hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-02 00:02:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,684 Branches 159 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
20efe81f10 Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-22 12:43:05 +02:00
Philip Ginsbach
d4ab1c9643 such identifiers do not actually exist in QL 2023-05-22 11:22:47 +01:00
Rasmus Wriedt Larsen
c1b90c8f05 Python: Apply suggested change 2023-05-22 11:58:32 +02:00
Rasmus Wriedt Larsen
a057365b7e Python: Accept .expected changes 2023-05-22 11:54:50 +02:00
Erik Krogh Kristensen
3647b9cfeb Merge pull request #13196 from erik-krogh/indirectCommand 
JS: require arguments to be shell interpreted to be flagged by indirect-command-injection
 2023-05-22 11:53:57 +02:00
Rasmus Wriedt Larsen
44d806507d Merge branch 'main' into python-UBV 2023-05-22 11:53:56 +02:00
Jeroen Ketema
f46183d0ba C++: Include inline namespaces in StdNamespace 2023-05-22 11:41:49 +02:00
Tom Hvitved
33be52f0b7 Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking 2023-05-22 11:01:08 +02:00
Paolo Tranquilli
20893bdef5 Swift: accept test changes after hidden AST fix 2023-05-22 10:14:29 +02:00
erik-krogh
708a99528f initial implementation of TS 5.1 2023-05-22 10:11:32 +02:00
Tony Torralba
05c30e8fac Merge pull request #13230 from atorralba/atorralba/java/groove-template-engine-sink 
Java: Add TemplateEngine.createTemplate as a Groovy injection sink
 2023-05-22 10:04:29 +02:00
Paolo Tranquilli
de03bdc235 Swift: fix hidden AST getters 
For consistency with the C/C++ QL library, getters of AST elements
within the hidden AST should not themselves skip other hidden AST
elements.
 2023-05-22 09:57:48 +02:00
Tom Hvitved
224a2c3d91 Merge pull request #13231 from hvitved/ruby/type-tracker-missing-callback-flow-out 
Ruby: Allow for flow through callbacks to summarized methods in type tracking
 2023-05-22 09:38:59 +02:00
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
erik-krogh
10bf17c33e Merge branch 'main' into polyQhelp 2023-05-21 22:17:06 +02:00
Tom Hvitved
128168a7e7 Ruby: Allow for flow through callbacks to summarized methods in type tracking 2023-05-21 20:51:45 +02:00
Sim4n6
97e8e0bd8e Add String Manipulation Method Calls & CGI.escapeHTML() support 2023-05-21 11:52:29 +01:00
Sim4n6
f7f0564e36 added one more test 2023-05-20 18:00:27 +01:00
Sim4n6
0a0a6dde40 Replaced CGI.escapeHTML() with the html_escape() 2023-05-20 17:59:39 +01:00
Sim4n6
ad754f1385 use of all normalization forms without the ":" prefix 2023-05-20 17:59:08 +01:00
Sim4n6
f5ff50880c Updated qhelp for the use of html_escape() 2023-05-20 17:58:24 +01:00
Sim4n6
cc3cc1faef Merge branch 'ruby-UBV' of https://github.com/sim4n6/codeql-pun into ruby-UBV 2023-05-20 12:59:50 +01:00
Sim4n6
d11cb9195c Use of CGI.escapeHTML() in test samples 2023-05-20 12:57:50 +01:00
Sim4n6
e345d7dca4 Update ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:54:03 +01:00
Sim4n6
7cd1fd4bbf CWE-179 and CWE-180 are included in metadata 2023-05-20 12:51:45 +01:00
Sim4n6
957023ec44 nfd and nfkd are considered 2023-05-20 12:51:24 +01:00
Sim4n6
c9c7179a0b Deleted the ugly flowchart. 2023-05-20 12:49:46 +01:00
Sim4n6
c3c65ca712 Qhelp formatting 2023-05-20 12:48:26 +01:00
Sim4n6
8dcf139b45 Update ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:46:54 +01:00
Sim4n6
eb7e1de65b Update ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:43:05 +01:00
Sim4n6
69ca49f168 Deleted the UBV query change note. 2023-05-20 12:39:54 +01:00
Sim4n6
be3f59afab Replaced StringMethod() with a restrained String method calls 2023-05-20 12:17:33 +01:00
Sim4n6
d939f192d5 Deleted the UBV query change note. 2023-05-20 11:46:18 +01:00
Sim4n6
21e99d52c7 Fix a redundant import 2023-05-20 10:23:04 +01:00
Sim4n6
b8969707c5 Delete the vulnerability flow image from the QHelp file. 2023-05-20 10:21:38 +01:00
Sim4n6
16ce024429 Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-05-20 10:13:23 +01:00
Sim4n6
8462b14b54 Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-05-20 10:12:55 +01:00
Sim4n6
2a8645c447 Fix 'Singleton set literal' warning 2023-05-20 10:11:26 +01:00
Sim4n6
58be109a70 Moved UnicodeBypassValidation Customizations & Query.qll to src/experimental 2023-05-20 10:08:56 +01:00
Robert Marsh
bf07b0f97b C++: fix cxartesian product in constant off-by-one query 2023-05-19 18:32:09 -04:00
Geoffrey White
b6122d01fc Swift: Clean up the query somewhat. 2023-05-19 22:40:53 +01:00
Geoffrey White
2028b5ef95 Swift: Fix imprecise sinks. 2023-05-19 22:23:26 +01:00
Geoffrey White
19080333b9 Swift: Add a few test cases. 2023-05-19 22:18:34 +01:00
Mathias Vorreiter Pedersen
58f4b7696d Merge pull request #13223 from geoffw0/useasnominaltypedecl 
Swift: Use asNominalTypeDecl more.
 2023-05-19 16:53:28 +01:00
Tony Torralba
b58eb3a92c Java: Add TemplateEngine.createTemplate as a groovy injection sink 2023-05-19 17:45:47 +02:00
Mathias Vorreiter Pedersen
c15ebf83ee C++: Add testcase with FP (and also fix an incorrect test annotation). 2023-05-19 16:38:18 +01:00
Philip Ginsbach
999e7f96c7 Merge pull request #13222 from github/ginsbach/SignatureSyntax 
add syntax for signature definitions to QL specification
 2023-05-19 16:22:45 +01:00
Geoffrey White
881134a6f5 Swift: Add warning note to Decl.getMember. 2023-05-19 16:12:09 +01:00
Alexandre Boulgakov
f943502e41 Merge pull request #13224 from github/sashabu/tsp-empty-help-links 
Swift: Drop support for plaintext diagnostics (and `helpLinks`).
 2023-05-19 15:44:44 +01:00
Alexandre Boulgakov
b3e76d6052 Swift: Drop support for plaintext diagnostics (and helpLinks). 
The recommended option is Markdown diagnostics, and we have already migrated everything to emit them. The empty help link we're currently emitting everywhere is a bug.
 2023-05-19 15:16:02 +01:00