codeql

mirror of https://github.com/github/codeql.git synced 2026-04-05 23:28:17 +02:00

Author	SHA1	Message	Date
Philip Ginsbach	7ace4cd43e	add rule for module signature names (differing from module names)	2023-05-22 11:44:59 +01:00
Tom Hvitved	20efe81f10	Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll Co-authored-by: Asger F <asgerf@github.com>	2023-05-22 12:43:05 +02:00
Philip Ginsbach	d4ab1c9643	such identifiers do not actually exist in QL	2023-05-22 11:22:47 +01:00
Rasmus Wriedt Larsen	c1b90c8f05	Python: Apply suggested change	2023-05-22 11:58:32 +02:00
Rasmus Wriedt Larsen	a057365b7e	Python: Accept `.expected` changes	2023-05-22 11:54:50 +02:00
Erik Krogh Kristensen	3647b9cfeb	Merge pull request #13196 from erik-krogh/indirectCommand JS: require arguments to be shell interpreted to be flagged by indirect-command-injection	2023-05-22 11:53:57 +02:00
Rasmus Wriedt Larsen	44d806507d	Merge branch 'main' into python-UBV	2023-05-22 11:53:56 +02:00
Jeroen Ketema	f46183d0ba	C++: Include inline namespaces in `StdNamespace`	2023-05-22 11:41:49 +02:00
Tom Hvitved	33be52f0b7	Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking	2023-05-22 11:01:08 +02:00
Paolo Tranquilli	20893bdef5	Swift: accept test changes after hidden AST fix	2023-05-22 10:14:29 +02:00
erik-krogh	708a99528f	initial implementation of TS 5.1	2023-05-22 10:11:32 +02:00
Tony Torralba	05c30e8fac	Merge pull request #13230 from atorralba/atorralba/java/groove-template-engine-sink Java: Add TemplateEngine.createTemplate as a Groovy injection sink	2023-05-22 10:04:29 +02:00
Paolo Tranquilli	de03bdc235	Swift: fix hidden AST getters For consistency with the C/C++ QL library, getters of AST elements within the hidden AST should not themselves skip other hidden AST elements.	2023-05-22 09:57:48 +02:00
Tom Hvitved	224a2c3d91	Merge pull request #13231 from hvitved/ruby/type-tracker-missing-callback-flow-out Ruby: Allow for flow through callbacks to summarized methods in type tracking	2023-05-22 09:38:59 +02:00
erik-krogh	710b309142	apply suggestions from doc review	2023-05-21 22:18:48 +02:00
erik-krogh	10bf17c33e	Merge branch 'main' into polyQhelp	2023-05-21 22:17:06 +02:00
Tom Hvitved	128168a7e7	Ruby: Allow for flow through callbacks to summarized methods in type tracking	2023-05-21 20:51:45 +02:00
Sim4n6	97e8e0bd8e	Add String Manipulation Method Calls & CGI.escapeHTML() support	2023-05-21 11:52:29 +01:00
Sim4n6	f7f0564e36	added one more test	2023-05-20 18:00:27 +01:00
Sim4n6	0a0a6dde40	Replaced CGI.escapeHTML() with the html_escape()	2023-05-20 17:59:39 +01:00
Sim4n6	ad754f1385	use of all normalization forms without the ":" prefix	2023-05-20 17:59:08 +01:00
Sim4n6	f5ff50880c	Updated qhelp for the use of html_escape()	2023-05-20 17:58:24 +01:00
Sim4n6	cc3cc1faef	Merge branch 'ruby-UBV' of https://github.com/sim4n6/codeql-pun into ruby-UBV	2023-05-20 12:59:50 +01:00
Sim4n6	d11cb9195c	Use of CGI.escapeHTML() in test samples	2023-05-20 12:57:50 +01:00
Sim4n6	e345d7dca4	Update ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb Co-authored-by: Arthur Baars <aibaars@github.com>	2023-05-20 12:54:03 +01:00
Sim4n6	7cd1fd4bbf	CWE-179 and CWE-180 are included in metadata	2023-05-20 12:51:45 +01:00
Sim4n6	957023ec44	nfd and nfkd are considered	2023-05-20 12:51:24 +01:00
Sim4n6	c9c7179a0b	Deleted the ugly flowchart.	2023-05-20 12:49:46 +01:00
Sim4n6	c3c65ca712	Qhelp formatting	2023-05-20 12:48:26 +01:00
Sim4n6	8dcf139b45	Update ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp Co-authored-by: Arthur Baars <aibaars@github.com>	2023-05-20 12:46:54 +01:00
Sim4n6	eb7e1de65b	Update ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll Co-authored-by: Arthur Baars <aibaars@github.com>	2023-05-20 12:43:05 +01:00
Sim4n6	69ca49f168	Deleted the UBV query change note.	2023-05-20 12:39:54 +01:00
Sim4n6	be3f59afab	Replaced StringMethod() with a restrained String method calls	2023-05-20 12:17:33 +01:00
Sim4n6	d939f192d5	Deleted the UBV query change note.	2023-05-20 11:46:18 +01:00
Sim4n6	21e99d52c7	Fix a redundant import	2023-05-20 10:23:04 +01:00
Sim4n6	b8969707c5	Delete the vulnerability flow image from the QHelp file.	2023-05-20 10:21:38 +01:00
Sim4n6	16ce024429	Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2023-05-20 10:13:23 +01:00
Sim4n6	8462b14b54	Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2023-05-20 10:12:55 +01:00
Sim4n6	2a8645c447	Fix 'Singleton set literal' warning	2023-05-20 10:11:26 +01:00
Sim4n6	58be109a70	Moved UnicodeBypassValidation Customizations & Query.qll to src/experimental	2023-05-20 10:08:56 +01:00
Robert Marsh	bf07b0f97b	C++: fix cxartesian product in constant off-by-one query	2023-05-19 18:32:09 -04:00
Geoffrey White	b6122d01fc	Swift: Clean up the query somewhat.	2023-05-19 22:40:53 +01:00
Geoffrey White	2028b5ef95	Swift: Fix imprecise sinks.	2023-05-19 22:23:26 +01:00
Geoffrey White	19080333b9	Swift: Add a few test cases.	2023-05-19 22:18:34 +01:00
Mathias Vorreiter Pedersen	58f4b7696d	Merge pull request #13223 from geoffw0/useasnominaltypedecl Swift: Use asNominalTypeDecl more.	2023-05-19 16:53:28 +01:00
Tony Torralba	b58eb3a92c	Java: Add TemplateEngine.createTemplate as a groovy injection sink	2023-05-19 17:45:47 +02:00
Mathias Vorreiter Pedersen	c15ebf83ee	C++: Add testcase with FP (and also fix an incorrect test annotation).	2023-05-19 16:38:18 +01:00
Philip Ginsbach	999e7f96c7	Merge pull request #13222 from github/ginsbach/SignatureSyntax add syntax for signature definitions to QL specification	2023-05-19 16:22:45 +01:00
Geoffrey White	881134a6f5	Swift: Add warning note to Decl.getMember.	2023-05-19 16:12:09 +01:00
Alexandre Boulgakov	f943502e41	Merge pull request #13224 from github/sashabu/tsp-empty-help-links Swift: Drop support for plaintext diagnostics (and `helpLinks`).	2023-05-19 15:44:44 +01:00

... 590 591 592 593 594 ...

84550 Commits