hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-02 00:02:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
664d5ba0a9 Swift: moved install to a separate package 
When importing the workspace from semmle-code, we do not need nor want
to instantiate `@util`, so that must be in a separate bazel package.
 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
95dbf2d666 Swift: first skeleton extractor 
This adds a first dummy extractor for swift.

Running `bazel run //swift:install` will create an `extractor_pack`
directory in `swift`. From that moment providing `--search-path=swift`
will pick up the extractor.
 2022-04-12 12:40:59 +02:00
Owen Mansel-Chan
f9f21e9891 Integer conversion should ignore type assertions 2022-04-12 10:58:07 +01:00
Erik Krogh Kristensen
e2badab251 update expected output after test reorganization 2022-04-12 10:39:28 +02:00
Erik Krogh Kristensen
ec9c308d06 reorganize the tests in CWE-020 2022-04-12 10:39:28 +02:00
Erik Krogh Kristensen
18532bae54 move js/missing-postmessageorigin-verification out of experimental 2022-04-12 10:39:27 +02:00
CodeQL CI
a43f3a21a8 Merge pull request #8550 from erik-krogh/classJoin 
Approved by asgerf
 2022-04-12 09:23:58 +01:00
Erik Krogh Kristensen
34abef8a6c Merge branch 'main' into dragAndDrop 2022-04-11 23:59:46 +02:00
bananabr
57fac949fd included ClipboardEvent and DragEvent as XSS sources 2022-04-11 16:37:00 -05:00
luchua-bc
7029802f3b Add sinks for getClass() and getClassLoader() 2022-04-11 21:03:48 +00:00
Erik Krogh Kristensen
aafa8ddc9f add support for domNode.onpaste for copy-paste events 2022-04-11 20:10:56 +02:00
Erik Krogh Kristensen
6713b2c671 add support for domNode.ondrop for drag-and-drop events 2022-04-11 20:06:12 +02:00
bananabr
121aad7fd2 updated change notes 2022-04-11 12:45:37 -05:00
Geoffrey White
cb211f8844 Merge pull request #8599 from 4B5F5F4B/main 
C++: refactor some code, and add access_ok cases
 2022-04-11 15:57:27 +01:00
Mathias Vorreiter Pedersen
e86b6b182f C++: Remove TC from 'Element.getRootCause'. 2022-04-11 15:27:10 +01:00
Bas van Schaik
c3912b2f29 Update README to clarify license explanation 2022-04-11 14:30:56 +01:00
CodeQL CI
9c8dee2a4d Merge pull request #8687 from asgerf/js/missing-flow-fixes 
Approved by erik-krogh
 2022-04-11 14:08:15 +01:00
Bas van Schaik
422255b859 Update CODEOWNERS for documentation and license 
To make sure the right people are pinged when a change like #5893 is made
 2022-04-11 12:33:23 +01:00
Marcono1234
bc5dc6ad50 Java: Remove TODO comment for getRuleExpression() behavior 
Predicate behavior has been fixed on `main`.
 2022-04-10 18:24:26 +02:00
Marcono1234
7bed14bbf0 Merge remote-tracking branch 'remotes/origin/main' into marcono1234/statement-expression 2022-04-10 18:23:45 +02:00
Marcono1234
348a186df8 Java: Make JumpStmt a concrete class again 
Public abstract classes can be error-prone, when users unintentionally
implement a new subclass instead of refining the set of existing subclasses.
 2022-04-10 17:54:47 +02:00
bananabr
0f1582f3f6 included JavaScript drag and drop API Xss sources 2022-04-09 22:33:30 -05:00
luchua-bc
eccd97c7b7 Query to detect unsafe getResource calls in Java EE applications 2022-04-09 01:14:15 +00:00
Taus
626770aaab Merge pull request #8004 from ahmed-farid-dev/ZipSlip 
Add query to detect ZipSlip
 2022-04-08 23:55:02 +02:00
Jeroen Ketema
4cfe04567f Merge pull request #8702 from jketema/command-line-sanitizer 
C++: Use `isSanitizerOut(DataFlow::Node node)` in `cpp/command-line-injection`
 2022-04-08 23:42:35 +02:00
Taus
3d14c5f3c3 Python: Update tests 
We need to import `tty` in order to be able to detect the standard library correctly.
