hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 02:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,693 Branches 161 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
d2cc0d3925 C++: Fix annotations. 2021-07-12 11:30:43 +02:00
Erik Krogh Kristensen
bef7e61e76 add support for the fast-json-stringify library 2021-07-12 11:13:01 +02:00
Erik Krogh Kristensen
40aa970db3 add support for the strip-json-comments library 2021-07-12 11:08:50 +02:00
Erik Krogh Kristensen
23c3be6860 add support for the json-cycle library 2021-07-12 11:03:39 +02:00
Asger Feldthaus
5df961c4ed JS: Add change note 2021-07-12 10:53:41 +02:00
Erik Krogh Kristensen
94cbc4b2c0 add step through the fclone library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
f99a33598f add support for the safe-stable-stringify library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
d6300bced3 add support for the replicator library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
babf657d9d add support for the teleport-javascript library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
9261b7f859 add support for the flatted library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
1792c9a611 add taint step through the prettyjson library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
0bfff1eb7e add support for the json5 library 2021-07-12 10:51:42 +02:00
Erik Krogh Kristensen
cb3bd4901b add taint step through the json2csv library 2021-07-12 10:51:42 +02:00
edvraa
1682e993bc Merge with Main 2021-07-12 11:32:47 +03:00
Tom Hvitved
db4c8dfd3c Merge pull request #6208 from hvitved/csharp/query-modules 
C#: Add `Query` suffix to libraries that should only be imported by queries
 2021-07-12 10:26:45 +02:00
Anders Schack-Mulligen
0e913a19aa Merge pull request #6220 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-12 09:54:18 +02:00
github-actions[bot]
56419bc74b Add changed framework coverage reports 2021-07-12 00:06:55 +00:00
edvraa
40e8a900de Apply changes from code review 2021-07-12 02:08:23 +03:00
edvraa
6393dca22f Apply changes from code review 2021-07-12 01:13:41 +03:00
edvraa
3de7b280e4 AuthCookie.qll moved to experimental 2021-07-12 01:13:40 +03:00
edvraa
02f0d81830 delete unused predicate 2021-07-12 01:13:40 +03:00
edvraa
3723f7f132 comments 2021-07-12 01:13:40 +03:00
edvraa
2c9d6827ad comments 2021-07-12 01:13:40 +03:00
edvraa
74cb61a475 Autoformat 2021-07-12 01:13:40 +03:00
edvraa
65fb46af3d fix help files 2021-07-12 01:13:40 +03:00
edvraa
d0e9a01edc Rename files 2021-07-12 01:13:40 +03:00
edvraa
5c9a3d5ce7 Single Secure query 2021-07-12 01:13:39 +03:00
edvraa
07327984b0 Single HttpOnly query 2021-07-12 01:13:39 +03:00
edvraa
dea4d67ebd Extract to predicate isCookieWithSensitiveName 2021-07-12 01:13:39 +03:00
edvraa
7e723e90f1 Remove redundant iResponse.getAppendMethod() = mc.getTarget(), it is already covered by higher level exists 2021-07-12 01:13:39 +03:00
edvraa
98261a63c5 typo accessibe -> accessible 2021-07-12 01:13:39 +03:00
edvraa
89c4102462 HttpOnly and Secure cookie queries 2021-07-12 01:13:39 +03:00
Erik Krogh Kristensen
440e4b9a92 enable unicode support in the Python ReDoS query 2021-07-11 21:28:40 +02:00
Artem Smotrakov
c98f1a479e Better taint propagation in UnsafeTypeConfig 2021-07-09 10:24:15 +02:00
Artem Smotrakov
476843a278 Added comments for Jackson in UnsafeDeserialization.qll 2021-07-09 10:24:15 +02:00
Artem Smotrakov
e9731cd212 Minor improvements for Jackson in UnsafeDeserialization.qll 2021-07-09 10:24:15 +02:00
Artem Smotrakov
704cc77bb5 Added a change note for Jackson 2021-07-09 10:24:14 +02:00
Artem Smotrakov
24e4b68b9c Removed getAnAccess() calls for Jackson 2021-07-09 10:24:14 +02:00
Artem Smotrakov
aefd21075b Added tests for UnsafeDeserialization.ql and Jackson 2021-07-09 10:24:10 +02:00
Artem Smotrakov
ea0991c980 Added Jackson to UnsafeDeserialization.qhelp 2021-07-09 10:17:29 +02:00
Artem Smotrakov
97fca620fa Cover attacker-controlled types for deserialization with Jackson 2021-07-09 10:16:04 +02:00
Artem Smotrakov
3eb2af1bc2 First draft of sinks for unsafe deserialization with Jackson 2021-07-09 10:16:01 +02:00
Slavomir
66bd56f444 Don't use any() as sink 2021-07-05 13:14:56 +02:00
ihsinme
eedcb0171d Add files via upload 2021-07-05 11:14:51 +03:00
ihsinme
b10bdf1475 Add files via upload 2021-07-05 11:13:05 +03:00
haby0
e8d0827916 Add tornado source 2021-07-05 10:42:15 +08:00
Tom Hvitved
4de4753c67 C#: Remove Query.qll top-level modules 2021-07-04 09:35:27 +02:00
Tom Hvitved
c812d4e4e8 C#: Add Query suffix to libraries that should only be imported by queries 2021-07-04 09:35:26 +02:00
Taus
a65d40e36f Merge branch 'main' into python-add-typetrackingnode 2021-07-02 20:55:37 +02:00
Taus
55d822cc56 Python: Add TypeTrackingNode 
Splits `ModuleVariableNode` away from `LocalSourceNode`, instead
creating a class `TypeTrackingNode` that encapsulates both of these.

This means we no longer have module variable nodes as part of
`LocalSourceNode` (which is good, since they have no "local" aspect to
them), and hence we can have `LocalSourceNode` inherit directly from
`ExprNode` (which makes the API a bit nicer).

Unfortunately these are breaking changes, so we can't actually fulfil
the above two desiderata until the `track` and `backtrack` methods on
`LocalSourceNode` have been fully deprecated. For this reason, we
preserve the present implementation of `LocalSourceNode`, and instead
lay the foundation for switching over in the future, by deprecating
`track` and `backtrack` on `LocalSourceNode`.
 2021-07-02 18:00:33 +00:00