hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 18:34:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,683 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
11b2a12392 Merge pull request #10572 from MathiasVP/add-cwe-193-fp 
C++: Add FP test for `CWE-193`
 2022-09-26 17:22:47 +01:00
Michael Nebel
40a75fdd12 Merge pull request #9406 from JarLob/controller 
Extend aspnetcore controller definition
 2022-09-26 16:34:39 +02:00
Anders Schack-Mulligen
1687d08587 Dataflow: Sync. 2022-09-26 16:10:03 +02:00
Anders Schack-Mulligen
17dba00264 Dataflow: Minor visibility cleanup. 2022-09-26 16:09:42 +02:00
Rasmus Lerchedahl Petersen
441fc1bb28 Python: type trackers to API graph 
base on new subscript in the API graph

There are a few more uses of type tracking
through `SubscriptNode`s, but these start
from an instance given by a data flow node.
 2022-09-26 15:05:50 +02:00
Jaroslav Lobačevski
57fcfd5e7d Apply suggestions from code review 2022-09-26 14:55:29 +02:00
Jaroslav Lobačevski
fa503ec3f2 Create 2022-08-24-aps-net-core-controllers.md 2022-09-26 14:55:29 +02:00
Michael Nebel
37795226a4 C#: Exclude stub implementation in test results. 2022-09-26 14:55:29 +02:00
Michael Nebel
29639a0ad5 C#: ControllerBase should still be considered a controller as we need Redirect methods to be considered sinks. 2022-09-26 14:55:29 +02:00
Michael Nebel
85eee886ac C#: Auto-format AspNetCore.ql. 2022-09-26 14:55:28 +02:00
Michael Nebel
f2ada3d547 C#: Also use using namespace as a hint to indicate that ASP.NET Core is in scope. 2022-09-26 14:55:28 +02:00
Michael Nebel
a7011e11c4 C#: Minor refactoring to avoid introducing name variable. 2022-09-26 14:55:28 +02:00
Michael Nebel
72429cb9e8 C#: Generic classes should not be considered controllers. 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
eed04696a9 Add tests 2022-09-26 14:55:28 +02:00
Octokit
f05d4b8410 failing tests 2022-09-26 14:55:28 +02:00
Octokit
fc10212e68 Add ApiController support 2022-09-26 14:55:28 +02:00
Octokit
c96b938e7d Controller is public, non-abstract, not generic class 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
853a80bdbc filter out Controller suffixed class in non asp.net projects 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
3d281fbb71 fix suffix match 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
56055bd76a Add qldoc comments 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
f27b5d5588 Fix code style warnings 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
105462a1fc Extend aspnetcore controller definition 2022-09-26 14:55:27 +02:00
Joe Farebrother
af41f2b903 Remove 'here'. 2022-09-26 13:36:14 +01:00
erik-krogh
326666ac85 update the alert-messages of csharp queries 2022-09-26 14:01:39 +02:00
Rasmus Lerchedahl Petersen
9b1ec03d70 Python: type tracking to API graph 
using the new subscript node
 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
bc963b2386 Python: subscript on API::Node 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
6114d71d3d Python: subscript on local source nodes 
and adjust comment on awaited
 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
7f610405a0 Python: move code and harmonize comments 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
69640f3c20 Python: refactor awaited 2022-09-26 13:39:59 +02:00
Michael Nebel
0581b91c32 Merge pull request #10554 from michaelnebel/csharp/datetime-sanitizer 
C#: Consider DateTime as simple type sanitizer.
 2022-09-26 13:21:36 +02:00
Mathias Vorreiter Pedersen
1c55bbe2e8 C++: Add FP for CWE-193. 2022-09-26 11:53:03 +01:00
Alex Ford
b018706afd Ruby: update rb/unsafe-deserialization tests 2022-09-26 11:28:24 +01:00
Alex Ford
06e435fd84 Ruby: remove YAML.load_file arg0 as an unsafe deserialization sink 2022-09-26 11:26:30 +01:00
erik-krogh
46b5bf32f9 update alert-messsages of java queries 2022-09-26 12:15:25 +02:00
Marcono1234
c40b6285a2 Java: Adjust ImpossibleJavadocThrows.ql 2022-09-26 12:08:43 +02:00
Anders Schack-Mulligen
f4ef4342c2 Merge pull request #10558 from aschackmull/java/static-init-vector-perf 
Java: Improve performance of StaticInitializationVector.
 2022-09-26 10:50:49 +02:00
Tom Hvitved
257bcefaf9 Merge pull request #10548 from hvitved/ruby/call-graph-tests 
Ruby: Add call graph tests for unsupported constructs
 2022-09-26 10:47:23 +02:00
Harry Maclean
fa20a476a6 Add test code 2022-09-26 20:56:11 +13:00
Harry Maclean
9f234e9f5a Ruby: Merge duplicate tests 2022-09-26 20:56:11 +13:00
Harry Maclean
7b9519fe7c Ruby: Fix import 2022-09-26 20:56:11 +13:00
Harry Maclean
7d3f9580ff Ruby: QLDoc fix 2022-09-26 20:56:11 +13:00
Harry Maclean
9f99a3ca1f Ruby: Model sanitize ActionView helper 2022-09-26 20:56:11 +13:00
Harry Maclean
9e625acd3d Ruby: QLDoc fix 2022-09-26 20:56:11 +13:00
Harry Maclean
1d693d336f Ruby: Model javascript_include_tag and friends 2022-09-26 20:56:09 +13:00
Harry Maclean
35a05f6dea Ruby: Add summaries for ActiveSupport::SafeBuffer 2022-09-26 20:55:05 +13:00
Harry Maclean
ed0c85e3af Ruby: Model ActionView helper XSS sinks 2022-09-26 20:55:04 +13:00
Chris Smowton
f9ba190812 Merge pull request #9830 from smowton/smowton/fix/kotlin-annotation-class-accessors 
Kotlin: annotation properties should be java.lang.Class not KClass
 2022-09-26 08:34:30 +01:00
Chris Smowton
2a2b939078 Lint 2022-09-25 16:48:10 +01:00
Marcono1234
fd99ae78b3 Java: Rename predicate to getATypeInScope 2022-09-25 14:44:16 +02:00
Chris Smowton
f774467892 Kotlin: annotation properties should be java.lang.Class not KClass 
As documented at https://kotlinlang.org/docs/annotations.html#constructors, annotation properties of type KClass get rewritten when targeting the JVM.
 2022-09-25 11:53:50 +01:00