hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 19:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
c514282d4a Merge pull request #8255 from tausbn/python-nomagic-pattern-getcase 
Python: Prevent magic/inlining in `getCase`
 2022-03-04 10:53:20 +01:00
Tom Hvitved
c49ed559d6 Update csharp/ql/lib/change-notes/2022-03-03-recursive-qltest-extraction.md 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-03-04 10:49:42 +01:00
Rasmus Wriedt Larsen
ef045a6789 Python: Fix typo in set_default_parser 2022-03-04 10:18:30 +01:00
Rasmus Wriedt Larsen
1a9620a87a Python: Add conditional assignment check for sax parser 2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
f0131afc54 Python: Fix huge_tree modeling 2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
d6cbfec434 Python: huge_tree tests were wrong 
Nice spotted @jorgectf!
 2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
3cd165d5b7 Python: Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2022-03-04 10:15:50 +01:00
Arthur Baars
cd5c71e85e Ruby: cache regExpSource/1 instead of isInterpretedAsRegExp 2022-03-04 10:15:22 +01:00
Erik Krogh Kristensen
934e06ca3b fix mistake in argumentPassing. The type-tracking was not required to be in an end state 2022-03-04 09:49:42 +01:00
Jonathan Leitschuh
7ab193dde2 Add System.getProperties().getProperty support 2022-03-03 20:08:38 -05:00
Jorge
683c2fa825 Apply suggestions from code review 2022-03-04 01:02:56 +01:00
Ahmed Farid
be7c619ca8 Update zipslip_bad.py 2022-03-04 00:48:45 +01:00
Dave Bartolomeo
952e495ef5 New SemanticExpr implementation 
Cleans up SignAnalysis to reduce need for language-specific enhancements
 2022-03-03 18:18:58 -05:00
Jonathan Leitschuh
04cd0dbfe9 [Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue 2022-03-03 18:08:17 -05:00
Jonathan Leitschuh
31527a67e5 Refactor OS Checks & SystemProperty logic from review feedback 2022-03-03 17:15:35 -05:00
Jonathan Leitschuh
103c770ce7 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-03-03 16:39:45 -05:00
Rasmus Wriedt Larsen
3f6c55e8ae Python: Rename vulnerable predicate => vulnerableTo 2022-03-03 22:09:31 +01:00
Rasmus Wriedt Larsen
0d69dc854c Python: Minor qldoc improvement 2022-03-03 22:06:26 +01:00
Rasmus Wriedt Larsen
837daaae3b Python: Remove XMLParser concept 2022-03-03 22:04:48 +01:00
Rasmus Wriedt Larsen
df8e0fce68 Python: Minor fixup of qldoc 2022-03-03 22:02:48 +01:00
ihsinme
467136c173 Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:44 +03:00
ihsinme
77bc26681d Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:26 +03:00
Rasmus Wriedt Larsen
c0a6f9f3fd Python: Restructure lxml modeling 
and handle parser being passed as positional argument
 2022-03-03 22:00:55 +01:00
Rasmus Wriedt Larsen
c0a2c25f5a Python: Restructure modeling of xml.etree parsers 2022-03-03 21:59:34 +01:00
Rasmus Wriedt Larsen
a033b71eaf Python: Align QLdocs of XML modeling 2022-03-03 21:34:46 +01:00
Rasmus Wriedt Larsen
de0e67f327 Python: Restructure overall XML modeling 2022-03-03 21:31:15 +01:00
Rasmus Wriedt Larsen
46238d5ea0 Python: Add test for XMLPullParser 
But handling this in a nice way will require some restructuring
 2022-03-03 21:28:46 +01:00
Rasmus Wriedt Larsen
33ebcdf437 Python: Support feed method of lxml/xml.etree Parsers 2022-03-03 21:26:24 +01:00
Rasmus Wriedt Larsen
f72f673e7e Python: Update XmlEntityInjection.expected 
I had forgotten about this, but better late than never... also added a
small representative test
 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
3278793972 Python: Handle more functions and kw-args 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
2451123c67 Python: Move XML PoC to new test dir 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
c739ae40b6 Python: Port xmltodict tests 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
0b12d91817 Python: Port xml.sax tests 2022-03-03 21:18:18 +01:00
Harry Maclean
1181779c10 Merge pull request #7920 from github/hmac/string-flow-summaries 
Ruby: Add String flow summaries
 2022-03-04 09:09:19 +13:00
Rasmus Wriedt Larsen
5fb4c4d152 Python: Port xml.etree tests 2022-03-03 20:51:02 +01:00
Robert Marsh
60532e631e C++: fix missing paren 2022-03-03 14:45:43 -05:00
Rasmus Wriedt Larsen
a7134cac2e Python: Port xml.dom tests 2022-03-03 20:39:56 +01:00
Rasmus Wriedt Larsen
faebaee141 Python: Use concept tests for XML Parsing 
I was loosing my mind from looking through those .expected files

Just going to take it one file at time, to make reviewing easier
 2022-03-03 20:36:51 +01:00
Rasmus Wriedt Larsen
4b03f5c724 Python: Rename xml.sax test for consistency 2022-03-03 19:39:32 +01:00
Rasmus Wriedt Larsen
7cda901da2 Python: Add separate query for SimpleXMLRPCServer 
This was a rough quick-n-dirty query, and should get some qhelp as well at some point.
 2022-03-03 19:35:33 +01:00
ihsinme
5d1dee24d4 Create ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 20:04:54 +03:00
ihsinme
7b3546ea30 Create ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 20:04:17 +03:00
ihsinme
625f74e9be Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test2.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test3/test.cpp 2022-03-03 20:01:24 +03:00
ihsinme
8eec20644f Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test1.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test2/test.cpp 2022-03-03 20:00:54 +03:00
ihsinme
6e951f74ed Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/test.cpp 2022-03-03 20:00:18 +03:00
ihsinme
9c04bd12f5 Update and rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.expected to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-03 19:59:36 +03:00
ihsinme
e1c1f80f28 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.qlref to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 19:58:16 +03:00
ihsinme
b32be69e0a Update DangerousUseOfTransformationAfterOperation.expected 2022-03-03 19:55:30 +03:00
Rasmus Wriedt Larsen
9406a972cd Python: Fix vuln detection for xml.minidom with parser arg 2022-03-03 17:52:11 +01:00
Rasmus Wriedt Larsen
5a652480b1 Python: Annotate xml.dom tests 2022-03-03 17:37:25 +01:00