hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 09:48:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,720 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
monkey-junkie
056566ecc1 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:05:01 +03:00
monkey-junkie
3a4ea82ae2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:02:46 +03:00
james
292f07d1fd docs: update further reading sections 2020-05-05 09:59:25 +01:00
monkey-junkie
8310c96b97 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:59:06 +03:00
james
49280ed893 docs: add further reading reusables 2020-05-05 09:59:02 +01:00
monkey-junkie
25df6e1664 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:49 +03:00
monkey-junkie
700a070a15 Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjection.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:40 +03:00
monkey-junkie
d8fb552097 Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjectionSafe.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:28 +03:00
Esben Sparre Andreasen
304b013f88 JS: query and tests for unsafe HTML expansion 2020-05-05 10:32:16 +02:00
Rasmus Wriedt Larsen
affca1a728 Python: Add test-cases using keyword arguments for builtin function 2020-05-05 10:26:25 +02:00
Geoffrey White
a70f534458 Sync identical files. 2020-05-05 09:18:05 +01:00
Rasmus Wriedt Larsen
dfe7c8270b Python: Clean up trailing whitespace 2020-05-05 09:55:09 +02:00
Rasmus Wriedt Larsen
87d7738b6e Python: Expand QLDoc for get[Named]ArgumentForCall 2020-05-05 09:54:54 +02:00
Erik Krogh Kristensen
4b8b0cb379 update expected output 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
7af19559d4 add test case for location.split("?")[0] for DomBasedXss 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
4dcf944ccd use StringSplitCall in TaintedPath 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
22ec12b130 use split("?")[0] sanitizer is both DomBasedXSS and ClientSideUrlRedirect 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
89f45372d1 introduce StringSplitCall and use it 2020-05-05 09:13:15 +02:00
Rasmus Wriedt Larsen
061bbb82f5 Python: Restructure getNamedArgumentForCall 
So it matches the structure of getArgumentForCall -- call.getArgByName first!
 2020-05-05 09:00:55 +02:00
Cornelius Riemenschneider
264763080e Autoformat, address review. 2020-05-05 08:52:52 +02:00
John Doe
337be9c2e0 ssti query and help updated 2020-05-05 03:58:29 +03:00
John Doe
09922e5bb4 Merge branch 'master' of github.com:monkey-junkie/codeql 2020-05-05 03:44:23 +03:00
John Doe
895aa622bf ssti updated 2020-05-05 03:37:43 +03:00
monkey-junkie
cd18842aa5 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 02:15:58 +03:00
monkey-junkie
a60660617f Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 02:15:00 +03:00
Rasmus Wriedt Larsen
838106d49c Python: Refactor get[Named]ArgumentForCall 
Also fixed a bug for BoundMethodValue, as highlighted in the expected diff 👍
 2020-05-04 20:51:23 +02:00
Rasmus Wriedt Larsen
bc92c26e12 Python: Add BoundMethodValue 2020-05-04 20:51:12 +02:00
Rasmus Wriedt Larsen
96fdb7a5b6 Python: Add tests for getParameter[byName] 
These already have results for BoundMethodValue, although

1) it's a bit strange that `getParameter(-1)` has results
2) why does `Method(Function C.n, class C)` exists? this would only be relevant
if `n` was a classmethod, but it isn't. It's not a problem that it exsits per
se, but curious.
 2020-05-04 20:51:04 +02:00
Rasmus Wriedt Larsen
e9859ad96d Python: Fix getArgumentForCall when using keyword arguments 
Yikes :|
 2020-05-04 20:50:56 +02:00
Rasmus Wriedt Larsen
acb506db21 Python: Add test for getNamedArgumentForCall 
and rename the one for getArgumentForCall
 2020-05-04 20:50:32 +02:00
Rasmus Wriedt Larsen
9ec32ee1c1 Python: Add test-cases using keyword arguments 2020-05-04 20:50:19 +02:00
Rasmus Wriedt Larsen
fc0b0221f0 Python: Add test-cases for BuiltinFunction and BuiltinMethod 2020-05-04 20:50:14 +02:00
Rasmus Wriedt Larsen
f624754390 Python: Use Value in GetACAll test 
That was not possible when using the old Object-API, but in Value-API getACall
is defined on all Values.
 2020-05-04 20:50:06 +02:00
Rasmus Wriedt Larsen
06b67e0d32 Python: Modernise test/library-tests/PointsTo/calls/* 2020-05-04 20:49:57 +02:00
Rasmus Wriedt Larsen
a5289bd708 Python: Use Object in CallRefersTo test 
Since other things than FunctionObject can be called ;)
 2020-05-04 20:49:47 +02:00
Rasmus Wriedt Larsen
7b8b4af6d2 Python: Add test for call.getFunction().refersTo 
Showing that
`call.getFunction().refersTo(func)` gives different results from
`call = func.getACall()`
 2020-05-04 20:49:19 +02:00
Geoffrey White
511d7c9199 C++: Improve solution for UsingDeclarationEntry. 2020-05-04 18:01:29 +01:00
Geoffrey White
3d431607e7 C++: Combine the usings tests and add detail about classes. 2020-05-04 17:48:42 +01:00
Geoffrey White
9fc37d174e C++: Update the 'usings' tests. 2020-05-04 17:46:26 +01:00
Erik Krogh Kristensen
eb7e0d6a62 still flag single-expression files that contain a function 2020-05-04 18:37:26 +02:00
Jason Reed
c34fa840a2 Python: Use NiceLocationExpr::hasLocationInfo for ide jump-to-def 2020-05-04 11:36:54 -04:00
Max Schaefer
e632c75de3 Add support for taint models involving "backwards" taint propagation from results to arguments. 2020-05-04 16:36:38 +01:00
Max Schaefer
5e8e51993e Simplify SmtpData. 2020-05-04 16:36:38 +01:00
Max Schaefer
5b0c48e332 Add taint models for fmt.Fprintf and io.WriteString. 2020-05-04 16:36:38 +01:00
Max Schaefer
d0e8d6efda Fix post-update nodes for function arguments. 2020-05-04 16:36:38 +01:00
Jason Reed
b0f72ebb56 Python: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for python source archives.
 2020-05-04 11:27:30 -04:00
Nick Rolfe
ae913fbf56 C++: update expected output to include field attribute 2020-05-04 16:17:59 +01:00
Calum Grant
a01ef83312 Merge pull request #3270 from hvitved/csharp/dataflow/library-field-flow 
C#: Field-sensitive summaries for library code
 2020-05-04 16:11:18 +01:00
Mathias Vorreiter Pedersen
a98135093f Merge pull request #3400 from jbj/fieldFlow-join-order 
C++: Fix fieldFlow join order
 2020-05-04 17:07:55 +02:00
Max Schaefer
b1899374b9 Merge pull request #126 from max-schaefer/new-style-change-notes 
Switch to new-style change notes.
 2020-05-04 15:42:24 +01:00