hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 09:11:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
326dfa5bc2 C++: Add test cases. 2022-02-23 18:37:58 +00:00
Chris Smowton
3167a67e65 Fix typo 2022-02-23 18:19:11 +00:00
Chris Smowton
01db73bfc7 Merge pull request #5935 from porcupineyhairs/javaSstiNew 
Java : Add SSTI query
 2022-02-23 17:30:02 +00:00
Dave Bartolomeo
02bf008610 Fix formatting 2022-02-23 12:18:27 -05:00
Mathias Vorreiter Pedersen
8900f6c043 C++: Add comment about ir re-evaluation. 2022-02-23 17:12:05 +00:00
Mathias Vorreiter Pedersen
033edc24f4 C++: Respond to review comments. 2022-02-23 16:23:49 +00:00
Mathias Vorreiter Pedersen
fd83f3a999 Merge pull request #8209 from jketema/ir-structured-bindings-tests 
C++: Add IR structured binding tests
 2022-02-23 16:09:40 +00:00
Chris Smowton
7b425a80bc Note path query expectations 2022-02-23 16:02:54 +00:00
Rasmus Wriedt Larsen
aeba497832 Merge pull request #7735 from yoff/python/promote-log-injection 
Python: promote log injection
 2022-02-23 16:21:12 +01:00
Jeroen Ketema
99dd049c1b Add IR test for tuple structured bindings 2022-02-23 16:15:19 +01:00
Jeroen Ketema
caf0f28547 Add IR test for data member structured bindings 2022-02-23 15:55:19 +01:00
Taus
3ce7d47b5b Merge pull request #7452 from jorgectf/python_jwt 
Python: Add Python_JWT to JWT security query
 2022-02-23 15:23:20 +01:00
Jeroen Ketema
ec2567b64b Add IR test for array structured bindings 2022-02-23 15:10:10 +01:00
Chris Smowton
a8fe10f353 Java template injection query: import pathgraph 2022-02-23 13:47:24 +00:00
Asger Feldthaus
f1bfb31403 Shared: fix typo in a comment 2022-02-23 14:13:41 +01:00
Asger Feldthaus
bb9348d77f Ruby: reject ArrayElement[-n] instead of interpreting it as ArrayElement[?] 2022-02-23 14:13:41 +01:00
Asger Feldthaus
a11c6f0f8e Ruby: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
efec348eb3 Java: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
9cff065dca C#: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
5cab737ef1 Shared: sync AccessPathSyntax.qll 2022-02-23 14:13:40 +01:00
Asger Feldthaus
abd4933d6c Shared: move numeric parsing into AccessPathSyntax.qll 2022-02-23 14:13:37 +01:00
Mathias Vorreiter Pedersen
4b03778938 Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-02-23 13:10:29 +00:00
Rasmus Wriedt Larsen
b17c769257 Python: Remove accidental "foo" snippet 2022-02-23 13:30:56 +01:00
Rasmus Wriedt Larsen
5626427ea5 Python: Add "debug partial flow" snippet 2022-02-23 13:30:56 +01:00
CodeQL CI
7d55771092 Merge pull request #8150 from asgerf/js/prep-sharing-api-graph-mad 
Approved by erik-krogh
 2022-02-23 11:59:31 +00:00
CodeQL CI
62ee8fce3a Merge pull request #8186 from asgerf/js/request-forgery-docs-followup 
Approved by esbena, hubwriter
 2022-02-23 11:46:37 +00:00
Stephan Brandauer
a664e02d04 Merge pull request #8014 from kaeluka/js/functionality-from-untrusted-source 
JS: Functionality from untrusted sources query (CWE-830)
 2022-02-23 12:45:31 +01:00
Chris Smowton
50d9945625 Autoformat 2022-02-23 11:41:23 +00:00
Mathias Vorreiter Pedersen
53299d61eb C++: Add more tests. 2022-02-23 11:38:01 +00:00
Mathias Vorreiter Pedersen
c8f940124f C++: Respond to review comments. 2022-02-23 11:17:12 +00:00
Chris Smowton
476997a599 Replace more non-breaking spaces 2022-02-23 11:02:17 +00:00
Stephan Brandauer
1ed71e15f3 apply docreview feedback 2022-02-23 11:21:22 +01:00
Michael Nebel
20f71110ef C#: Add change note for compression extractor option. 2022-02-23 11:02:28 +01:00
Tony Torralba
f011bbc92c Merge pull request #8055 from luchua-bc/java/unsafe-url-forward-with-shared-lib 
CWE-552: Switch to the shared PathSanitizer library
 2022-02-23 11:00:23 +01:00
Stephan Brandauer
517d6969e1 Merge pull request #8171 from kaeluka/js/update-atm-query-docs-for-nosql-sql-injection 
update ATM NosqlInjection and SqlInjection query docs
 2022-02-23 10:54:37 +01:00
Asger Feldthaus
22ba43fff6 JS: Minor fixup in the client-side request forgery qhelp 2022-02-23 10:54:26 +01:00
Erik Krogh Kristensen
203212657e recognize modules imported by AMD imports as library inputs 2022-02-23 10:39:45 +01:00
Mathias Vorreiter Pedersen
8b7214621b Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.qhelp 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-02-23 09:38:30 +00:00
Mathias Vorreiter Pedersen
8e0f354c2c Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.cpp 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-02-23 09:38:06 +00:00
Mathias Vorreiter Pedersen
862ebefbad Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-02-23 09:33:58 +00:00
Mathias Vorreiter Pedersen
dda85bf234 Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-02-23 09:33:52 +00:00
Stephan Brandauer
c17d8b145a Merge pull request #8054 from asgerf/js/split-request-forgery 
JS: split request forgery query into server-side and client-side variants
 2022-02-23 10:27:16 +01:00
Michael Nebel
837b91b31e C#: Make TrapCompression setter private. 2022-02-23 10:12:56 +01:00
Michael Nebel
68b85900b7 C#: Remove old way of providing compression parameter. 2022-02-23 09:39:13 +01:00
Michael Nebel
a04aa1f05d C#: Add unit test(s). 2022-02-23 09:39:13 +01:00
Michael Nebel
6176b64907 C#: Add support to the extractor for getting the compression extractor option. 2022-02-23 09:39:13 +01:00
Michael Nebel
bca479c2f3 C#: Add extractor option 'compression'. 2022-02-23 09:39:13 +01:00
Mathias Vorreiter Pedersen
31a204a5d9 Merge pull request #8174 from jketema/hinding-cleanup 
C++: Simplify `cpp/declaration-hides-variable`
 2022-02-23 08:27:59 +00:00
Esben Sparre Andreasen
58e0d54744 Merge pull request #8168 from github/esbena/hapi-reflected-xss 
JS: model hapi handler returns as reflected-xss sinks
 2022-02-23 08:53:15 +01:00
jorgectf
4aa1c0a11e Update .expected 2022-02-23 00:55:39 +01:00