hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-12 06:00:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,239 Commits 1,680 Branches 158 Tags
codeql-cli/v2.15.2
Commit Graph

60239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
05cb429635 Swift: Add CfgConsistency.expected. 2023-07-17 15:59:18 +01:00
Robert Marsh
ef9376d39c Swift: more ArrayContent tests 2023-07-17 14:58:40 +00:00
Mathew Payne
6ef55aa14f Update python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-07-17 15:44:38 +01:00
Geoffrey White
70a9fe3974 Swift: Change note. 2023-07-17 15:42:56 +01:00
Geoffrey White
eca2c21af5 Swift: Model referrerURL. 2023-07-17 15:42:51 +01:00
Geoffrey White
bc4724b1fb Swift: Test the customurlschemes fields that inherit taint. 2023-07-17 15:39:02 +01:00
Ian Lynagh
8a0286ec34 Java: Improve the diagnostics consistency query 
Diagnostics can be easier to read if you see them in the order in which
they were generated. By selecting the compilation and indexes, they get
sorted by the testsuite driver.

d.getCompilationInfo(c, f, i) would be a bit more natural as
d = c.getDiagnostic(f, i), but currently we don't import Diagnostic into
the default ('import java') namespace, and I don't think it's worth
changing that for this.
 2023-07-17 15:37:05 +01:00
Geoffrey White
869ad2eb65 Apply suggestions from code review 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2023-07-17 15:17:24 +01:00
Max Schaefer
9432fec612 JavaScript: Improve qhelp for js/server-crash. 
The examples now use `fs.access` instead of the deprecated `fs.exists`. I have also rewritten the async/await example, since as of Node.js v15 the default behaviour for uncaught exceptions has changed to terminating the process instead of logging a warning, making the previous advice incorrect.
 2023-07-17 14:44:23 +01:00
Alex Ford
27ee72c265 Merge remote-tracking branch 'origin/main' into rb/rack-env-query-string 2023-07-17 14:11:25 +01:00
Alex Ford
06aefe01b8 Update ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-07-17 14:08:44 +01:00
Alex Ford
ab1f341aa6 Merge pull request #13566 from alexrford/rb/rack-params 
Ruby: add `Rack::Request` params and cookies as remote input sources
 2023-07-17 14:07:20 +01:00
Mathias Vorreiter Pedersen
11f2681904 Merge pull request #13740 from MathiasVP/unique-entry-point 
C++: Exclude invalid functions from new range analysis
 2023-07-17 13:32:50 +01:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Mathias Vorreiter Pedersen
be95d29589 Documentation: Update version number. 2023-07-17 11:08:40 +01:00
Mathew Payne
e3d75c488e Merge branch 'main' into py-mad-xss 2023-07-17 11:08:09 +01:00
Mathias Vorreiter Pedersen
8c21699040 C++: Accept test changes. 2023-07-17 10:51:42 +01:00
Mathias Vorreiter Pedersen
f9db6a9868 C++: Don't do range analysis on malformed IR. 2023-07-17 10:15:01 +01:00
Geoffrey White
69b98c769c Merge pull request #13354 from geoffw0/sharedsensitive2 
Swift: Improve SensitiveExprs.qll Heuristics
 2023-07-17 09:16:09 +01:00
Geoffrey White
4644b7184b Swift: # -> // 2023-07-17 09:12:01 +01:00
Alvaro Muñoz
eacecab689 remove PrepareContext 2023-07-17 09:16:32 +02:00
Anders Schack-Mulligen
6770d2a49b Java: Exclude source-to-source flow in 5 queries. 2023-07-17 09:06:49 +02:00
Owen Mansel-Chan
a2a2e93cfd Fix printing when one obj is nil 2023-07-15 07:06:16 +01:00
Owen Mansel-Chan
0b8353eb64 Merge pull request #13602 from pwntester/ruby/add_gqlgen_support 
Go: Add support for the gqlgen library
 2023-07-15 07:04:09 +01:00
Maiky
3f36d3244b Fix singleton set literal 2023-07-15 00:18:21 +02:00
Alvaro Muñoz
0ea0d54050 gofmt -w . 2023-07-14 22:15:40 +02:00
Maiky
378313332b Fix sink 2023-07-14 20:55:24 +02:00
Alex Ford
bdf1aa0807 Merge pull request #13746 from asgerf/rb/fix-rack-todo 
Ruby: Use API graphs asCallable() instead of Proc.new workaround
 2023-07-14 16:29:00 +01:00
Alex Ford
d89c10dd85 Merge pull request #13130 from maikypedia/maikypedia/xpath-injection 
Ruby :  XPath Injection Query (CWE-643)
 2023-07-14 14:10:09 +01:00
Owen Mansel-Chan
cff09d28b8 Test if Origin() works (for Var and Func) 2023-07-14 13:52:50 +01:00
Rasmus Wriedt Larsen
13fa08a90a Python: Move source modeling to shared file 2023-07-14 14:47:50 +02:00
Rasmus Wriedt Larsen
aa8ed91993 Python: Accept .expected changes 
but it's kinda bad, since it has paths to stdlib in there :(
 2023-07-14 14:47:27 +02:00
Taus
6b425f1395 Java: Revert definition of isNeutral 
Reverts the change made in
daf2743143

