hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 07:06:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
134982c5a9 C++: Respond to review comments. 2021-01-04 09:06:58 +01:00
Jonathan Leitschuh
54950c2f42 Add MethodAccessSystemGetProperty predicate 2021-01-01 20:07:45 -05:00
Mathias Vorreiter Pedersen
454605b7b1 C++: Fix join order in getAnOverload. 2020-12-30 10:34:26 +01:00
neal1991
380d15eabe fix for the dead link, #4885 2020-12-28 10:28:50 +08:00
ihsinme
0c7381a3b0 Add files via upload 2020-12-26 20:45:11 +03:00
ihsinme
cd7c47ea39 Add files via upload 2020-12-26 20:43:25 +03:00
Shati Patel
8c7245113d Change ordering of sidebar TOC to match index file 2020-12-23 17:16:56 +00:00
Shati Patel
050b15103e Convert remaining notes to pull-quote directives 2020-12-23 17:13:24 +00:00
Shati Patel
dc528767f6 Don't turn arrow into ▶ emoji 2020-12-23 16:47:37 +00:00
Shati Patel
ff8e9e6adf Fix code block in other CodeQL docs 2020-12-23 12:41:46 +00:00
madneal
583395d862 fix LineComment and BlockComment level 2020-12-23 19:49:30 +08:00
neal1991
623de3df41 the level of HTMLHtmlCommentStart and HtmlCommentEnd should be same 2020-12-23 19:18:13 +08:00
Shati Patel
f1d8d9414f Fix code blocks in QL language reference 2020-12-23 10:49:23 +00:00
Shati Patel
a14f53c02f Set default highlighting language to "none" globally 
Otherwise Python is the default
 2020-12-23 10:29:10 +00:00
Shati Patel
c2fdb47abe Docs: Fix CSS for "pull-quotes" 2020-12-23 07:30:11 +00:00
Erik Krogh Kristensen
44571ffeea use the full ascii set instead of a few chosen chars 2020-12-22 16:00:23 +01:00
Erik Krogh Kristensen
303408b774 remove duplicate char 2020-12-22 15:48:24 +01:00
Erik Krogh Kristensen
354954c80c changes based on review 2020-12-22 15:41:06 +01:00
Rasmus Wriedt Larsen
3094aedf14 Python: Fix regression in ConceptTests 
I accidentially deleted that line :D
 2020-12-22 14:42:53 +01:00
Erik Krogh Kristensen
530a4aea35 Merge branch 'main' into shellSanitizer 2020-12-22 13:57:15 +01:00
Erik Krogh Kristensen
f7f88689c4 use strings in isTypeofGard 2020-12-22 13:55:32 +01:00
CodeQL CI
2bb96369f1 Merge pull request #4868 from erik-krogh/boundShell 
Approved by esbena
 2020-12-22 03:35:42 -08:00
CodeQL CI
7c6b4d7324 Merge pull request #4865 from esbena/js/fix-execa-model 
Approved by erik-krogh
 2020-12-22 03:32:26 -08:00
Rasmus Wriedt Larsen
dc0d940331 Python: Ensure all concept tests ignore irrelevant results 
Since this was causing a CI error.

also changed things a bit so we do it in a consistent way :)
 2020-12-22 11:32:42 +01:00
Rasmus Wriedt Larsen
bc4a0bcbeb Python: Split request handler / route setup concept tests 
Not doing so earlier was just a mistake.
 2020-12-22 11:31:20 +01:00
Erik Krogh Kristensen
da9a4e5267 add test 2020-12-22 11:22:25 +01:00
Erik Krogh Kristensen
b8b5aef5f4 recognize Object.defineProperty(obj, prop, {get: func}) as a property-write 2020-12-22 11:21:41 +01:00
Erik Krogh Kristensen
6a9089b15e recognize bound functions in js/shell-command-constructed-from-input 2020-12-22 11:20:34 +01:00
CodeQL CI
67d0f4d938 Merge pull request #4866 from esbena/js/add-tests-for-examples 
Approved by erik-krogh
 2020-12-22 02:04:47 -08:00
Rasmus Wriedt Larsen
874af7637f Java: Fix taint-step handling for untrusted-data-external-api 
The previous implementation would not handle any `AdditionalTaintStep`
subclasses.
