hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 20:21:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,690 Branches 160 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
436152a46d Python: Refactor flask file sending tests 2021-10-28 12:37:07 +02:00
Rasmus Wriedt Larsen
58bc1102e5 Merge branch 'main' into jorgectf/python/deserialization 2021-10-28 12:31:34 +02:00
Geoffrey White
e8895686f8 Merge pull request #6980 from geoffw0/unusedqhelp 
C++: Remove old and unused qhelp files
 2021-10-28 10:55:31 +01:00
Mathias Vorreiter Pedersen
1842fed7a2 C++: Add shared SSA library and instantiate it with the IR. 2021-10-28 10:52:09 +01:00
Mathias Vorreiter Pedersen
13ce2569d7 C++/C#: Sync identical IR files· 2021-10-28 10:52:00 +01:00
Mathias Vorreiter Pedersen
bccd4e9e93 C++: Add 'getReturnAddress' and 'getReturnAddressOperand' predicates to 'ReturnValueInstruction'. 2021-10-28 10:51:49 +01:00
Nick Rolfe
bd92403b42 Ruby: fix qhelp 2021-10-28 10:42:56 +01:00
Rasmus Wriedt Larsen
6d09334cba Merge pull request #6330 from porcupineyhairs/pyPathTraversal 
Python : Add Flask sinks for path injection query
 2021-10-28 11:39:40 +02:00
Rasmus Wriedt Larsen
3fa66519f5 Merge branch 'main' into fastapi 2021-10-28 11:37:40 +02:00
Rasmus Wriedt Larsen
d9e5d179d2 Python: Minor fix to QLDoc 
and auto-formatting
 2021-10-28 11:15:34 +02:00
Rasmus Wriedt Larsen
358663ffbb Python: Fix tests 2021-10-28 11:14:41 +02:00
Owen Mansel-Chan
599c276fd8 Add change note 2021-10-28 10:10:39 +01:00
Owen Mansel-Chan
e0e1a4671a Address review comments 2021-10-28 10:10:39 +01:00
Owen Mansel-Chan
cdee44bbd1 Add barrier guard for comparison 2021-10-28 10:10:38 +01:00
Erik Krogh Kristensen
12305aae42 extract regexp literals from string concatenations 2021-10-28 10:44:33 +02:00
jorgectf
cf9e9f9dd4 Add cookie injection query missing proper tests 2021-10-28 10:28:45 +02:00
yoff
9478faf040 Merge pull request #6967 from RasmusWL/ruamel.yaml 
Python: Model `ruamel.yaml` PyPI package
 2021-10-28 10:19:08 +02:00
Arthur Baars
3fb0139430 Protect against flag injection 2021-10-28 09:58:10 +02:00
ihsinme
2574aa8980 Update InsecureTemporaryFile.ql 2021-10-28 10:51:48 +03:00
Rasmus Lerchedahl Petersen
56dab252c9 Python: remove spurious dataflow step 2021-10-28 09:47:04 +02:00
Rasmus Lerchedahl Petersen
cca675a161 Python: Add test for async taint 
(which we belive we have just broken)
 2021-10-28 09:47:04 +02:00
ihsinme
432fc74455 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-10-28 10:37:01 +03:00
ihsinme
235a3ec232 Update InsecureTemporaryFile.qhelp 2021-10-28 10:34:42 +03:00
jorgectf
129edd605e Update .expected 2021-10-28 09:25:56 +02:00
jorgectf
5dc1ad6f8a Polish .ql 2021-10-28 09:25:47 +02:00
jorgectf
0f2b81e0d2 Polish tests 2021-10-28 09:24:47 +02:00
ihsinme
0addb2d1ea Update IncorrectChangingWorkingDirectory.ql 2021-10-28 10:17:48 +03:00
ihsinme
c3b1d7e5c8 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-10-28 10:17:13 +03:00
ihsinme
1c80f26178 Update ExposureSensitiveInformationUnauthorizedActor.ql 2021-10-28 09:50:41 +03:00
ihsinme
04ee78aecf Apply suggestions from code review 
thanks

Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-10-28 09:46:26 +03:00
Tony Torralba
cee80f766f Merge pull request #6983 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-10-28 08:19:34 +02:00
github-actions[bot]
adfc725225 Add changed framework coverage reports 2021-10-28 00:08:41 +00:00
Porcuiney Hairs
4fd3f212f8 Python : Add Flask sinks for path injection query 2021-10-28 02:12:11 +05:30
Nick Rolfe
0d161bec7a Merge pull request #6982 from github/nickrolfe/also-revert-cargo-lock 
Ruby: also revert Cargo.lock
 2021-10-27 20:33:07 +01:00
Erik Krogh Kristensen
96b6f670d9 filter away paths that start with libary inputs and end with a fixed-property write 2021-10-27 21:01:11 +02:00
jorgectf
48c3c3d8a8 Broaden scope 2021-10-27 21:00:50 +02:00
Erik Krogh Kristensen
78371894f4 update import after rebasing on main 2021-10-27 20:47:06 +02:00
Erik Krogh Kristensen
a9a9e34265 recognize delete expresssions as a sink for js/prototype-polluting-assignment 2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen
1243c736dd use ConcatenationNode::isCoercion 2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen
2dedfb302a remove paths without unmatched returns from js/prototype-polluting-assignment 2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen
0c9c9bbde7 detect library input when the arguments object is converted to an array 2021-10-27 20:37:41 +02:00
Erik Krogh Kristensen
fa9e9dd847 split out predicates in ClassifyFiles to avoid unnecessary computations 2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen
3d124cf95e add change-note 2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen
d1238dfd8b update alert message to distinguish between library input and remote flow 2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen
6e183af383 ignore test files for the `prototypeLessObject' predicate 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
e94b0f5913 recognize inclusion based sanitizers for js/prototype-polluting-assignment 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
2a808b2cd6 track taint through string coercions for js/prototype-polluting-assignment 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
2d65aa17db recognize exported functions that use the arguments object 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
78774233c7 add library input as source to js/prototype-polluting-assignment 2021-10-27 20:35:36 +02:00
Chris Smowton
e784c35691 Merge pull request #595 from sauyon/patch-1 
Add comment to `HasEllpsisTable`
 2021-10-27 19:10:12 +01:00