With the change in the aforementioned commit, we were extracting candidates for endpoints that
had a neutral _summary_ model. These are bad candidates, as they have already been triaged.
 2023-07-14 14:45:22 +02:00
Rasmus Wriedt Larsen
9e0f985e23 Python: Fix qlref 2023-07-14 14:33:17 +02:00
Rasmus Wriedt Larsen
8279cf7c9c Merge branch 'main' into amammad-python-WebAppsConstatntSecretKeys 2023-07-14 14:32:43 +02:00
Taus
6793bc6c6b Java: Exclude qualifier argument for existing models 
Excludes candadites for `Argument[this]` where we already have a model that covers a
different argument of the containing call.
 2023-07-14 14:26:21 +02:00
Taus
895e829eb1 Java: Add QLDoc for query predicates 2023-07-14 14:22:10 +02:00
Taus
c4487673e8 Java: Swap input and ext 2023-07-14 14:21:59 +02:00
Taus
9193de6898 Merge pull request #13730 from github/tausbn/limit-number-of-candidates-in-application-mode 
Java: Limit the number of samples extracted in application mode
 2023-07-14 14:09:59 +02:00
Asger F
2962727f0f Ruby: Use API graphs asCallable() instead of Proc.new workaround 2023-07-14 13:50:07 +02:00
Alex Ford
dbb55ff2b4 Ruby: fix xpathinjection deprecation warnings 2023-07-14 12:45:27 +01:00
Mathew Payne
cf65ab834d fix: formatting issue 2023-07-14 12:31:40 +01:00
Mathew Payne
4c1612f2dd feat: add change log notes 2023-07-14 12:28:51 +01:00
Mathew Payne
c292984338 feat: add MaD to XSS query 2023-07-14 12:25:54 +01:00
Alex Ford
a524735236 Merge branch 'main' into maikypedia/ldap-injection 2023-07-14 12:05:17 +01:00
Alex Ford
c0009379d1 qlformat 2023-07-14 12:04:03 +01:00
Asger F
31bed36231 Merge pull request #13612 from asgerf/rb/api-graph-explicit-proc-lambda 
Ruby: Improve support for explicit proc-creation
 2023-07-14 13:02:44 +02:00
Rasmus Wriedt Larsen
0db535bdd7 Python: Minor naming update 2023-07-14 12:54:54 +02:00
Geoffrey White
1c8297b91b Merge pull request #13548 from geoffw0/redos 
Swift: Query for REDOS (Regular Expression Denial Of Service)
 2023-07-14 10:44:52 +01:00
Anders Schack-Mulligen
80a799df01 Merge pull request #13735 from aschackmull/dataflow/forcehighprecision-fix 
Dataflow: Fix forceHighPrecision for length-2 prefixes.
 2023-07-14 11:42:35 +02:00