 2020-12-22 11:02:50 +01:00
CodeQL CI
e2bba97794 Merge pull request #4860 from erik-krogh/functionExports 
Approved by esbena
 2020-12-22 01:05:37 -08:00
Erik Krogh Kristensen
df95562f8f remove TTUndefined from TypeOfSanitizer in js/shell-command-constructed-from-input 2020-12-22 09:43:50 +01:00
CodeQL CI
b35edc9de6 Merge pull request #4732 from github/esbena-patch-4 
Approved by erik-krogh
 2020-12-22 00:42:25 -08:00
Erik Krogh Kristensen
6eb88b9e41 introduce and use TaintTracking::isTypeofGuard 2020-12-22 09:42:12 +01:00
Esben Sparre Andreasen
34a09ff522 JS: add js/conditional-bypass example as a test case 2020-12-22 09:34:25 +01:00
Esben Sparre Andreasen
009527c69c JS: add change note 2020-12-22 09:26:35 +01:00
Esben Sparre Andreasen
ab4f3ea259 JS: fixup for execa.shell and execa.shellSync models 2020-12-22 09:06:18 +01:00
Esben Sparre Andreasen
ba714a1214 JS: add execa.shell tests 2020-12-22 09:01:43 +01:00
Erik Krogh Kristensen
34a6e15426 make TypeOfSanitizer slightly more robost 2020-12-22 08:53:14 +01:00
Erik Krogh Kristensen
18d26cabe5 Update javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-12-22 08:37:24 +01:00
Jonas Jensen
430194bb66 Merge pull request #4863 from MathiasVP/is-source-on-default-taint-tracking 
C++: Overridable isSource on DefaultTaintTracking
 2020-12-22 08:32:07 +01:00
Mathias Vorreiter Pedersen
4f07474b62 C++: Also allow custom sources in taintedWithoutGlobals 2020-12-21 19:55:47 +01:00
Rasmus Wriedt Larsen
71a6ef5b00 Python: Model RequestHandler from standard library explicitly 2020-12-21 18:02:31 +01:00
Rasmus Wriedt Larsen
05ab6cd54a Python: Add RemoteFlowSource for django handler without route 
A bit scary that we don't have any tests to indicate that I forgot to add this :O
 2020-12-21 18:02:30 +01:00
Rasmus Wriedt Larsen
d4d6f0ca0c Python: Model django request handlers without known route 2020-12-21 18:02:22 +01:00
Rasmus Wriedt Larsen
004ff38e22 Python: Add separate RequestHandler concept 
Since I really want to use our existing infrastructure to model that we can
recognize something as a request handler without it having a route, we need this
as a separate concept. All tests have been adjusted.

The early modeling was based on flask, where all request-handling is based on
handling requests from a specific route. But with the standard library handling
and handlers without routes, the naming had to change.
 2020-12-21 17:31:58 +01:00
Mathias Vorreiter Pedersen
f4f96fe257 C++: Use isSource in queries. These were the only queries that restrict the source after dataflow terminates. 2020-12-21 16:35:35 +01:00
Mathias Vorreiter Pedersen
0e84c638b6 C++: Add isSource to AdjustedConfiguration 2020-12-21 16:34:22 +01:00
Rasmus Wriedt Larsen
a9bbe1d087 Python: Test Django un-routed class-based route handler 2020-12-21 16:01:23 +01:00
Erik Krogh Kristensen
876ba7ef2d add typeof sanitizer to js/shell-command-constructed-from-input 2020-12-21 14:16:55 +01:00