 2022-04-08 23:20:47 +02:00
Taus
ab81247b7c Python: Fix modelling in ZipSlip.qll 
- Remove use of points-to.
- Exclude sources and sinks in the standard library (to prevent test brittleness).
 2022-04-08 23:19:41 +02:00
Taus
57beeaada0 Python: Fix name clash in CopyFile.qll 2022-04-08 23:18:03 +02:00
Taus
e1371151f9 Python: Autoformat Concepts.qll 2022-04-08 23:16:41 +02:00
Taus
8521f9a008 Python: Autoformat ZipSlip.ql 2022-04-08 23:13:38 +02:00
Taus
4b580820c8 Python: Fix broken QHelp 2022-04-08 23:12:46 +02:00
Edoardo Pirovano
b953fe39c2 Merge pull request #716 from github/edoardo/3.5-mergeback 
Merge `rc/3.5` branch into `main`
 2022-04-08 20:43:15 +01:00
Edoardo Pirovano
3d41a5cae3 Merge pull request #8704 from github/edoardo/3.5-mergeback 
Merge `rc/3.5` branch into `main`
 2022-04-08 19:32:58 +01:00
Dave Bartolomeo
e3b7ba6b1f Revert "Bump version of suite-helpers dependency" 
This reverts commit 49e568ed44.
 2022-04-08 14:06:59 -04:00
Dave Bartolomeo
49e568ed44 Bump version of suite-helpers dependency 2022-04-08 13:11:33 -04:00
Dave Bartolomeo
9f074cd8fd Bump a few more versions 
Also fixes up some dependency declarations that should have been "*" because they refer to packs in the same workspace.
 2022-04-08 13:01:41 -04:00
Geoffrey White
8d1e8e9ecb C++: Flow states and transformers. 2022-04-08 17:19:18 +01:00
Owen Mansel-Chan
f196538953 Merge pull request #714 from owen-mc/fix-get-enclosing-callable 
Extend DataFlowCallable to include file scopes
 2022-04-08 17:02:35 +01:00
Edoardo Pirovano
16c0f11c00 Bump minor version of packs 2022-04-08 15:51:34 +01:00
Edoardo Pirovano
f25618eed6 Bump minor version of all packs 2022-04-08 15:38:58 +01:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
Owen Mansel-Chan
b9ff1ccd45 Add change note 2022-04-08 15:23:24 +01:00
Ian Lynagh
3e5b5bee8a Merge pull request #8642 from github/post-release-prep/codeql-cli-2.8.5 
Post-release preparation for codeql-cli-2.8.5
 2022-04-08 15:09:21 +01:00
Ian Lynagh
6f6e8bfbd1 Merge pull request #713 from github/post-release-prep/codeql-cli-2.8.5 
Post-release preparation for codeql-cli-2.8.5
 2022-04-08 15:09:08 +01:00
Owen Mansel-Chan
76a0a51f39 Merge pull request #715 from owen-mc/print-empty-interface-with-single-space 
Pretty-print empty interface without double space
 2022-04-08 11:46:04 +01:00
Jeroen Ketema
83d35a9a96 C++: Use isSanitizerOut(DataFlow::Node node) in cpp/command-line-injection 2022-04-08 11:28:17 +02:00
annarailton
8ae905aef9 Update endpointTypeEncoded -> label 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1821
 2022-04-08 10:22:13 +01:00
annarailton
b0ab7218db Add test for query mappings 2022-04-08 10:22:13 +01:00
annarailton
4808eb9926 Change encoding -> label and description -> labelName 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1820
 2022-04-08 10:22:13 +01:00
annarailton
de4e01a8f2 Change NotASinkType to NegativeType 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1819
 2022-04-08 10:22:13 +01:00