codeql

mirror of https://github.com/github/codeql.git synced 2026-02-09 19:51:07 +01:00

Author	SHA1	Message	Date
Sauyon Lee	0151cd4f2e	Document SourceOrSinkElement	2021-12-07 07:39:22 -05:00
Sauyon Lee	0b50b7b2b1	Make DataFlowCallable either a Function or a FuncLit	2021-12-07 07:39:21 -05:00
Sauyon Lee	3ac2a50497	Update test output	2021-12-07 07:39:21 -05:00
Owen Mansel-Chan	763861bef9	Keep call to defaultTaintSanitizerGuard	2021-12-07 07:39:21 -05:00
Sauyon Lee	e41d609921	Use newtype for SourceOrSinkElement	2021-12-07 07:39:20 -05:00
Sauyon Lee	9bfe1c94b3	autoformat	2021-12-07 07:39:20 -05:00
Sauyon Lee	16371ac488	Add support for summary elements	2021-12-07 07:39:19 -05:00
Sauyon Lee	96c58b58dd	Add EmptyInterfaceType	2021-12-07 07:39:19 -05:00
Sauyon Lee	26d00f1d5b	Move basicLocalFlowsStep to DataFlowPrivate	2021-12-07 07:39:19 -05:00
Sauyon Lee	3098a4ef16	Qualify uses and add imports in DataFlowNodes	2021-12-07 07:39:18 -05:00
Sauyon Lee	93f2569f1d	Refactor data-flow nodes	2021-12-07 07:39:18 -05:00
Sauyon Lee	9ceda08d13	Sync dataflow libraries	2021-12-07 07:39:12 -05:00
Tom Hvitved	4d797d6b3d	Merge pull request #7324 from github/hmac/empty-else-cfg Ruby: Include empty StmtSequences in CFG	2021-12-07 13:19:15 +01:00
Philip Ginsbach	da43984ba4	fix dependency cycle by removing superfluous classes	2021-12-07 11:59:04 +00:00
Geoffrey White	b82425a35c	C++: Add various new test cases.	2021-12-07 11:58:56 +00:00
Geoffrey White	2d4a2e0d44	C++: Test spacing.	2021-12-07 11:58:06 +00:00
Rasmus Wriedt Larsen	ee23799a59	Merge pull request #7319 from RasmusWL/js-cwe-328 JS: Tag queries with CWE-328	2021-12-07 11:40:33 +01:00
Anders Schack-Mulligen	6c739b67fa	Merge pull request #7318 from RasmusWL/java-cwe-328 Java: Tag queries with CWE-328	2021-12-07 11:39:48 +01:00
Asger Feldthaus	23480b2d8f	JS: Remove stray TODO	2021-12-07 10:49:14 +01:00
Asger F	614c80706f	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2021-12-07 10:48:44 +01:00
Asger Feldthaus	5559681916	JS: Change note	2021-12-07 10:46:18 +01:00
Asger Feldthaus	635ac0a209	JS: Fix perf issue in data flow step generation	2021-12-07 10:46:18 +01:00
Asger Feldthaus	da8e67b7ee	JS: Use routing trees to detect deeply tainted req.body	2021-12-07 10:46:18 +01:00
Asger Feldthaus	7492293c5b	JS: Add test with route handler indirection	2021-12-07 10:46:18 +01:00
Asger Feldthaus	3cbe94ac0a	JS: Add consistency checks to TemplateObjectInjection test	2021-12-07 10:46:18 +01:00
Asger Feldthaus	64db70f3ac	JS: Add explicit body-parsers to TemplateObjectInjection test	2021-12-07 10:46:18 +01:00
Asger Feldthaus	8af430d40f	JS: Shift line numbers in TemplateObjectInjection test	2021-12-07 10:46:17 +01:00
Asger Feldthaus	5f8ea3965d	JS: Do not flag auth endpoints that are immune to Login CSRF	2021-12-07 10:46:17 +01:00
Asger Feldthaus	66b1612e5e	JS: Treat non-cookie based auth as CSRF preventer	2021-12-07 10:46:17 +01:00
Asger Feldthaus	b73219392b	JS: Improve precision of missing CSRF middleware	2021-12-07 10:46:17 +01:00
Asger Feldthaus	d0e94e655d	JS: Exclude error handling from auth calls	2021-12-07 10:46:17 +01:00
Asger Feldthaus	400bf10cc3	JS: Move fastify-specific route handler step into extension point	2021-12-07 10:46:17 +01:00
Asger Feldthaus	71820569e1	JS: Instantiate for Fastify	2021-12-07 10:46:15 +01:00
Asger Feldthaus	cfb9265f0a	JS: Add template steps for res.locals.x	2021-12-07 10:44:53 +01:00
Asger Feldthaus	5269933461	JS: Port missing rate limiting query	2021-12-07 10:44:19 +01:00
Asger Feldthaus	389a3c9073	JS: Port CSRF query	2021-12-07 10:43:06 +01:00
Asger Feldthaus	16fa066636	JS: Fix false negative in Mongo model	2021-12-07 10:43:05 +01:00
Asger Feldthaus	3dd5d4d7b4	JS: Instantiate for Express and add tests	2021-12-07 10:43:03 +01:00
Erik Krogh Kristensen	3ebf1e3c13	Add codeql-go sources (`894102defd`)	2021-12-07 10:42:38 +01:00
Erik Krogh Kristensen	a3d11c61a8	QL: Add codeql-go sources (`894102defd`)	2021-12-07 10:42:38 +01:00
Erik Krogh Kristensen	d852b28653	Add codeql sources (`3c59aa319e`)	2021-12-07 10:42:34 +01:00
Erik Krogh Kristensen	44c3787457	QL: Add codeql sources (`3c59aa319e`)	2021-12-07 10:42:34 +01:00
Asger Feldthaus	aae4260819	JS: Routing model	2021-12-07 10:41:55 +01:00
Asger Feldthaus	e9575c3df6	JS: Support AdditionalUseStep in API graphs	2021-12-07 10:41:52 +01:00
Erik Krogh Kristensen	3c59aa319e	Merge pull request #7245 from erik-krogh/explicit-this-all-the-places All langs: apply the explicit-this patch to all remaining code	2021-12-07 10:40:26 +01:00
Taus	7cd9369d91	Python: Autoformat	2021-12-07 09:29:24 +00:00
Taus	33a9f86f54	Python: Change integer in `trois.py`	2021-12-07 08:54:07 +00:00
Taus	dd33f4f4d2	Python: Apply suggestions from code review Co-authored-by: yoff <lerchedahl@gmail.com>	2021-12-07 09:48:53 +01:00
Harry Maclean	6f42153eac	Ruby: Include empty StmtSequences in CFG Empty StmtSequences appear, for example, in the `else` branch of `if` statements like the following: foo if cond bar else end baz Before this change, the CFG for this code would look like this: foo │ │ ▼ cond │ true │ ▼ bar │ │ ▼ if │ │ ▼ baz i.e. there is linear flow through the condition, the `then` branch, and out of the if. This doesn't account for the possibility that the condition is false and `bar` is not executed. After this change, the CFG looks like this: foo │ │ ▼ cond │ │ true │ │ false ▼ │ bar │ │ │ │ │ ▼ ▼ if │ │ ▼ baz i.e. we correctly account for the `false` condition.	2021-12-07 16:01:50 +13:00
Geoffrey White	4e68a4670b	Merge pull request #7322 from MathiasVP/fix-performance-of-unused-static-functions C++: Fix performance of 'cpp/unused-static-function'.	2021-12-06 17:30:51 +00:00

... 188 189 190 191 192 ...

42524 Commits