03-26 06:00:59 -07:00
Philip Ginsbach
f4a1479d33 sentence about semantics 2020-03-26 12:49:09 +00:00
Philip Ginsbach
783cee30c4 mention set literals in the specification 2020-03-26 12:21:38 +00:00
Asger Feldthaus
816968d102 JS: Rename test files to avoid clash 2020-03-26 11:59:57 +00:00
Tom Hvitved
db8d61c3be C#: Remove compiler warning in Remote.qll 2020-03-26 12:26:17 +01:00
Jonas Jensen
08c53d4a61 C++: Clean up the ParameterNode class tree 
The new names are chosen to align with Java's `DataFlowUtil.qll`.
 2020-03-26 11:57:53 +01:00
Mathias Vorreiter Pedersen
a43abaaed9 Merge branch 'master' into ir-flow-fields 2020-03-26 11:51:07 +01:00
Mathias Vorreiter Pedersen
c6c613840a C++: Removed toString from PostUpdateNodes. They were more confusing than helpful 2020-03-26 11:43:40 +01:00
Mathias Vorreiter Pedersen
fbef146a49 C++: Remove PositionalArgumentWithoutWriteSideEffectNode (since not all arguments need a PostUpdateNode). Also generalized the added flow rule in simpleLocalFlowStep since there isn't always a ChiInstruction - for instance of it's a write to a struct that only has a single field. 2020-03-26 11:39:20 +01:00
Jonas Jensen
4f068685e1 C++: Add AssignExpr + Initializer to lib overview 2020-03-26 10:49:03 +01:00
yo-h
0f70da2258 Merge pull request #3105 from aschackmull/java/postupdate-jump 
Java: Fix missing jump step from PostUpdate to capture.
 2020-03-25 22:05:30 -04:00
Robert Marsh
e6cdbb9bd2 Merge pull request #3121 from dbartol/dbartol/ir-generate-all-fixup 
C++: Late fix for PR feedback
 2020-03-25 17:58:01 -07:00
Erik Krogh Kristensen
1cefa12315 update expected output 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen
8f45c8fe83 use LoadStoreStep for type-tracking promises 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen
1a2983fe39 support small steps for promise tracking 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen
00181e059b add tests for type-tracking promises 2020-03-25 23:54:56 +01:00
Erik Krogh Kristensen
9a78d38df0 add a new LoadStoreStep as a StepSummary for TypeTracking 2020-03-25 23:54:56 +01:00
semmle-qlci
e7fd97e72b Merge pull request #3119 from erik-krogh/SockJS 
Approved by esbena
 2020-03-25 21:36:29 +00:00
Max Schaefer
46a1a4e010 Add a test. 2020-03-25 20:34:34 +00:00
Tom Hvitved
95b6f6aee0 C#: Add change note 2020-03-25 20:05:39 +01:00
Tom Hvitved
54677189de C#: Introduce RemoteFlowSink class 2020-03-25 20:05:39 +01:00
Tom Hvitved
142737dc61 C#: Move HtmlSinks from XSS.qll into separate file 2020-03-25 20:05:39 +01:00
Tom Hvitved
fddbce0b7b C#: Move all predefined sources and sinks into security/dataflow/flow{sinks,sources} 2020-03-25 20:05:39 +01:00
Erik Krogh Kristensen
4b0bc6b2b3 autoformat 2020-03-25 19:47:41 +01:00
Dave Bartolomeo
f981ce6be4 Merge pull request #3122 from jbj/getParameter-docs 
C++: Improve QLDoc for Function.getParameter
 2020-03-25 12:59:28 -04:00
Calum Grant
87970337ae C#: Improvements to buildless extraction, particularly for .NET Core. 2020-03-25 15:27:48 +00:00
Max Schaefer
e6bdc1809b Update ql/src/semmle/go/dataflow/internal/DataFlowDispatch.qll 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-25 15:04:48 +00:00
Max Schaefer
13b61383e2 Merge pull request #65 from sauyon/openredirect-fps 
OpenUrlRedirect: Expand safe URL flow configuration
 2020-03-25 15:04:21 +00:00
Jonas Jensen
b622d62d3c C++: Wire up param/arg indirections in data flow 2020-03-25 15:23:43 +01:00
Jonas Jensen
bc3bdbb11b C++: Improve QLDoc for Function.getParameter 2020-03-25 15:21:24 +01:00
Dave Bartolomeo
1edd492abf C++: Late fix for PR feedback 
I missed this suggestion before I merged the original PR. Fixing it now before I forget.
 2020-03-25 10:10:30 -04:00
Asger Feldthaus
ad1e0ec50b JS: Inline variable again 2020-03-25 14:01:33 +00:00
Dave Bartolomeo
376779421d Merge pull request #2975 from rdmarsh2/printir-generate-all 
C++/C#: generate IR for funcs excluded in PrintIR
 2020-03-25 09:45:02 -04:00
Tom Hvitved
7ac25d2439 C#: Add more tests for cs/information-exposure-through-exception 2020-03-25 14:33:49 +01:00
Asger Feldthaus
54021a1c30 JS: Update old entry point and add a test 2020-03-25 13:24:18 +00:00
Asger Feldthaus
a78f1b864b JS: Fix trailing whitespace 2020-03-25 12:45:48 +00:00
Asger Feldthaus
6c9e35c22e JS: Skip .js files with a same-named .ts file next to it 2020-03-25 12:45:37 +00:00
semmle-qlci
cf5b1f0cd5 Merge pull request #3019 from erik-krogh/ArrayStep 
Approved by asgerf
 2020-03-25 12:08:44 +00:00
Erik Krogh Kristensen
abcdfe3c53 use LibraryName class for websocket library names 2020-03-25 13:06:21 +01:00
Sauyon Lee
fbc2499118 OpenUrlRedirect: Add change note for fixed FPs 2020-03-25 04:01:17 -07:00
Sauyon Lee
f77d46f296 Address review comments. 2020-03-25 04:01:15 -07:00
Sauyon Lee
bd5f0b01cf Fix tests 2020-03-25 04:01:14 -07:00
Sauyon Lee
9321ff9110 OpenUrlRedirect: Add support for url.Host reassignments 2020-03-25 04:01:14 -07:00
Sauyon Lee
5f83dbd07b OpenUrlRedirect: Exclude header sources 2020-03-25 04:01:13 -07:00
Sauyon Lee
49aa43bd49 Make header Get and Values calls into taint steps 2020-03-25 04:01:12 -07:00
Sauyon Lee
83a417f52e OpenUrlRedirect: Use a taint-tracking safe URLs 2020-03-25 04:01:11 -07:00