hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
c9b9751894 QL: Add NodeNumbering library 2022-04-12 15:24:52 +02:00
Asger Feldthaus
60a22b71b4 QL: Remove redundant union part 2022-04-12 15:24:48 +02:00
Asger Feldthaus
f02912bdf5 QL: Add VarDef.getAnAccess 2022-04-12 15:24:45 +02:00
Asger Feldthaus
85403cd4de QL: Fix up parent-child relation in tree 2022-04-12 15:24:42 +02:00
Erik Krogh Kristensen
df295e69d6 add change-note 2022-04-12 14:37:51 +02:00
Erik Krogh Kristensen
bca4d14129 rename files 2022-04-12 14:37:43 +02:00
Erik Krogh Kristensen
591fcda862 various improvements to the js/missing-origin-verification query 2022-04-12 14:20:41 +02:00
Erik Krogh Kristensen
2d6d304d7c add InclusionTest to PostMessageEventSanitizer 2022-04-12 14:12:36 +02:00
Chris Smowton
a8eeef6ef8 Merge pull request #718 from owen-mc/fix-incorrect-integer-conversion-for-type-assertions 
Integer conversion should ignore type assertions
 2022-04-12 12:44:43 +01:00
Paolo Tranquilli
f2f99611bd .gitignore CLion project files 2022-04-12 12:41:00 +02:00
Paolo Tranquilli
a205b465ba Bazel: reorganization 
* fixed 5.0.0 as bazel version
* made dependencies better loadable
* moved `//swift/install` to `//swift:create-extractor-pack` (following
  the clearer ruby naming)
* renamed `extractor_pack` to `extractor-pack` for consistency with Ruby
 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
13b2442fed Bazel: code reorganization 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
664d5ba0a9 Swift: moved install to a separate package 
When importing the workspace from semmle-code, we do not need nor want
to instantiate `@util`, so that must be in a separate bazel package.
 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
95dbf2d666 Swift: first skeleton extractor 
This adds a first dummy extractor for swift.

Running `bazel run //swift:install` will create an `extractor_pack`
directory in `swift`. From that moment providing `--search-path=swift`
will pick up the extractor.
 2022-04-12 12:40:59 +02:00
Owen Mansel-Chan
f9f21e9891 Integer conversion should ignore type assertions 2022-04-12 10:58:07 +01:00
Erik Krogh Kristensen
e2badab251 update expected output after test reorganization 2022-04-12 10:39:28 +02:00
Erik Krogh Kristensen
ec9c308d06 reorganize the tests in CWE-020 2022-04-12 10:39:28 +02:00
Erik Krogh Kristensen
18532bae54 move js/missing-postmessageorigin-verification out of experimental 2022-04-12 10:39:27 +02:00
CodeQL CI
a43f3a21a8 Merge pull request #8550 from erik-krogh/classJoin 
Approved by asgerf
 2022-04-12 09:23:58 +01:00
Erik Krogh Kristensen
34abef8a6c Merge branch 'main' into dragAndDrop 2022-04-11 23:59:46 +02:00
bananabr
57fac949fd included ClipboardEvent and DragEvent as XSS sources 2022-04-11 16:37:00 -05:00
luchua-bc
7029802f3b Add sinks for getClass() and getClassLoader() 2022-04-11 21:03:48 +00:00
Erik Krogh Kristensen
aafa8ddc9f add support for domNode.onpaste for copy-paste events 2022-04-11 20:10:56 +02:00
Erik Krogh Kristensen
6713b2c671 add support for domNode.ondrop for drag-and-drop events 2022-04-11 20:06:12 +02:00
bananabr
121aad7fd2 updated change notes 2022-04-11 12:45:37 -05:00
Geoffrey White
cb211f8844 Merge pull request #8599 from 4B5F5F4B/main 
C++: refactor some code, and add access_ok cases
 2022-04-11 15:57:27 +01:00
Mathias Vorreiter Pedersen
e86b6b182f C++: Remove TC from 'Element.getRootCause'. 2022-04-11 15:27:10 +01:00
Bas van Schaik
c3912b2f29 Update README to clarify license explanation 2022-04-11 14:30:56 +01:00
CodeQL CI
9c8dee2a4d Merge pull request #8687 from asgerf/js/missing-flow-fixes 
Approved by erik-krogh
 2022-04-11 14:08:15 +01:00
Bas van Schaik
422255b859 Update CODEOWNERS for documentation and license 
To make sure the right people are pinged when a change like #5893 is made
 2022-04-11 12:33:23 +01:00
Marcono1234
bc5dc6ad50 Java: Remove TODO comment for getRuleExpression() behavior 
Predicate behavior has been fixed on `main`.
 2022-04-10 18:24:26 +02:00
Marcono1234
7bed14bbf0 Merge remote-tracking branch 'remotes/origin/main' into marcono1234/statement-expression 2022-04-10 18:23:45 +02:00
Marcono1234
348a186df8 Java: Make JumpStmt a concrete class again 
Public abstract classes can be error-prone, when users unintentionally
implement a new subclass instead of refining the set of existing subclasses.
 2022-04-10 17:54:47 +02:00
bananabr
0f1582f3f6 included JavaScript drag and drop API Xss sources 2022-04-09 22:33:30 -05:00
luchua-bc
eccd97c7b7 Query to detect unsafe getResource calls in Java EE applications 2022-04-09 01:14:15 +00:00
Taus
626770aaab Merge pull request #8004 from ahmed-farid-dev/ZipSlip 
Add query to detect ZipSlip
 2022-04-08 23:55:02 +02:00
Jeroen Ketema
4cfe04567f Merge pull request #8702 from jketema/command-line-sanitizer 
C++: Use `isSanitizerOut(DataFlow::Node node)` in `cpp/command-line-injection`
 2022-04-08 23:42:35 +02:00
Taus
3d14c5f3c3 Python: Update tests 
We need to import `tty` in order to be able to detect the standard library correctly.
 2022-04-08 23:20:47 +02:00
Taus
ab81247b7c Python: Fix modelling in ZipSlip.qll 
- Remove use of points-to.
- Exclude sources and sinks in the standard library (to prevent test brittleness).
 2022-04-08 23:19:41 +02:00
Taus
57beeaada0 Python: Fix name clash in CopyFile.qll 2022-04-08 23:18:03 +02:00
Taus
e1371151f9 Python: Autoformat Concepts.qll 2022-04-08 23:16:41 +02:00
Taus
8521f9a008 Python: Autoformat ZipSlip.ql 2022-04-08 23:13:38 +02:00
Taus
4b580820c8 Python: Fix broken QHelp 2022-04-08 23:12:46 +02:00
Edoardo Pirovano
b953fe39c2 Merge pull request #716 from github/edoardo/3.5-mergeback 
Merge `rc/3.5` branch into `main`
 2022-04-08 20:43:15 +01:00
Edoardo Pirovano
3d41a5cae3 Merge pull request #8704 from github/edoardo/3.5-mergeback 
Merge `rc/3.5` branch into `main`
 2022-04-08 19:32:58 +01:00
Dave Bartolomeo
e3b7ba6b1f Revert "Bump version of suite-helpers dependency" 
This reverts commit 49e568ed44.
 2022-04-08 14:06:59 -04:00
Dave Bartolomeo
49e568ed44 Bump version of suite-helpers dependency 2022-04-08 13:11:33 -04:00
Dave Bartolomeo
9f074cd8fd Bump a few more versions 
Also fixes up some dependency declarations that should have been "*" because they refer to packs in the same workspace.
 2022-04-08 13:01:41 -04:00
Geoffrey White
8d1e8e9ecb C++: Flow states and transformers. 2022-04-08 17:19:18 +01:00
Owen Mansel-Chan
f196538953 Merge pull request #714 from owen-mc/fix-get-enclosing-callable 
Extend DataFlowCallable to include file scopes
 2022-04-08 17:02:35 +01:00